Pedro Ribeiro
c00a3ac9cd
Add full disclosure URL
2014-11-07 08:06:21 +00:00
Joshua Smith
7b25e3be75
Land #4139 , Visual Mining NetCharts
...
landed after some touch up
2014-11-06 22:52:41 -06:00
Joshua Smith
7510fb40aa
touch up visual_mining_netcharts_upload
2014-11-06 22:50:20 -06:00
Pedro Ribeiro
8a0249cdbf
Address Juan's points
2014-11-06 21:02:28 +00:00
sinn3r
579481e5f8
Explain why I did this
...
Also tagging Fix #4133
2014-11-06 14:25:11 -06:00
sinn3r
f210ade253
Use SRVHOST for msvidctl_mpeg2
2014-11-06 14:23:21 -06:00
sinn3r
f7e308cae8
Land #4110 - Citrix Netscaler BoF
2014-11-06 00:04:17 -06:00
jvazquez-r7
54c1e13a98
Land #4140 , @wchen-r7's default template for adobe_pdf_embedded_exe
...
* Fixes #4134
* Adds a default PDF template
2014-11-05 20:21:14 -06:00
jvazquez-r7
adefb2326e
Land #4124 , @wchen-r7 fixes #4115 adding HTTP auth support to iis_webdav_upload_asp
2014-11-05 18:14:33 -06:00
sinn3r
1b2554bc0d
Add a default template for CVE-2010-1240 PDF exploit
2014-11-05 17:08:38 -06:00
jvazquez-r7
79cabc6d68
Fix clean up
2014-11-05 15:46:33 -06:00
jvazquez-r7
c08993a9c0
Add module for ZDI-14-372
2014-11-05 15:31:20 -06:00
Pedro Ribeiro
e71ba1ad4a
Push exploit for CVE-2014-6038/39
2014-11-05 20:12:03 +00:00
Tod Beardsley
cca30b536f
Land #4094 , fixes for OWA brute forcer
...
Fixes #4083
Thanks TONS to @jhart-r7 for doing most of the work on this!
2014-11-05 14:00:26 -06:00
Jon Hart
ff8d481eec
Update description to remove comments about defaults. Default to 2013
2014-11-04 21:21:19 -08:00
Jon Hart
2c028ca7a6
Move redirect check before body check -- a redirect won't have a body
2014-11-04 14:19:21 -08:00
Jon Hart
7855ede2de
Move userpass emptiness checking into setup
2014-11-04 14:07:39 -08:00
William Vu
ebb8b70472
Land #4015 , another Android < 4.4 UXSS module
2014-11-04 15:52:29 -06:00
Tod Beardsley
f8593ca1b5
Land #4109 , tnftp savefile exploit from @wvu-r7
2014-11-04 15:44:13 -06:00
Tod Beardsley
5fb268bbdf
Updates to better OWA fix
2014-11-04 14:32:54 -06:00
nullbind
56a02fdb4a
added mssql_escalate_executeas_sqli.rb
2014-11-04 13:38:13 -06:00
Jon Hart
b0e388f4c3
Land #3516 , @midnitesnake's snmp_enumusers fix for Solaris, OS X
2014-11-04 08:23:16 -08:00
nullbind
15119d2a0f
comment fix-sorry
2014-11-04 09:07:08 -06:00
nullbind
f108d7b20a
fixed code comment
2014-11-04 08:51:27 -06:00
jvazquez-r7
400ef51897
Land #4076 , exploit for x7chat PHP application
2014-11-03 18:22:04 -06:00
jvazquez-r7
3bf7473ac2
Add github pull request as reference
2014-11-03 18:18:42 -06:00
jvazquez-r7
44a2f366cf
Switch ranking
2014-11-03 18:06:09 -06:00
jvazquez-r7
039d3cf9ae
Do minor cleanup
2014-11-03 18:04:30 -06:00
William Vu
277fd5c7a1
Land #4123 , release fixes
2014-11-03 16:20:00 -06:00
Juan Escobar
7e4248b601
Added compatibility with older versions, Updated descriptions and fixed issue with Ubuntu 12.04
2014-11-03 16:42:50 -05:00
Tod Beardsley
0199e4d658
Land #3770 , resolve random stager bugs
2014-11-03 14:15:14 -06:00
sinn3r
9a27984ac1
switch from error to switch
2014-11-03 13:56:41 -06:00
sinn3r
a823ca6b2f
Add support for HTTP authentication. And more informative.
2014-11-03 13:46:53 -06:00
Tod Beardsley
51b96cb85b
Cosmetic title/desc updates
2014-11-03 13:37:45 -06:00
nullbind
fbe3adcb4c
added mssql_escalate_executeas module
2014-11-03 11:29:15 -06:00
Jon Hart
8f197d4918
Move to build_probe
2014-11-03 08:41:51 -08:00
sinn3r
6f013cdcaf
Missed these
2014-10-31 18:48:48 -05:00
sinn3r
d6a830eb6e
Rescue the correct exception: Rex::HostUnreachable
2014-10-31 16:43:33 -05:00
Jon Hart
121ebdfef6
update_info
2014-10-31 13:17:50 -07:00
Jon Hart
b99e71dcdd
Example UDPScanner style cleanup, move most to UDPScanner
2014-10-31 12:14:04 -07:00
Jon Hart
ff0b52cffb
Example per-batch vprint, a useful default
2014-10-31 10:31:31 -07:00
Jon Hart
94d4388af9
Improvements to example UDPScanner
2014-10-31 09:53:10 -07:00
Joe Vennix
1e9f9ce425
Handle invalid JSON errors and fix typo.
2014-10-31 11:01:49 -05:00
Jon Hart
d9f0a10737
Add new example template for scanning UDP services
2014-10-31 08:06:31 -07:00
jvazquez-r7
40bf44bd05
Don't allow 127.0.0.1 as SRVHOST
2014-10-31 08:19:15 -05:00
jvazquez-r7
7d2fa9ee94
Delete unnecessary to_s
2014-10-30 22:59:22 -05:00
William Vu
953a642b0e
Finally write a decent description
2014-10-30 22:51:42 -05:00
sinn3r
64f4777407
Land #4091 - Xerox DLM injection
2014-10-30 22:15:16 -05:00
sinn3r
b7a1722b46
Pass msftidy, more descriptive name and description
2014-10-30 22:14:18 -05:00
William Vu
e3ed7905f1
Add tnftp_savefile exploit
...
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
jvazquez-r7
8fdea5f74c
Change module filename
2014-10-30 20:34:24 -05:00
jvazquez-r7
9404e24b24
Update module information
2014-10-30 20:33:38 -05:00
Jon Hart
1a37a6638c
Fix splunk_upload_app_exec to work on new installs. Style
2014-10-30 18:28:56 -07:00
Jon Hart
55f245f20f
Merge #3507 into local, recently updated branch of master for landing
2014-10-30 17:28:20 -07:00
OJ
cc7f7c9986
Land #4108 - Avoid local offsets in CVE-2014-4113
2014-10-31 09:08:51 +10:00
jvazquez-r7
6574db5dbb
Fix the 64 bits code
2014-10-30 17:01:59 -05:00
sinn3r
92ad2c434d
Land #4081 - Xerox workcentre 5735 LDAP service redential extractor
2014-10-30 13:52:07 -05:00
sinn3r
470a067384
Final changes
2014-10-30 13:51:44 -05:00
sinn3r
912f6c8eee
Land #4085 - Xerox Administrator Console Password Extract
2014-10-30 13:37:32 -05:00
sinn3r
02b1c5c4bc
Final changes
2014-10-30 13:37:02 -05:00
sinn3r
127d1640da
Print password
2014-10-30 13:27:40 -05:00
Joe Vennix
6dc13f90cd
Update descriptions to mention Webview bugginess.
2014-10-30 10:55:56 -05:00
Joe Vennix
0ad9f95806
Remove stray alert() for debugging.
2014-10-30 10:52:06 -05:00
Joe Vennix
88040fbce0
Add another Android < 4.4 UXSS exploit.
2014-10-30 10:34:14 -05:00
Jon Hart
15e1c253fa
Numerous cleanups for snmp_enumusers
...
* Bring in line with Ruby standards
* More sane format for adding new OSs
* Better logging for use on larger networks
* Better error handling
2014-10-29 23:54:32 -07:00
jvazquez-r7
ac939325ce
Add module first version
2014-10-29 21:11:57 -05:00
Peter Arzamendi
9d56f0298a
Changed upper XXX to lower XXX.
2014-10-29 20:09:02 -05:00
Peter Arzamendi
b35a8935db
Updated get_once for get_once undefined method and EOFError
2014-10-29 13:47:07 -05:00
Deral Heiland
64a59e805c
Fix a simple typo
2014-10-29 12:40:24 -04:00
Deral Heiland
1bf1be0e46
Updated to module based feedback from wchen-r7
2014-10-29 11:42:07 -04:00
Juan Escobar
2e53027bb6
Fix value of X7C2P cookie and typo
2014-10-29 08:32:36 -05:00
Peter Arzamendi
2bc8767751
Updated rescue to catch other errors from the socket API
2014-10-29 08:03:28 -05:00
Juan Escobar
9f21ac8ba2
Fix issues reported by wchen-r7
2014-10-28 21:31:33 -05:00
Jon Hart
ba5035c7ef
Prevent calling match when there is no WWW-auth header
2014-10-28 17:13:57 -07:00
Jon Hart
a5d883563d
Abort if 2013 desired but redirect didn't happen
2014-10-28 15:59:22 -07:00
Jon Hart
7ca4ba26b0
Show more helpful vprint messages when login fails
2014-10-28 15:48:04 -07:00
Jon Hart
bce8f34a71
Set proper Cookie header from built cookie string
2014-10-28 15:41:36 -07:00
Jon Hart
a3e1e11987
Ensure necessary cookies are present in OWA 2010 login response
2014-10-28 15:40:15 -07:00
Peter Arzamendi
604cad9fbb
Updated timeout to default to 45 seconds to wait for the print job to finish.
2014-10-28 15:45:28 -05:00
Peter Arzamendi
b17d6a661d
Moved module to auxiliary/gather and updated timeout to wait for the printer job to complete before we try to grab the creds.
2014-10-28 15:23:47 -05:00
Peter Arzamendi
0e42cf25d1
Updated per wchen-r7's recommendations. Still waiting to hear on Nokogiri
2014-10-28 15:13:16 -05:00
Tod Beardsley
9c028c1435
Fixes #4083 , make the split nil-safe
...
In the reported case, the expected cookies were not present on the
response, thus, the second split was trying to split a `nil`. This
solves the immediately problem by a) splitting up the splits into
discrete sections, and b) `NilClass#to_s`'ing the result of the first
split.
This makes the split safe. Now, there may be a larger issue here where
you're not getting the expected cookies -- it sounds like the target in
this case is responding differently, which implies that the module isn't
going to be effective against that particular target. But, at least it
won't crash. It may merely try fruitlessly the entire run, though. I
can't know without looking at a pcap, and in the reported case, a pcap
seems unlikely since this was a bug found in the field.
2014-10-28 14:59:20 -05:00
William Vu
71a6ec8b12
Land #4093 , cups_bash_env_exec CVE-2014-6278
2014-10-28 12:47:51 -05:00
Brendan Coles
57baf0f393
Add support for CVE-2014-6278
2014-10-28 17:10:19 +00:00
William Vu
3de5c43cf4
Land #4050 , CUPS Shellshock
...
Bashbleeded!!!!!!!!!!!
2014-10-28 11:59:31 -05:00
Peter Arzamendi
1012cd8d6b
Updated based on wchen-r7 feedback.
2014-10-28 11:38:50 -05:00
Brendan Coles
78b199fe72
Remove CVE-2014-6278
2014-10-28 16:18:24 +00:00
Joe Vennix
c6bbc5bccf
Merge branch 'landing-4055' into upstream-master
2014-10-28 11:18:20 -05:00
Deral Heiland
9021e4dae6
Xerox Workcentre firmware injection exploit
2014-10-28 11:15:43 -04:00
jvazquez-r7
5e0993d756
Add OJ as author
2014-10-28 09:58:34 -05:00
Tod Beardsley
dade6b97ba
Land #4088 , wget exploit
...
Fixes #4077 as well.
2014-10-28 09:03:07 -05:00
Brendan Coles
a060fec760
Detect version in check()
2014-10-28 12:28:18 +00:00
sinn3r
e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner
2014-10-28 01:45:57 -05:00
HD Moore
64c206fa62
Add module for CVE-2014-4877 (Wget)
2014-10-27 23:37:41 -05:00
Peter Arzamendi
0b225d94b1
Xerox Admin password extractor.
2014-10-27 19:26:40 -05:00
Juan Escobar
2ba2388889
Fix issues reported by jvasquez
2014-10-27 19:15:39 -05:00
jvazquez-r7
b990b14a65
Land #3771 , @us3r777's deletion of jboss_bshdeployer STAGERNAME option
2014-10-27 18:09:35 -05:00
parzamendi-r7
f7f6cff327
Update xerox_workcentre_5XXX_ldap.rb
2014-10-27 17:23:47 -05:00
Peter Arzamendi
f119abbf8c
Xerox workcentre 5735 LDAP credential extractor
2014-10-27 15:52:12 -05:00
jvazquez-r7
373ce8d340
Use perl encoding
2014-10-27 15:30:02 -05:00
Luke Imhoff
216360d664
Add missing require
...
MSP-11145
2014-10-27 15:19:59 -05:00
jvazquez-r7
9da83b6782
Update master changes
2014-10-27 14:35:30 -05:00
Spencer McIntyre
04a99f09bb
Land #4064 , Win32k.sys NULL Pointer Dereference
2014-10-27 14:01:07 -04:00
William Vu
090d9b95d1
Land #4078 , pureftpd_bash_env_exec desc. update
2014-10-27 12:12:09 -05:00
William Vu
950fc46e4b
Normalize description
2014-10-27 12:09:39 -05:00
Jon Hart
b8c9ef96ca
Land #4003 , @nstarke's Login Scanner for WD MyBook Live NAS
2014-10-27 09:57:43 -07:00
Spencer McIntyre
830f631da4
Make the check routine less strict
2014-10-27 12:51:20 -04:00
sinn3r
aa5dc0a354
100 columns per line
2014-10-27 10:24:11 -05:00
sinn3r
7e56948191
Update description about pureftpd_bash_env_exec
...
Make exploitable requirements more obvious
2014-10-27 10:23:06 -05:00
Spencer McIntyre
46b1abac4a
More robust check routine for cve-2014-4113
2014-10-27 11:19:12 -04:00
jvazquez-r7
4406972b46
Do version checking minor cleanup
2014-10-27 09:32:42 -05:00
Juan Escobar
848f24a68c
update module description
2014-10-27 02:07:16 -05:00
root
d66dc88924
Add PHP Code Execution for X7 Chat 2.0.5
2014-10-27 01:01:31 -05:00
jvazquez-r7
c319ea91b3
Delete verbose print
2014-10-26 17:31:19 -05:00
jvazquez-r7
34697a2240
Delete 'callback3' also from 32 bits version
2014-10-26 17:28:35 -05:00
Spencer McIntyre
7416c00416
Initial addition of x64 target for cve-2014-4113
2014-10-26 16:54:42 -04:00
Brendan Coles
554935e60b
Add check() and support CVE-2014-6278
2014-10-26 18:11:36 +00:00
scriptjunkie
4dfbce425a
use vprintf...
2014-10-26 09:20:32 -05:00
scriptjunkie
c31fb0633d
Merge branch 'wp-psexeccmd' of github.com:webstersprodigy/metasploit-framework into webstersprodigy-wp-psexeccmd
2014-10-26 09:05:25 -05:00
jvazquez-r7
a75186d770
Add module for CVE-2014-4113
2014-10-23 18:51:30 -05:00
sinn3r
7cb4320a76
Land #3561 - unix cmd generic_sh encoder
2014-10-23 15:48:00 -05:00
sinn3r
13fd6a3374
Land #4046 - Centreon SQL and Command Injection
2014-10-23 13:17:00 -05:00
sinn3r
ce841e57e2
Rephrase about centreon.session
2014-10-23 13:15:55 -05:00
sinn3r
889045d1b6
Change failure message
2014-10-23 12:55:27 -05:00
Jon Hart
83df08aaa7
Properly encode body and catch invalid configs
2014-10-22 22:43:06 -07:00
Jon Hart
c765100efd
Land #4004 , @martinvigo's LastPass master password extraction module
2014-10-22 16:34:54 -07:00
Jon Hart
29b61984c5
Update to use correctly joined path
2014-10-22 16:34:17 -07:00
sinn3r
42cd288bc0
Land #4057 - Bring back TCP::max_send_size and TCP::send_delay options
...
Fix #3967
2014-10-22 16:23:15 -05:00
sinn3r
0ea03c00a5
Use print_brute instead of print_good for format consistency
2014-10-22 16:14:45 -05:00
Tim Wright
b8c3fadb9e
python 3 is supported now too :)
2014-10-22 20:10:48 +01:00
Tim Wright
8c3c73a72d
inline the error message
2014-10-22 20:08:14 +01:00
Tim Wright
2ab73688dc
use framework.threads to launch cleanup thread
2014-10-22 19:40:29 +01:00
Tim Wright
22fc6496ac
Merge branch 'pr/3401' into landing-3401
2014-10-22 19:23:01 +01:00
Jon Hart
ce8a9941ea
Cleanup. Sanity check in setup. vprint
2014-10-22 10:36:24 -07:00
James Lee
46acf08e2d
Merge remote-tracking branch 'upstream/master' into bug/msp-11497/loginscanner-tcp-evasions
2014-10-22 09:09:34 -05:00
nstarke
ee3dd3a2ac
More Fixes for WD MyBook Live Scanner
...
Fixes include removing deregistered options
from credentials collection object and adding proof
when there is no response
2014-10-22 03:06:21 +00:00
James Lee
0fcd1ac4f6
Restore tcp evasions to smb_login
2014-10-21 18:59:11 -05:00
James Lee
e1a7e902d6
Re-enable tcp evasions for more LoginScanners
...
Untested since I don't have targets for these.
2014-10-21 18:58:28 -05:00
sinn3r
6d11ec8477
These mods support Proxies, so make the option visible for the user
2014-10-21 15:39:24 -05:00
sinn3r
db7c420d8d
Merge the latest changes
2014-10-21 13:49:42 -05:00
James Lee
f9f8c413a8
Derp, ssh modules don't include Tcp for #proxies
2014-10-21 13:28:13 -05:00
sinn3r
79d393c5aa
Resolve merge conflicts
...
Conflicts:
lib/msf/core/exploit/smb.rb
lib/msf/core/exploit/tcp.rb
modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
James Lee
4705aeb762
Restore tcp evasions to ftp, pop3, vnc
2014-10-21 11:06:55 -05:00
James Lee
7d150ce0dd
Add tcp evasions to mysql
2014-10-21 10:05:18 -05:00
James Lee
e76ee294a1
Restore tcp evasions to telnet
2014-10-21 09:44:55 -05:00
nstarke
82b74d5f3c
Fixes to MyBook Live Module
...
This commit contains three fixes as requested on PR
#4003 . Those include:
+ Removing extraneous puts statement
+ Checking for valid response
+ SSL support.
2014-10-21 00:50:40 +00:00
nstarke
70b13819d9
Adding Login Scanner for MyBook Live
...
This is a LoginScanner auxiliary module for Western
Digital MyBook Live NAS devices as well as the spec
for testing.
2014-10-21 00:50:40 +00:00
jvazquez-r7
d6f4c02c2a
Land #3979 , @wchen-r7 fixes #3976 , http_login not using TARGETURI, neither uri normalization
2014-10-20 18:10:57 -05:00
Spencer McIntyre
f886ab6f97
Land #4020 , Jenkins-CI CSRF token support
2014-10-20 19:03:24 -04:00
jvazquez-r7
74ac16081f
Land #3981 , @wchen-r7 Fixes #3974 , axis_login.rb does not normalize URI
2014-10-20 17:51:13 -05:00