Commit Graph

51114 Commits (cc1d9a1e7bc9ad1548b8f39a014a45c3375ad598)

Author SHA1 Message Date
Brent Cook 841c07a42c restore rescue for now 2019-03-06 19:35:12 -06:00
Metasploit 15c58db3be
automatic module_metadata_base.json update 2019-03-06 16:00:53 -08:00
Brent Cook 7347db65a6
Land #11534, fix module title for sonicwall_xmlrpc_rce 2019-03-06 17:44:39 -06:00
Brent Cook eb15c457fe
Land #11524, remove some unused bits from modules 2019-03-06 17:43:20 -06:00
Brent Cook 8b251934ab remove mixin, just register the options 2019-03-06 17:42:27 -06:00
Brent Cook d923e1fb84
Land #11523, remove unneded RHOST reregister in scanners 2019-03-06 17:35:54 -06:00
Patrick Webster d67bfdfea4
Fix module heading and typo
The newline in the name breaks the msfconsole output
2019-03-07 10:29:15 +11:00
Brent Cook 4f08d1e864 Fix credential reporting service lookups.
Noted by @actuated, auxiliary/scanner/ipmi/ipmi_dumphashes was displaying an error when run against an IPMI endpoint that had a common hash. This was due to the services lookup in the database not extracting the first element of the results array.

```
[-] Auxiliary failed: NoMethodError undefined method `id' for #<Array:0x000055615614b970>
[-] Call stack:
[-]   /home/bcook/projects/metasploit-framework/lib/metasploit/framework/data_service/proxy/credential_data_proxy.rb:27:in `block (2 levels) in create_cracked_credential'
[-]   /home/bcook/.rvm/gems/ruby-2.6.1@metasploit-framework/gems/activerecord-4.2.11/lib/active_record/relation/delegation.rb:46:in `each'
[-]   /home/bcook/.rvm/gems/ruby-2.6.1@metasploit-framework/gems/activerecord-4.2.11/lib/active_record/relation/delegation.rb:46:in `each'
[-]   /home/bcook/projects/metasploit-framework/lib/metasploit/framework/data_service/proxy/credential_data_proxy.rb:25:in `block in create_cracked_credential'
[-]   /home/bcook/projects/metasploit-framework/lib/metasploit/framework/data_service/proxy/core.rb:166:in `data_service_operation'
[-]   /home/bcook/projects/metasploit-framework/lib/metasploit/framework/data_service/proxy/credential_data_proxy.rb:15:in `create_cracked_credential'
[-]   /home/bcook/projects/metasploit-framework/lib/msf/core/auxiliary/report.rb:26:in `create_cracked_credential'
[-]   /home/bcook/projects/metasploit-framework/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb:317:in `report_cracked_cred'
[-]   /home/bcook/projects/metasploit-framework/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb:244:in `block (2 levels) in run_host'
[-]   /home/bcook/projects/metasploit-framework/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb:237:in `each'
[-]   /home/bcook/projects/metasploit-framework/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb:237:in `block in run_host'
[-]   /home/bcook/projects/metasploit-framework/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb💯in `each'
[-]   /home/bcook/projects/metasploit-framework/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb💯in `run_host'
[-]   /home/bcook/projects/metasploit-framework/lib/msf/core/auxiliary/scanner.rb:111:in `block (2 levels) in run'
[-]   /home/bcook/projects/metasploit-framework/lib/msf/core/thread_manager.rb:106:in `block in spawn'
[*] Auxiliary module execution completed
```
2019-03-06 17:08:34 -06:00
Aaron Soto 789e2d57b4
Land #11532, Cleanup changes from DB Manager for Payloads 2019-03-06 13:39:42 -06:00
Matthew Kienow f873d94c10
Check that DB is active before looking up payload 2019-03-06 14:22:32 -05:00
Matthew Kienow 6bcdda4bd1
Add entry to autoload RemotePayloadDataService 2019-03-06 13:41:08 -05:00
Matthew Kienow 63c1903032
Remove empty file 2019-03-06 13:11:34 -05:00
Matthew Kienow a749b86730
Add missing ActiveRecord connection block 2019-03-06 13:07:35 -05:00
Matthew Kienow b658cf5d76
Use data_service_operation block to perform work 2019-03-06 12:11:27 -05:00
Metasploit 6d42964728
automatic module_metadata_base.json update 2019-03-05 23:49:34 -08:00
William Vu 50f89321a0
Land #11419, systemd user service persistence 2019-03-06 01:39:58 -06:00
William Vu ebb80ae4f0 Fix copypasta error 2019-03-06 00:48:05 -06:00
William Vu a6782cbee4 Update module doc with my testing notes 2019-03-06 00:47:12 -06:00
William Vu 31ba073009 Add per-target SHELLPATH defaults 2019-03-06 00:07:17 -06:00
William Vu 77af9eca5c Update module doc 2019-03-05 23:20:53 -06:00
William Vu c539951311 Clean up method 2019-03-05 23:17:34 -06:00
Metasploit 75efee5593
automatic module_metadata_base.json update 2019-03-05 20:09:46 -08:00
William Vu 715409496e
Fix #11210, imperva_securesphere_exec options 2019-03-05 22:01:24 -06:00
Metasploit 83929a5133
automatic module_metadata_base.json update 2019-03-05 20:00:36 -08:00
William Vu 4e31f53ca2 Fix required USERNAME and PASSWORD
Somehow I forgot to commit this? Strange.
2019-03-05 21:57:42 -06:00
William Vu c48dec7331
Land #11210, imperva_securesphere_exec exploit 2019-03-05 21:52:13 -06:00
Metasploit fe4b517e18
automatic module_metadata_base.json update 2019-03-05 19:38:44 -08:00
William Vu 4e76eeceb7 Clean up module 2019-03-05 21:37:55 -06:00
William Vu 108e90ca38
Land #11527, .rubocop.yml TargetRubyVersion update
And TrailingCommaInArrayLiteral fixes in my modules. :(
2019-03-05 21:29:47 -06:00
Metasploit edb94e9ef5
automatic module_metadata_base.json update 2019-03-05 19:17:20 -08:00
William Vu 6ff18828c0
Land #11481, Drupal SA-CORE-2019-003/CVE-2019-6340 2019-03-05 21:09:06 -06:00
William Vu 1f5695de07 Fix TrailingCommaInArrayLiteral in my modules 2019-03-05 21:02:39 -06:00
William Vu a378dff8a9 Update .rubocop.yml TargetRubyVersion to 2.4
2.3 is EOL at the end of this month.
2019-03-05 21:01:33 -06:00
William Vu 0de69e776a Add friendly default payloads 2019-03-05 20:25:00 -06:00
William Vu 2f76ad4205 Move print_line for DUMP_OUTPUT 2019-03-05 20:10:32 -06:00
William Vu 84376c30c4 Refactor check methods once again 2019-03-05 19:47:41 -06:00
William Vu b2aa06560f Add drupal_patch method to Drupal mixin 2019-03-05 18:52:27 -06:00
William Vu c7f12b2594 Sneak in a change to libssh_auth_bypass 2019-03-05 17:21:11 -06:00
William Vu 72bb49aca9 Make HTTP method configurable and prefer POST 2019-03-05 17:16:04 -06:00
Matthew Kienow b3073ac6f4
Land #11525, fix delete SSL key & cert on reinit 2019-03-05 17:38:02 -05:00
Erin Bleiweiss cff6231aa5
Don't delete ssl key and cert if a user asked not to 2019-03-05 15:25:53 -06:00
William Vu 3ac7987d90 Fix inline code in module doc 2019-03-05 13:48:25 -06:00
William Vu d30bfe2cbf Update drupal_drupalgeddon2 2019-03-05 13:26:05 -06:00
William Vu 92a9c7184b Rewrite module doc 2019-03-05 13:26:05 -06:00
William Vu ea7c589b19 Refactor module and address review comments 2019-03-05 13:26:01 -06:00
Brent Cook b402ce628a use the correct mixin 2019-03-05 13:13:54 -06:00
Brent Cook 566060c97b remove deregistation of non-existent options 2019-03-05 13:13:54 -06:00
William Vu d70439f698 Add UNRELIABLE_SESSION Reliability constant 2019-03-05 13:10:56 -06:00
Brent Cook ddef5b4961 MSF5: Remove unneeded RHOST deregister in scanners
With Metasploit 5, RHOST and RHOSTS are aliases, so no need to
deregister one or the other, as they are the same option. Deregistering
one deregisters both.
2019-03-05 13:04:49 -06:00
Metasploit dc5a3052b7
automatic module_metadata_base.json update 2019-03-05 10:50:41 -08:00