wchen-r7
f50e609d12
Land #7556 , Prevent psexec_command from dying when one host errors
2016-11-15 12:17:01 -06:00
wchen-r7
e5d3289c18
Fix name for exception
2016-11-15 12:14:58 -06:00
j91321
3fd3bbdfb6
Added comments, removed uneccesary code
2016-11-13 23:22:15 +01:00
j91321
b377cd8fa3
Allegrosoft rompager auth bypass auxiliary module
2016-11-13 10:39:26 +01:00
Dylan Davis
a8a09261e1
Use files for rescue error, because left is not available
2016-11-11 21:49:06 -07:00
Jenna Magius
db32c5fdcc
msftidy whitespace fixes
2016-11-11 10:28:37 -07:00
Dylan Davis
fddc2c221f
Catch the specific exception. Include the error code in the error message.
2016-11-11 10:24:05 -07:00
Dylan Davis
69a4a327b8
Add begin-rescue blocks that prevent individual hosts from bailing out a threaded multi-host execution
2016-11-11 10:15:36 -07:00
William Vu
4eb42a9171
Fix broken ternary in phoenix_command
2016-11-07 00:12:04 -06:00
Tijl Deneut
92964c1f95
Update phoenix_command.rb
2016-11-06 21:22:54 +01:00
Tijl Deneut
2c2729f0b2
Update phoenix_command.rb
...
Coded was messed up by MS Edge, don't use it :)
2016-11-06 21:21:20 +01:00
Tijl Deneut
1b4409f950
Update phoenix_command.rb
...
Style fix: replace "ractionport == nil ?" with "ractionport.nil?"
Is it OK? Did not find time to install and run rubocop ...
2016-11-06 21:15:31 +01:00
Tijl Deneut
4ea9214466
Fixed a small bug
2016-11-06 16:20:55 +01:00
Jon Hart
5b810fae41
Update atg_client to identify responses that indicate the command was not understood
2016-11-04 10:12:02 -07:00
William Vu
a651985b4f
Land #7498 , Joomla account creation and privesc
2016-11-01 22:46:36 -05:00
William Vu
f414db5d6d
Clean up module
2016-11-01 22:46:28 -05:00
Pearce Barry
991a3fe448
Markdown docs added.
2016-10-28 17:38:00 -05:00
Jan Rude
971c8207bd
Update telpho10_credential_dump.rb
...
Code improvements suggested by @h00die
2016-10-28 16:45:14 -05:00
Jan Rude
c9574a4707
Update telpho10_credential_dump.rb
...
output correction
2016-10-28 16:44:52 -05:00
Jan Rude
05ee51a832
Update telpho10_credential_dump.rb
...
do not write to stdout
2016-10-28 16:44:40 -05:00
Jan Rude
fb534a9e85
add telpho10_exploit
...
telpho10 credential dump exploit
2016-10-28 16:44:27 -05:00
Jeff
5eca6866f2
Fix failing versions, specify version explicitly
2016-10-28 16:24:06 -05:00
Filipe Reis
88a2a770a3
Update to have checks in place
...
Add: added checks to the code
2016-10-28 11:24:39 +01:00
Filipe Reis
88beea0c56
updating code
...
Fix: changing to seggested fixes
2016-10-27 14:30:59 +01:00
Filipe Reis
2851faefe8
Update module info
...
Fix: removed info that didn't belong
2016-10-27 03:11:38 +01:00
Filipe Reis
e522d7f5a4
Fixing issues regarding travis checks
...
Fix: EOL spaces;
2016-10-27 02:50:20 +01:00
Filipe Reis
8ad1c66bd3
Code update and file rename
...
Fix: clean up and improving code using all the comments.
Fix: rename file to a more meaning and more easy to search
2016-10-27 02:46:40 +01:00
Filipe Reis
0af47ef411
Fixing warning from travis checks
...
Fixing: Auxiliary modules have no 'Rank': Rank = ExcellentRanking
Fixing: Spaces at EOL
2016-10-26 23:29:17 +01:00
Filipe Reis
5a127886bb
Fixing issues regarding travis checks
...
Fixing unicode issues;
Fixing CVE format;
Fixing EOL spaces;
Fixing the way cookies are read.
2016-10-26 23:24:09 +01:00
Filipe Reis
94b05d7943
Joomla Account Creation and Privilege Escalation
...
This module allows to create an arbitrary account with administrative privileges in Joomla versions 3.4.4 through 3.6.3.
2016-10-26 23:11:38 +01:00
Brent Cook
df28e2a85e
Add credit to wwebb-r7 for the initial module and ASA hacking notes
2016-09-24 05:48:31 -04:00
TheNaterz
cd4299b3a2
Added offsets for version 9.2(4)14
...
This version of the ASA is patched and our offsets do not work currently. We may do more work on this to find a solution.
2016-09-23 16:57:08 -06:00
TheNaterz
087e9461ce
Added offsets for version 9.2(4)13
2016-09-23 16:50:50 -06:00
TheNaterz
3f985d94d7
Added offsets for version 8.4(6)5
2016-09-23 16:32:42 -06:00
TheNaterz
352946d8f5
Added offsets for version 8.4(4)9
2016-09-23 16:19:36 -06:00
TheNaterz
368fd1a77f
Added offsets for version 8.4(4)5
2016-09-23 16:07:42 -06:00
TheNaterz
19fe09318a
Added offsets for version 8.4(4)3
2016-09-23 15:56:02 -06:00
TheNaterz
8840af0e90
Added offsets for version 8.4(4)1
2016-09-23 15:44:39 -06:00
TheNaterz
19caff2293
Added offsets for 8.3(2)40
2016-09-23 15:26:02 -06:00
TheNaterz
ba4505bcce
Added offsets for version 8.3(2)39
2016-09-23 15:05:39 -06:00
TheNaterz
64df7b0524
Added offsets for verion 8.3(2)-npe
...
We currently can't distinguish between 8.3(2) and 8.3(2)-npe versions from the SNMP strings. We've commented out the 8.3(2)-npe offsets, but in the future, we'd like to incorporate this version.
2016-09-23 14:49:57 -06:00
TheNaterz
926e5fab9e
Added offsets for version 8.2(5)41
2016-09-23 14:00:23 -06:00
TheNaterz
b4d3e8ea3e
Added offsets for version 9.2(1)
2016-09-23 13:52:13 -06:00
TheNaterz
d36e16fc32
Added offsets for version 8.2(5)33
2016-09-23 13:15:39 -06:00
TheNaterz
f19ed4376b
Adding new version offsets
2016-09-23 12:57:36 -06:00
TheNaterz
98cf5d8eb5
Changed 'build_offsets' to 'build_payload'
2016-09-23 09:32:17 -06:00
zerosum0x0
1868371ba7
fix merge conflicts
2016-09-23 14:49:36 +00:00
zerosum0x0
2591d0b7c6
numerous fixes as per @busterb
2016-09-23 14:46:40 +00:00
TheNaterz
dda6b67928
Added basic error handling for unsupported ASA versions
2016-09-22 18:24:25 -06:00
TheNaterz
cf070853e9
Moved required datastore option into constructor
2016-09-22 18:08:35 -06:00
TheNaterz
df25f07b34
Replaced '+=' with '<<'
2016-09-22 17:53:28 -06:00
TheNaterz
f525c24a9f
Added offsets for 8.4(7)
2016-09-22 17:16:37 -06:00
zerosum0x0
28a09c2d13
stupid comment
2016-09-22 22:57:42 +00:00
TheNaterz
7762f42dfa
Added offsets for 8.3(1)
2016-09-22 16:17:37 -06:00
TheNaterz
064aed858b
Added RiskSense contributor repo to references
2016-09-22 16:10:30 -06:00
TheNaterz
961524d648
Adding offsets for 9.1(1)4
2016-09-22 16:04:44 -06:00
TheNaterz
4e9459d876
Added offsets for 9.0(1)
2016-09-22 15:35:59 -06:00
TheNaterz
5ca6563c8f
Fixed problem with 9.2(2)8 offsets
2016-09-22 15:24:49 -06:00
TheNaterz
b77adc97f0
Removing redundant version check
2016-09-22 15:05:42 -06:00
TheNaterz
c22a2a19e8
Added offsets for 9.2(2)8
2016-09-22 14:59:49 -06:00
TheNaterz
e8d1f6d5a0
Added offsets for 8.2(3)
2016-09-22 14:38:52 -06:00
Jenna Magius
a0ba8b7401
Fix whitespace per msftidy
2016-09-22 14:25:04 -06:00
TheNaterz
022189c075
Added offsets for 8.4(3)
2016-09-22 14:12:33 -06:00
zerosum0x0
4288c3fb46
added always_return_true variable
2016-09-22 19:44:55 +00:00
TheNaterz
c18045128a
Replaced global vars, made 'patched_code' value static
2016-09-22 13:42:23 -06:00
zerosum0x0
3c7fc49788
Added module auxiliary/admin/cisco/cisco_asa_extrabacon
...
This module patches the authentication functions of a Cisco ASA
to allow uncredentialed logins. Uses improved shellcode for payload.
2016-09-22 18:06:03 +00:00
Pearce Barry
3f5ed75198
Relocate Rex::Platform:Windows content (fixes MS-1714)
2016-09-19 14:34:44 -05:00
William Vu
e4e6f5daac
Fix indentation
2016-09-13 23:15:37 -05:00
h00die
d73531c0d3
added disclosure dates
2016-09-13 20:37:04 -04:00
Pedro Ribeiro
4d49f7140c
update links and CVE on webnms_file_download
2016-09-13 18:50:53 +01:00
Pedro Ribeiro
8b90df8b67
update links and CVE on webnms_cred_disclosure
2016-09-13 18:49:58 +01:00
Pearce Barry
226ded8d7e
Land #6921 , Support basic and form auth at the same time
2016-08-25 16:31:26 -05:00
David Maloney
eb73a6914d
replace old rex::ui::text::table refs
...
everywhere we called the class we have now rewritten it
to use the new namespace
MS-1875
2016-08-10 13:30:09 -05:00
wchen-r7
de16a6d536
Land #7182 , Nuuo / Netgear Surveillance admin password reset module
2016-08-08 16:10:30 -05:00
Pedro Ribeiro
7ca7682d17
Fix whitespace error from msftidy
2016-08-08 17:57:03 +01:00
Pedro Ribeiro
106f26587e
Add bugtraq reference
2016-08-05 21:52:46 +01:00
Pedro Ribeiro
036d0502db
Add github link
2016-08-04 17:38:45 +01:00
Pedro Ribeiro
ec67db03f1
add exploit for CVE 2016-5676
2016-08-04 16:56:16 +01:00
Brent Cook
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e0216
, reversing
changes made to 7b1d9596c7
.
2016-07-15 12:00:31 -05:00
thao doan
9862a2fc25
Land #7080 , Updated docs and made enhancements for Netgear soap password extractor
2016-07-13 14:30:46 -07:00
Brent Cook
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
Brendan
963437d5e7
Land #7063 , Add module for WebNMS 5.2 Arbitrary File Download
2016-07-11 10:05:21 -07:00
Brendan
c2a5da08af
Land #7064 , Add moule to steal creds from WebNMS 5.2
2016-07-11 06:38:50 -07:00
h00die
fdce5bc30c
add disclosure date
2016-07-09 09:30:00 -04:00
Brendan
bbe4162320
Added error checking and some suggested style changes
2016-07-08 08:27:56 -07:00
Brendan
09dcd1dade
Added version check and error handling, changed regex to ruby syntax.
...
Also made a few syntax changes to placate rubocop.
2016-07-07 10:35:18 -07:00
h00die
892f354ece
give me some credit
2016-07-06 21:39:45 -04:00
h00die
47cf6d5edf
better docs, extract more data
2016-07-06 21:28:57 -04:00
Brent Cook
54dfcee665
Land #7055 , add netgear_soap_password_extractor docs
2016-07-04 23:59:10 -05:00
Pedro Ribeiro
ec4769fade
Create exploit for WebNMS credential disclosure
2016-07-04 21:15:15 +01:00
Pedro Ribeiro
05ef5316df
Create exploit for WebNMS arbitrary file download
2016-07-04 21:10:14 +01:00
h00die
844c13dc17
added new vuln device to netgear list, plus docs
2016-07-01 18:32:30 -04:00
James Lee
4e63591ce8
Use the proper Author key, not Authors
2016-06-28 15:21:19 -05:00
wchen-r7
9f280d714e
Land #6994 , NetBIOS Name Brute Force Spoofing modules
2016-06-23 17:54:51 -05:00
HD Moore
a84614f2c0
Whitespace only
2016-06-19 18:44:32 -05:00
HD Moore
ce7c6496dd
Rework to clarify that this a brute force spoof, unrelated to BadTunnel
2016-06-19 13:36:39 -05:00
HD Moore
6507e520c7
Cleanups, addition of a 'direct' module
2016-06-18 15:37:54 -05:00
Brent Cook
ba40d0e06f
handle the lpath not being specified
2016-06-09 16:22:47 -05:00
wchen-r7
52bcade72c
Fix #6948 , Modules using the SMB client are printing peer twice
...
Fix #6948
2016-06-08 12:16:50 -05:00
Tijl Deneut
2afcda9d49
Did some more rubocopy work and
...
added module documentation
2016-05-28 15:32:18 +02:00
wchen-r7
14adcce8bf
Missed the HTTPUSERNAME fix
2016-05-27 18:37:04 -05:00
wchen-r7
61f9cc360b
Correct casing - should be HttpUsername and HttpPassword
2016-05-27 18:31:54 -05:00
wchen-r7
4dcddb2399
Fix #4885 , Support basic and form auth at the same time
...
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.
Fix #4885
2016-05-27 16:25:42 -05:00
Brent Cook
266d29ca4a
handle garbage better during probe
2016-05-23 22:28:31 -05:00
Brent Cook
a6020ca010
style fixes
2016-05-23 22:14:57 -05:00
Tijl Deneut
36a9ef83ab
Added phoenix_command.rb
2016-05-17 15:45:45 +02:00
wchen-r7
2edd6869fc
rm references key
2016-04-24 03:09:59 -05:00
wchen-r7
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
James Lee
1375600780
Land #6644 , datastore validation on assignment
2016-03-17 11:16:12 -05:00
James Lee
c21bad78e8
Fix some more String defaults
2016-03-16 14:13:18 -05:00
Christian Mehlmauer
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
Brent Cook
f703fa21d6
Revert "change Metasploit3 class names"
...
This reverts commit 666ae14259
.
2016-03-07 13:19:55 -06:00
Brent Cook
44990e9721
Revert "change Metasploit4 class names"
...
This reverts commit 3da9535e22
.
2016-03-07 13:19:48 -06:00
Christian Mehlmauer
3da9535e22
change Metasploit4 class names
2016-03-07 09:57:22 +01:00
Christian Mehlmauer
666ae14259
change Metasploit3 class names
2016-03-07 09:56:58 +01:00
Brent Cook
c7c0e12bb3
remove various module hacks for the datastore defaults not preserving types
2016-03-05 23:11:39 -06:00
wchen-r7
53ff3051e1
Land #6531 , NETGEAR ProSafe Network Management System 300 auth'd File Download
2016-02-26 10:53:16 -06:00
wchen-r7
bc050410a6
Allow max traversal depth as an option, and report cred
2016-02-26 10:52:30 -06:00
Pedro Ribeiro
5710c85a9e
Style changes
2016-02-23 15:15:57 +07:00
Brent Cook
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
Pedro Ribeiro
b64294abc9
Create file for CERT VU 777024 (auth download)
2016-02-04 07:57:48 +08:00
James Lee
47c0a3b4a7
Get some stragglers that had a different format
2016-02-01 16:21:10 -06:00
James Lee
8094eb631b
Do the same for aux modules
2016-02-01 16:06:34 -06:00
Christian Mehlmauer
484d57614a
remove re-registered ssl options
2016-01-22 09:54:52 +01:00
Jon Hart
283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
...
Fix the affected modules
2015-12-24 09:12:24 -08:00
Jon Hart
27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL
2015-12-24 09:05:02 -08:00
Jon Hart
3535cf3d18
Remove peer; included via HttpClient in lib/msf/core/exploit/mssql_sqli.rb
2015-12-24 07:51:12 -08:00
wchen-r7
cea3bc27b9
Fix #6362 , avoid overriding def peer repeatedly
...
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
wchen-r7
080ec26afb
Land #4489 , Update SMB admin modules to use Scanner & fixes
2015-12-08 14:49:26 -06:00
wchen-r7
7378e7b128
Do elog() when print_error()
2015-12-08 11:06:59 -06:00
wchen-r7
93a4fd0ee4
Minor edits
2015-12-02 15:43:11 -06:00
Christian Mehlmauer
581ea89f7f
fix nil error
2015-12-02 11:19:08 +01:00
Christian Mehlmauer
f06e4f3dbd
make this module work with other languages too
2015-12-02 11:14:10 +01:00
Christian Mehlmauer
1a4b91e33e
unzip backup file
2015-12-02 11:01:56 +01:00
Christian Mehlmauer
217374d1c0
add limesurvey file download
2015-12-02 00:06:13 +01:00
HD Moore
e107ec2d17
Change fail to fail_with, fix typo
2015-11-17 13:30:46 -06:00
HD Moore
74f6ff7752
Rename to atg_client to match conventions
2015-11-17 12:59:37 -06:00
Jon Hart
c914c7b22c
Completely remove SET_TIME
2015-11-13 12:28:23 -08:00
Jon Hart
ab3ae675ff
Hide TIME option since SET_TIME is not implemented
2015-11-13 12:26:42 -08:00
Jon Hart
ad22eb8444
More cleanup
2015-11-13 12:24:28 -08:00
Jon Hart
045bab052e
Add configurable timeout
2015-11-13 12:18:40 -08:00
Jon Hart
6e9afc38ee
print_good when we get something
2015-11-13 12:12:37 -08:00
Jon Hart
196a88c39a
Style nit
2015-11-13 12:06:00 -08:00
Jon Hart
0cfa67f58f
Stub out more of the set time, but disable it
2015-11-10 22:00:02 -08:00
Jon Hart
c98ab1dad4
update SET_TANK_NAME opt to mention necessary opts
2015-11-10 21:49:40 -08:00
Jon Hart
de570a1550
Improve output when setting tank names
2015-11-10 21:41:05 -08:00
Jon Hart
0762b9fa9b
Fix option formatting
2015-11-10 21:24:58 -08:00
Jon Hart
637e570b28
Add TLS-250 reference
2015-11-10 21:21:55 -08:00
Jon Hart
e67057a5c9
Add great TLS-350 resource
2015-11-10 21:19:37 -08:00
Jon Hart
8dd6003cc2
Add several untested but likely OK TLS-350 commands
2015-11-10 21:18:27 -08:00