6d1ab101ed
Back out all changes to llmnr_response
2015-09-02 13:52:38 -07:00
126fc9881e
Cleanup and tweaks
2015-09-02 12:48:53 -05:00
3d04d53e3a
first pass at better output and report_service
2015-09-02 10:31:46 -07:00
b89b6b653a
Update trace.rb
2015-09-03 01:26:45 +08:00
73bf812dfd
Update trace.rb
...
removed the cookie
2015-09-03 00:35:23 +08:00
5ecee6aaba
Update trace.rb
...
removed some spaces so that msftidy will be happy
2015-09-03 00:27:22 +08:00
34e0819a6e
Modified the HTTP Trace Detection to XST Checker
...
This was suggested by HD Moore in https://github.com/rapid7/metasploit-framework/pull/5612
2015-09-03 00:19:08 +08:00
8e993d7793
Remove deprecated vmware modules
2015-09-02 13:00:15 +05:00
0c4b020089
Land #5913 , Add WP NextGEN Gallery Directory Traversal Vuln
2015-09-02 00:01:35 -05:00
381297ba93
Fix the regex flags
2015-09-01 23:07:48 -05:00
626704079d
Changed output store_loot
2015-09-02 00:18:10 -03:00
96600a96ab
Changed html parse by @wchen-r7
2015-09-01 22:03:21 -03:00
3c72467b7d
Fixes bug where "cert.rb:47: warning: flags ignored" happens due to some issuer patterns.
2015-09-02 01:02:46 +02:00
9dd14eb747
Merge branch 'upstream-master' into land-5899-android
2015-09-01 17:11:58 -05:00
35661d0182
Add WP NextGEN Gallery Directory Traversal Vuln
2015-09-01 13:28:04 -03:00
9a2696aed4
Add Reference
2015-08-31 12:03:17 -07:00
c14cae1425
Make INTERNAL_PORT optional, allowing DELETE to work
2015-08-31 11:30:18 -07:00
44813370d5
Better name, description and author
2015-08-31 10:42:50 -07:00
8665134691
Add add/delete action. update logging. rename module again
2015-08-31 10:22:36 -07:00
436910b25f
Clean up map description
2015-08-28 15:49:29 -07:00
e6e05814d0
Use an OptAddress instead, revert back to client name
2015-08-28 15:43:04 -07:00
66616eeb95
Remove unused
2015-08-28 15:38:23 -07:00
35555f5f24
Make most everything configurable and provide useful output
2015-08-28 15:36:49 -07:00
13dd8222ec
Expose lease duration as an option
2015-08-28 15:22:19 -07:00
d57041136f
Use random port mapping description
2015-08-28 15:09:58 -07:00
840be71683
Add support for specifying protocol
...
UDP is fun too. Are there others?
2015-08-28 14:53:41 -07:00
45fde928fc
More minor style cleanup
2015-08-28 14:49:57 -07:00
ba95a7d2ac
Convert to using HttpClient
2015-08-28 14:47:13 -07:00
a0aaf93f27
Relocate module to more correct location
2015-08-28 14:20:33 -07:00
45c2422981
First pass at style cleanup
2015-08-28 14:19:28 -07:00
cba3650488
report_service for mdns/llmnr query
2015-08-28 14:04:52 -07:00
0c7d2af6bc
Land #5750 , Add WP All In One Migration Export Module
2015-08-28 14:12:14 -05:00
837b6a4f71
Update description
2015-08-28 14:11:51 -05:00
d2e758ac8b
Better failure handling
2015-08-28 14:08:29 -05:00
3d4cb06c67
Land #5807 , Added Module WP Mobile Pack Vuln
2015-08-28 13:43:00 -05:00
9e7f6d6500
Typos
2015-08-28 13:42:37 -05:00
29e92aaabe
Land #5806 , WordPress Subscribe Comments File Read Vuln
2015-08-28 11:52:59 -05:00
62e6b23b4c
Typo
2015-08-28 11:52:13 -05:00
e82bd10817
Add aux module to be able to open android meterpreter from a browser
2015-08-27 14:36:55 -05:00
8785083722
Ensure disconnect
2015-08-24 12:36:15 -05:00
1e6c53b430
Correct the storage of ssh banners in service.info
2015-08-22 01:21:15 -05:00
1558fabdb2
Land #5844 , @joevennix updates apple_safari_webarchive_uxss to use the webarchive mixin
2015-08-21 17:27:56 -05:00
182c1bc7fe
Disconnect socket when login fails
2015-08-17 18:20:04 -05:00
b17d8f8d49
Land #5768 , update modules to use metasploit-credential
2015-08-17 17:08:58 -05:00
a560496455
Do minor ruby style fixes
2015-08-14 14:50:03 -05:00
82193f11e7
Minor js fixes
2015-08-14 14:45:48 -05:00
e4cb6872f2
Add exploit for CVE-2015-4495, Firefox PDF.js
2015-08-14 12:07:15 -05:00
0615d908c4
Update description to explain quarantine effects.
2015-08-13 23:46:37 -05:00
84144bf6cf
Update webarchive_uxss to use the webarchive mixin.
...
- Fixes extension installation to use a new window, not an iframe
- Steals the entire cookie file
- Removes cache poisoning scripts, which no longer seem to work
2015-08-13 23:41:27 -05:00
61e23ad23e
Switch back to ::Net::DNS::Packet.new
2015-08-13 11:29:56 -07:00
9f2c62d4ce
Use query_name instead of datastore
2015-08-13 11:17:27 -07:00
50041fad2a
Pre-Bloggery cleanup
...
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.
Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823 , mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
3a7cea51b4
Merge master and fix Net::DNS::RR merge conflicts
2015-08-13 08:53:25 -07:00
a611fff7bf
Use Rex::ThreadSafe.select on CVE-2015-1793
2015-08-08 07:43:39 -07:00
c8ba5bb90c
Land #5513 , @rcvalle's exploit for incomplete internal state distinction in JSSE
2015-08-08 07:41:53 -07:00
2707b3b402
Use Rex::ThreadSafe.select
2015-08-08 07:40:19 -07:00
a0eef3880a
Initialize version local variable
2015-08-08 07:35:37 -07:00
bb74b6fecb
Fix data reading
2015-08-08 07:18:01 -07:00
6fe7672732
Improve Rex sockets usage
2015-08-07 00:11:58 -07:00
e96717950c
refactored
2015-08-06 08:18:26 -04:00
67f661823a
Land #5614 , @cldrn's module to collect lansweeper credentials
2015-08-04 16:55:49 -05:00
ed3f993b75
Do some style fixes
2015-08-04 16:41:15 -05:00
0e3434ebad
Fix metadata
2015-08-04 16:28:50 -05:00
7bb4f9479f
Added new reference and removed empty line.
2015-08-04 03:58:57 -03:00
d9b6e9cc58
Changed res condition and some words.
2015-08-04 03:44:25 -03:00
19ceccd93a
Added JSON parse output.
2015-08-04 03:13:11 -03:00
f4679f5341
Added WP Mobile Pack Info Disclosure Vuln - Functional Module.
2015-08-04 02:21:26 -03:00
d221e9d961
Added more references.
2015-08-03 02:46:54 -03:00
e59e4828e4
Removed unnecessary DEPTH option.
2015-08-02 22:56:17 -03:00
514849bcdc
Added WP Subscribe Comments File Read Vuln - Functional.
2015-08-02 21:24:52 -03:00
cebcf72a99
Add discoverer credit, blog ref, longer desc
2015-08-01 10:31:41 -05:00
fcb7981199
Add BIND TKEY DoS
2015-08-01 06:01:35 -05:00
fdb2b008f9
Fix a small typo - OSVDB instead of OSVBD.
2015-07-31 02:23:19 -03:00
3c394d673d
altered module to default
...
to replace RHOST with VHOST if it is defined.
MSP-11167
2015-07-30 16:25:15 -05:00
54c5c6ea38
Another update
2015-07-29 14:31:35 -05:00
61b2ca6675
Land #5781 , Msf::Format::Webarchive rename
2015-07-29 13:38:42 -05:00
c46ce6c391
Land #5780 , password_prompt fix for Telnet scanner
2015-07-28 17:54:43 -05:00
0f4b2e4226
description update
2015-07-28 15:31:51 -04:00
27e5557b67
set port using rport instead of only 445
2015-07-28 15:29:23 -04:00
fafbc4db3f
GPP enumeration via an AUX module
2015-07-28 15:21:33 -04:00
2415072c17
Replaced 'and' with '&&'
2015-07-28 14:14:25 -05:00
ee5e5b1e71
Fixed NoMethodError for .match on nil
2015-07-28 09:03:54 -05:00
7681d73e01
Relocate Webarchive into the Exploit namespace, fixes #5717
2015-07-28 04:11:17 -07:00
e53419a911
use password_prompt? not @password_prompt
2015-07-27 19:21:59 -05:00
3fd18e4844
Update soap_addportmapping.rb
2015-07-26 21:57:49 +02:00
1210183930
Update soap_addportmapping.rb
2015-07-26 21:41:47 +02:00
8dbd51ae38
Update soap_addportmapping.rb
2015-07-26 20:59:43 +02:00
fba81fc539
Create soap_addportmapping.rb
2015-07-26 20:59:04 +02:00
18636e3b9b
Land #5739 , @wchen-r7 fixes #5738 updating L/URI HOST/PORT options
2015-07-24 15:45:31 -05:00
ec7bf606c6
Land #5735 , @rcvalle's for CVE-2015-1793 OpenSSL mitm
2015-07-24 14:38:27 -05:00
45b4334006
Use Rex::Socket::SslTcpServer
...
* Also add rex sockets managing
2015-07-24 11:16:09 -05:00
866a99ed07
This is better
2015-07-23 20:51:21 -05:00
f5387ab3f2
Fix #5766 , check res for send_request_raw
...
Fix #5766
2015-07-23 20:49:18 -05:00
8bead5fde2
Modate update on using metasploit-credential
...
Update some more modules to usethe new cred API.
Also, make sure to always provide proof because that seems handy.
2015-07-23 18:07:19 -05:00
e32b3c71f4
Fix ZDI ref on sandbox escape module
2015-07-23 17:11:19 -05:00
91fc213ddf
More metasploit-credential update
2015-07-23 15:50:50 -05:00
50074c4617
Fix typo .blank to .blank?
2015-07-22 09:05:16 -05:00
4561850055
Use metasploit-credential API instead of report_auth_info
2015-07-22 01:11:43 -05:00
d3f31fb56a
Fix msftidy results
2015-07-21 21:29:44 +01:00
55be2eff06
Replace return with fail_with
2015-07-21 21:25:42 +01:00
6a9c934c54
Resolve conflict
2015-07-20 18:44:17 -05:00
1e17ac4ec7
Use the cred API correctly
2015-07-20 18:40:48 -05:00
f94fe3cefd
More correct URL, not just a bare wiki link
...
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
2015-07-20 16:23:29 -05:00
4cacbcc4f7
Minor fixups on sysaid modules
...
Edited modules/auxiliary/admin/http/sysaid_file_download.rb first landed
in #5472 , @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
Edited modules/auxiliary/admin/http/sysaid_sql_creds.rb first landed in
2015-07-20 16:19:21 -05:00
c63fdad1f1
Add URL reference
2015-07-20 18:15:17 +01:00
f1a909c292
Add WP All In One Migration export module
2015-07-20 18:13:32 +01:00
454dd59da8
Add vuln discoverers
2015-07-17 13:37:30 -05:00
29718ce4e1
Land #5474 , @pedrib's module for sysaid CVE-2015-2996 and CVE-2015-2998
...
* sysaid SQL database cred disclosure
2015-07-17 12:36:48 -05:00
a54b58fc24
Fix port parsing and cleanup
2015-07-17 12:34:46 -05:00
869ac87b64
Land #5472 , @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
...
* SysAid arbitrary file download
2015-07-17 11:46:00 -05:00
9ac1688eb1
Do code cleanup
2015-07-17 11:45:28 -05:00
787c0e2c41
Land #5470 , @pedrib's module for SysAid CVE-2015-2993
...
* SysAid Help Desk Administrator Account Creation
2015-07-17 11:09:08 -05:00
ca38fc5518
Update description
2015-07-17 11:08:28 -05:00
449c751521
Add missing info
2015-07-16 09:36:18 -07:00
8d0e34dbc0
Resolve #5738 , make the LHOST option visible
...
Resolve #5738
2015-07-16 11:00:15 -05:00
5d6c15a43d
Add openssl_altchainsforgery_mitm_proxy.rb
...
This module exploits a logic error in OpenSSL by impersonating the
server and sending a specially-crafted chain of certificates, resulting
in certain checks on untrusted certificates to be bypassed on the
client, allowing it to use a valid leaf certificate as a CA certificate
to sign a fake certificate. The SSL/TLS session is then proxied to the
server allowing the session to continue normally and application data
transmitted between the peers to be saved. This module requires an
active man-in-the-middle attack.
2015-07-15 22:36:29 -07:00
886ca47dfb
Land #5650 , @wchen-r7's browser autopwn 2
2015-07-15 10:21:44 -05:00
4f8f640189
Rename autopwnv2 to just autopwn2
2015-07-14 17:38:51 -05:00
8384be6466
Fix rand_text_alpha and bump max exploit count to 21
2015-07-14 01:02:01 -05:00
07d05828d0
Land #5688 , remove msfcli
2015-07-13 15:27:38 -05:00
0a5119a4ac
Land #5702 , vprint_* optional parameter
2015-07-13 18:47:22 +00:00
53bcee011b
Land #5709 , s/Filed/Failed/ typo fixes
2015-07-13 18:37:46 +00:00
e4e9ac9d28
Remove cold_fusion_version, use coldfusion_version instead
...
Please use auxiliary/scanner/http/coldfusion_version instead.
2015-07-13 12:56:46 -05:00
884b779b36
Land #5593 , CVE-2015-1155 Safari file:// Redirection Sandbox Escape
2015-07-13 11:28:39 -05:00
6a5645d747
Changed "Filed" to "Failed" in multiple files
2015-07-13 11:21:20 -05:00
d1f23c54c7
Changed Filed to Failed on line 43 in java_rmi_registry.rb
2015-07-13 10:33:15 -05:00
e638d85f30
Merge branch 'upstream-master' into bapv2
2015-07-12 02:01:09 -05:00
d795b2f831
Module cleanup
2015-07-11 19:40:21 +01:00
728b338593
Give msftidy a cookie
2015-07-10 11:28:10 -05:00
cf4b18700d
Fix CVE reference
2015-07-10 11:14:59 -05:00
f59c99e2ff
Remove msfcli, please use msfconsole -x instead
...
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
67666160e8
Add patched server detection
2015-07-08 13:47:59 -05:00
25e0f888dd
Initial commit of R7-2015-08 coverage
2015-07-08 13:42:11 -05:00
d3902771b6
Fixes call to the credentials API and adds version info
2015-07-07 13:48:16 -05:00
fdb715c9dd
Merge branch 'upstream-master' into bapv2
2015-07-07 13:45:39 -05:00
9a1500ee96
Change module name a little bit, makes it easier to find in GUI
2015-07-06 22:31:07 -05:00
4a70e23f9a
Add ExploitReloadTimeout datastore option
...
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
a9edfa1b4b
Fix a small typo
2015-07-06 13:37:36 +02:00
d2063c92e1
Refactor datastore names to match standards
2015-07-05 18:21:45 -05:00
b577f79845
Fix some bugs in the safari file navigation module.
2015-07-05 16:46:18 -05:00
43d47ad83e
Port BAPv2 to Auxiliary
2015-07-02 15:29:24 -05:00
99c29052c7
Merge branch 'smb_enumuser_domain_storage' of github.com:jabra-/metasploit-framework into smb_enumuser_domain_storage
2015-07-02 08:24:04 -04:00
dfa71a2b44
update to store creds using the new method
2015-07-02 08:22:21 -04:00
afa442ad89
Fix a stack trace with ipmi_dumphashes when no database was configured.
2015-06-29 00:46:35 -05:00
355738909a
Fixes typo
2015-06-28 09:32:16 -05:00
5c18fc82f2
Stores credentials using create_credential_login
2015-06-28 09:24:31 -05:00
b332b25795
Stores credentials in DB, fixes loop variable and nil dereference bug
2015-06-27 19:06:15 -05:00
52b49503a0
Land #5498 , @hmoore-r7's patch for a number of Net::DNS/enum_dns issues
2015-06-26 18:25:03 -05:00
c04490e5eb
Remove comma before coordinating conjunction
...
An independent clause does not follow.
2015-06-26 12:50:37 -05:00
2968f52ca4
Removes debug sql output
2015-06-26 12:22:34 -05:00
a338920cb3
lansweeper_collector retrieves and decrypts credentials store in the database of Lansweeper
2015-06-26 12:21:35 -05:00
31eedbcfa0
Minor cleanups on recent modules
...
Edited modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb
first landed in #5577 , MS15-034 HTTP.SYS Information Disclosure
Edited modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb
first landed in #5605 , CVE-2015-3105 flash exploit
Edited modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb
first landed in #5559 , Adobe Flash Player ShaderJob Buffer Overflow
Edited modules/auxiliary/test/report_auth_info.rb first landed in #5540 ,
@wchen-r7's changes for multiple auxiliary modules to use the new cred
API
2015-06-26 12:18:33 -05:00
84c0e62fd3
Land #5493 , update OWA scanner creds persistence
2015-06-26 08:46:27 -05:00
7f4a96f3dc
Fixes coding style issues
2015-06-26 03:29:17 -05:00
3da3595181
MSF module to download and decrypt credentials stored in Lansweeper's database
2015-06-25 19:29:30 -05:00
63f584cbfd
Add last_attempted_at
2015-06-25 12:08:38 +05:00
827d241482
Land #5539 , Quake scanner fix
2015-06-24 15:00:39 -05:00
8b6fba4988
Tweak and fix some things in Safari file URL module.
2015-06-24 02:08:06 -05:00
18a9585f7a
Add safari module for CVE-2015-1155
2015-06-23 16:15:50 -05:00
c45e42465a
Land #5492 , update PCAnywhere login scanner
2015-06-23 14:48:25 -05:00
5751e196bb
Remove extraneous newline
2015-06-23 14:43:37 -05:00
59af7ef1fc
Remove the extra target_uri
2015-06-23 10:27:50 -05:00
a2a231c242
Land #5577 , MS15-034 HTTP.SYS Information Disclosure
2015-06-23 10:20:54 -05:00
11366971da
Oh never mind, user-agent makes it more difficult to use (more crashes)
2015-06-23 01:24:17 -05:00
6127b8a037
Pass user-agent
2015-06-23 01:23:01 -05:00
8ce5cc23cf
More consistent filename style
2015-06-23 01:08:34 -05:00
e9b548e8a2
Changes for ms15034_http_sys_memory_dump.rb
2015-06-23 01:07:33 -05:00
302db36daa
Add last_attempted_at to creds object
2015-06-23 09:46:01 +05:00
8086a6f8cc
remove unnecessary begin/rescue, change print_* to vprint_* in check()
2015-06-22 20:25:12 -04:00
90e17aee6b
clarified affected OSes and error messages
2015-06-22 15:47:26 -04:00
774aef7241
add module to dump memory via MS15-034
2015-06-22 10:31:31 -04:00
7bda1e494b
Use Rex::Socket::Tcp
2015-06-21 13:40:31 -07:00
7f55f6631c
Remove the timeout option
2015-06-20 20:14:47 -07:00
01e87282a9
Use Msf::ThreadManager#spawn
2015-06-20 18:48:10 -07:00
dabc7abae5
Change method names to lowercase
2015-06-20 18:23:34 -07:00
50a3a32bfd
Update sysaid_sql_creds.rb
2015-06-20 16:58:42 +01:00
78c2f8a3a3
Update sysaid_sql_creds.rb
2015-06-20 16:57:34 +01:00
11aca8b27a
Update sysaid_file_download.rb
2015-06-20 16:54:33 +01:00
cf8008ed38
Update sysaid_admin_acct.rb
2015-06-20 16:52:13 +01:00
4762e9f62c
Land #5540 , @wchen-r7's changes for multiple auxiliary modules to use the new cred API
2015-06-19 15:39:09 -05:00
fa6e45964e
Provide context to the note
2015-06-19 15:38:26 -05:00
83427583ea
report_note for group info
2015-06-19 15:09:50 -05:00
ef286fdfcf
Remove report_auth_info
2015-06-19 15:06:02 -05:00
b104155cf1
Do Metasploit::Model::Login::Status::UNTRIED
2015-06-19 15:05:42 -05:00
bd097e3264
Land #5497 , Refactor LoginScanner::SNMP to be fast and less buggy
2015-06-19 14:57:36 -05:00
34d5d92646
Land #5555 , @Th3R3p0's support for for RFB Version 4
2015-06-19 14:15:04 -05:00
d19c2e7206
Land #5544 , track updates to SSL Labs API
2015-06-19 11:39:38 -05:00
bf170a195d
the API sometimes returns negative percents - treat these as 0
2015-06-19 11:38:36 -05:00
5a277389f2
remove some trailing commas
2015-06-19 11:38:22 -05:00
2587595a92
Land #5556 , vprint_status fix
2015-06-19 11:24:54 -05:00
ebd376e0f3
Land #5485 , @wchen-r7 updates wordpress_login_enum to use the new cred API
2015-06-19 10:50:07 -05:00
dfae4bbbf0
Do reporting more accurate
2015-06-19 10:48:12 -05:00
7f56b4635c
Land #5546 , Use the new cred API for auxiliary/server/capture/telnet
2015-06-19 10:46:01 -05:00
d86c21e94a
Land #5567 , author fix
2015-06-19 10:41:41 -05:00
76cd9590a4
Fix author
2015-06-19 19:13:51 +10:00
9b5770c966
Change to Metasploit::Model::Login::Status::SUCCESSFUL
2015-06-18 23:40:51 -05:00
ce9481d2b7
Inconstancy - If datastore['VERBOSE'] vs vprint
2015-06-18 09:27:01 +01:00
a6c7f93bbe
changed text to show support for RFB version 4.001
2015-06-17 13:09:03 -04:00
fcf6212d2f
Update telnet capture module to use the new creds API
2015-06-16 16:37:36 +05:00
c3d2797f10
Fixed Info fields
2015-06-16 04:22:22 -04:00
Jon Hart
HD Moore
JT
Waqas Ali
wchen-r7
Roberto Soares
Alexander Salmin
Brent Cook
jvazquez-r7
Tod Beardsley
joev
Josh Abraham
William Vu
Greg Mikeska
kn0
Fabien
Christian Sanders
rastating
Ramon de C Valle
Mo Sadek
g0tmi1k
cldrn
Donny Maasland
Trevor Rosen
root
rwhitcroft
Pedro Ribeiro
aushack
Th3R3p0
Denis Kolegov