131401f024
Remove unused method
2014-09-12 05:48:11 -05:00
706655f755
Land #3779 , Glassfish LoginScanner exception
...
MSP-11343
2014-09-11 15:57:47 -05:00
d2f2b142b4
Land #3760 , Arris WEP/WPA leak from @dheiland-r7
2014-09-11 15:39:19 -05:00
4fc1ec09c7
Land #3759 , Android UXSS, with ref/desc fixes
...
Incidentally, this also closes jvennix-r7#14 (let's see if I can close a
PR by merging from another repo!)
Also fixes #3782 (opened by accident).
2014-09-11 14:27:51 -05:00
fbba4b32e0
Update the title and desc to be more descriptive
...
See #3759
2014-09-11 14:06:14 -05:00
d627ab7628
Add refs for Android UXSS
...
See #3759
2014-09-11 14:05:50 -05:00
8aa06b8605
Better api for check_setup
2014-09-10 23:43:54 -05:00
c1658e5d51
Add a check_setup method
2014-09-10 20:09:46 -05:00
84e4db9035
Don't raise in the middle
...
MSP-11343
This means we don't bomb out with an unhandled exception, instead
continuing attempting logins against the host even though it will never
succeed. Next up: verify state before running scan!()
2014-09-10 20:09:33 -05:00
872ba6a53b
Update arris_dg950 module with required changes
...
Collapsed several levels of the if/else statement and changed out 2 with
case. Changed print_good to print_line. Removed rescue ::Interrupt and
altered variable names to make them more readable
2014-09-10 19:07:53 -04:00
373eb3dda0
Make struts_code_exec_classloader to work on windows
2014-09-10 18:00:16 -05:00
e317bfe0d5
Add preliminary module for discovering services with empty UDP probes
2014-09-10 10:58:22 -07:00
280e16c241
Land #3677 - Updated shodan_search for new API
2014-09-10 11:39:00 -05:00
006393360e
Add conditions to check healthy shodan results
2014-09-10 11:38:06 -05:00
257f0fc93e
Quick fix for ssh_login_pubkey
...
Fixes #3772 , closes #3774
2014-09-10 09:57:17 -05:00
495e1c14a1
Land #3721 , @brandonprry's module for Railo CVE-2014-5468
2014-09-09 19:10:46 -07:00
26d8432a22
Minor style and usability changes to @brandonprry's #3721
2014-09-09 19:09:45 -07:00
db6052ec6a
Update check method
2014-09-09 18:51:42 -05:00
0a6ce1f305
Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP
2014-09-09 17:21:03 -05:00
027f543bdb
Land #3732 - Eventlog Analzyer exploit
2014-09-09 11:33:20 -05:00
75269fd0fa
Make sure we're not doing a 'negative' timeout
2014-09-09 11:26:49 -05:00
7793ed4fea
Add some common UXSS scripts.
2014-09-09 02:31:27 -05:00
b8000517cf
Land #3746 , reinstate DB_ALL_CREDS
2014-09-08 17:24:12 -05:00
2ac15f2088
some fixes based on Christruncer's feedback
...
fixed some stuff i borked, back to you chris
2014-09-08 15:27:01 -05:00
cd3cdc5384
Merge branch 'master' into feature/ipboard-login-refactor
2014-09-08 14:48:37 -05:00
4abee39ab2
Fixup for release
...
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
2014-09-08 14:00:34 -05:00
09e6c2f51f
Merge branch 'master' into feature/MSP-11162/db-all-creds
2014-09-08 12:52:25 -05:00
ae5a8f449c
Land #3691 , gdbserver hax
2014-09-08 11:48:39 -05:00
9a6ee5090a
Add Arris DG950A SNMP data extraction module
...
This module will extract critical data such as WPA and WEP keys from
the Arris DG950a model cable modem via the SNMP protocal.
2014-09-08 11:04:31 -04:00
0ccb39c057
Land #3726 - Fix typos in wordpress login
2014-09-08 09:40:57 -05:00
1b5e40ff78
New Creds model added
2014-09-08 11:42:05 +03:00
27889ea411
Add a safety fallback on js load.
2014-09-08 00:46:47 -05:00
8407d45c9c
Rework the timers.
2014-09-08 00:40:00 -05:00
5c9c8edfcf
Fix refs.
2014-09-07 23:33:45 -05:00
5efaf7d4cf
rename module, handle asyncness.
2014-09-07 23:25:08 -05:00
10bb77af9f
Land #3716 , @wchen-r7's Glassfish LoginScanner update
2014-09-07 21:54:34 -05:00
1bf89fb6bd
Add Android <= 4.3 AOSP UXSS module.
2014-09-07 20:44:03 -05:00
c86d01a667
Fix win.ini signature
2014-09-07 01:46:38 -05:00
44b9dc9b28
Update tmlisten_traversal
2014-09-06 01:18:11 -05:00
df278dd2dc
Conver to exploit
2014-09-05 14:47:33 -05:00
d4a8b7e00d
Move to exploits
2014-09-05 10:38:28 -05:00
892f72e4ce
Move module path
2014-09-05 10:30:27 -05:00
d041ee6629
Delete exploit modules from this branch
2014-09-05 10:29:24 -05:00
abffdd8705
Update alienvault_newpolicyform_sqli.rb
...
cleaned up according to msftidy.rb suggestions
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:17 - [WARNING] Spaces at EOL
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:18 - [WARNING] Tabbed indent: "\tlack of input filtering to read an arbitrary file from the file system.\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Space-Tab mixed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Tabbed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Space-Tab mixed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Tabbed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:110 - [WARNING] Spaces at EOL
2014-09-04 21:46:37 -04:00
664cc131e3
Update alienvault_newpolicyform_sqli.rb
...
added 'ctx' variable relating to jvazquez-r7 note added on Jun 9
2014-09-04 21:34:24 -04:00
08ce278cca
Got these wrong
2014-09-04 17:05:51 -05:00
cb490fc00e
[SeeRM #8836 ] Change boot.ini to win.ini
2014-09-04 17:03:21 -05:00
d83131f1d9
Land #3750 , @wvu favoring unless
2014-09-04 16:17:07 -05:00
ff210a7c0a
delete parenthesis
2014-09-04 16:16:29 -05:00
85b48fd437
Land #3736 - Revert initial ff xpi prompt bypass for Firefox 22-27
2014-09-04 16:08:15 -05:00
f063dcf0f4
Land #3741 , @pedrib's module for CVE-2014-5005 Desktop Central file upload
2014-09-04 15:44:21 -05:00
f466b112df
Minor cleaning on check
2014-09-04 15:43:59 -05:00
74b8e8eb40
Change module filename
2014-09-04 15:39:34 -05:00
c32b977a27
Land #3747 , @wvu changes to printer_ready_message
2014-09-04 15:26:52 -05:00
2d8c7a7a4d
Refactor if statement to early return
...
This eliminates the protracted if statement and aligns the code body.
2014-09-04 15:05:30 -05:00
614c7c178d
Land #3749 , jtr_oracle_fast missing require fix
2014-09-04 15:03:37 -05:00
c1bca5c138
Land #3742 , @pedrib's changes to desktopcentral_file_upload check method
2014-09-04 14:47:36 -05:00
7563c0bd0e
Use Gem::Version
2014-09-04 14:40:13 -05:00
34455b5dc6
Fix missing require for jtr_oracle_fast
2014-09-04 14:38:07 -05:00
50ac8366fd
Refactor CHANGE/RESET to actions
...
Missed in c1fdc4d945
2014-09-04 14:36:04 -05:00
2615a7a3be
Favor \&\& and || operands
2014-09-04 14:35:37 -05:00
0dcf481d76
This one is good to go
2014-09-04 14:13:33 -05:00
84f9ec0aad
Refactor implicit options hash
...
Missed in c1fdc4d945
2014-09-04 13:30:06 -05:00
00ec47fb83
call new prepend cred methods
...
add method calls o all the lgoinscanner modules
so that they call the prepend_db_* methods as approrpiate
these methods automatically check to see if DB_ALL_CREDS was
selected
2014-09-04 12:32:35 -05:00
c5755824a6
pass in vhost and useragent
...
have http loginscanner modules pass in VHOST
and Useragent to the LoginScanner classes
2014-09-04 11:02:19 -05:00
dd4fd7bb39
The reporting part
2014-09-03 16:32:23 -05:00
e1694ec3e5
LoginScanner update for hp_sys_mgmt_login
...
Work in progress
2014-09-03 16:23:57 -05:00
0e18d69aab
Add extended mode to prevent service from dying.
2014-09-03 16:07:27 -05:00
4293500a5e
Implement running exe in multi.
2014-09-03 15:56:21 -05:00
f0e3fa18a3
Restore the original filename
2014-09-03 21:32:05 +01:00
268d42cf07
Add PrependFork to payload options.
2014-09-03 14:56:22 -05:00
185ce36859
Land #3701 , @wchen-ru's AppleTV modules
2014-09-03 12:30:50 -05:00
10dee28fbd
Add http socket to the module sockets and allow the framework to cleanup
2014-09-03 12:01:48 -05:00
5acbcc80e2
no threading
2014-09-03 11:37:30 -05:00
ded085f5cc
Add CVE ID
2014-09-03 07:22:10 +01:00
ee3e5c9159
Add check method
2014-09-02 21:35:47 -05:00
c672fad9ef
Add OSVDB ID, remove comma from Author field
2014-09-02 23:17:10 +01:00
d69049008c
Refactor and rename desktopcentra_file_upload
...
- Rewrite check method
- Declare that v7 is also exploitable (tested and it works)
- Rename to dc_agentlogupload_file_upload to match the other DC module's naming convention
- Add CVE / OSVDB / Full disclosure references
2014-09-02 23:12:33 +01:00
05856016c9
Add exploit for CVE-2014-5005
2014-09-02 23:09:10 +01:00
f7617183d9
Revert "Add initial firefox xpi prompt bypass."
...
This reverts commit ebcf972c08
2014-09-02 12:27:41 -05:00
aaeb5a2f5f
jhart-r7 suggestions added
2014-09-02 12:05:54 +03:00
3281781f6a
Addressed r7 comments, fixed bug in results loop
2014-09-01 13:43:31 -04:00
d480a5e744
Credit h0ng10 properly
2014-09-01 07:58:26 +01:00
59847eb15b
Remove newline at the top
2014-09-01 07:56:53 +01:00
6a370a5f69
Add exploit for eventlog analyzer file upload
2014-09-01 07:56:01 +01:00
7dd73084bb
Added WiFi ifindex discovery and enhanced error handling
2014-09-01 00:49:10 -04:00
cf0f00a376
Variable name changes per ruby style guide
2014-08-31 23:57:20 -04:00
0735de0fd4
Changes to error output per PR comments
2014-08-31 23:57:20 -04:00
0a01da1ca9
Changed default value for SNMP Version option
2014-08-31 23:57:20 -04:00
e6126fde72
Modified to pull username and password first
2014-08-31 23:57:19 -04:00
5153886077
Added disclosure URL and cleaned up output fields
2014-08-31 23:57:19 -04:00
4ef369112f
Cleanup per msftidy report of Spaces at EOL
2014-08-31 23:57:19 -04:00
e37d56766f
Corrected extraction of WEP keys, current key, RADIUS server and port
2014-08-31 23:57:19 -04:00
f1cd601401
Modified logic to attempt to process WiFi key data even if primary Wifi interface is not up
2014-08-31 23:57:19 -04:00
e5111f7634
Simplified get_radius_info method and cleaned up comments
2014-08-31 23:57:19 -04:00
c556a6e331
Fixed syntax issue
2014-08-31 23:57:19 -04:00
81047e911a
Corrected OIDs to all numeric
2014-08-31 23:57:19 -04:00
b253e444cb
Initial commit of SBG6580 scanner after cleanup
2014-08-31 23:57:18 -04:00
20a02a9d29
Cleanup
2014-08-31 14:01:13 -05:00
6f7bc94db4
Creation of rdcmanager_creds.rb
2014-08-31 13:38:08 -05:00
c05edd4b63
Delete debug print_status
2014-08-31 01:34:47 -05:00
8b1791da22
Modify modules to keep old behavior
2014-08-31 01:18:53 -05:00
559ec4adfe
Add module for ZDI-14-299
2014-08-31 01:11:46 -05:00
8ba5488198
Update wordpress_login_enum.rb
...
Fixed some typos.
2014-08-30 13:37:48 -10:00
e1b6ee283f
Allow Msf::Payload::JSP to guess system shell path if it isnt provided
2014-08-30 16:27:02 -05:00
438f0e6365
typos
2014-08-30 09:22:58 -05:00
f72cce9ff2
Update railo_cfml_rfi.rb
2014-08-29 17:33:15 -05:00
a142e78a66
refactor wordpress_xml_rpc_login
...
refactor the login module to use the loginscanner class
2014-08-29 13:09:09 -05:00
0e14b271a1
Merge branch 'master' into wordpress-xmlrpc-login-scanner
2014-08-29 12:50:34 -05:00
1cdf1c2c6e
Land #3709 , @nnam's wing ftp admin console cmd exec
2014-08-29 13:46:01 -04:00
8095b4893c
Rename and apply rubocop style to wing_ftp_admin_exec
2014-08-29 13:42:11 -04:00
bd9417490e
Merge branch 'master' into linux-post-enum-psk
2014-08-29 15:50:28 +03:00
eaf73f9f84
Linux Gather 802-11-Wireless Security Credentials
2014-08-29 11:08:08 +03:00
f7091d854e
Add a timeout
2014-08-28 22:26:38 -05:00
40f581458a
Land #3570 , @ikkini scanner for rsync
2014-08-28 18:48:32 -05:00
9fb9ab813c
Add URL reference
2014-08-28 18:47:56 -05:00
bc542a011d
Change module filename
2014-08-28 18:42:30 -05:00
213fe23970
Clean rsync_modules_list
2014-08-28 18:40:55 -05:00
02bbd53b82
Fix failure messages for check().
2014-08-28 12:09:35 -07:00
6c90a50e47
Handle res.nil case in check(). Revert check for res.nil in
...
execute_command() because it was failing prior to the reverse_shell
connecting.
2014-08-28 10:57:52 -07:00
0788ce9745
Removed unused require and import. Handle the res.nil case in
...
execute_command() and authenticate().
2014-08-28 10:30:30 -07:00
f097ef96e0
Use &&
2014-08-28 12:13:03 -05:00
d0d9949d91
Do SSL options correctly
2014-08-28 12:04:14 -05:00
58091b9e2b
Land #3708 , @pedrib fix for manage_engine_dc_pmp_sqli
2014-08-28 10:47:03 -05:00
d8c15766bd
Land #3567 @OJ's fixes to the MQAC local exploit solving conflicts
2014-08-28 10:19:47 -05:00
9d3d25a3b3
Solve conflicts
2014-08-28 10:19:12 -05:00
784ece574e
Found additional typos.
2014-08-28 09:03:19 -05:00
cb634cfef3
Fixed annoying typo that shows up in validation screenshots
2014-08-28 08:50:30 -05:00
f4965ec5cf
Create railo_cfml_rfi.rb
2014-08-28 08:42:07 -05:00
4a479d17a9
Randomize padding on aux module, fix spacing on exploits
2014-08-27 20:41:33 -04:00
0b820c59b1
Fix to self.refname
2014-08-27 18:34:15 -05:00
6d45f75b47
Land #3690 , credential_collect refactor
...
@TomSellers strikes again!
2014-08-27 18:31:59 -05:00
9b0c5dfb0c
Minor fix
2014-08-27 18:31:13 -05:00
0ba2f1e457
Leave a note about the old empty password issue
2014-08-27 17:06:11 -05:00
d5b70cca24
"Auth bypass" does not really describe what the feature actually does
2014-08-27 16:56:07 -05:00
a32ffc4c26
Add the final portion for Glassfish login module
2014-08-27 15:09:11 -05:00
633eaab466
Land #3714 - Firefox 22-27 WebIDL Privileged Javascript Injection
2014-08-27 01:45:18 -05:00
5d8cbe0544
Early version of Glassfish using LoginScanner
2014-08-27 01:23:02 -05:00
26cfed6c6a
Rename exploit module.
2014-08-26 23:05:41 -05:00
96276aa6fa
Get the disclosure date right.
2014-08-26 20:36:58 -05:00
52f33128cd
Add Firefox WebIDL Javascript exploit.
...
Also removes an incorrect reference from another FF exploit.
2014-08-26 20:35:17 -05:00
fde2687c9e
Store edition,version,build in the fingerprint.match
2014-08-26 18:44:08 -05:00
d5e39ae284
Adjustments for new LoginScanner code
2014-08-26 18:13:00 -05:00
ba1f7c3bf6
Land #3687 , reworks the nat-pmp portscanner
2014-08-26 14:34:46 -05:00
ed9bb3e52c
Fix a small typo
2014-08-26 14:34:10 -05:00
775ebce56b
Correct natpmp_portscan's print_* usage to include peer
2014-08-26 12:27:12 -07:00
3b8bbdf10c
Merge master back in before landing #3545
2014-08-26 14:07:58 -05:00
4e19d9ade1
Land #3545 , fix up sip scanners, msftidy, db services cmd
2014-08-26 14:07:21 -05:00
5826d7b164
vprint_status when no external address obtained, print_ is too noisy
2014-08-26 12:05:40 -07:00
e75e213b52
Clarify SIP mixin method name, store header values as string, etc
2014-08-26 11:40:49 -07:00
246f021437
Update natpmp_external_address to use Msf::Auxiliary::UDPScanner
2014-08-26 10:49:53 -07:00
5c57f9b4eb
Don't overload RPORT/LPORT for mapping external -> internal ports
2014-08-26 10:49:53 -07:00
162508f532
Update NAT-PMP modules to use new/updated mixins
2014-08-26 10:49:53 -07:00
816404bb88
Move common NAT-PMP functionality into a central place
2014-08-26 10:49:53 -07:00
ca11eae3a9
Show a useful failure message when the external address probe fails
2014-08-26 10:49:52 -07:00
9f6a40dfd6
Fix bad pack in mswin_tiff_overflow
...
Reported by @egyjuzer in #3706 .
2014-08-26 11:14:44 -05:00
bb00c97f46
Add a CERT reference
2014-08-26 08:29:28 -07:00
40fe2fd3a9
Remove DRDoS references, as this just proves amplification
2014-08-26 08:23:50 -07:00
10f52d8765
Use MX of 1 to speed up responses from endpoints that respect it
2014-08-26 08:00:30 -07:00
333c3a90ae
Space between SSDP headers and values, which is sometimes required
2014-08-26 07:57:59 -07:00
337cd02dd7
Change Auxiliary::DRDoS' prove_drdos to prove_amplification
2014-08-26 07:48:44 -07:00
04fbd07a16
vprint_error in the unlikely event we get an unexpected response
2014-08-26 07:30:14 -07:00
40b66fae33
Add Wing FTP Server post-auth remote command execution module
2014-08-26 07:28:41 -07:00
79b05db409
Correct minor style issues
2014-08-26 07:26:30 -07:00
a8d03aeb59
Fix bug with PMP db paths
2014-08-26 12:54:31 +01:00
473341610c
Update name to mention DC; correct servlet name
2014-08-26 12:39:48 +01:00
63b75a0093
SSDP Amplification module changes
2014-08-26 16:03:32 +07:00
a90d142140
Add UPnP SSDP Amplication Scanner
2014-08-26 12:53:14 +07:00
73e4ec709f
Fix smb_port and require 'recog' when no DB/MDM
2014-08-25 15:42:18 -05:00
463815d240
Add AppleTV modules (imge, video and login)
2014-08-25 15:24:41 -05:00
6a522cc105
Remove unused BATCHSIZE from SIP options_tcp, duplicate from options
2014-08-25 13:12:29 -07:00
bfa89bb3a5
Enforce binary encoding on non-modules, no encoding on modules
2014-08-25 13:12:29 -07:00
6185721a61
Address @hmoore-r7's feedback regarding binary encoding
2014-08-25 13:11:22 -07:00
9955cb5b27
Enforce proper protocol case where necessary
2014-08-25 13:11:22 -07:00
637f86f37d
Gut SIP UDP stuff, use Msf::Auxiliary::UDPScanner
2014-08-25 13:11:21 -07:00
c2e70446ed
Move SIP module stuff to Msf::Exploit::Remote::SIP
2014-08-25 13:11:21 -07:00
02e41c27e7
Split SIP response parsing out on its own, add unit tests.
...
Passes rspec but fails in framework. WIP.
2014-08-25 13:11:20 -07:00
d4ea3e9f29
Pass protocol down to parse_reply for report_* purposes
2014-08-25 13:09:39 -07:00
a2e2e37a69
Fix SIP options scanning
2014-08-25 13:09:39 -07:00
2a4d73ee35
Add status message that displays delay between requests
2014-08-25 12:55:27 -07:00
5c61c09c6b
auxiliary/scanner/http/soap_xml cleanup
...
This:
* Corrects Ruby style (most) everywhere
* Uses Rex's sleep, converts to milliseconds -- seconds are too granular
* Moves begin/rescue inside nested verb+noun loop
* Prints errors even if not in verbose mode
* Corrects URI construction when PATH ends with /
2014-08-25 12:55:27 -07:00
6d3255a3b5
Update bad config error.
2014-08-25 14:43:23 -05:00
152ddb2f32
refactor the ipboard-login module
...
now that we have the loginScanner class, we simplify the module
by using the scanner and credcollection classes to handle all
the real work for us
2014-08-25 14:32:47 -05:00
b652ebb44f
Add other gdb-supported platforms that run on allowed arches.
2014-08-25 14:15:20 -05:00
c4a173e943
Remove automatic target, couldn't figure out generic payloads.
2014-08-25 14:14:47 -05:00
6d9833e32b
Minor pre-release updates with descriptions
2014-08-25 13:34:45 -05:00
03a1f4455d
No need to escape single quotes in %q{} strigns
2014-08-25 13:03:33 -05:00
2f87c880df
Add link to blog post for NTP modules
2014-08-25 12:58:10 -05:00
c3213a73e5
Use peer when writing scanner modules
...
This fixes the module seen in PR rapid7#3684 to use the peer method at
the beginning of print_* messages, rather than the vhost method at the
end. Doing this tends to make reading the output much easier since it's
more consistent.
Incidentally, this module has an msftidy complaint:
````
--- Checking new and changed module syntax with tools/msftidy.rb ---
modules/auxiliary/scanner/http/ipboard_login.rb - [INFO] Please use
vars_get in send_request_cgi: send_request_cgi({ 'uri' =>
normalize_uri(target_uri.path,
"index.php?app=core&module=global§ion=login&do=process"
````
This should be fixed as well, or explained why it's not being honored.
2014-08-25 12:48:32 -05:00
1ee83ff57e
Land #3696 , pile of NTP DRDoS 0days
...
Dr. DoS in da house?
2014-08-25 11:47:28 -05:00
7a76efa7f7
Add reference and disclosure date
2014-08-25 11:46:47 -05:00
a39f7b94ec
Land #3684 - IP Board Login Scanner
2014-08-25 11:54:42 +10:00
302e4025ba
Removed unnecessary function
2014-08-24 20:45:28 -04:00
2b59063d6c
Updated based on feedback
2014-08-24 19:53:29 -04:00
fa502c9c69
Minor adjustments
2014-08-24 17:39:13 -05:00
601c5515f8
Corrected 3 issues identified by jlee-r7
2014-08-24 17:18:31 -05:00
c20b4dc0ff
Land #3645 , @jlee-r7's fix for mremoge credentials gather module
2014-08-24 15:53:29 -05:00
081a3437a4
Refactor for Credentials gem
2014-08-24 09:38:15 -05:00
6313b29b7a
Add #arch method to Msf::EncodedPayload.
...
This allows exploits with few one automatic target to support many
different architectures.
2014-08-24 02:22:15 -05:00
88f626184c
Remove linux platform limitation, target depends on arch only.
2014-08-24 01:39:04 -05:00
04d0b87067
Reorder module title.
2014-08-24 01:18:21 -05:00
c65ba20017
Fix incorrect Platforms key.
2014-08-24 01:15:34 -05:00
4e63faea08
Get a shell from a loose gdbserver session.
2014-08-24 01:10:30 -05:00
1fa43bfe64
Rework for Credential lib update
2014-08-23 10:53:55 -05:00
0a27a18104
Committing changes from r7 comments
2014-08-23 00:08:27 -04:00
84f4fa5c76
Updated module based on feedback
2014-08-22 21:16:53 -04:00
0737d0dbd5
Refactor auxiliary module
2014-08-22 17:05:45 -05:00
0031913b34
Fix nil accesses
2014-08-22 16:19:11 -05:00
9ef09a7725
Pass msftidy
2014-08-22 13:24:59 -05:00
38e6576990
Update
2014-08-22 13:22:57 -05:00
e93fbbd904
Land #3685 , @pedrib's exploit for CVE-2014-3996
2014-08-22 11:45:41 -05:00
cf147254ad
Use snake_case in the filename
2014-08-22 11:44:35 -05:00
823649dfa9
Clean exploit, just a little
2014-08-22 11:43:58 -05:00
9815b1638d
Refactor pick_target
2014-08-22 11:31:06 -05:00
95fbb8f1b7
Land PR #3672 , dmaloney-r7's login scanner credential rework.
2014-08-22 11:15:32 -05:00
ecace8beec
Refactor check method
2014-08-22 11:05:36 -05:00
05f0d09828
Merge branch staging/electro-release into master
...
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc6382760bf5b319ba7772f362b81d681448f0743d1b
2014-08-22 10:50:38 -05:00
ced65734e9
Make some datastore options advanced
2014-08-22 10:26:04 -05:00
b4e3e84f92
Use CamelCase for target keys
2014-08-22 10:23:36 -05:00
b58550fe00
Indent description and fix title
2014-08-22 10:21:08 -05:00
19ba7772f3
Revert "Various merge resolutions from master <- staging"
...
This reverts commit 149c3ecc63
2014-08-22 10:17:44 -05:00
7e2d474a26
Ranking, Version, Spacing Edit
2014-08-22 11:06:42 -04:00
7587997d73
Spell check
2014-08-21 12:47:25 -04:00
3918acb1e1
Changed keyword used when returning
2014-08-21 12:34:54 -04:00
a0b72bba93
Updated module based on feedback
2014-08-21 12:26:41 -04:00
da752b0134
Add exploit for CVE-2014-3996
2014-08-21 15:30:28 +01:00
383906c26c
Removed function no longer used
2014-08-20 22:51:01 -04:00
c93bfb4673
Fixed targeturi value
2014-08-20 21:23:45 -04:00
7f90b81711
IP Board Login Scanner Module
2014-08-20 21:18:19 -04:00
9f9f28cc31
If a peer is 127.0.0.1, don't try to store it because we (currently...) can't
2014-08-20 15:48:54 -07:00
9db3dc7ad8
Store peer data note in the same format as originally
2014-08-20 15:10:45 -07:00
758c3fa518
Only discard monlist replies that are impossibly short
...
This fixes the case where if a monlist reply only includes one peer
2014-08-20 15:02:21 -07:00
7ad9300d37
Update ntp_monlist to use UDPScanner, NTP and DRDoS mixins
2014-08-20 14:41:00 -07:00
8fd4ee87ab
Allow singular NTP version and mode 7 implementation testing
2014-08-20 12:21:39 -07:00
1959f7a235
Updated shodan_search for new API
2014-08-20 00:48:13 -04:00
e2e2dfc6a3
Undo FF
2014-08-19 17:47:44 -05:00
777efb5e48
Land #3669 - Deprecate ff 17 svg exploit
2014-08-19 17:42:31 -05:00
c73ec66c7a
Land #3659 - Add HybridAuth install.php PHP Code Execution
2014-08-19 17:19:01 -05:00
74920d26a4
Update to server/capture/imap.rb for new Credential system
2014-08-19 15:25:31 -05:00
3fdad4dc91
Update auxillary/scanner/ftp with Credential Gem
2014-08-19 13:13:05 -05:00
dc95b01cc5
Land #3670 , smb_login private_type fix
...
[FixRM #8841 ]
2014-08-19 11:30:23 -05:00
b748cee760
Land #3664 , enum_osx dump_hash removal
2014-08-19 11:29:23 -05:00
473b92a060
Merge branch 'master' into feature/MSP-10992/scanner-dry
...
Conflicts:
Gemfile.lock
lib/metasploit/framework/command/console.rb
lib/metasploit/framework/common_engine.rb
lib/metasploit/framework/credential.rb
lib/metasploit/framework/credential_collection.rb
lib/metasploit/framework/login_scanner/afp.rb
lib/metasploit/framework/login_scanner/axis2.rb
lib/metasploit/framework/login_scanner/db2.rb
lib/metasploit/framework/login_scanner/ftp.rb
lib/metasploit/framework/login_scanner/http.rb
lib/metasploit/framework/login_scanner/mssql.rb
lib/metasploit/framework/login_scanner/mysql.rb
lib/metasploit/framework/login_scanner/pop3.rb
lib/metasploit/framework/login_scanner/postgres.rb
lib/metasploit/framework/login_scanner/result.rb
lib/metasploit/framework/login_scanner/smb.rb
lib/metasploit/framework/login_scanner/snmp.rb
lib/metasploit/framework/login_scanner/ssh.rb
lib/metasploit/framework/login_scanner/telnet.rb
lib/metasploit/framework/login_scanner/vnc.rb
lib/metasploit/framework/parsed_options/console.rb
lib/metasploit/framework/require.rb
lib/metasploit/framework/version.rb
lib/msf/core/modules/namespace.rb
modules/auxiliary/analyze/jtr_postgres_fast.rb
modules/auxiliary/scanner/afp/afp_login.rb
modules/auxiliary/scanner/db2/db2_auth.rb
modules/auxiliary/scanner/ftp/ftp_login.rb
modules/auxiliary/scanner/http/axis_login.rb
modules/auxiliary/scanner/http/http_login.rb
modules/auxiliary/scanner/http/tomcat_mgr_login.rb
modules/auxiliary/scanner/mssql/mssql_login.rb
modules/auxiliary/scanner/mysql/mysql_login.rb
modules/auxiliary/scanner/pop3/pop3_login.rb
modules/auxiliary/scanner/postgres/postgres_login.rb
modules/auxiliary/scanner/snmp/snmp_login.rb
modules/auxiliary/scanner/ssh/ssh_login.rb
modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
modules/auxiliary/scanner/telnet/telnet_login.rb
modules/auxiliary/scanner/vnc/vnc_login.rb
modules/auxiliary/scanner/winrm/winrm_login.rb
spec/lib/metasploit/framework/credential_spec.rb
spec/lib/msf/core/framework_spec.rb
2014-08-19 10:30:16 -05:00
7330e3585f
Support Glassfish 4.0 and lots of other changes
2014-08-18 19:03:26 -05:00
f169b8dff3
Fix hashes being stored as passwords
2014-08-18 15:52:13 -05:00
b93fda5cef
Remove browser_autopwn hook from deprecated FF module.
2014-08-18 15:33:43 -05:00
87aa63de6e
Deprecate FF17 SVG exploit.
...
This exploit needs flash, the tostring_console injection one does not.
2014-08-18 15:32:51 -05:00
564431fd41
Use arrays in refs for consistency
2014-08-18 18:54:54 +00:00
cad281494f
Minor caps, grammar, desc fixes
2014-08-18 13:35:34 -05:00
5654370316
Remove hashdump functionality from enum_osx.
...
There is a specific hashdump module that is more up-to-date, no need to duplicate
functionality (and code).
2014-08-18 11:40:11 -05:00
5bfbb7654e
Add android meterpreter to browser autopwn.
2014-08-18 11:09:16 -05:00
d8e82b9394
Lands #3655 , fixes pack operators
...
the commit.
he commit.
2014-08-17 17:25:52 -05:00
b8b2e3edff
Add HybridAuth install.php PHP Code Execution module
2014-08-16 23:31:46 +00:00
6d92d701d7
Merge feature/recog into post-electro master for this PR
2014-08-16 01:19:08 -05:00
e656a81c63
Land #3656 - FF toString console.time Privileged Javascript Injection
2014-08-15 17:07:23 -05:00
6d958475d6
Oops, this doesn't work on 23, only 22.
2014-08-15 17:00:58 -05:00
fb1fe7cb8b
Add some obfuscation.
2014-08-15 16:54:30 -05:00
b574a4c4c5
Wow, this gets a shell all the way back to 15.0.
2014-08-15 16:39:36 -05:00
5706371c77
Update browser autopwn settings.
2014-08-15 16:32:06 -05:00
8c63c8f43d
Add browserautopwn hook now that this is not user-assisted.
2014-08-15 16:28:21 -05:00
694d917acc
No need for web console YESSSS
2014-08-15 16:02:26 -05:00
738a295f0a
Rename module to tostring_console*.
2014-08-15 15:17:37 -05:00
0cc3bdfb35
Moar bad packs
2014-08-15 21:11:37 +01:00
f182613034
Invalid CVE format.
2014-08-15 15:09:45 -05:00
edb9d32e5c
Add module for toString() injection in firefox.
2014-08-15 15:08:10 -05:00
7972da350d
Files move to appropriate directories and have proper formatting
2014-08-15 14:37:29 -04:00
92750ccc03
Remove emc files
2014-08-15 14:30:19 -04:00
904c1b20b1
Land #3654 , update to 4.10-dev (electro)
2014-08-15 12:51:28 -05:00
149c3ecc63
Various merge resolutions from master <- staging
...
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
4cfd2abd8d
Land #3621 , @kaospunk's exploit for gitlab-shell CVE-2013-4490 command injection
2014-08-15 09:17:16 -05:00
4e0f6dfcc7
Do minor cleanup
2014-08-15 09:10:08 -05:00
b55f425ec0
Merge in changes from @todb-r7.
2014-08-14 17:22:07 -04:00
5fee4df2c0
BA EMC modules
2014-08-13 23:18:43 -04:00
f91116a8e8
Land #3634 - Virtual box 3D Acceleration OpenGL Host escape
2014-08-13 20:08:13 -05:00
5ed3e6005a
Implement suggestions
...
This commit addresses feedback such as adding a check
function and changing the login fail case by being
more specific on what is checked for. The failing
ARCH_CMD payloads were addressed by adding BadChars.
Last, an ARCH_PYTHON target was added based on
@zerosteiner's feedback.
2014-08-13 20:26:48 -04:00
127d094a8d
Dont share once device is opened
2014-08-13 16:13:38 -05:00
558cea6017
Land #3638 - Add VMTurbo Operations Manager 'vmtadmin.cgi' RCE
2014-08-13 11:55:56 -05:00
05a198bc96
Correct spelling
2014-08-13 14:06:25 +01:00
4a01c27ed4
Use get_env and good pack specifier
2014-08-13 10:59:22 +01:00
4ff73a1467
Add version build check
2014-08-13 09:53:43 +02:00
b7e4bd4080
Fix 'domain\user' reporting in mremote
2014-08-12 18:01:42 -05:00
da4b572a0d
Change module name
2014-08-12 17:17:26 -05:00
3eccc12f50
Switch from vprint to print
2014-08-12 17:11:24 -05:00
f203fdebcb
Use Msf::Exploit::Local::WindowsKernel
2014-08-12 17:09:39 -05:00
e1debd68ad
Merge to update
2014-08-12 16:21:39 -05:00
183b27ee27
There is only one target
2014-08-12 16:14:41 -05:00
c8e4048c19
Some style fixes
2014-08-12 16:11:31 -05:00
ea3d2f727b
Dont fail_with while checking
2014-08-12 16:09:59 -05:00
3440f82b2e
Minor description adjustment
2014-08-12 22:18:59 +02:00
9e38ffb797
Add the check for the manual payload setting
2014-08-12 21:55:42 +02:00
b84192c654
Land #3642 - Be sure which the full payload is used
2014-08-12 14:52:26 -05:00
93990f4578
Land #3631 , @wchen-r7's fixes to avoid datastore options assignment at runtime
2014-08-12 14:46:02 -05:00
b46b6af50d
Land #3630 , @wchen-r7's fix for datastore assignments on smb_enumusers
2014-08-12 14:26:55 -05:00
33da1a6871
Give a chance to the mixin
2014-08-12 13:49:39 -05:00
5b6be55c50
Fix (properly) 'execute_command()' missing 'opts' parameter
2014-08-12 19:49:27 +02:00
3af17ffad0
Fixed 'execute_command()' missing 'opts' parameter
2014-08-12 19:24:24 +02:00
042423088c
Make sure which the full payload is used
2014-08-12 11:41:29 -05:00
fcfce9efec
Merge branch 'staging/electro-release' into feature/MSP-10992/scanner-dry
2014-08-12 11:22:51 -05:00
c937e80521
Added Fixes#2 mentioned by Firefart
...
Details:
* MSF's HTTP::Wordpress class included and wordpress related
variables are used.
2014-08-12 15:16:43 +03:00
f71589f534
Simplify payload upload using 'CmdStager' mixin
2014-08-12 10:49:17 +02:00
William Vu
Luke Imhoff
Tod Beardsley
James Lee
Deral Heiland
jvazquez-r7
Jon Hart
sinn3r
Brandon Perry
Joe Vennix
David Maloney
cx
Chris Hebert
HD Moore
Pedro Ribeiro
John Sawyer
Matthew Kienow
inokii
Tom Sellers
DrDinosaur
Spencer McIntyre
nnam
Matt Andreko
inkrypto
xistence
OJ
Christopher Truncer
Brandon Turner
joev
Brendan Coles
Meatballs
Samuel Huckins
Jay Smith
kaospunk
Emilio Pinna