823260cc04
fix error message
2017-06-22 18:11:07 -05:00
3cf722a45d
use correct preqrequisites
2017-06-22 18:08:20 -05:00
5e48a11e60
handle specific exceptions, update docs
2017-06-22 18:01:52 -05:00
6a261b172f
move from scanner to admin
2017-06-22 17:47:04 -05:00
c811c6a8c0
Add PASS_FILE option
2017-05-28 23:26:51 +00:00
8fce94b3cd
Add ScadaBR Credentials Dumper module
2017-05-28 01:24:53 +00:00
4def7ce6cc
Land #8327 , Simplify storing credentials
2017-05-18 16:49:01 -05:00
8025eb573a
Enforce check
...
Because we are not able to get our hands on the hardware for testing,
and that this module may trigger a backtrace if the UDP server isn't
Moxa, we force check to make sure that doesn't happen.
2017-05-16 16:43:22 -05:00
2d7f7f9aec
Pass msftidy
2017-05-16 15:05:12 -05:00
4a0535c2d0
add moxa credential recovery module
2017-05-16 10:21:44 -04:00
bee36ca90f
Fix edge case
2017-05-11 16:22:21 -05:00
68f13808e7
Fix msftidy warnings for the WNR2000 module
2017-05-11 16:16:10 -05:00
a1efa30fa2
comments adjustments & enum better
2017-05-08 11:57:06 -05:00
e2fe70d531
convert store_valid_credential to named params
2017-05-05 18:23:15 -05:00
63b6ab5355
simplify valid credential storage
2017-05-04 22:51:40 -05:00
81bcf2ca70
updating all LHOST to use the new opt type
2017-05-04 12:57:50 -05:00
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
a9857eb1c2
Land #8099 , Aux module to launch instances in AWS
2017-04-14 14:12:10 -05:00
68e4b8a855
Updated user data param to load aggregator
2017-03-24 22:58:04 -07:00
e04f01ed6b
Land #7778 , RCE on Netgear WNR2000v5
2017-03-23 15:34:16 -05:00
534ca8c5cb
fix: URL encoding userdata
2017-03-18 21:52:49 -07:00
26d344a0ef
Initial checkin of launch instances module
2017-03-18 21:52:49 -07:00
2631259919
Land #7973 , Enable cert validation for Nexpose
...
This PR enables connection to a Nexpose console using the
nexpose client gem.
It also allows you to connect using a trusted certificate
instead of simply overriding the SSL validation.
2017-02-24 14:27:24 -06:00
24151a9c27
Land #7753 , Add auxiliary RomPager misfortune cookie authentication bypass
2017-02-17 18:07:15 -06:00
cbfe18e4d7
use certificates in nexpose
2017-02-16 14:34:02 -06:00
d5845343bd
Fix whitespace, thanks msftidy!
2017-01-30 10:15:20 +00:00
fd6e10bf26
Add CVE numbers
2017-01-30 10:03:13 +00:00
1c6d7ee33e
additional changes for Nexpose XXE Arbitrary File Read
2017-01-25 10:29:58 -06:00
836da6177f
Cipher::Cipher is deprecated
2017-01-22 10:20:03 -06:00
f69b4a330e
handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations
2017-01-22 10:20:03 -06:00
b5f41b2915
Update advantech_webaccess_dbvisitor_sqli name
2017-01-18 11:09:52 -06:00
c31d398549
more description
2017-01-16 09:46:56 -05:00
6004caa475
fix whitespace
2017-01-05 01:58:16 +00:00
d95a3ff2ac
made changes suggested
2017-01-04 23:02:10 +00:00
9d3e90e8e5
cleanup
2017-01-02 17:32:38 +00:00
4c29d23c8a
further cleaning
2016-12-31 17:02:34 +00:00
956602cbfe
add final wnr2000 sploits
2016-12-31 16:49:05 +00:00
6c9e43f2ad
Add fingerprinting of devices, change documentation
2016-12-30 23:52:29 +01:00
870e8046b5
add sploits
2016-12-27 21:12:35 +00:00
a7debd09fd
Fix broken YouTube link in firetv_youtube
...
Guess it's back to Epic Sax Guy. :-)
2016-12-25 20:22:07 -06:00
6bb0f3207d
Add reboot action to chromecast_reset
2016-12-25 15:20:46 -06:00
9325ef8d8f
Land #7573 , Add WP Symposium Plugin SQLI aux mod to steal credentials
2016-12-01 14:56:30 -06:00
6b5dba72d4
Update description
2016-12-01 14:55:16 -06:00
64bc029106
Fix Ruby style
2016-12-01 14:53:55 -06:00
90ec367a99
Add method to save creds to database
2016-12-01 14:52:51 -06:00
f0b5b5a153
call store_loot once at the end
2016-11-28 20:28:36 +01:00
60210f57e9
Land #7505 , fixed some targets for cisco_asa_extrabacon
2016-11-27 22:19:45 -06:00
8824cc990a
Use Auxilliary Actions for different behaviors.
2016-11-26 13:04:04 -06:00
fd11e7c4df
modified it as recommended (@brandonprry) and added Module Documentation
2016-11-24 10:36:32 +01:00
b3b89a57b5
Add WordPress Symposium Plugin SQL Injection module
2016-11-17 15:04:53 +01:00
f50e609d12
Land #7556 , Prevent psexec_command from dying when one host errors
2016-11-15 12:17:01 -06:00
e5d3289c18
Fix name for exception
2016-11-15 12:14:58 -06:00
3fd3bbdfb6
Added comments, removed uneccesary code
2016-11-13 23:22:15 +01:00
b377cd8fa3
Allegrosoft rompager auth bypass auxiliary module
2016-11-13 10:39:26 +01:00
a8a09261e1
Use files for rescue error, because left is not available
2016-11-11 21:49:06 -07:00
db32c5fdcc
msftidy whitespace fixes
2016-11-11 10:28:37 -07:00
fddc2c221f
Catch the specific exception. Include the error code in the error message.
2016-11-11 10:24:05 -07:00
69a4a327b8
Add begin-rescue blocks that prevent individual hosts from bailing out a threaded multi-host execution
2016-11-11 10:15:36 -07:00
4eb42a9171
Fix broken ternary in phoenix_command
2016-11-07 00:12:04 -06:00
92964c1f95
Update phoenix_command.rb
2016-11-06 21:22:54 +01:00
2c2729f0b2
Update phoenix_command.rb
...
Coded was messed up by MS Edge, don't use it :)
2016-11-06 21:21:20 +01:00
1b4409f950
Update phoenix_command.rb
...
Style fix: replace "ractionport == nil ?" with "ractionport.nil?"
Is it OK? Did not find time to install and run rubocop ...
2016-11-06 21:15:31 +01:00
4ea9214466
Fixed a small bug
2016-11-06 16:20:55 +01:00
5b810fae41
Update atg_client to identify responses that indicate the command was not understood
2016-11-04 10:12:02 -07:00
a651985b4f
Land #7498 , Joomla account creation and privesc
2016-11-01 22:46:36 -05:00
f414db5d6d
Clean up module
2016-11-01 22:46:28 -05:00
991a3fe448
Markdown docs added.
2016-10-28 17:38:00 -05:00
971c8207bd
Update telpho10_credential_dump.rb
...
Code improvements suggested by @h00die
2016-10-28 16:45:14 -05:00
c9574a4707
Update telpho10_credential_dump.rb
...
output correction
2016-10-28 16:44:52 -05:00
05ee51a832
Update telpho10_credential_dump.rb
...
do not write to stdout
2016-10-28 16:44:40 -05:00
fb534a9e85
add telpho10_exploit
...
telpho10 credential dump exploit
2016-10-28 16:44:27 -05:00
5eca6866f2
Fix failing versions, specify version explicitly
2016-10-28 16:24:06 -05:00
88a2a770a3
Update to have checks in place
...
Add: added checks to the code
2016-10-28 11:24:39 +01:00
88beea0c56
updating code
...
Fix: changing to seggested fixes
2016-10-27 14:30:59 +01:00
2851faefe8
Update module info
...
Fix: removed info that didn't belong
2016-10-27 03:11:38 +01:00
e522d7f5a4
Fixing issues regarding travis checks
...
Fix: EOL spaces;
2016-10-27 02:50:20 +01:00
8ad1c66bd3
Code update and file rename
...
Fix: clean up and improving code using all the comments.
Fix: rename file to a more meaning and more easy to search
2016-10-27 02:46:40 +01:00
0af47ef411
Fixing warning from travis checks
...
Fixing: Auxiliary modules have no 'Rank': Rank = ExcellentRanking
Fixing: Spaces at EOL
2016-10-26 23:29:17 +01:00
5a127886bb
Fixing issues regarding travis checks
...
Fixing unicode issues;
Fixing CVE format;
Fixing EOL spaces;
Fixing the way cookies are read.
2016-10-26 23:24:09 +01:00
94b05d7943
Joomla Account Creation and Privilege Escalation
...
This module allows to create an arbitrary account with administrative privileges in Joomla versions 3.4.4 through 3.6.3.
2016-10-26 23:11:38 +01:00
df28e2a85e
Add credit to wwebb-r7 for the initial module and ASA hacking notes
2016-09-24 05:48:31 -04:00
cd4299b3a2
Added offsets for version 9.2(4)14
...
This version of the ASA is patched and our offsets do not work currently. We may do more work on this to find a solution.
2016-09-23 16:57:08 -06:00
087e9461ce
Added offsets for version 9.2(4)13
2016-09-23 16:50:50 -06:00
3f985d94d7
Added offsets for version 8.4(6)5
2016-09-23 16:32:42 -06:00
352946d8f5
Added offsets for version 8.4(4)9
2016-09-23 16:19:36 -06:00
368fd1a77f
Added offsets for version 8.4(4)5
2016-09-23 16:07:42 -06:00
19fe09318a
Added offsets for version 8.4(4)3
2016-09-23 15:56:02 -06:00
8840af0e90
Added offsets for version 8.4(4)1
2016-09-23 15:44:39 -06:00
19caff2293
Added offsets for 8.3(2)40
2016-09-23 15:26:02 -06:00
ba4505bcce
Added offsets for version 8.3(2)39
2016-09-23 15:05:39 -06:00
64df7b0524
Added offsets for verion 8.3(2)-npe
...
We currently can't distinguish between 8.3(2) and 8.3(2)-npe versions from the SNMP strings. We've commented out the 8.3(2)-npe offsets, but in the future, we'd like to incorporate this version.
2016-09-23 14:49:57 -06:00
926e5fab9e
Added offsets for version 8.2(5)41
2016-09-23 14:00:23 -06:00
b4d3e8ea3e
Added offsets for version 9.2(1)
2016-09-23 13:52:13 -06:00
d36e16fc32
Added offsets for version 8.2(5)33
2016-09-23 13:15:39 -06:00
f19ed4376b
Adding new version offsets
2016-09-23 12:57:36 -06:00
98cf5d8eb5
Changed 'build_offsets' to 'build_payload'
2016-09-23 09:32:17 -06:00
1868371ba7
fix merge conflicts
2016-09-23 14:49:36 +00:00
2591d0b7c6
numerous fixes as per @busterb
2016-09-23 14:46:40 +00:00
dda6b67928
Added basic error handling for unsupported ASA versions
2016-09-22 18:24:25 -06:00
cf070853e9
Moved required datastore option into constructor
2016-09-22 18:08:35 -06:00
Brent Cook
Brendan Coles
James Lee
wchen-r7
Patrick DeSantis
William Vu
Jeffrey Martin
darkbushido
Javier Godinez
William Webb
James Barnett
Pedro Ribeiro
Louis Sato
h00die
j91321
Cantoni Matteo
jjarmoc
Dylan Davis
Jenna Magius
Tijl Deneut
Jon Hart
Pearce Barry
Jan Rude
Jeff
Filipe Reis
TheNaterz
zerosum0x0