Commit Graph

6154 Commits (c85b82e8a709dcf7507dd5cdad691af1bdc5449f)

Author SHA1 Message Date
Tod Beardsley a8108cfc17
Be less stupid in the description
[See #4774]
2015-02-17 13:04:26 -06:00
Tod Beardsley 71c5f622ca
Land #4775, Kindle Fire TV Stick controller 2015-02-17 12:59:54 -06:00
Tod Beardsley 14e764ff5a
Move to http subdirectory
After all, the wordpress scanners are all HTTP as well, and not under
some platform specific "wordpress" directory. Lots of other HTTP-ish
devices in there as well.
2015-02-17 12:53:18 -06:00
Tod Beardsley 5e07b01a1f
Fix up description a tiny bit 2015-02-17 12:51:55 -06:00
William Vu 45b16c92b7 Prefer sleep
It's all the same, anyway.
2015-02-17 12:43:14 -06:00
William Vu 787deb4b23 Change service name to something more appropriate
Technically, it's part of DIAL, but we don't want to confuse the user
even more.
2015-02-17 12:41:31 -06:00
Brent Cook e08206d192
Land #4768, jvazquez-r7 reorganizes the SMB mixins 2015-02-17 10:36:19 -06:00
sinn3r 0597d2defb
Land #4560, Massive Java RMI update 2015-02-17 10:07:07 -06:00
William Vu b4e2a50a6a Really fix the bug
App is so slow. :(
2015-02-17 06:10:32 -06:00
William Vu 09239b37aa Fix touchy YouTube app
It likes the previous video stopped before playing a new one.
2015-02-17 06:07:58 -06:00
William Vu 76e3539434 Add Amazon Fire TV YouTube remote control 2015-02-17 05:44:04 -06:00
William Vu b3d301e960 Fix annoying double quotes
As much as I love them, the use here is inconsistent.
2015-02-17 05:12:28 -06:00
William Vu e16614abb9 Program a bit more defensively
Even though /setup/eureka_info should always be JSON...
2015-02-17 05:04:26 -06:00
William Vu ea4dd023ae Add SSID to report_service info 2015-02-17 04:46:11 -06:00
William Vu e5d6af6b23 Gather info from /setup/eureka_info
Looks better with SSID.
2015-02-17 04:37:16 -06:00
William Vu b6f83937ef Add chromecast_webserver scanner 2015-02-17 03:27:48 -06:00
Meatballs 22664e63ca Increase default timeout 2015-02-16 19:07:55 +00:00
Meatballs 5fba54db99 Add addtional timing options 2015-02-16 19:07:55 +00:00
Nikita Oleksov 19cd00e6d5 Fix cookit name split 2015-02-16 23:53:32 +07:00
dnkolegov a44e858bd7 Fixed minor errors in F5 BigIP cookie disclosure module 2015-02-16 01:31:52 -05:00
rastating 73bac94fa8 Add Ultimate CSV Importer extract module 2015-02-15 15:27:27 +00:00
jvazquez-r7 0158e94a18 Fix mixin usage 2015-02-13 17:18:51 -06:00
jvazquez-r7 0372b08d83 Fix mixin usage on modules 2015-02-13 17:17:59 -06:00
sinn3r fd441d2c5e Fix #4764, NameError unitialized constant Net::DNS in shodan_search 2015-02-13 14:40:23 -06:00
dnkolegov 19144e143a Fixed some errors in F5 BigIP cookie disclosure module 2015-02-13 03:29:23 -05:00
sinn3r 29163db7fc Add CVE reference for ie_uxss_injection 2015-02-12 17:16:59 -06:00
jvazquez-r7 3ae3d56caa
Land #4745, fixes #4711, BrowserAutoPwn failing due to getpeername 2015-02-12 16:51:09 -06:00
sinn3r 05d2703a98 Explain why obfuscation is disabled 2015-02-12 14:00:01 -06:00
sinn3r 50c72125a4 ::Errno::EINVAL, disable obfuscation, revoke ms14-064 2015-02-12 11:54:01 -06:00
Tod Beardsley 02fe57e2a1
Bump out to April, 60ish days 2015-02-11 12:56:37 -06:00
William Vu 58b6b7519a Deprecate server/pxexploit
modules/auxiliary/server/pxeexploit.rb
2015-02-11 12:38:38 -06:00
William Vu 9e717084af Fix server/pxexploit datastore 2015-02-11 12:19:39 -06:00
jvazquez-r7 b07ef333e9 Fix java_rmi_server include 2015-02-10 12:52:19 -06:00
Tod Beardsley 1e8f98c285
Updated description, credit, and URL 2015-02-10 11:25:13 -06:00
Tod Beardsley 1b89242a75
Add module for R7-2015-02 2015-02-10 11:03:46 -06:00
jvazquez-r7 1f4fdb5d18
Update from master 2015-02-10 10:47:17 -06:00
Tod Beardsley 0a42ac947a
Land #4737, fix Socket Context usages 2015-02-09 17:34:03 -06:00
Tod Beardsley 7ee5fd9b32
Fix lotus_domino to use get_cookies correctly. 2015-02-09 17:29:44 -06:00
HD Moore b1726fd609 Missing comma 2015-02-07 11:56:22 -06:00
HD Moore 8d982e3286 Pass the framework/module down into LoginScanner 2015-02-07 11:50:30 -06:00
Tod Beardsley 036cb77dd0
Land #4709, fixed up some datastore mangling 2015-02-05 21:22:38 -06:00
Tod Beardsley 7e649a919c
This version will actually work. 2015-02-05 21:00:54 -06:00
Tod Beardsley 3e0ce4a955
Fix datastore mangling with instance variables
See rapid7/metasploit-framework #4709
2015-02-05 20:37:18 -06:00
Tod Beardsley f8c81e601c
Land #4710 for real.
This isn't a proper merge commit. Will need to figure out what I did to
wang up the last landing -- I'm guessing I didn't fetch enough first.

This should fix #4710.
2015-02-05 17:18:51 -06:00
Tod Beardsley 0a587c9f5a
Land #4710, really
Looks like my publish script ended up rebasing wchen-r7/aux_ie_uxss and
didn't catch the file rename correctly.

Conflicts:
	modules/auxiliary/gather/ie_uxss_injection.rb
2015-02-05 17:13:53 -06:00
sinn3r 79e0ddadf6 Rename file again 2015-02-05 17:09:11 -06:00
sinn3r 97aa9f9dd2 Credit @joevennix 2015-02-05 17:09:11 -06:00
sinn3r 7585c625fa Another update
Thanks @joevennix
2015-02-05 17:09:11 -06:00
sinn3r 12aadb3132 Another update 2015-02-05 17:09:10 -06:00
sinn3r 17f2d8048d Another update 2015-02-05 17:09:10 -06:00
sinn3r 01252078ea Use store_loot to store coookie 2015-02-05 17:09:10 -06:00
sinn3r 6fd38307e7 An update 2015-02-05 17:09:10 -06:00
sinn3r 727fc51c0b Don't need this line 2015-02-05 17:09:10 -06:00
sinn3r 4924749b96 Try to make the filename more self explanatory 2015-02-05 17:09:09 -06:00
sinn3r 26af10c3b6 Change public ip option name and store cookie to db 2015-02-05 17:09:09 -06:00
sinn3r bfa7b61663 Final 2015-02-05 17:09:09 -06:00
sinn3r b90515ae5d IE UXSS 2015-02-05 17:09:09 -06:00
sinn3r d16cc843b2 Correct disclosure date 2015-02-05 15:00:13 -06:00
sinn3r 0955e14dad Final, really, I think 2015-02-05 14:59:24 -06:00
sinn3r 578423501a Another update 2015-02-05 13:08:33 -06:00
Tod Beardsley c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM 2015-02-05 12:36:47 -06:00
sinn3r 562063c4d5 Rename file again 2015-02-05 12:26:17 -06:00
sinn3r 80ebde4fe1 Credit @joevennix 2015-02-05 12:25:38 -06:00
sinn3r 27b8d1057f Another update
Thanks @joevennix
2015-02-05 12:23:32 -06:00
sinn3r 988b54f594 Another update 2015-02-05 12:01:19 -06:00
sinn3r 53134aeb17 Another update 2015-02-05 11:46:38 -06:00
sinn3r 871c8aa8d0 Use store_loot to store coookie 2015-02-05 11:36:35 -06:00
sinn3r dbe99014f2 An update 2015-02-05 11:29:52 -06:00
sinn3r 08d796c5e3 Don't need this line 2015-02-05 10:53:29 -06:00
sinn3r d6fe077f79 Try to make the filename more self explanatory 2015-02-05 09:53:38 -06:00
sinn3r ed6ee27896 Change public ip option name and store cookie to db 2015-02-05 09:48:45 -06:00
sinn3r 75c697c4dc Final 2015-02-05 04:36:44 -06:00
sinn3r 1ccfb6cb43 IE UXSS 2015-02-05 03:03:28 -06:00
William Vu 9c1487c944
Fix dns_fuzzer datastore 2015-02-05 02:53:14 -06:00
William Vu c22865fb71
Fix nexpose_xxe_file_read datastore 2015-02-05 02:53:00 -06:00
sinn3r 434bca0b27
Land #4613, auxiliary/server/capture/smb credential creation 2015-02-04 22:45:36 -06:00
jvazquez-r7 c0e1440572
Land #4685, @FireFart's module for Wordpress Platform Theme RCE 2015-02-03 17:35:59 -06:00
William Vu 54a5dd69a9
Land #4698, WP GHOST scanner dead code removal 2015-02-02 16:54:09 -06:00
Christian Mehlmauer c8864c93d7
remove unused code 2015-02-02 20:04:10 +01:00
jvazquez-r7 d0cf316758
Land #4659, @pedrib's ManageEngine directory listing module 2015-02-01 14:19:46 -06:00
jvazquez-r7 128ca47aa7 Fix banner 2015-02-01 14:19:03 -06:00
jvazquez-r7 41232c0f91
Land #4758, @pedrib's ManageEngine arbitrary file download module 2015-02-01 14:17:04 -06:00
jvazquez-r7 361aaa7551 Fix banner 2015-02-01 14:16:09 -06:00
Pedro Ribeiro 39a25fc549 Update manageengine_file_download.rb 2015-02-01 10:49:48 +00:00
Pedro Ribeiro e9b5aa94c3 Add OSVDB id and full disclosure URL 2015-02-01 10:49:11 +00:00
Christian Catalan 8740fd9015 Convert #find_all_by_X to #where 2015-01-31 21:07:50 -06:00
Christian Mehlmauer 2c956c0a0f
add wordpress platform theme rce 2015-01-31 22:02:44 +01:00
jvazquez-r7 11502bad39 Clean code 2015-01-30 15:26:25 -06:00
jvazquez-r7 1916c92e3a Clean metadata 2015-01-30 15:21:17 -06:00
jvazquez-r7 c9ac56442d No modify datastore option 2015-01-30 15:05:46 -06:00
jvazquez-r7 bb640b90ef Refactor login_it360 2015-01-30 15:02:23 -06:00
jvazquez-r7 d4359c4f1c Rework login_it360 code 2015-01-30 15:00:34 -06:00
William Vu efd7a8c962
Land #4670, dns_amp RA flag fix 2015-01-30 14:46:15 -06:00
jvazquez-r7 c5db13fba9 Do minor style fixes 2015-01-30 14:13:11 -06:00
jvazquez-r7 89f760c94e Clean metadata 2015-01-30 14:08:55 -06:00
Christian Mehlmauer 7504358db3
code style and typos 2015-01-30 15:57:32 +01:00
Christian Mehlmauer 9ce2dd9815
msftidy 2015-01-30 15:41:11 +01:00
Christian Mehlmauer a0eaf2f626
add wordpress ghost scanner module 2015-01-30 15:29:51 +01:00
Guillaume Delacour 42ef5716e8 Don't test ra flag to get upward referrals/additional RRs 2015-01-30 02:20:24 +01:00
Guillaume Delacour 2c05b1ee50 Use QUERYTYPE instead of hardcode ANY type 2015-01-29 22:54:06 +01:00
Pedro Ribeiro a806cb401a Create manageengine_dir_listing.rb 2015-01-28 19:44:48 +00:00
Pedro Ribeiro 62ac536b7d Create manageengine_file_download.rb 2015-01-28 19:42:17 +00:00
William Vu 46210a4963
Fix punctuation 2015-01-26 12:05:54 -06:00
Tod Beardsley bae19405a7
Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
jvazquez-r7 c6901caf39 Change module location 2015-01-24 10:14:46 -06:00
jvazquez-r7 23c9d4f0fb Do final cleanup 2015-01-23 17:54:58 -06:00
jvazquez-r7 05e803f85b Rewrite get_wifi_info 2015-01-23 17:50:52 -06:00
jvazquez-r7 fe61b274bd Rewrite get_router_ssid 2015-01-23 17:38:55 -06:00
jvazquez-r7 abe9c85ad6 Rewrite get_router_dhcp_info 2015-01-23 17:37:20 -06:00
jvazquez-r7 70b6f94f14 Rewrite get_router_wan_info 2015-01-23 17:32:20 -06:00
jvazquez-r7 aeed72f726 Rewrite get_router_info 2015-01-23 17:29:12 -06:00
jvazquez-r7 26b17d5556 Clean get_router_mac_filter_info 2015-01-23 17:18:07 -06:00
jvazquez-r7 a63625ab51 Refactor response parsing 2015-01-23 17:09:01 -06:00
jvazquez-r7 c9a13bda2f Do a first easy clean up 2015-01-23 16:37:55 -06:00
jvazquez-r7 dcf0d7f596 Make msftidy happy 2015-01-23 16:23:21 -06:00
jvazquez-r7 f83b87f611 Rebase #3019 2015-01-23 16:14:01 -06:00
sinn3r f3a2d6663f Fix #4616 and Fix #3798 - Correctly use OptRegexp
This patch fixes a problem with OptRegexp. The OptRegexp class is
always forcing the value to be converted to a string first, which
causes the EXCLUDE option in browser_autopwn to kick in and match
every found autopwn module, so it ignores all of them and you load
nothing (#4616).

It is important to understand that nil actually represents an option
not being set, which is a completely different behavior than having
an empty value (technically "" is still a value, and if there's a
value, it means the option is set). We need to watcher for these
scenarios.

I am restoring the #default method to avoid forcing a to_s, which should
fix the browser autopwn loading problem. And then I changed scraper.rb's
default value for datastore option PATTERN to a string, because still
fixes #3798. The way I see it, #3798 is actually a module-specific issue.

Fix #4616
Fix #3798
2015-01-23 02:38:26 -06:00
William Vu 980a010e15
Land #4627, explicit rubygems require fix
And a couple extraneous comma fixes.
2015-01-22 13:49:31 -06:00
Tod Beardsley bd06b48b30
Extra commas. 2015-01-22 13:45:08 -06:00
Tod Beardsley 2e606cd097
Don't require rubygems 2015-01-22 13:44:58 -06:00
Jon Hart e46395f592
Land #4596, @pdeardorff-r7's memcached extractor 2015-01-22 08:00:19 -08:00
Jon Hart 1cdcd3ccfa
Use a more consistent format in Rex table and loot for memcache 2015-01-22 07:59:48 -08:00
Jon Hart a5e14d5869
Use checkcode status text when not obviously vulnerable, more consistent text 2015-01-20 13:55:48 -08:00
Jon Hart 14fc8d4cd0
Only allow 401/403/404 2015-01-20 13:36:06 -08:00
pdeardorff-r7 0d4d06fb83 Print table for all scans, add preview size option 2015-01-20 11:12:47 -08:00
Jon Hart f1bf607386
Minor Ruby style cleanup 2015-01-20 08:47:47 -08:00
Jon Hart ef89a3d323
Add protocol reference 2015-01-20 08:34:08 -08:00
Jon Hart 9c97824d5c
Move MAXKEYS to advanced 2015-01-20 08:28:49 -08:00
Jon Hart 9d430eb1d5
Use the simpler 'version' command to get the version 2015-01-20 08:16:22 -08:00
Jon Hart 6588f92206
Move rex connection errors to vprint since this is a Scanner 2015-01-20 08:11:09 -08:00
Jon Hart 10100df054
report_service 2015-01-20 08:09:35 -08:00
Jon Hart b0bbce1190
Include peer in most prints 2015-01-20 08:00:02 -08:00
Christian Mehlmauer 354e952841
fix msftidy warnings 2015-01-18 23:55:57 +01:00
Christian Mehlmauer 5b964bba6a
Land #4518, Wordpress long password DoS 2015-01-18 23:55:06 +01:00
Christian Mehlmauer 6014ff8a31
fix msftidy warnings 2015-01-18 23:54:16 +01:00
William Vu 84ecde30d1
Land #4586, mcafee_epo_xxe aux module 2015-01-18 00:50:10 -06:00
William Vu 57ca285f8a
Fix msftidy warnings 2015-01-18 00:49:52 -06:00
pdeardorff-r7 db3185231a add maxkeys option, dont store loot if localhost and improve streaming 2015-01-17 09:25:32 -08:00
pdeardorff-r7 f1bcbb7d78 Merge remote-tracking branch 'live/master' into feature/memcached-module 2015-01-16 09:57:17 -08:00
Brent Cook 6a68888712
Land #4590, jvennix-r7's fix for same-scheme URLs
made a trivial string formatting tweak
2015-01-16 09:10:56 -06:00
Brent Cook 7ef721bdd6 Might as well format the url all at once. 2015-01-16 09:01:25 -06:00
James Lee 488847cecc
Split smb_cmd_session_setup into with/without esn
Extended Security Negotiation
2015-01-16 07:05:10 -06:00
James Lee 6b6a7e81c9
Style fixes 2015-01-16 06:39:21 -06:00
James Lee 273ba54a21
Fix server/capture/smb to use create_credential 2015-01-15 22:39:11 -06:00
Brandon Perry 1929f36050 Update mcafee_epo_xxe.rb 2015-01-15 16:50:14 -06:00
Joe Vennix 8c3d4c8d07
Spelling tweak. 2015-01-15 15:19:46 -06:00
Jon Hart d68b62cf21
Make canary value (URI) configurable 2015-01-15 13:12:32 -08:00
Joe Vennix 35c9a13199 Handle the usage of // (same-scheme) URLs. 2015-01-15 15:09:50 -06:00
Jon Hart 2dca18265e
Track and vprint canary value and code 2015-01-15 12:34:53 -08:00
Jon Hart 3489ea540e
Make status code checking configurable 2015-01-15 12:22:16 -08:00
Jon Hart 4641b02646
Base canary path from TARGET_URI 2015-01-15 12:05:10 -08:00
pdeardorff-r7 507050b316 rescue from down memcached server or timeout 2015-01-15 09:51:42 -08:00
pdeardorff-r7 0e893cd772 Merge remote-tracking branch 'live/master' into feature/memcached-module 2015-01-15 09:40:21 -08:00
pdeardorff-r7 4d2ad8865f remove debug line 2015-01-15 09:37:51 -08:00
pdeardorff-r7 154eb7956c fix storing of loot and support localhost session 2015-01-15 09:36:15 -08:00
Brandon Perry 4e4ca15422 Update mcafee_epo_xxe.rb 2015-01-15 11:02:11 -06:00
Brandon Perry e53522b64b Update mcafee_epo_xxe.rb 2015-01-15 10:28:52 -06:00
Brandon Perry 86d5358299 Update mcafee_epo_xxe.rb 2015-01-15 09:56:02 -06:00
Brandon Perry 53e1304afb Update mcafee_epo_xxe.rb 2015-01-14 18:19:27 -06:00
jvazquez-r7 621cada2ac Undo build_gc_call_data refactoring 2015-01-14 16:47:28 -06:00
Jon Hart 1f6defda73
Use more correct check codes 2015-01-14 13:10:35 -08:00
Brandon Perry 1ed07bac32 Update mcafee_epo_xxe.rb 2015-01-14 11:01:14 -06:00
Brandon Perry 794bb65817 Create mcafee_epo_xxe.rb 2015-01-14 10:54:58 -06:00
Jon Hart b7eb4d24aa
Squash another rogue 5009 2015-01-13 10:36:43 -08:00
Jon Hart 69f03f5c5d
Move ACPP default port into Rex 2015-01-12 19:43:57 -08:00
Jon Hart 01a9fb1483
Spelling 2015-01-12 19:29:41 -08:00
Jon Hart a076a9ab89
report_vuln 2015-01-12 19:23:08 -08:00
Jon Hart d5cdfe73ed
Big style cleanup 2015-01-12 19:11:14 -08:00
Jon Hart 9721993b8f
Allow blank password, remote more unused opts, print private 2015-01-12 18:43:54 -08:00
pdeardorff-r7 99cf668441 add memcached extractor module 2015-01-12 16:40:06 -08:00
Jon Hart 44059a6e34
Disable more unused options 2015-01-12 14:15:40 -08:00
Jon Hart ec506af8ea
Make ACPP login work 2015-01-12 14:01:23 -08:00
Jon Hart e9557ffe58 Simplify module in prep for some authbrute cleanups 2015-01-12 13:08:12 -08:00
Jon Hart 97f5cbdf08 Add initial Airport ACPP login scanner 2015-01-12 13:08:12 -08:00
Jon Hart 9e76e0b0d8
Simplify. Document. Handle edge cases
Simplify detection logic.

Document testing method better

Ensure that body doesn't include canary cookie name too

Use full_uri in prints when possible
2015-01-12 11:40:17 -08:00
Jon Hart d4843f46ed
Make auth checking optional and off by default 2015-01-11 12:15:57 -08:00
Jon Hart 9491e4c977
Use send_request_raw; set realistic (and often necessary) Referer 2015-01-11 12:10:40 -08:00
jvazquez-r7 05d364180b Beautify descriptions 2015-01-10 01:10:08 -06:00
jvazquez-r7 a2d479a894 Refactor run method 2015-01-10 01:06:56 -06:00
jvazquez-r7 cf9d7d583e Do first code cleanup 2015-01-10 00:51:31 -06:00
jvazquez-r7 000d7dd1eb Minor beautification 2015-01-10 00:32:10 -06:00
jvazquez-r7 1d0e9a2dca Use snake_case filename 2015-01-10 00:29:28 -06:00
jvazquez-r7 070e833d46 Use snake_case filename 2015-01-10 00:28:01 -06:00
jvazquez-r7 59d602f37d Refactor cisco_cucdm_callforward 2015-01-10 00:27:31 -06:00
jvazquez-r7 511a7f8cca send_request_cgi already URI encodes 2015-01-10 00:06:26 -06:00
jvazquez-r7 5d8167dca6 Beautify description 2015-01-10 00:02:42 -06:00
jvazquez-r7 9fb4cfb442 Do First callforward cleanup 2015-01-10 00:00:27 -06:00
jvazquez-r7 f7af0d9cf0
Test landing #4065 into up to date branch 2015-01-09 23:40:16 -06:00
jvazquez-r7 bedbffa377
Land #3700, @ringt fix for oracle_login
* Avoid retrying logins when connection cannot be stablished
2015-01-09 22:59:32 -06:00
jvazquez-r7 38c36b49fb Report when nothing is rescued 2015-01-09 22:58:19 -06:00
Jon Hart b1ca1cc110
Add back TARGETURI because Exploit::Remote::HttpClient doesn't define one (...) 2015-01-09 13:20:18 -08:00
Jon Hart 831ba8b470
Improve (mis)Fortune Cookie (CVE-2014-9222) scanner 2015-01-09 12:58:35 -08:00
jvazquez-r7 ca765e2cc5 Refactor client mixin 2015-01-08 15:46:24 -06:00
jvazquez-r7 3debcef00b Fix call from aux module 2015-01-08 14:24:27 -06:00
jvazquez-r7 c205ef28d4 Refactor build_gc_call 2015-01-08 14:01:04 -06:00
jvazquez-r7 73e3cd19c3 Convert java_rmi_server aux mod to use new mixin 2015-01-08 00:29:50 -06:00
jvazquez-r7 d59805568e Do first module refactoring try 2015-01-07 19:06:09 -06:00
James Lee da2e088118
Land #4536, Ruby 2.2 compat fixes
Note that ActiveRecord 3.2.21 still has a similar warning that will
probably cause bugs, preventing full support for 2.2 until that's fixed.
2015-01-07 15:33:23 -06:00
David Maloney df70678762
tell suer KoreLogic rules have been applied
make sure to rpovide console feedback that we are
actually applying the KoreLogic rules to wordlist mode
2015-01-07 12:36:07 -06:00
David Maloney 4ad7021336
give user option to turn on KoreLogic rules
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
2015-01-07 12:32:26 -06:00
rastating a5f48b23df Add use of Msf::ThreadManager 2015-01-07 17:27:06 +00:00
rastating e90e98547b Add configurable timeout to WordPress login 2015-01-07 17:06:31 +00:00
dmooray 8c23e8c2e8 ruby 2.2 compatibility
Fix circular argument reference warnings for ruby 2.2
2015-01-07 12:00:50 +02:00
William Vu 0bece137c1
Land #4494, Object.class.to_s fix 2015-01-06 02:27:35 -06:00
sinn3r 44dfa746eb Resolve #4513 - Change #inspect to #to_s
Resolve #4513
2015-01-05 11:50:51 -06:00
sinn3r 4257fef91b
Land #4101 - Konica MFP FTP and SMB credential gathering module 2015-01-05 10:31:28 -06:00
jvazquez-r7 e7affb9048
Land #4493, @pedrib's module for ManageEngine Central Desktop create admin 2015-01-04 23:46:31 -06:00
jvazquez-r7 c5e72fb324 Change module filename 2015-01-04 23:14:12 -06:00
jvazquez-r7 4798f2328d Change module filename 2015-01-04 23:13:17 -06:00
jvazquez-r7 6bb3171328 Do minor cleanup 2015-01-04 23:12:42 -06:00
jvazquez-r7 711b97ecc5 Beautify metadata 2015-01-04 23:08:46 -06:00
rastating 92015ac124 Replace custom login with wordpress_login mixin 2015-01-04 23:07:07 +00:00
rastating 39412c4a48 Add WordPress long password DoS module 2015-01-04 18:50:23 +00:00
Pedro Ribeiro 32d4bf03c3 Add OSVDB id and full disclosure URL 2015-01-04 12:36:51 +00:00
Tod Beardsley 264d3f9faa
Minor grammar fixes on modules 2014-12-31 11:45:14 -06:00
Christian Mehlmauer 4f11dc009a
fixes #4490, class.to_s should not be used for checks 2014-12-31 10:46:24 +01:00
Pedro Ribeiro e81e68bdaf Create me_dc9_admin.rb 2014-12-31 02:02:52 +00:00
sinn3r 555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support) 2014-12-29 16:09:28 -06:00
sinn3r f2130311fa Add the MSF blog reference 2014-12-29 16:08:35 -06:00
Tod Beardsley 1dd9d60e34
Land #4461, Android cookie database theft
`
Thanks @jvennix-r7!
2014-12-29 08:15:21 -06:00
Tod Beardsley d10222365b
Add Rafay's blog as a reference 2014-12-29 08:12:19 -06:00
Tod Beardsley 1236684954
Use get_uri instead, note lack of Rex::Text method
See rapid7#4461
2014-12-28 15:06:34 -06:00
Tod Beardsley 788e315fd4
Fix msftidy warnings 2014-12-28 14:53:29 -06:00
jvazquez-r7 85ab11cf52 Use print_warning consistently 2014-12-26 09:54:38 -06:00
jvazquez-r7 f31a2e070e Use print_warning to print the Kerberos error 2014-12-26 09:22:09 -06:00
jvazquez-r7 d148848d31 Support Kerberos error codes 2014-12-24 18:05:48 -06:00
jvazquez-r7 89d0a0de8d Delete unnecessary connect 2014-12-23 19:35:59 -06:00
jvazquez-r7 265e0a7744 Upper case domain 2014-12-23 19:16:50 -06:00
jvazquez-r7 ed2d0cd07b Use USER_SID instead of DOMAIN_SID and USER_RID 2014-12-23 19:11:05 -06:00
Joe Vennix 8d73794cc8
Add hint for exploit on old devices. 2014-12-23 12:29:08 -06:00
jvazquez-r7 708cbd7b65 Allow to provide USER SID 2014-12-22 18:24:50 -06:00
jvazquez-r7 56eadc0d55 Delete default values from options 2014-12-22 18:11:43 -06:00
jvazquez-r7 787dab998d Fix description 2014-12-22 17:51:44 -06:00
jvazquez-r7 a7faf798bf Use explicit encryption algorithms 2014-12-22 15:51:17 -06:00
jvazquez-r7 f37cf555bb Use random subkey 2014-12-22 15:39:08 -06:00
jvazquez-r7 b0a178e0a3 Delete blank line 2014-12-22 14:40:32 -06:00
jvazquez-r7 5a6c915123 Clean options 2014-12-22 14:37:37 -06:00
jvazquez-r7 20ab14d7a3 Clean module code 2014-12-22 14:29:02 -06:00
jvazquez-r7 dabc890b2f Change module filename again 2014-12-22 12:35:15 -06:00
jvazquez-r7 2b46bdd929 Add references and authors 2014-12-22 12:34:31 -06:00
jvazquez-r7 4319dbaaef Change module filename 2014-12-22 12:29:28 -06:00
jvazquez-r7 60d4525632 Add specs for Msf::Kerberos::Client::Pac 2014-12-21 17:49:36 -06:00
jvazquez-r7 9f1403a63e Add initial specs for Msf::Kerberos::Client::TgsResponse 2014-12-20 20:29:00 -06:00
jvazquez-r7 b0ac68fbc3 Create build_subkey method 2014-12-19 19:46:57 -06:00
jvazquez-r7 4a106089b9 Move options to build_tgs_request_body 2014-12-19 19:12:17 -06:00
jvazquez-r7 e6781fcbea Build AuthorizationData from the module 2014-12-19 18:59:39 -06:00
jvazquez-r7 9bd454d288 Build PAC extensions from the module 2014-12-19 18:47:41 -06:00
jvazquez-r7 def1695e80 Use options by call 2014-12-19 18:23:11 -06:00
jvazquez-r7 f332860c19 Clean creation of client and server principal names 2014-12-19 18:16:22 -06:00
jvazquez-r7 bd85723a9d Build pre auth array out of the mixin 2014-12-19 18:10:14 -06:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
jvazquez-r7 d058bd5259 Refact extraction of kerberos cache credentials 2014-12-19 15:53:24 -06:00
HD Moore fffa8cfdd1
Lands #4426 by cleaning up the module description 2014-12-19 14:54:17 -06:00
jvazquez-r7 fad08d7fca Add specs for Rex Kerberos client 2014-12-19 12:14:33 -06:00
Joe Vennix e45af903d9
Add patch discovery date. 2014-12-19 12:04:41 -06:00
Joe Vennix 25313b1712
Use the hash to pass the script. 2014-12-19 02:30:37 -06:00
Jon Hart 8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222 2014-12-18 17:21:26 -08:00
jvazquez-r7 f325d2f60e Add support for cache credentials in the mixin 2014-12-18 16:31:46 -06:00
Tod Beardsley c15bad44a6
Be clearer on backslash usage.
See #4282
2014-12-18 16:16:02 -06:00
jvazquez-r7 9a58617387 Add dummy test module 2014-12-17 19:57:10 -06:00
sinn3r 6b0a98b69c
Resolve #4408 - bad uncaught nil get_once 2014-12-17 14:02:42 -06:00
Joe Vennix 84ea628284
Add Android cookie theft attack. 2014-12-16 19:12:01 -06:00
William Vu f6af86a06d
Land #4402, ms12_020_check NilClass fix 2014-12-16 15:34:25 -06:00
William Vu 2604746fb7
Land #4361, Kippo detector 2014-12-15 14:54:48 -06:00
William Vu 8394cc13a8
Perform final cleanup of detect_kippo 2014-12-15 14:38:38 -06:00
sinn3r c611249723 Take full advantage of the check command 2014-12-15 12:50:59 -06:00
sinn3r 9edb2b4fab Fix #4378 - Do exception handling
Fix #4378
2014-12-15 12:37:36 -06:00
Brandon Perry eb47ca593e update desc to include domain admin information 2014-12-13 13:01:41 -06:00
Brandon Perry 2e94280cba mv bmc to scanner/http 2014-12-13 12:58:16 -06:00
Brandon Perry 8c6b95c39c Merge branch 'landing-4359' of https://github.com/jhart-r7/metasploit-framework into bmc_trackit 2014-12-13 11:37:57 -06:00
Brandon Perry cd1e61a201 Merge branch 'master' into bmc_trackit 2014-12-13 11:36:30 -06:00
Andrew Morris 8dd5da9d64 added blog post reference 2014-12-12 18:53:26 -08:00
HD Moore f676b72767
Add Kademlia scanner, lands #4210 2014-12-12 16:40:58 -06:00
HD Moore 338cce02c9 Downcase the service name for consistency 2014-12-12 16:40:42 -06:00
Andrew Morris f5374d1552 Added report_service method for database support, added port number in the print_status output, removed arbitrary comments, fixed some spacing. Ready for another review from msf devs 2014-12-12 11:57:35 -08:00
jvazquez-r7 c683e7bc67
Fix banner 2014-12-12 13:01:51 -06:00
jvazquez-r7 b1f7682713 Make msftidy happy 2014-12-12 12:59:00 -06:00
jvazquez-r7 493034ad10 Land #3305, @claudijd Cisco SSL VPN Privilege Escalation exploit 2014-12-12 12:57:00 -06:00
jvazquez-r7 047bc3d752 Make msftidi happy 2014-12-12 12:49:12 -06:00
jvazquez-r7 a1876ce6fc
Land #4282, @pedrib's module for CVE-2014-5445, NetFlow Analyzer arbitrary download 2014-12-12 12:47:50 -06:00
jvazquez-r7 a0b181b698
Land #4335, @us3r777 JBoss DeploymentFileRepository aux module 2014-12-12 10:40:03 -06:00
jvazquez-r7 3059cafbcb Do minor cleanup 2014-12-12 10:37:50 -06:00
Jon Hart 751bc7a366 Revert "Move to a more appropriate location"
This reverts commit 6c82529266.
2014-12-12 07:42:22 -08:00
Jon Hart 6c82529266
Move to a more appropriate location 2014-12-12 07:40:37 -08:00
Christian Mehlmauer 0f27c63720
fix msftidy warnings 2014-12-12 13:16:21 +01:00
Jon Hart 65b316cd8c
Land #4372 2014-12-11 18:48:16 -08:00
Jon Hart 3c2a33a316
Allow new password to be specified as an option 2014-12-11 17:26:42 -08:00
Jon Hart a013dbf536
Correct and add more prints 2014-12-11 17:16:43 -08:00
Jon Hart 48dcfd9809
Use random security Q/A 2014-12-11 17:10:33 -08:00
Jon Hart f208f31a33
Use correct username/domain in report_vuln
It would be nice if 'vulns' showed this
2014-12-11 16:59:21 -08:00
Jon Hart 70fce0bb33
Report the changed password 2014-12-11 16:56:22 -08:00
Jon Hart f64a3be742
Avoid death by a thousand functions 2014-12-11 16:53:36 -08:00
Jon Hart 0627f708a2
Better handling of failed requests 2014-12-11 16:51:41 -08:00
Jon Hart f2bda05d42 Correct last of the print_ 2014-12-11 16:28:08 -08:00
Jon Hart 9486f67fbc report_vuln upon exploitation with more specific details 2014-12-11 16:28:08 -08:00
Jon Hart 37d0959fd6 Include info in report_vuln. More style 2014-12-11 16:28:08 -08:00
Jon Hart cfb02fe909 Add check support 2014-12-11 16:28:07 -08:00
Jon Hart 44818ba623 Minor style and usage updates as a result of Scanner 2014-12-11 16:28:07 -08:00
Jon Hart 0a29326ce7 Mixin Scanner. Yay speed! 2014-12-11 16:28:07 -08:00
Jon Hart c9acd7a233 Remove unnecessary RPORT, which comes from HttpClient 2014-12-11 16:28:07 -08:00
Jon Hart f8c25d83e5 Use get_cookies instead 2014-12-11 16:26:51 -08:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Christian Mehlmauer de88908493
code style 2014-12-11 23:30:20 +01:00
dmaloney-r7 47c38ed04e Merge pull request #4364 from todb-r7/bug/bruteforce-speed-3904
Modules should respect bruteforce_speed again
2014-12-11 13:19:42 -06:00
Tod Beardsley 51762e1194
Explicitly include the HTTP Login scanner
This should be the last commit that fixes #3904.
2014-12-11 11:08:08 -06:00
Tod Beardsley b533f74024
Add a bruteforce_speed option to all LoginScanners 2014-12-11 11:06:32 -06:00
Brandon Perry 54e8254a82 Update bmc_trackit_passwd_reset.rb 2014-12-11 10:59:43 -06:00
Andrew Morris 7afa87f168 screwed up formatting. updated indention at the end. ok seriously, going to bed now 2014-12-11 01:05:56 -08:00
Andrew Morris 291166e1ff forgot to run through msftidy.rb. made a few minor corrections 2014-12-11 00:47:39 -08:00
Andrew Morris a1624c15ae Addressed some recommendations made by wvu-r7. Need to remove some comments, add reporting, etc. 2014-12-11 00:40:20 -08:00
Andrew Morris 22c9db5818 added detect_kippo.rb 2014-12-10 19:37:35 -08:00
Brandon Perry 67cf3e74c0 Update bmc_trackit_passwd_reset.rb 2014-12-10 20:45:54 -06:00
Brandon Perry 90cc9a9bed Update bmc_trackit_passwd_reset.rb 2014-12-10 19:05:46 -06:00
Brandon Perry f37dc13a19 Create bmc_trackit_passwd_reset.rb 2014-12-10 18:54:37 -06:00
Spencer McIntyre 86ae104580
Land #4325, consistent mssql module names 2014-12-09 21:52:05 -05:00
sinn3r 87c83cbb1d Another round of name corrections 2014-12-09 20:16:24 -06:00
Jonathan Claudius e89a399f95 Merge remote-tracking branch 'upstream/master' into add_cisco_ssl_vpn_priv_esc 2014-12-09 20:55:01 -05:00
Tod Beardsley 09617f990b Implement BRUTEFORCE_SPEED respect (telnet)
This implements just for telnet, but assuming this strategy is kosher,
it's not too painful to add for the rest of the LoginScanner using the
old defaults used by `AuthBrute`.

See #3904, @dmaloney-r7 or @jlee-r7
2014-12-09 15:40:43 -06:00
sinn3r bb8dfdb15f Ensure consistency for mssql modules 2014-12-09 10:28:45 -06:00
Christian Mehlmauer 916503390d
use get_data 2014-12-08 22:49:02 +01:00
Christian Mehlmauer fb9724e89d
fix heartbleed cert parsing, fix #4309 2014-12-08 21:58:38 +01:00
us3r777 4abfb84cfc Upload WAR through Jboss DeploymentFileRepository 2014-12-08 19:02:51 +01:00
Pedro Ribeiro 98e416f6ec Correct OSVDB id 2014-12-07 17:54:31 +00:00
Pedro Ribeiro e474ecc9cf Add OSVDB id 2014-12-07 17:41:35 +00:00
jvazquez-r7 54705eee48 Fix option parsing 2014-12-06 21:50:54 -06:00
William Vu 2f98a46241
Land #4314, @todb-r7's module cleanup 2014-12-05 14:05:09 -06:00
sinn3r 4b06334455 Minor title change for mssql_enum_domain_accounts_sqli
We don't really do "-" for naming

Kind of stands up on a list
2014-12-05 11:42:08 -06:00
Jon Hart 85e0d72711
Land #4229, @tatehansen's module for CVE-2014-7992 2014-12-04 17:20:49 -08:00
Jon Hart f0cfcd4faf
Update dlsw_leak_capture name and print_
This makes it more obvious exactly what is being scanned for
2014-12-04 17:20:01 -08:00
Pedro Ribeiro e5bdf225a9 Update netflow_file_download.rb 2014-12-04 21:32:19 +00:00
Jon Hart 52851d59c0
Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT 2014-12-04 13:26:16 -08:00
Jon Hart 6bd56ac225
Update any modules that deregistered NETMASK 2014-12-04 13:22:06 -08:00
Tod Beardsley 79f2708a6e
Slight fixes to grammar/desc/whitespace
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
tate 3aecd3a10e added DLSw v1 and v2 check, added check for \x00 in leak segment 2014-12-03 23:27:11 -07:00
William Vu 3a978e1147
Land #4280, frontpage_login improvements 2014-12-02 14:56:57 -06:00
jvazquez-r7 0ab2e99419
Delete version from title 2014-12-01 10:24:12 -06:00
jvazquez-r7 f4e20284a4 Change mixin include order 2014-12-01 10:22:20 -06:00
jvazquez-r7 d85aabfed9 Use vprint by default 2014-12-01 10:20:12 -06:00
jvazquez-r7 e0cb0f7966 Fix description 2014-12-01 10:19:14 -06:00
jvazquez-r7 fa07b466d6 Use single quote and minor cosmetic changes 2014-12-01 09:57:29 -06:00
jvazquez-r7 d5888a7f6f Fix module options 2014-12-01 09:55:36 -06:00
jvazquez-r7 47acf3487d Do minor cleanup
* Prepend peer
* Use print_good when file downloaded
2014-12-01 09:53:00 -06:00
Roberto Soares Espreto e4b3ee2811 Changed the module name. 2014-12-01 01:00:14 -02:00
Roberto Soares Espreto ecbce679a8 Remove timeout on line 59. 2014-12-01 00:51:12 -02:00
Roberto Soares Espreto f3957ea428 FILEPATH changed from false to true. 2014-12-01 00:48:47 -02:00
Roberto Soares Espreto 97ee975235 Deleted checking on line 48. 2014-12-01 00:46:58 -02:00
Roberto Soares Espreto 84ce573227 Deleted line 61 which returns the server status code. 2014-12-01 00:39:05 -02:00
jvazquez-r7 ff30a272f3 Windows paths need 2 backslashes 2014-11-30 18:54:41 -06:00
jvazquez-r7 223bc340e4 Prepend peer 2014-11-30 18:46:15 -06:00
jvazquez-r7 5ad3cc6296 Make FILEPATH mandatory 2014-11-30 18:45:23 -06:00
jvazquez-r7 b1b10cf4e5 Use Rex::ConnectionError 2014-11-30 18:44:25 -06:00
jvazquez-r7 a549cbbef8 Beautify metadata 2014-11-30 18:44:03 -06:00
Deral Heiland 0887127264 Fixed several recommended changes by jvazquez-r7 and jlee-r7 2014-11-30 00:53:24 -05:00
Pedro Ribeiro 26d9ef4edd Explain about Windows back slashes on option 2014-11-30 00:15:44 +00:00
Pedro Ribeiro 2fb38ec7bb Create exploit for CVE-2014-5445 2014-11-30 00:12:37 +00:00
Tiago Sintra 6f6274735f Update frontpage_login.rb
Vhost is now used if specified.
Added X-Vermeer-Content-Type header, which seems to be required for the RPC service otherwise server responds with:
method=
status=

    status=262147
    osstatus=0
    msg=No "CONTENT_TYPE" on CGI environment.
    osmsg=
2014-11-28 17:21:47 +00:00
Roberto Soares Espreto d75ffc36da Changed the description of FILEPATH 2014-11-27 00:50:34 -02:00
Roberto Soares Espreto f8dc366f42 Add CVE-2014-7816 Directory Traversal for WildFly 8 Application 2014-11-27 00:13:29 -02:00
Jon Hart 79b2b5e231 RPORT is required by UDPScanner; deregister instead 2014-11-26 07:39:14 -08:00
jvazquez-r7 d4e5cd25e1 Report credentials for new login level 15 2014-11-25 16:35:16 -06:00
jvazquez-r7 dc253efa19 Use Rex::Text.rand_text* 2014-11-25 16:35:06 -06:00
jvazquez-r7 f20afff1a8 Do return instead of abort 2014-11-25 16:34:57 -06:00
jvazquez-r7 d876efaa0f Delete ssh_socket attribute 2014-11-25 16:34:47 -06:00
jvazquez-r7 5091bc76ad Do minor cleanup 2014-11-25 16:34:22 -06:00
jvazquez-r7 c92a26e967 Update from upstream master 2014-11-25 16:30:45 -06:00
jvazquez-r7 5f4760c58e Print final results in a table 2014-11-25 14:01:29 -06:00
jvazquez-r7 d998d97aaa Refactor build_user_sid 2014-11-25 13:58:47 -06:00
jvazquez-r7 aad860a310 Make conditional easier 2014-11-25 13:54:08 -06:00
jvazquez-r7 ba57bc55b0 Don't report service 2014-11-25 13:52:22 -06:00
jvazquez-r7 059b0e91da Don't report service
* The mssql could be in a third host, not rhost
2014-11-25 13:50:42 -06:00
jvazquez-r7 b467bda2d6 Reuse local variable 2014-11-25 13:49:24 -06:00
jvazquez-r7 31a84ef6ff Make ternary operator more readable 2014-11-25 13:44:50 -06:00
jvazquez-r7 be566e5ad3 Use a lower fuzz number by default 2014-11-25 13:42:47 -06:00
jvazquez-r7 cd43f83cd7 Delete unnecessary comments
* No need to comment every step, just relevant
comments to undrestad code.
2014-11-25 13:40:57 -06:00
jvazquez-r7 f93dbc6deb Use the target domain name 2014-11-25 13:36:48 -06:00
jvazquez-r7 7c87603b0e Add progress information 2014-11-25 13:23:36 -06:00
jvazquez-r7 8e5b37ea6e Fix reporting 2014-11-25 13:20:31 -06:00
jvazquez-r7 93539ae4c6 Use shorter variable name 2014-11-25 13:04:31 -06:00
jvazquez-r7 271f982f34 Use peer 2014-11-25 13:03:48 -06:00
jvazquez-r7 c549508abb Use vprint 2014-11-25 13:03:18 -06:00
jvazquez-r7 249fb79a21 Fix print_* calls 2014-11-25 13:02:53 -06:00
jvazquez-r7 87cfd7c321 Dont use disconnect 2014-11-25 13:00:53 -06:00
jvazquez-r7 fb8372f505 Fix metadata 2014-11-25 12:59:11 -06:00
jvazquez-r7 71f35f5cd6 Update from upstream master 2014-11-25 12:46:44 -06:00
nullbind 4bd579bc1c added mssql_enum_domain_accounts_sqli 2014-11-25 09:57:20 -06:00
William Vu 64f2b45ef4
Land #4258, release fixes 2014-11-24 21:44:14 -06:00
Jon Hart 0ed356f71c
Move Kademlia stuff to a more OO model, etc, per reviews
All of the work is done in rex.  The msf mixin just prevents the
desire to call rex directly from the module
2014-11-24 14:03:43 -08:00
Tod Beardsley bd948eb346
Normalize author name
From #4061, please don't decorate author names with URLs.
2014-11-24 13:03:42 -06:00
jvazquez-r7 343a0d78bc Delete admin check 2014-11-24 12:28:19 -06:00
jvazquez-r7 7164c4e038 Use shorter filename 2014-11-24 12:10:08 -06:00
jvazquez-r7 021b27dd83 Clean reporting 2014-11-24 12:01:09 -06:00
jvazquez-r7 f74ab34881 Delente unnecessary check 2014-11-24 11:50:41 -06:00
jvazquez-r7 3c858c793a Use vprint 2014-11-24 11:49:36 -06:00
jvazquez-r7 4a169210ab Use vprint 2014-11-24 11:48:16 -06:00
jvazquez-r7 ecb74c543a Beautify description 2014-11-24 11:27:32 -06:00
jvazquez-r7 c52104e91d Beautify metadata 2014-11-24 11:24:41 -06:00
jvazquez-r7 fcb4bea3c1 Fix code comments 2014-11-24 11:23:27 -06:00
Tod Beardsley 77b1f2d2f0
Fixup for release
Fixes the grammar on the SMTP enumeration module and the Cisco CDP
module, and adds a more informative description and reference for the
CDP module introduced on PR #4061.
2014-11-24 10:50:43 -06:00
jvazquez-r7 10d0305cb2 Update from upstream master 2014-11-24 09:48:43 -06:00
Jon Hart e9750e2df8
Minor style/usability cleanups 2014-11-24 06:57:31 -08:00