dc4b8461e8
unbreaks & DRYs my previous change.
2014-03-28 19:15:38 -04:00
c559a6b39f
fix description
...
(cherry picked from commit 7c860b9553
2014-03-28 17:36:21 -05:00
ae53d75cdb
Module to HP LaserJet Printer SNMP Enumeration
...
(cherry picked from commit f18fef1864
2014-03-28 17:36:21 -05:00
2344a9368e
Fix warnings generated by #3158
...
Keeping ManualRanking for DoS modules.
2014-03-31 12:35:15 -05:00
9374777da1
Land #2996 , @mcantoni's jboss status aux module
2014-03-28 16:07:08 -05:00
7689751c10
Module module location
2014-03-28 16:05:37 -05:00
e3ec0e7624
Clean up jboss_status module
2014-03-28 16:04:43 -05:00
5458200434
Fix a couple minor annoyances in PJL
2014-03-28 02:19:30 -05:00
c1fdc4d945
Fix a couple things that were bugging me
2014-03-28 02:15:38 -05:00
107901b481
Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra msftidy fix
2014-03-26 22:37:21 -07:00
30da3575e8
Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra
2014-03-26 21:53:12 -07:00
5b8d8d8009
Get Pro and Framework back in sync.
2014-03-26 09:25:19 -05:00
cd448ba46c
Land #3132 , ntp_monlist improvements
2014-03-25 15:19:45 -05:00
1c4797337f
Clean up rapid7/metasploit-framework#3132
2014-03-25 14:04:43 -05:00
d83f665466
Delete commas
2014-03-25 13:34:02 -05:00
e27adf6366
Fix msftidy warnings
2014-03-25 10:39:40 -03:00
473f745c3c
Add katello_satellite_priv_esc.rb
...
This module exploits a missing authorization vulnerability in the
"update_roles" action of "users" controller of Katello and Red Hat
Satellite (Katello 1.5.0-14 and earlier) by changing the specified
account to an administrator account.
2014-03-24 23:44:44 -03:00
460a1f551c
Fix for R7-2014-05
2014-03-24 14:12:12 -05:00
cd9182c77f
Msftidy warning fix on Joomla module.
...
Pre-commit hooks people.
2014-03-24 12:03:12 -05:00
312f117262
updates file read to close file more quickly
2014-03-21 14:53:15 -04:00
4b2a2d4dea
Improve NTP monlist auxiliary module
2014-03-21 16:39:53 +01:00
fbcd661504
removed snmp_enum_hp_laserjet from this pull request
2014-03-21 15:58:53 +01:00
aa26405c23
Cleanup an expression and avoid fail_with
2014-03-20 17:33:09 -04:00
0c4b71c8bf
Land #3094 - Joomla weblinks-categories Unauth SQLI Arbitrary File Read
2014-03-20 12:08:18 -05:00
93ad818358
Fix header and e-mail format for author
2014-03-20 12:07:50 -05:00
74398c4b6e
Allow using a single URI and/or a list of URIs
2014-03-20 09:54:02 -04:00
a8d919feb0
use TARGET_URI if given, otherwise TARGET_URIS_FILE
2014-03-19 23:32:04 -05:00
9b2cfb6c84
change default targeturi to something more universal
2014-03-19 21:03:50 -05:00
b52a535609
add official url
2014-03-19 20:41:32 -05:00
ab42cb1bff
better error handling for the user
2014-03-19 18:46:57 -05:00
b79920ba8f
Land #3089 , InvalidWordCount fix for smb_login
...
[FixRM #8730 ]
2014-03-19 16:12:56 -05:00
fe0b76e24e
Land #2994 - OWA 2013 support
2014-03-19 13:16:37 -05:00
2ef2f9b47c
use vars_get
2014-03-19 07:51:34 -07:00
920b2da720
Merge branch 'master' into joomla_sqli
2014-03-19 07:43:32 -07:00
8fdb5250d4
changes to smtp relay aux module
2014-03-17 15:09:29 +07:00
da0c37cee2
Land #2684 , Meatballs PSExec refactor
2014-03-14 13:01:20 -05:00
a01dd48640
a bit better error message if injection works but no file
2014-03-13 13:38:43 -07:00
b0688e0fca
clarify LOAD_FILE perms in description
2014-03-13 13:11:27 -07:00
2734b89062
update normalize_uri calls
2014-03-13 06:55:15 -07:00
5aad8f2dc3
Land #3088 , SNMP timestamp elements fix
2014-03-13 02:22:14 -05:00
7540dd83eb
randomize markers
2014-03-12 20:11:55 -05:00
3fedafb530
whoops, extra char
2014-03-12 19:54:58 -05:00
aa00a5d550
check method
2014-03-12 19:47:39 -05:00
9cb1c1a726
whoops, typoed the markers
2014-03-12 10:58:34 -07:00
6636d43dc5
initial module
2014-03-12 10:46:56 -07:00
206660ddde
Recreate the intent of cfebdae from @parzamendi-r7
...
The idea was to rescue on a NoReply instead of just fail, and was part
of a fix in #2656 .
[SeeRM #8730 ]
2014-03-11 14:30:01 -05:00
f7af9780dc
Rescue InvalidWordCount error
...
This is a cherry-pick of commit ea86da2 from PR #2656
2014-03-11 14:17:36 -05:00
f51ee2d6b4
snmp_enum: Treat missing timestamp elements as 0
...
Timestamps don't always have all the elements we expect. This treats
them as zeroes to ensure that we don't raise silly exceptions in that
case.
2014-03-11 12:44:07 -05:00
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
8cfa5679f2
More nick instead of name
2014-03-10 16:12:44 +01:00
bc8590dbb9
Change DoS module location
2014-03-10 16:12:20 +01:00
e32ff7c775
Land #3077 - Allow TFTP server to take a host/port argument
2014-03-08 00:58:52 -06:00
151e2287b8
OptPath, not OptString.
2014-03-07 10:52:45 -06:00
5cf1f0ce4d
Since dirs are required, server will send/recv
...
This does change some of the meaning of the required-ness of the
directories. Before, if you wanted to serve files, but not receive any,
you would just fail to set a OUTPUTPATH.
Now, since both are required, users are required to both send and
recieve. This seems okay, you can always just set two different
locations and point the one you don't want at /dev/null or something.
2014-03-07 10:49:11 -06:00
37fa4a73a1
Make the path options required and use /tmp
...
Otherwise it's impossible to run this module without setting the options
which were not otherwise validated anyway.
2014-03-07 10:41:18 -06:00
ebee365fce
Land #2742 , report_vuln for MongoDB no auth
2014-03-06 19:34:45 -05:00
84f280d74f
Use a more descriptive MongoDB vulnerability title
2014-03-06 19:20:52 -05:00
8a0531650c
Allow TFTP server to take a host/port argument
...
Otherwise you will tend to listen on your default ipv6 'any' address and
bound to udp6 port 69, assuming you haven't bothered to disable your
automatically-enabled ipv6 stack.
This is almost never correct.
2014-03-06 16:13:20 -06:00
7cb6e7e261
Land #3057 - MantisBT Admin SQL Injection Arbitrary File Read
2014-03-04 17:52:29 -06:00
f0e97207b7
Fix email format
2014-03-04 17:51:24 -06:00
c86764d414
update default password to root
2014-03-04 11:55:30 -08:00
2b06791ea6
updates regarding PR comments
2014-03-04 10:08:31 -08:00
a3523bdcb9
Update mantisbt_admin_sqli.rb
...
remove extra new line and fix author line
2014-03-04 08:44:53 -06:00
98b59c4103
update desc
2014-03-03 12:40:58 -08:00
c5d1071456
add mantisbt aux module
2014-03-03 12:36:38 -08:00
de6be50d64
Minor cleanup and finger-wagging about a for loop
2014-03-03 14:12:22 -06:00
fd1586ee6a
Land #2515 , plaintext creds fix for John
...
[FixRM #8481 ]
2014-02-28 09:53:47 -06:00
12e4e0e36d
Return whether result is nil or not.
2014-02-28 10:17:37 -05:00
dfa91310c2
Support checking a single URI for ntlm information.
2014-02-28 08:47:29 -05:00
8be33f42fe
Define service as udp
2014-02-27 12:53:29 -06:00
ea5fe9ec0a
Updated to use get_cookie
2014-02-27 08:52:54 -06:00
9e52a10f2d
Set SSL to default to true and removed SSL from register_options. Updated Author to include full name
2014-02-26 20:49:03 -06:00
bfdefdb338
Land #3023 , @m-1-k-3's module for Linksys WRT120N bof reset password
2014-02-26 09:36:14 -06:00
6ba26bf743
Use normalize_uri
2014-02-26 09:35:42 -06:00
582372ec3e
Do minor cleanup
2014-02-26 09:32:11 -06:00
0531abb691
Land #3026 , @ribeirux DoS module for CVE-2014-0050
2014-02-26 08:53:55 -06:00
449d0d63d1
Do small clean up
2014-02-26 08:52:51 -06:00
b79197b8ab
feedback included, cleanup, login check
2014-02-26 13:44:36 +01:00
63bbe7bef2
Land #3034 , 302 redirect for http_basic
2014-02-25 13:54:58 -06:00
4cc91095de
Fix minor formatting issues
2014-02-25 13:48:37 -06:00
6783e31c67
Used the builtin send_redirect method in Msf::Exploit::Remote::HttpServer instead of creating a redirect inline
2014-02-24 15:59:49 -06:00
ead7cbc692
Author and URI fixed
2014-02-24 22:20:34 +01:00
f1e71b709c
Added 301 Redirect option to Basic Auth module
2014-02-24 14:59:20 -06:00
6f398f374e
Land #3032 , inside_workspace_boundary? typo fix
2014-02-24 14:55:09 -06:00
d2945b55c1
Fix typo
...
inside_workspace_boundary() -> inside_workspace_boundary?()
2014-02-24 14:46:08 -06:00
5cdd9a2ff3
Land #2995 - sqlmap minor cleanup, description & file tests
2014-02-24 10:39:01 -06:00
8f7f1d0497
Add module for CVE-2014-0050
2014-02-22 14:56:59 +01:00
ec8e1e3d6f
small fixes
2014-02-21 21:59:45 +01:00
1384150b7a
make msftidy happy
2014-02-21 21:56:46 +01:00
c77fc034da
linksys wrt120 admin reset exploit
2014-02-21 21:53:56 +01:00
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
1864089085
removed rport definition
2014-02-17 11:32:24 +07:00
8a24da9eea
Module to query Jboss status servlet
2014-02-15 17:46:52 +01:00
f6be574453
Slightly better file checks on sqlmap.py
2014-02-15 09:58:03 -06:00
dacbf55fc1
Minor cleanup of title and desc on sqlmap
2014-02-15 09:55:06 -06:00
0e7074c139
Modififed output for smb_enumshares module
2014-02-14 13:39:13 -06:00
6dc9840064
Modified output for smb_enumshares
2014-02-14 13:12:52 -06:00
ee3f1fc25b
Record successful passwordless access to mongodb
2014-02-14 08:52:17 +11:00
7c860b9553
fix description
2014-02-13 21:11:50 +01:00
5ef40e3844
Removed bad sets on datastore['USERNAME'] and datastore['PASSWORD']
2014-02-12 13:31:03 -06:00
2b8a8259f9
Updates to support OWA 2013 and some syntax changes
2014-02-12 09:40:49 -06:00
6944c54d13
Added EXTENDED option to smtp_relay
2014-02-12 15:44:53 +07:00
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
1236a4eb07
Fixup on description and some option descrips
2014-02-10 14:41:59 -06:00
8a8bc74687
Land #2940 - DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials
2014-02-10 13:49:02 -06:00
306b31eee3
Small changes before merging
2014-02-10 13:47:31 -06:00
02fb84db20
Changed dns_amp to avoid false positives
2014-02-10 17:13:06 +07:00
ac52edabd5
Land #2801 , Land @kicks4kittens IBM Sametime modules
2014-02-06 10:17:03 -06:00
30c325c22e
Make better json check
2014-02-06 10:16:26 -06:00
564f9bccc8
Correct print output
...
Printing the room details is the purpose of the module.
Reinstated printing the table in non-verbose mode (users won't know it's there otherwise)
2014-02-05 22:00:02 +01:00
445cd7be5a
remove "on {peer}
...
line already includes {peer} info
2014-02-05 21:57:58 +01:00
4c0c9101aa
Correct check, reinstate print
...
Corrected JSON check (response is empty, but valid JSON on check success)
Reinstated print to warn user (not only in VERBOSE)
2014-02-05 21:56:56 +01:00
60cf68f899
added default SSL
2014-02-05 21:54:02 +01:00
3560b41eb2
correct variable name
...
body isn't valid, replaced with res.body and tested
2014-02-05 21:51:55 +01:00
38add0ab50
alter print_status
...
Altered print_status to print_good to differentiate when user is online easier
2014-02-05 21:49:39 +01:00
89e1bcc0ca
Deprecate modules with date 2013-something
...
These modules had an expiration date of 2013.
2014-02-04 14:49:18 -06:00
a58698c177
Land #2922 , multithreaded check command
2014-02-04 11:21:05 -06:00
cccf2e4258
Land #2926 , @xistence A10 Networks Loadbalancer dir traversal module
2014-02-04 07:28:51 -06:00
cc09367c62
Change the datastore name option
2014-02-04 07:28:14 -06:00
ffd90a3d38
Add confirmation datastore option
2014-02-03 12:40:58 -06:00
9953821451
Fix desc on Drupal module, some peer prints
2014-02-03 12:16:06 -06:00
9b9b2fab58
Add DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials module
2014-02-04 02:00:11 +10:30
a92256e8d1
Clean a10networks_ax_directory_traversal
2014-02-03 08:41:23 -06:00
53c2a737e9
Don't register rport again
2014-01-31 09:42:41 -06:00
452042e757
Land #2925 , @xistence aux module for Support Center Plus traversal
2014-01-31 09:38:01 -06:00
e9f04d9203
Do final cleanup for Support Center Plus module
2014-01-31 09:37:40 -06:00
32c5d77ebd
Land #2918 , @wvu's fix for long argument lists
2014-01-31 08:49:22 -06:00
e81a0ed22b
Changes as requested for SupportCenterPlus module
2014-01-31 13:28:45 +07:00
56287e308d
Clean up unused variables
2014-01-30 11:20:21 -06:00
8ac0ef396e
Added DNS recursion amplification scanner
2014-01-29 14:21:21 +07:00
d3be54fed6
Added Extended SMTP Open Relay aux module
2014-01-29 13:46:54 +07:00
c8296298b3
added A10Networks AX loadbalancer Dir Traversal Auxiliary Module
2014-01-28 16:37:25 +07:00
32d7f15a5c
added ManageEngine Support Center Plus directory traversal auxiliary module
2014-01-28 15:45:23 +07:00
f766a74150
Land #2920 , @wvu-r7's author metadata update for printer aux modules
2014-01-27 13:02:31 -06:00
d19e9307c6
Fix missing colon in :caller_host symbol
...
Good catch, @jvazquez-r7!
2014-01-27 12:43:59 -06:00
0dbaeb6742
Add Matteo's email
2014-01-27 08:40:44 -06:00
f471f50092
ms08_067_check.rb is deprecated.
...
[SeeRM #8755 ]
2014-01-26 12:22:13 -06:00
52371be52a
Clarify why contributors are listed as authors
...
Also adding @mcantoni to the list of authors. Sorry we missed you!
Dear contributors,
Even though we weren't able to use your code, we absolutely appreciate
that you wrote it. That's why we're listing you as authors. Thanks!!!
https://dev.metasploit.com/redmine/issues/6034
https://dev.metasploit.com/redmine/issues/5217
https://dev.metasploit.com/redmine/issues/6864
2014-01-25 18:02:17 -06:00
f18fef1864
Module to HP LaserJet Printer SNMP Enumeration
2014-01-25 15:48:13 +01:00
eaeb2af97f
Use opts hash for h323_version
...
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:32:37 -06:00
f7ecae3f75
Land #2909 - Drupal OpenID External Entity Injection
2014-01-24 15:03:07 -06:00
c8e2301111
Be more informative about why CheckCode::Unknown
...
This is just kind of personal preference here. In case users wonder
why Unknown.
2014-01-24 15:01:52 -06:00
82bf02910d
Land #2911 , correct author name for PJL credit
2014-01-24 11:00:12 -06:00
fdaa172cc5
Land #2896 , @wchen-r7's check's normalization for auxiliary modules
2014-01-24 08:53:53 -06:00
e8b591ef54
Delete registering of check on bailiwicked modules
2014-01-24 08:47:04 -06:00
9ba72ffc71
Remove check support
...
Actually, you can't support check because in check mode the module
doesn't know the IP
2014-01-23 21:30:11 -06:00
dc52d00be6
Modify vmware_http_login to work with check
2014-01-23 21:27:36 -06:00
cf17bf2e72
Small fix
2014-01-23 19:34:50 -06:00
43de7eb74f
Use REXML
2014-01-23 19:32:42 -06:00
a67068f019
Correct author name
...
Was using the name quoted in Redmine. Technically, the author is Myo Soe
of the YGN Ethical Hacker Group (YEHG).
2014-01-23 19:09:20 -06:00
5a59e3d4e4
Fix typo
2014-01-23 18:53:58 -06:00
f529eb1d4b
Clean code
2014-01-23 18:51:24 -06:00
8e17d38c77
Add check method
2014-01-23 18:30:18 -06:00
b0deb45fad
Add Drupal advisory as reference
2014-01-23 18:10:57 -06:00
6d0d7eda10
Delete garbage comment
2014-01-23 18:09:05 -06:00
72b72effa6
Add module for CVE-2012-4554
2014-01-23 18:04:31 -06:00
7faa41dac0
Change Unknown to Safe because it's just a banner check
2014-01-23 15:36:19 -06:00
81a3b2934e
Fix prints
2014-01-23 15:33:24 -06:00
f5a935a186
Support check for bailiwicked_host
2014-01-23 15:31:37 -06:00
8d411d2037
Fix bailiwicked_domain to allow support of check()
2014-01-23 15:29:40 -06:00
f5809423a3
Let's spell right in my spellcheck PR
...
Updates #2900
2014-01-21 15:57:59 -06:00
b3b51eb48c
Pre-release fixup
...
* Updated descriptions to be a little more descriptive.
* Updated store_loot calls to inform the user where the
loot is stored.
* Removed newlines in print_* statments -- these will screw
up Scanner output when dealing with multiple hosts.
Of the fixed newlines, I haven't see any output, so I'm not sure what
the actual message is going to look like -- I expect it's a whole bunch
of newlines in there so it'll be kinda ugly as is (not a blocker for
this but should clean up eventually)
2014-01-21 13:29:08 -06:00
5025736d87
Fix check for modicon_password_recovery
2014-01-19 17:20:20 -06:00
a239e14084
Fix nodejs_popelining check
2014-01-19 17:06:35 -06:00
7080bb336c
Update ColdFusion check
2014-01-19 17:05:03 -06:00
4fdd2c19a1
Update vbulletin check
2014-01-19 16:54:27 -06:00
0a8aa07131
Fix check method
...
This isn't a check, so shouldn't be using the check method
2014-01-19 16:47:15 -06:00
01ab6fd545
Do small fixes
2014-01-17 17:59:03 -06:00
5ec062ea1c
Beautify print message
2014-01-17 17:42:26 -06:00
d96772ead1
Clean multi-threading on ibm_sametime_enumerate_users
2014-01-17 17:38:16 -06:00
bb3d9da0bb
Do first cleaning on ibm_sametime_enumerate_users
2014-01-17 16:33:25 -06:00
584401dc3f
Clean ibm_sametime_room_brute code
2014-01-17 15:57:12 -06:00
4d079d47b8
Enable SSL by default
2014-01-17 15:34:33 -06:00
277711b578
Fix metadata
2014-01-17 15:31:51 -06:00
10fd5304ce
Parse response body just one time
2014-01-17 15:17:25 -06:00
fe64dbde83
Use rhost and rport methods
2014-01-17 14:49:50 -06:00
5e8ab6fb89
Clea ibm_sametime_version
2014-01-17 12:23:11 -06:00
bce321c628
Do response handling a little better, fake test
2014-01-17 11:02:35 -06:00
11d613f1a7
Clean ibm_sametime_webplayer_dos
2014-01-17 10:52:42 -06:00
51b3d164f7
Move the DoS module to the correct location
2014-01-17 09:30:51 -06:00
a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules
2014-01-16 15:57:38 -06:00
9bf90b836b
Add environment variables support
2014-01-16 14:53:25 -06:00
311704fc0a
Perform final cleanup
2014-01-15 13:49:37 -06:00
d0d82fe405
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:53:14 +01:00
87648476e1
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:52:45 +01:00
55d4ad1b6a
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:51:19 +01:00
0b1671f1b8
Undo debugging comment
2014-01-14 17:02:30 -06:00
6372ae6121
Save some parsing
2014-01-14 17:00:00 -06:00
2d40f936e3
Added some additional creds that were useful
2014-01-13 23:15:51 -05:00
42fb8c48d1
Fixed the credential parsing and made output consistent
...
So in the previous refactor, we made the dedicated method to parse
usernames and passwords from the split up config values. However, that
didn't work, because on a single iteration of the loop, you only have
access to a possible username OR password. The other matching key will
be another iteration of the loop. Because of this, no credential pairs
were being reported.
The only way I can see around this (maybe because I'm a ruby newb) would
be to iterate over configs, and if the user or password regex matches,
add the matching value to a hash, which is identified by a key for both
user & pass. Then upon completion of the loop, it'd iterate over the
hash, finding keys that had both user & pass values.
2014-01-13 22:57:25 -05:00
7c52f9b496
Update description to use %q{}
2014-01-13 14:42:25 -06:00
61b30e8b60
Land #2869 , pre-release title/desc fixes
2014-01-13 14:29:27 -06:00
207e9c413d
Add the test info for sercomm_dump_config
2014-01-13 14:27:03 -06:00
fe6d10ac5d
Land #2852 , @mandreko's scanner for OSVDB 101653
2014-01-13 14:07:07 -06:00
671027a126
Pre-release title/desc fixes
2014-01-13 13:57:34 -06:00
8c3a71a2e7
Clean sercomm_backdoor scanner according to feedback
2014-01-13 13:53:47 -06:00
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
4a64c4651e
Land #2822 , @mandreko's aux module for OSVDB 101653
2014-01-09 15:15:37 -06:00
410302d6d1
Fix indentation
2014-01-09 15:14:52 -06:00
b1073b3dbb
Code Review Feedback
...
Removed the parameters from get() since it works without them
2014-01-09 15:54:23 -05:00
Joshua Smith
Matteo Cantoni
William Vu
jvazquez-r7
coma
Tod Beardsley
Ramon de C Valle
Brandon Turner
Spencer McIntyre
sinn3r
Brandon Perry
Brandon Perry
xistence
David Maloney
sho-luv
James Lee
jgor
Peter Arzamendi
Michael Messner
kn0
ribeirux
Royce Davis
Russell Sim
kicks4kittens
bcoles
Matt Andreko