Commit Graph

3628 Commits (cdc7b75a78c05642247a9c8d1fab2c228403e290)

Author SHA1 Message Date
Tab Assassin 4703a10b64 Merge for retab 2013-09-05 14:10:58 -05:00
Tab Assassin 597f337d1b Retab changes for PR #2298 2013-09-05 13:52:10 -05:00
Tab Assassin acfef429c2 Merge for retab 2013-09-05 13:52:05 -05:00
Tab Assassin abb52a086c Retab changes for PR #2316 2013-09-05 13:33:59 -05:00
Tab Assassin 8665de0261 Merge for retab 2013-09-05 13:33:49 -05:00
Tab Assassin 0a1a202fb5 Retab changes for PR #2329 2013-09-05 13:04:23 -05:00
Tab Assassin 760943af2f Merge for retab 2013-09-05 13:02:51 -05:00
jvazquez-r7 c44be42cf5 Merge the check for Sentry in just one request 2013-09-05 10:41:20 -05:00
jvazquez-r7 d280d45964 Revert "Updated module - 1 req action"
This reverts commit f85b9aa780.
2013-09-05 10:35:13 -05:00
Karn Ganeshen f85b9aa780 Updated module - 1 req action
Modified the code to have it work with 1 request instead of 3. Thanks Meatballs1!
2013-09-05 20:04:02 +05:30
kaospunk 9f628b8b63 Add URI where information was discovered
This adds the URI where the information was enumerated from to the
scanner output.

One more place where target_uri was being used was also corrected.
2013-09-05 10:06:11 -04:00
kaospunk afaab5e0a6 Fixes issues raised by jvazquez-r7
This commit fixes the following issues raised by jvazquez-r7:
* The local target_uri variable has been renamed to test_uri
* Logic to prepend a "/" to the uri has been removed
* The timeout of 10 for send_request_cgi has been removed to use the
  default
2013-09-05 09:34:35 -04:00
kaospunk 533643fe2c Host Information Enumeration via NTLM Authentication
This aux module makes requests to resources on the target server in
an attempt to find resources which permit NTLM authentication. For
resources which permit NTLM authentication a blank NTLM type 1 message
is sent to enumerate a a type 2 message from the target server. The type
2 message is then parsed for information such as the Active Directory
domain and NetBIOS name.

The user can provide their own TARGETURIS file which contains URIs
to request to attempt to get a 401 with NTLM. This PR also includes
a list of URLs that can be used as the default.
2013-09-04 21:39:02 -04:00
Boris a23c1f1ad4 added additional "include" 2013-09-03 19:34:37 +04:00
Karn Ganeshen 3786376b42 Aux module for Sentry CDU enum 2013-09-03 14:44:03 +05:30
Boris 9a33c674aa RHOST, RPORT removed, Tries option added 2013-09-01 22:58:22 +04:00
jvazquez-r7 560d384633 Do first modification to Auxiliary::Login and Auxiliary::AuthBrute 2013-08-31 23:38:04 -05:00
Boris 28ca62d60f New option added. Names now random. Dos check added 2013-08-31 13:18:22 +04:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
rbsec a574b548b2 Updated wordpress_login_enum auxilary module.
Update wordoress_login_enum to work when the wordpress site redirects
to /author/[authorname]/ rather than displaying the author's name in
the page contents.
2013-08-29 15:28:46 +01:00
Boris b3ec8f741f File moved to auxiliary with some bug fixes 2013-08-29 00:11:34 +04:00
sinn3r e4a567b2b5 Land #2284 - Fix description 2013-08-27 11:20:58 -05:00
jvazquez-r7 b9360b9de6 Land #2286, @wchen-r7's patch for undefined method errors 2013-08-26 20:46:05 -05:00
sinn3r 85ed9167f2 Print target endpoint
If a module consistently print the target endpoint in all its print
functions, then we'll follow that.
2013-08-26 17:51:43 -05:00
sinn3r 9f8051161f Properly implement normalize_uri 2013-08-26 17:18:00 -05:00
sinn3r 7fad26968c More fix to jboss_seam_exec 2013-08-26 17:16:15 -05:00
jvazquez-r7 c660279963 Land #2259, @wchen-r7's patch for [SeeRM #8319] 2013-08-26 16:36:45 -05:00
jvazquez-r7 a58750fbbb Land #2266, @wchen-r7's patch forn [SeeRM #8345] and [SeeRM #8344] 2013-08-26 16:14:50 -05:00
Tod Beardsley 5b4890f5b9 Fix caps on typo3_winstaller module 2013-08-26 14:47:42 -05:00
sinn3r 3769da2722 Better fixes 2013-08-26 14:02:45 -05:00
sinn3r 6b8feaff8c Type conversion 2013-08-26 13:56:11 -05:00
sinn3r 8c7f4b3e1f Avoid using inline rescue 2013-08-26 13:54:06 -05:00
jvazquez-r7 9cb8ec950f Fix module description 2013-08-26 11:40:05 -05:00
Christian Mehlmauer 035258389f use feed first before trying to bruteforce 2013-08-25 10:16:43 +02:00
Christian Mehlmauer 5f7ccf1cbe naming..again 2013-08-24 18:58:00 +02:00
Christian Mehlmauer 7cd150b850 another module 2013-08-24 18:42:22 +02:00
Christian Mehlmauer c40252e0b3 bugfixing 2013-08-24 00:04:16 +02:00
Christian Mehlmauer 556f17c47e Move modules 2013-08-22 17:33:35 +02:00
Christian Mehlmauer 8456d2c0ec remove target_uri 2013-08-22 00:48:42 +02:00
Christian Mehlmauer 959553583f -) revert last commit
-) split into seperate modules
2013-08-22 00:45:22 +02:00
Christian Mehlmauer 009d8796f6 wordpress is now a module, not a mixin 2013-08-22 00:05:58 +02:00
Christian Mehlmauer 2e9a579a08 implement @limhoff-r7 feedback 2013-08-21 21:05:52 +02:00
Christian Mehlmauer ffdd057f10 -) Documentation
-) Added Wordpress checks
2013-08-21 14:27:11 +02:00
Christian Mehlmauer 655e2dcf6c more methods 2013-08-21 13:13:41 +02:00
Christian Mehlmauer 11ef8d077c -) added wordpress mixin
-) fixed typo in web mixin
2013-08-21 12:45:15 +02:00
sinn3r 50e7d8015a Validate datastore option "YEAR"
The YEAR option is a numeric value, so should be OptInt in order to
go through validation.

[FixRM #8345]
[FixRM #8344]
2013-08-21 01:38:16 -05:00
sinn3r 89753a6390 Fix undefined method error
[FixRM #8323]
2013-08-21 01:22:27 -05:00
sinn3r 92752de651 Fix undefined method error
[FixRM #8324]
2013-08-21 01:20:57 -05:00
sinn3r 77942f0d29 Fix undefined method error
[FixRM #8325]
2013-08-21 01:20:03 -05:00
sinn3r 2fa75e0133 Fix undefined method error
[FixRM #8325]
2013-08-21 01:16:49 -05:00
sinn3r be29e44788 Fix undefined method error
[FixRM #8328]
2013-08-21 01:15:07 -05:00
sinn3r ae8c40c8f7 Fix undefined method error
[FixRM #8329]
2013-08-21 01:10:46 -05:00
sinn3r 42a7766f1b Fix undefined method error
[FixRM #8330]
2013-08-21 01:09:24 -05:00
sinn3r 0f85fa21b4 Fix undefined method error
[FixRM #8331]
2013-08-21 01:08:19 -05:00
sinn3r 8eeb66f96d Fix undefined method error
[FixRM #8332]
2013-08-21 01:06:54 -05:00
sinn3r 785f633d1d Fix undefined method error
[FixRM #8334]
[FixRM #8333]
2013-08-21 01:01:53 -05:00
sinn3r 0561928b92 Fix undefined method error
[FixRM #8336]
2013-08-21 00:54:08 -05:00
sinn3r 2597c71831 Fix undefined method error
[FixRM #8338]
[FixRM #8337]
2013-08-21 00:52:33 -05:00
sinn3r 092b43cbfa Fix undefined method error
[FixRM #8339]
2013-08-21 00:50:37 -05:00
sinn3r 32a190f1bd Fix undefined method error
[FixRM #8340]
2013-08-21 00:49:13 -05:00
sinn3r 217d89fa7c Fix undefined method error
[FixRM #8341]
2013-08-21 00:47:31 -05:00
sinn3r 3a271e7cc7 Fix undefined method error
[FixRM #8342]
2013-08-21 00:45:48 -05:00
sinn3r 8806e76e4d Fix undefined method error
[FixRM #8343]
2013-08-21 00:44:10 -05:00
sinn3r 37eaa62096 Fix undefined method error
[FixRM #8346]
2013-08-21 00:42:33 -05:00
sinn3r 9ca7a727e1 Fix undefined method error
[FixRM #8347]
2013-08-21 00:41:49 -05:00
sinn3r 5993cbe3a8 Fix undefined method error
[FixRM #8348]
2013-08-21 00:40:38 -05:00
sinn3r 9f98d4afe6 Fix undefined method error
[FixRM #8349]
2013-08-21 00:38:35 -05:00
sinn3r 35b15b6809 Fix undefined method error
[FixRM #8322]
2013-08-21 00:37:22 -05:00
sinn3r ea78e8309d Fix undefined method error
[FixRM #8350]
2013-08-21 00:35:36 -05:00
jvazquez-r7 fe089030d4 Land #2257, @wchen-r7's patch for [SeeRM #8317] 2013-08-20 13:43:37 -05:00
jvazquez-r7 ceb0f56f42 Land #2258, @wchen-r7's patch for [SeeRM #8318] 2013-08-20 13:26:34 -05:00
sinn3r 1702cf2af9 Use TARGETURI 2013-08-20 13:23:32 -05:00
jvazquez-r7 3ac59fede7 Land #2251, @wchen-r7's patch to use OptRegexp 2013-08-20 12:55:30 -05:00
sinn3r 202b31d869 Better fix based on feedback
Tell daddy how you want it.
2013-08-20 12:52:04 -05:00
jvazquez-r7 546c523ed8 Land #2252, @wchen-r7's patch for print_line vs print 2013-08-20 11:17:38 -05:00
jvazquez-r7 8adc4f05dd Land #2250, @wchen-r7's clean up for mssql_ping 2013-08-20 10:38:01 -05:00
jvazquez-r7 586ae8ded3 Land #2249, @wchen-r7's patch for [SeeRM #8314] 2013-08-20 10:32:47 -05:00
jvazquez-r7 277fc69a19 Land #2246, @wchen-r7's patch for [SeeRM #8313] 2013-08-20 10:15:15 -05:00
sinn3r f68d581b7a [FixRM #8319] - Properly disable BLANK_PASSWORDS for ektron_cms400net
In module ektron_cms400net.rb, datastore option "BLANK_PASSWORDS" is
set to false by default, because according to the original author, a
blank password will result in account lockouts. Since the user should
never set "BLANK_PASSWORDS" to true, this option should never be
presented as an option (when issuing the "show options").

While fixing #8319, I also noticed another bug at line 108, where
res.code is used when res could be nil due to a timeout, so I ended
up fixing it, too.
2013-08-20 01:20:52 -05:00
jvazquez-r7 4790d8de50 Land #2256, @wchen-r7's patch for [FixRM #8316] 2013-08-19 23:23:57 -05:00
sinn3r 246c2d82f9 [FixRM #8318] - Use normalize_uri properly
normalize_uri should be used when paths are being merged, not after.
2013-08-19 18:04:12 -05:00
sinn3r 3c27520e10 [FixRM #8317] - Fix possible double slash in file path
It is possible to have a double slash in the base path, shouldn't
happen.
2013-08-19 17:55:14 -05:00
sinn3r 268a3e769e Missed this one 2013-08-19 17:45:05 -05:00
sinn3r 5366453031 [FixRM #8316] - Escape characters correctly
dots need to be escaped
2013-08-19 16:51:19 -05:00
sinn3r 7fc37231e0 Fix email format
Correct email format
2013-08-19 16:34:14 -05:00
sinn3r a8ca32ab34 Oh yeah, need to do this too 2013-08-19 16:28:58 -05:00
sinn3r 154b1e8888 Remove comments 2013-08-19 16:27:35 -05:00
sinn3r cf10a0ca91 Use print_line instead of print
These modules should be using print_line instead of print
2013-08-19 16:25:44 -05:00
sinn3r 8eb9266bff Use the correct var 2013-08-19 16:19:03 -05:00
sinn3r 58d5cf6faa Module should use OptRegexp for regex pattern option
Instead of using OptString, OptRegexp should be used because this
datastore option is a regex pattern.
2013-08-19 16:16:34 -05:00
sinn3r 8c03e905de Get rid of function that's never used
RPORT datastore option is deregistered, and is never used anywhere
in the module, so I don't why we need this rport() function here.
2013-08-19 16:09:10 -05:00
Brandon Turner a815d9277e Merge pull request #2245 from todb-r7/grammar-and-such
Trivial grammar and word choice fixes for modules
2013-08-19 13:45:18 -07:00
sinn3r 17b5e57280 Typo 2013-08-19 15:32:19 -05:00
sinn3r fb5ded1472 [FixRM #8314] - Use OptPath instead of OptString
These modules need to use OptPath to make sure the path is validated.
2013-08-19 15:30:33 -05:00
sinn3r 2e74c50880 [SeeRM #8313] - Print where files are stored
As an user, I want to be able to see where my file is stored when the
module I'm using runs a store_loot().
2013-08-19 15:02:15 -05:00
sinn3r d0b56e1650 Use the correct variable 2013-08-19 14:38:40 -05:00
sinn3r d89932bfd8 Use the correct variable 2013-08-19 14:33:01 -05:00
Tod Beardsley ca313806ae Trivial grammar and word choice fixes for modules 2013-08-19 13:24:42 -05:00
sinn3r 4cef4e88a6 If exception hits, make sure it's closed. 2013-08-19 13:21:53 -05:00
sinn3r 11ef366818 Properly close hashlist 2013-08-19 13:14:13 -05:00