Commit Graph

44847 Commits (d756db4f9dd585ba3e68f641cc7f5875de8dce1e)

Author SHA1 Message Date
William Vu a1d43c8f33
Land #9215, new Drupageddon vector 2018-01-03 14:45:32 -06:00
William Vu 84c951cc1d
Land #8059, Postfixadmin alias modification module 2018-01-03 14:29:49 -06:00
wetw0rk 16d709f180 changes+filedropper 2018-01-03 14:09:30 -06:00
Brent Cook 70fbcc3ea8
Land #9280, add initial module automation tests 2018-01-03 10:47:24 -06:00
headlesszeke 3b0f0aa358 Adding doc file for module linksys_wvbr0_user_agent_exec_noauth 2018-01-02 14:54:18 -06:00
wetw0rk 8f0e41e159 requested changes 2018-01-01 17:30:43 -06:00
wetw0rk bc088cb379 added md 2018-01-01 05:46:04 -06:00
wetw0rk c47d09717d pfsense graph sploit 2018-01-01 03:18:51 -06:00
Daniel Teixeira 3af27a04e0
Update ayukov_nftp.rb 2017-12-31 17:48:37 +00:00
Daniel Teixeira 67357e316b
Update ayukov_nftp.rb 2017-12-31 17:48:23 +00:00
Daniel Teixeira 10b2833e7c
Update ayukov_nftp.rb 2017-12-31 17:00:17 +00:00
Daniel Teixeira 21717ae0a2
Create ayukov_nftp.rb 2017-12-31 15:43:16 +00:00
Daniel Teixeira 76d345039d
Create ayukov_nftp.md 2017-12-31 15:42:32 +00:00
bka-dev 086f657c56
Fix early termination of auxiliary/scanner/dcerpc/hidden
This commit fixes an issue, where auxiliary/scanner/dcerpc/hidden terminates directly, once an endpoint can't be reached or access is denied. Instead the next endpoint in list should be checked, instead of terminating directly.
2017-12-31 14:41:33 +01:00
RageLtMan f2a8d68a1f Permit encrypted SSH keys for login scanner
Net::SSH::KeyFactory permits loading keys using a passphrase.
The Framework SSH modules were implemented back when we had a fork
of net-ssh in our tree, and can now use functionality provided by
the upstream gem.
Update the ssh key login scanner to add a KEY_PASS datastore
OptString which is then passed to the KeyCollection class and used
in the updated :read_key method which now calls the KeyFactory to
read data and give us the appropriate String representation of the
key in the KeyCollection's cache.
A bit of cleanup performed as well, removing legacy code paths no
longer hit by the module. Shamelessly added self to authors, fair
amount of blood and sweat in the SSH subsystem over the years, hope
nobody objects.

Testing:
  None yet
2017-12-31 02:53:06 -05:00
Brendan Coles c153788424 Remove sleeps 2017-12-30 15:20:56 +00:00
Jan-Frederik Rieckers 7f3df74134
fixup! Adding Module for Postfixadmin CVE-2017-5930
Add error handling if request fails

Fix a typo in doc, add default value to doc
2017-12-30 13:04:23 +01:00
Matthew Kienow 2b96f8e272
Land #9353, Implement CommandShellCleanupCommand 2017-12-29 17:06:28 -05:00
h00die 3516305517
land #9191 an exploit against HP LoadRunner magentproc 2017-12-29 16:35:43 -05:00
h00die 4dacc70b9a slight updates to magentproc docs 2017-12-29 16:35:12 -05:00
h00die b698095c49 slight updates to magentproc docs 2017-12-29 16:30:32 -05:00
Brent Cook a444bdb329 handle no datastore 2017-12-29 15:26:28 -06:00
Jeffrey Martin bb97467b31
docs for auxiliary/scanner/http/directadmin_login 2017-12-29 14:43:20 -06:00
Brent Cook 198aeda2c8 rename option 2017-12-29 12:31:56 -06:00
Brent Cook e546598cf1 Implement a method for command shells to register a post-session cleanup command 2017-12-29 12:14:34 -06:00
Jan-Frederik Rieckers 289e887895
Adding Module for Postfixadmin CVE-2017-5930
This exploit allows domain admins to delete protected aliases.
It can be used to redirect aliases like abuse@domain and can aid in
further attacks.
2017-12-29 17:13:59 +01:00
RageLtMan c32ef4a3be Require msf/core/cert_provider in framework.rb
Add an explicit require for the new cert_provider in framework.rb
in case it has not yet been loaded.

This should address the Travis failure on initial PR, although the
gem version in socket has not been updated, so this might take a
bit to propagate. In the end, if the dependency already gives us
this functionality by the time we call Rex::Socket::Ssl then this
commit can safely be dropped
2017-12-29 02:14:48 -05:00
Brent Cook 8de760f1f7
Land #9348, Only use basic auth in couchdb_enum when credentials are provided 2017-12-28 21:24:45 -06:00
RageLtMan 18f3815147 Update TLS certificate generation routines
Msf relies on Rex::Socket to create TLS certificates for services
hosted in the framework and used by some payloads. These certs are
flagged by NIDS - snort sid 1-34864 and such.

Now that Rex::Socket can accept a @@cert_provider from the Msf
namespace, a more robust generation routine can be used by all TLS
socket services, provided down from Msf to Rex, using dependencies
which Rex does not include.

This work adds the faker gem into runtime dependencies, creates an
Msf::Exploit::Remote::Ssl::CertProvider namespace, and provides
API compatible method invocations with the Rex version, but able
to generate higher entropy certs with more variables, options, etc.

This should reduce the hit rate against NIDS on the wire, reducing
pesky blue team interference until we slip up some other way. Also,
with the ability to generate different cert types, we may want to
look at extending this effort to probide a more comprehensive key
oracle to Framework and consumers.

Testing:
  None yet, internal tests pending.
  Travis should fail as this requires rex-socket #8.
2017-12-28 21:00:03 -05:00
Metasploit 7254130b77
Bump version of framework to 4.16.29 2017-12-28 15:19:22 -08:00
Jeffrey Martin 66ca61f636
Merge released '4.x' 2017-12-28 17:15:29 -06:00
Pearce Barry e614e9b732
Land #9268, Update DiskBoss Module (EDB 42395) 2017-12-28 16:39:26 -06:00
Brent Cook 5e71be7772
add ard_root_pw documentation 2017-12-28 14:37:25 -06:00
Brent Cook c2bb144d0f
Land #9302, Implement ARD auth and add remote CVE-2017-13872 (iamroot) module 2017-12-28 14:11:26 -06:00
Metasploit c681c7881d
Bump version of framework to 4.16.28 2017-12-28 10:03:39 -08:00
Brent Cook 8c2c30c230
Land #9330, add MQTT scanner 2017-12-27 22:32:59 -06:00
Brent Cook ae17943d4c fix documentation preformat blocks 2017-12-27 22:32:26 -06:00
Brent Cook 6f1196d30c clarify what's happening when there is a connection failure 2017-12-27 22:32:08 -06:00
james fad4ccece9 Only use basic auth in couchdb_enum when credentials are provided 2017-12-27 20:16:01 -06:00
Jon Hart bbed7db13c
Merge branch 'upstream-master' into feature/mqtt-login 2017-12-27 13:08:44 -08:00
Jeffrey Martin 8ea50572df
Land #9329, Add basic framework for interacting with MQTT 2017-12-27 14:59:34 -06:00
Tod Beardsley e6de25d63b
Land #9316 Cambium modules and mixins, tx @juushya
These cover several of the CVEs mentioned in

https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/
2017-12-26 12:39:51 -06:00
Tod Beardsley 1bb2bb9d2c Oops, no admin in that path 2017-12-26 12:06:45 -06:00
Tod Beardsley 9af88681a2
Move deprecation out 60 days 2017-12-26 11:56:47 -06:00
juushya 8b0f2214b1 few more updates 2017-12-23 03:04:11 +05:30
b0yd 7aa296577e Added readme 2017-12-22 14:34:35 -05:00
juushya 038119d9df Use of get_cookies_parsed, changing dirs, marking deprecated in 2 mods, more 2017-12-23 00:14:27 +05:30
Jon Hart d4bc98c13f
Merge branch 'upstream-master' into feature/mqtt-login 2017-12-22 08:07:40 -08:00
b0yd ec7625af9f Damn spaces... 2017-12-22 10:57:11 -05:00
b0yd 2b33b88fa4 Damn spaces 2017-12-22 10:54:31 -05:00