Commit Graph

21273 Commits (da9ea0b85cc9211688a70f69246dd74f47557327)

Author SHA1 Message Date
Brendan f2b9498643
Land #7576, Fix RHOSTS use in auxiliary/scanner/ftp/titanftp_xcrc_traversal 2016-11-17 13:06:29 -06:00
Jin Qian c03f35ef13 Fix the hanging of module auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb
Thanks for Wei who pointed out the error: in store_loop call, it used "rhosts", should have been ip.
2016-11-17 10:08:59 -06:00
Cantoni Matteo c9b9be9328 Update open_proxy aux module 2016-11-17 15:44:03 +01:00
Cantoni Matteo b3b89a57b5 Add WordPress Symposium Plugin SQL Injection module 2016-11-17 15:04:53 +01:00
Cantoni Matteo 30f7006b5b Fixed typos of an old commit 2016-11-17 14:39:33 +01:00
wchen-r7 c0af5b690d
Land #6638, add local exploit module to execute payload w/ stealth 2016-11-16 16:25:15 -06:00
wchen-r7 e1ff37f3eb Title change and handling Rex::TimeoutError exception 2016-11-16 16:23:44 -06:00
Brendan 18bafaa2e7
Land #7531, Fix drb_remote_codeexec and create targets 2016-11-16 12:58:22 -06:00
OJ be2aabb873
Merge updates to mettle stages from acammack-r7 2016-11-16 19:13:20 +10:00
wchen-r7 7b83720b90
Bring #6638 up to date 2016-11-15 12:27:05 -06:00
wchen-r7 f50e609d12
Land #7556, Prevent psexec_command from dying when one host errors 2016-11-15 12:17:01 -06:00
wchen-r7 e5d3289c18 Fix name for exception 2016-11-15 12:14:58 -06:00
Brent Cook b56b6a49ac
Land #7328, Extend lsa_transname_heap exploit to MIPS 2016-11-15 07:37:19 -06:00
wchen-r7 fa9f2b340e def setup isn't needed 2016-11-14 15:52:02 -06:00
wchen-r7 bab07b5691
Bring #7540 up to date 2016-11-14 14:59:21 -06:00
Jeffrey Martin c458d662ed
report correct credential status as successful 2016-11-14 12:27:22 -06:00
Jeffrey Martin 4ae90cbbef
Land #7191, Add exploit for CVE-2016-6267 - Trend Micro Smart Protection Server authenticated RCE. 2016-11-14 12:06:02 -06:00
William Webb 4e40546958
Land #7502, Disk Pulse Enterprise Login Buffer Overflow 2016-11-14 10:28:53 -06:00
Brent Cook 4f323527c9
Land #7549, Deprecate/move wp_ninja_forms_unauthenticated_file_upload 2016-11-14 03:00:02 -06:00
Pedro Ribeiro 908713ce68 remove whitespace at end of module name 2016-11-14 08:35:34 +00:00
Chris Higgins 4e9802786c Removed spaces causing build to fail 2016-11-13 21:46:24 -06:00
Dylan Davis a8a09261e1 Use files for rescue error, because left is not available 2016-11-11 21:49:06 -07:00
Pearce Barry 9eb9d612ca
Minor typo fixups. 2016-11-11 16:54:16 -06:00
Pearce Barry 1dae206fde
Land #7379, Linux Kernel BPF Priv Esc (CVE-2016-4557) 2016-11-11 16:50:20 -06:00
David Maloney 8e3888f20c the template ref in this module was missed
when we cleaned up all the other powershell template refs
we missed the one in this module which seems to e replicating
large ammounts of library code

7533
2016-11-11 14:24:33 -06:00
dmohanty-r7 2b5517f597
Land #7506, Add gather AWS keys post module 2016-11-11 13:56:12 -06:00
Jenna Magius db32c5fdcc msftidy whitespace fixes 2016-11-11 10:28:37 -07:00
Dylan Davis fddc2c221f Catch the specific exception. Include the error code in the error message. 2016-11-11 10:24:05 -07:00
Dylan Davis 69a4a327b8 Add begin-rescue blocks that prevent individual hosts from bailing out a threaded multi-host execution 2016-11-11 10:15:36 -07:00
wchen-r7 8cd9a9b670 Deprecate wp_ninja_forms_unauthenticated_file_upload
wp_ninja_forms_unauthenticated_file_upload actually supports
multiple platforms.

Instead of using:
exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload

Please use:
exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload
2016-11-10 11:17:09 -06:00
scriptjunkie 268a72f210
Land #7193 Office DLL hijack module 2016-11-08 23:15:27 -06:00
Pedro Ribeiro 50f578ba79 Add full disclosure link 2016-11-08 22:15:19 +00:00
Yorick Koster 3c1f642c7b Moved PPSX to data/exploits folder 2016-11-08 16:04:46 +01:00
Pedro Ribeiro 95bd950133 Point to proper link on github 2016-11-07 17:59:29 +00:00
Pedro Ribeiro f268c28415 Create dlink_hnap_login_bof.rb 2016-11-07 17:45:37 +00:00
Chris Higgins 099a5984f9 Updated with style suggestions from msftidy and rubocop.
Also updated with commented from other contributors.
2016-11-07 10:18:52 -06:00
William Vu 4eb42a9171
Fix broken ternary in phoenix_command 2016-11-07 00:12:04 -06:00
Chris Higgins 689fc28d1b Added WinaXe 7.7 FTP client Server Ready buffer overflow 2016-11-06 23:35:16 -06:00
Tijl Deneut 92964c1f95 Update phoenix_command.rb 2016-11-06 21:22:54 +01:00
Tijl Deneut 2c2729f0b2 Update phoenix_command.rb
Coded was messed up by MS Edge, don't use it :)
2016-11-06 21:21:20 +01:00
Tijl Deneut 1b4409f950 Update phoenix_command.rb
Style fix: replace "ractionport == nil ?" with "ractionport.nil?"

Is it OK? Did not find time to install and run rubocop ...
2016-11-06 21:15:31 +01:00
Tijl Deneut 4ea9214466 Fixed a small bug 2016-11-06 16:20:55 +01:00
朱雄宇 e9d85750c2 fix get_ipv4_addr(@interface) usage
get_ipv4_addr(@interface) returns a string not list, so get_ipv4_addr(@interface)[0] only got the first character of IP, which raises an error.
2016-11-06 19:04:57 +08:00
William Vu da356e7d62 Remove Compat hash to allow more payloads 2016-11-04 13:57:05 -05:00
William Vu f0c89ffb56 Refactor module and use FileDropper 2016-11-04 13:57:05 -05:00
William Vu 6d7cf81429 Update references 2016-11-04 13:57:05 -05:00
William Vu 009d6a45aa Update description 2016-11-04 13:57:05 -05:00
William Vu bf7936adf5 Add instance_eval and syscall targets 2016-11-04 13:57:05 -05:00
OJ 4bf966f695
Add module to bypassuac using eventvwr
This module was inspired by the work done by Matt Nelson and Matt
Graeber who came up with the method in the first place. This works
nicely on a fully patched Windows 10 at the time of writing.
2016-11-05 04:41:38 +10:00
Jon Hart 5b810fae41
Update atg_client to identify responses that indicate the command was not understood 2016-11-04 10:12:02 -07:00
wchen-r7 ca5610ccde
Land #7511, Update jenkins_script_console to support newer versions 2016-11-04 11:24:25 -05:00
OJ e5ea4a53d3
Fix typo in windows cred phish module 2016-11-04 13:26:10 +10:00
OJ b0970783ff
Another interim commit moving towards universal handlers 2016-11-04 13:25:02 +10:00
William Vu 5ed030fcf6
Land #7529, nil.downcase fix for tomcat_mgr_deploy
Don't think it was ever needed, since the password is case-sensitive.

Fixed a minor merge conflict where PASSWORD became HttpPassword.
2016-11-03 15:39:46 -05:00
Jin Qian 2f8d3c3cf3 Remove the bug where downcase() is invoked on password which is optional and can be empty. 2016-11-03 15:23:19 -05:00
Brendan dae1f26313
Land #7521, Modernize TLS protocol configuration for SMTP / SQL Server 2016-11-03 12:56:50 -05:00
William Vu eca4b73aab
Land #7499, check method for pkexec exploit 2016-11-03 10:59:06 -05:00
William Vu 1c746c0f93 Prefer CheckCode::Detected 2016-11-03 11:14:48 +01:00
William Vu 2cdff0f414 Fix check method 2016-11-03 11:14:48 +01:00
Brendan 5169341f62
Land #7522, Fix psh template to avoid 100% cpu spike on CTRL+C 2016-11-02 16:40:34 -05:00
OJ 7895ba810d
Update payload cached size for the powershell payload 2016-11-03 02:50:13 +10:00
OJ cc8c1adc00
Add first pass of multi x86 http/s payload (not working yet) 2016-11-03 02:44:53 +10:00
William Vu a651985b4f
Land #7498, Joomla account creation and privesc 2016-11-01 22:46:36 -05:00
William Vu f414db5d6d Clean up module 2016-11-01 22:46:28 -05:00
OJ 494b4e67bd
Refactor http/s handler & payloads
This commit moves much of the platform-specific logic from the
reverse_http handler down into the payloads. This makes the handler
a bit more agnostic of what the payload is (which is a good thing).
There is more to do here though, and things can be improved.

Handling of datastore settings has been changed to make room for the
ability to override the datastore completely when generating the
payloads. If a datastore is given via the `opts` then this is used
instead otherwise it falls back to the settings specified in the usual
datatstore location.

Down the track, we'll have a payload that supports multiple stages, and
the datastore will be generated on the fly, along with the stage itself.
Without this work, there's no other nice way of getting datastore
settings to be contained per-stager.
2016-11-02 11:33:59 +10:00
h00die a924981369
Landing #7516, X11 print fixes 2016-11-01 19:50:05 -04:00
Adam Cammack a79f860cb7
Add UUIDs to mettle stages 2016-11-01 16:58:21 -05:00
Brendan 05e2aad837
Land #7497, Add Kerberos domain user enumeration module 2016-11-01 14:34:47 -05:00
OJ e4b4264d79
Fix psh template to avoid 100% cpu spike on CTRL+C
Fixes #7293
2016-11-02 05:19:52 +10:00
attackdebris 1b4cef10d1 Change creds_name to Kerberos 2016-11-01 17:59:51 +00:00
William Webb 31b593ac67
Land #7402, Add Linux local privilege escalation via overlayfs 2016-11-01 12:46:40 -05:00
Brent Cook f8912486df fix typos 2016-11-01 05:43:03 -05:00
OJ 47ec362148
Small fixes for dbvis enum 2016-11-01 07:35:36 +10:00
William Vu 5c065459ae print_{good,error} more specifically in open_x11 2016-10-31 11:29:00 -05:00
OJ ffb53b7ca3
Tidy arch check in meterpreter inject 2016-11-01 01:51:12 +10:00
OJ 557424d2ec
Small tidy of the multiport_egress_traffic module 2016-11-01 01:46:58 +10:00
OJ ec8536f7e9
Fix firefox module to use symbols where appopriate 2016-11-01 01:43:25 +10:00
OJ b9bbb5e857
Replace regex use with direct string checks in dbvis module 2016-11-01 01:35:01 +10:00
OJ 3c57ff5c59
Avoid internal constants for bypassuac file path generation 2016-11-01 01:32:24 +10:00
OJ 6ce7352c45
Revert silly change in applocker bypass 2016-11-01 01:30:54 +10:00
OJ 3c56f1e1f7
Remove commented x64 arch from sock_sendpage 2016-11-01 01:29:11 +10:00
Pearce Barry 6b264ce6c4
Land #7508, Fix typo PAYLOAD_OVERWRITE vs PAYLOAD_OVERRIDE
Fixes #7504.
2016-10-30 17:58:43 -05:00
Alex Flores 45d6012f2d fix check method 2016-10-30 14:57:42 -04:00
Spencer McIntyre ccce361768 Remove accidentally included debug output 2016-10-29 18:46:51 -04:00
Spencer McIntyre fa7cbf2c5a Fix the jenkins exploit module for new versions 2016-10-29 18:19:14 -04:00
Konrads Smelkovs f754adad0c Fix typo PAYLOAD_OVERWRITE vs PAYLOAD_OVERRIDE 2016-10-29 11:20:32 +01:00
OJ 640827c24b
Final pass of regex -> string checks 2016-10-29 14:59:05 +10:00
OJ 57eabda5dc
Merge upstream/master 2016-10-29 13:54:31 +10:00
OJ 8b97183924
Update UUID to match detected platform, fail exploit on invalid session 2016-10-29 13:45:28 +10:00
OJ 0737d7ca12
Tidy code, remove regex and use comparison for platform checks 2016-10-29 13:41:20 +10:00
Jon Hart 8173e87756
Add references 2016-10-28 16:12:46 -07:00
Pearce Barry 5c12d55c84
Land #7484, Add Telpho10 Credentials Dump Exploit 2016-10-28 17:41:46 -05:00
Pearce Barry 991a3fe448
Markdown docs added. 2016-10-28 17:38:00 -05:00
Jon Hart 96c204d1ea
Add aws_keys docs; correct description 2016-10-28 15:27:47 -07:00
OJ 751742face
Fix typo in arch check for inject script 2016-10-29 08:25:23 +10:00
OJ 1ca2fe1398
More platform/arch/session fixes 2016-10-29 08:11:20 +10:00
dmohanty-r7 d918e25bde
Land #7439, Add Ghostscript support to ImageMagick Exploit 2016-10-28 17:07:13 -05:00
Jon Hart 7dea613507
Initial commit of module for snagging AWS key material from shell/meterpreter sessions 2016-10-28 14:48:55 -07:00
Jan Rude 971c8207bd Update telpho10_credential_dump.rb
Code improvements suggested by @h00die
2016-10-28 16:45:14 -05:00
Jan Rude c9574a4707 Update telpho10_credential_dump.rb
output correction
2016-10-28 16:44:52 -05:00
Jan Rude 05ee51a832 Update telpho10_credential_dump.rb
do not write to stdout
2016-10-28 16:44:40 -05:00
Jan Rude fb534a9e85 add telpho10_exploit
telpho10 credential dump exploit
2016-10-28 16:44:27 -05:00
Jeff 5eca6866f2 Fix failing versions, specify version explicitly 2016-10-28 16:24:06 -05:00
Quentin Kaiser c7b775ac1c Fix detection following @bwatters-r7 recommendations. Remove safesync exploit that shouldn't be here. 2016-10-28 18:03:56 +00:00
Filipe Reis 88a2a770a3 Update to have checks in place
Add: added checks to the code
2016-10-28 11:24:39 +01:00
Chris Higgins c153686465 Added Disk Pulse Enterprise Login Buffer Overflow 2016-10-27 21:49:17 -05:00
OJ 1d617ae389
Implement first pass of architecture/platform refactor 2016-10-28 07:16:05 +10:00
Brendan 9eaaba1dea Added user logging into the db and humored rubocop 2016-10-27 15:50:17 -05:00
mr_me 16b7c77851 satisfying travis 2016-10-27 13:37:04 -05:00
mr_me a8ab7b09b0 Added Bassmaster batch Arbitrary JavaScript Injection Remote Code Execution Vulnerability (CVE-2014-720) 2016-10-27 13:22:39 -05:00
attackdebris c2af2ab214 Move kerberos_enumusers module to aux/gather & add documentation 2016-10-27 19:11:22 +01:00
Filipe Reis 88beea0c56 updating code
Fix: changing to seggested fixes
2016-10-27 14:30:59 +01:00
Julien (jvoisin) Voisin 23ab4f1fc1 Remove one last tab 2016-10-27 12:32:40 +02:00
Julien (jvoisin) Voisin d9f07183bd Please h00die ;) 2016-10-27 12:18:33 +02:00
Julien (jvoisin) Voisin 2ac54f5028 Add a check for the linux pkexec module 2016-10-27 10:28:13 +02:00
Filipe Reis 2851faefe8 Update module info
Fix: removed info that didn't belong
2016-10-27 03:11:38 +01:00
Filipe Reis e522d7f5a4 Fixing issues regarding travis checks
Fix: EOL spaces;
2016-10-27 02:50:20 +01:00
Filipe Reis 8ad1c66bd3 Code update and file rename
Fix: clean up and improving code using all the comments.
Fix: rename file to a more meaning and more easy to search
2016-10-27 02:46:40 +01:00
Filipe Reis 0af47ef411 Fixing warning from travis checks
Fixing: Auxiliary modules have no 'Rank': Rank = ExcellentRanking
Fixing: Spaces at EOL
2016-10-26 23:29:17 +01:00
Filipe Reis 5a127886bb Fixing issues regarding travis checks
Fixing unicode issues;
Fixing CVE format;
Fixing EOL spaces;
Fixing the way cookies are read.
2016-10-26 23:24:09 +01:00
Filipe Reis 94b05d7943 Joomla Account Creation and Privilege Escalation
This module allows to create an arbitrary account with administrative privileges in Joomla versions 3.4.4 through 3.6.3.
2016-10-26 23:11:38 +01:00
William Webb 9672759be8
Land #7462, Add support for Unicode domains 2016-10-26 16:47:09 -05:00
attackdebris 18c3d42aca This commit adds the kerberos_enumusers module 2016-10-26 20:56:41 +01:00
Brent Cook 1a1841d441 rebuilt metasploit-payloads without debug info 2016-10-26 05:43:36 -05:00
Brent Cook ed35bf5011 remove unneeded badchars from payload specification 2016-10-26 04:47:33 -05:00
Jon Hart 342bfd628a Dont' set default PORTS or PROBE options. Require user configuration. 2016-10-25 15:58:46 -05:00
Jon Hart 2a18ea0e33 Initial commit of generic module for detecting UDP amplification vulnerabilities 2016-10-25 15:58:46 -05:00
Louis Sato f7f28a0833 Land #7480, deprecation msg for udp_probe 2016-10-25 15:52:56 -05:00
David Maloney 6a31dad678
clean up some style guide issues with rubocop
applied rubocop to the module for some
tidying up
2016-10-25 11:24:32 -05:00
drforbin 94979f4541 changed formatting for else statements 2016-10-25 09:42:00 -05:00
drforbin 6f3c20069b fixed formatting errors for travis 2016-10-25 09:42:00 -05:00
drforbin 0ec153eb9c changed formatting, changed to OptPath. cleaned unneeded code 2016-10-25 09:41:59 -05:00
drforbin 3b9a441382 cleaned up write_target, and variables REXE 2016-10-25 09:41:59 -05:00
drforbin c3ada74728 changed formatting to comform with travis 2016-10-25 09:41:59 -05:00
drforbin 0395d57512 formatting changes and design changes. tested 2016-10-25 09:41:58 -05:00
drforbin 337e3b6cce added persistence_exe.rb to windows post modules 2016-10-25 09:41:58 -05:00
David Maloney c00df4dd71
Land #6969, Regsrv cmd delivery server module
This Lands kn0's PR for the Regsrv32 command delivery server
2016-10-24 11:46:59 -05:00
Jon Hart 7f65b28483
Deprecate udp_probe in favor of udp_sweep 2016-10-23 13:06:58 -07:00
Vex Woo b5ba862e98 parse ipv4 / website info 2016-10-23 10:53:43 -05:00
Vex Woo 50284cf01b parse domain/ip info from certificate 2016-10-23 10:33:17 -05:00
nixawk c79c102998 remove unuse variable @uri 2016-10-21 23:59:09 -05:00
nixawk 893a6ef82e add censys search module 2016-10-21 23:45:44 -05:00
Pearce Barry 51ffea3e03
Land #7470, fixes bad file refs for cmdstagers 2016-10-21 14:01:04 -05:00
David Maloney e442f5f76b
Land #7460, zoomeye search module
typo in previous land commit
2016-10-21 13:48:28 -05:00
David Maloney 264fe7b8f8 Land #7460, zoomeye search module 2016-10-21 13:47:46 -05:00
Pearce Barry 9a0307b0c0
Land #7369, Panda Antivirus Priv Esc 2016-10-21 13:20:41 -05:00
David Maloney 6b77f509ba
fixes bad file refs for cmdstagers
when moving to the rex-exploitation gem some of the
file references were missed, partially due to silly differences
between how each file was referenced

Fixes #7466
2016-10-21 12:31:18 -05:00
David Maloney 05ffa0074c
Land 37460, zoomeye search module
Lands nixawk's zoomeye search aux module
2016-10-21 10:25:58 -05:00
nixawk ada571bfdf Fix login - check condition 2016-10-20 22:52:24 -05:00
nixawk 344b688ae5 remove ZoomEye_APIKEY, add (USERNAME / PASSWORD) 2016-10-20 22:48:01 -05:00
h00die 12e4fe1c5c updated dlls and docs 2016-10-20 20:45:50 -04:00
nixawk 097a273abb fix dork_search 2016-10-19 20:54:31 -05:00
nixawk 72b2ba2e88 replace [Net::HTTP] with [rex/proto/http] 2016-10-19 20:40:45 -05:00
nixawk a77f415893 remove unuseful condition 2016-10-19 20:05:12 -05:00
nixawk 9f3f0fd358 make [matches_records] simple 2016-10-19 19:59:02 -05:00
Brendan b5a41c3011 Convert ANSI data to UTF-8 char by char because MS might
put an invalid character in the WORKGROUP name during SMB
handshake
2016-10-19 17:42:26 -05:00
nixawk fcc22d9027 add module references info 2016-10-19 02:23:11 -05:00
William Vu 2668a4a1cd
Fix #6993, tnspoison_checker cleanup 2016-10-19 00:53:33 -05:00
nixawk 3630388e91 zoomeye search 2016-10-18 22:52:23 -05:00
wolfthefallen 684feb6b50 moved STAGE0 and STAGE1 into datastore 2016-10-18 11:47:38 -04:00
wolfthefallen e806466fe3 correct carriage return and link issue 2016-10-17 10:31:39 -04:00
wolfthefallen 7e68f7d2a4 EmpirePowerShell Arbitrary File Upload (Skywalker) 2016-10-17 10:03:07 -04:00
h00die 0d1fe20ae5 revamped 2016-10-15 20:57:31 -04:00
OJ 25238f1a26
Update capcom exploit module to support Windows 10 2016-10-15 11:56:48 +10:00
William Webb 8e2ff8df80
Land #7433, Add IP Addresses to HTTP PUT/DELETE scanner output 2016-10-14 13:27:17 -05:00
William Webb 5e7d546fa2
Land #7094, OpenNMS Java Object Deserialization RCE Module 2016-10-14 13:19:11 -05:00
Brent Cook cfddc734a8
Land #7286, WiFi pineapple preconfig command injection module 2016-10-14 12:57:42 -05:00
Brent Cook e05a325786
Land #7285, WiFi pineapple command injection via authentication bypass 2016-10-14 12:57:05 -05:00
William Vu 1da40b5deb Change HAVE_POPEN to USE_POPEN
PS target doesn't support it, so the option should be renamed.
2016-10-14 11:58:39 -05:00
Brent Cook 4c248ebe9e Merge branch 'master' into land-7430- 2016-10-14 09:48:33 -05:00
Brent Cook acec45c8b3
Land #7409, CVE-2013-5093 Graphite Pickle Handling - Add Version Check 2016-10-14 08:54:57 -05:00
Brent Cook 9fbe1ddd9d
Land #7384, CVE-2016-6415 - Cisco IKE Information Disclosure 2016-10-14 08:41:34 -05:00
h00die 12493d5c06 moved c code to external sources 2016-10-13 20:37:03 -04:00
OJ 022830634b
Rejig platform to use windows instead of win32/win64 2016-10-14 10:10:04 +10:00
William Vu 5b46e72aea Update module logic 2016-10-13 17:40:16 -05:00
William Vu 6f4f2bfa5f Add PS target and remove MIFF 2016-10-13 17:39:55 -05:00
William Vu e70ba8110d Update references 2016-10-13 17:35:55 -05:00
William Vu 88bb2e2295 Update description 2016-10-13 17:35:30 -05:00
wchen-r7 9e97febcd1
Land #7429, Ruby on Rails Dynamic Render File Upload Remote Code Exec 2016-10-13 11:45:46 -05:00
nixawk b74539be44 check if isakmp payload is same to IKE Leak data 2016-10-13 04:20:23 -05:00
Brent Cook 2014b2d2ab
Land #7432, Fix erroneous cred reporting in SonicWALL exploit 2016-10-12 22:39:15 -05:00
Pearce Barry a2a1d6c28a
Land #7411, Add an HTA server module using Powershell 2016-10-12 13:05:40 -05:00
nixawk 7536d1d94a print leak data 2016-10-12 02:42:50 -05:00
nixawk 70d4833654 Fix report_vuln 2016-10-12 02:16:00 -05:00
William Vu e78d3d6bf0 Fix erroneous cred reporting in SonicWALL exploit
A session ID will be returned in the parsed JSON if the login succeeded.

Bad user:

{"noldapnouser"=>1, "loginfailed"=>1}

Bad password:

{"loginfailed"=>1}

Good user/password:

{"userid"=>"1", "sessionid"=>"4WJ9cNg1TkBrwjzX"}
2016-10-11 19:25:52 -05:00
Alton J 98d7b19ab9 Passed IP parameter to additional functions. 2016-10-11 15:09:50 -05:00
Alton J acff0fa9cf Added IP addresses to output. 2016-10-11 14:43:42 -05:00
Alton J f0ff4a0721 Added IP addresses to output. 2016-10-11 14:42:06 -05:00
Spencer McIntyre bd110430e9 Remove unnecessary require statements 2016-10-11 15:35:49 -04:00
mr_me bd646ded1b fixed the check function 2016-10-11 14:06:03 -05:00
Sonny Gonzalez 3fd806b87f Merge remote-tracking branch 'upstream/pr/6993' into land-6993 2016-10-11 09:33:26 -05:00
mr_me 95017cea0c Merge remote-tracking branch 'upstream/master' into rails 2016-10-11 08:31:33 -05:00
Brent Cook 157740ba06 update payload sizes 2016-10-11 07:01:17 -05:00
Tim 3d9cb7375c
store Android payload information in byte array 2016-10-11 14:41:32 +08:00
mr_me d8f98ccd4e run through msftidy 2016-10-10 22:36:20 -05:00
mr_me f2252bb179 fixed a few things, thanks @h00die 2016-10-10 22:30:01 -05:00
mr_me 3c3f424a4d added a some references 2016-10-10 17:56:03 -05:00
mr_me bca3aab1db added CVE-2016-0752 2016-10-10 17:36:20 -05:00
h00die 9d2355d128 removed debug line 2016-10-10 10:23:51 -04:00
h00die 2ad82ff8e3 more nagios versatility 2016-10-10 10:21:49 -04:00