Commit Graph

3302 Commits (e01f824b2c27c163973875d400914e8981fe9e1e)

Author SHA1 Message Date
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Christian Mehlmauer de88908493
code style 2014-12-11 23:30:20 +01:00
dmaloney-r7 47c38ed04e Merge pull request #4364 from todb-r7/bug/bruteforce-speed-3904
Modules should respect bruteforce_speed again
2014-12-11 13:19:42 -06:00
Tod Beardsley 51762e1194
Explicitly include the HTTP Login scanner
This should be the last commit that fixes #3904.
2014-12-11 11:08:08 -06:00
Tod Beardsley b533f74024
Add a bruteforce_speed option to all LoginScanners 2014-12-11 11:06:32 -06:00
Andrew Morris 7afa87f168 screwed up formatting. updated indention at the end. ok seriously, going to bed now 2014-12-11 01:05:56 -08:00
Andrew Morris 291166e1ff forgot to run through msftidy.rb. made a few minor corrections 2014-12-11 00:47:39 -08:00
Andrew Morris a1624c15ae Addressed some recommendations made by wvu-r7. Need to remove some comments, add reporting, etc. 2014-12-11 00:40:20 -08:00
Andrew Morris 22c9db5818 added detect_kippo.rb 2014-12-10 19:37:35 -08:00
Jonathan Claudius e89a399f95 Merge remote-tracking branch 'upstream/master' into add_cisco_ssl_vpn_priv_esc 2014-12-09 20:55:01 -05:00
Tod Beardsley 09617f990b Implement BRUTEFORCE_SPEED respect (telnet)
This implements just for telnet, but assuming this strategy is kosher,
it's not too painful to add for the rest of the LoginScanner using the
old defaults used by `AuthBrute`.

See #3904, @dmaloney-r7 or @jlee-r7
2014-12-09 15:40:43 -06:00
Christian Mehlmauer 916503390d
use get_data 2014-12-08 22:49:02 +01:00
Christian Mehlmauer fb9724e89d
fix heartbleed cert parsing, fix #4309 2014-12-08 21:58:38 +01:00
Jon Hart 85e0d72711
Land #4229, @tatehansen's module for CVE-2014-7992 2014-12-04 17:20:49 -08:00
Jon Hart f0cfcd4faf
Update dlsw_leak_capture name and print_
This makes it more obvious exactly what is being scanned for
2014-12-04 17:20:01 -08:00
Jon Hart 52851d59c0
Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT 2014-12-04 13:26:16 -08:00
Jon Hart 6bd56ac225
Update any modules that deregistered NETMASK 2014-12-04 13:22:06 -08:00
tate 3aecd3a10e added DLSw v1 and v2 check, added check for \x00 in leak segment 2014-12-03 23:27:11 -07:00
William Vu 3a978e1147
Land #4280, frontpage_login improvements 2014-12-02 14:56:57 -06:00
jvazquez-r7 0ab2e99419
Delete version from title 2014-12-01 10:24:12 -06:00
jvazquez-r7 f4e20284a4 Change mixin include order 2014-12-01 10:22:20 -06:00
jvazquez-r7 d85aabfed9 Use vprint by default 2014-12-01 10:20:12 -06:00
jvazquez-r7 e0cb0f7966 Fix description 2014-12-01 10:19:14 -06:00
jvazquez-r7 fa07b466d6 Use single quote and minor cosmetic changes 2014-12-01 09:57:29 -06:00
jvazquez-r7 d5888a7f6f Fix module options 2014-12-01 09:55:36 -06:00
jvazquez-r7 47acf3487d Do minor cleanup
* Prepend peer
* Use print_good when file downloaded
2014-12-01 09:53:00 -06:00
Roberto Soares Espreto e4b3ee2811 Changed the module name. 2014-12-01 01:00:14 -02:00
Roberto Soares Espreto ecbce679a8 Remove timeout on line 59. 2014-12-01 00:51:12 -02:00
Roberto Soares Espreto f3957ea428 FILEPATH changed from false to true. 2014-12-01 00:48:47 -02:00
Roberto Soares Espreto 97ee975235 Deleted checking on line 48. 2014-12-01 00:46:58 -02:00
Roberto Soares Espreto 84ce573227 Deleted line 61 which returns the server status code. 2014-12-01 00:39:05 -02:00
Tiago Sintra 6f6274735f Update frontpage_login.rb
Vhost is now used if specified.
Added X-Vermeer-Content-Type header, which seems to be required for the RPC service otherwise server responds with:
method=
status=

    status=262147
    osstatus=0
    msg=No "CONTENT_TYPE" on CGI environment.
    osmsg=
2014-11-28 17:21:47 +00:00
Roberto Soares Espreto d75ffc36da Changed the description of FILEPATH 2014-11-27 00:50:34 -02:00
Roberto Soares Espreto f8dc366f42 Add CVE-2014-7816 Directory Traversal for WildFly 8 Application 2014-11-27 00:13:29 -02:00
Jon Hart 79b2b5e231 RPORT is required by UDPScanner; deregister instead 2014-11-26 07:39:14 -08:00
jvazquez-r7 d4e5cd25e1 Report credentials for new login level 15 2014-11-25 16:35:16 -06:00
jvazquez-r7 dc253efa19 Use Rex::Text.rand_text* 2014-11-25 16:35:06 -06:00
jvazquez-r7 f20afff1a8 Do return instead of abort 2014-11-25 16:34:57 -06:00
jvazquez-r7 d876efaa0f Delete ssh_socket attribute 2014-11-25 16:34:47 -06:00
jvazquez-r7 5091bc76ad Do minor cleanup 2014-11-25 16:34:22 -06:00
jvazquez-r7 c92a26e967 Update from upstream master 2014-11-25 16:30:45 -06:00
Jon Hart 0ed356f71c
Move Kademlia stuff to a more OO model, etc, per reviews
All of the work is done in rex.  The msf mixin just prevents the
desire to call rex directly from the module
2014-11-24 14:03:43 -08:00
Tod Beardsley 77b1f2d2f0
Fixup for release
Fixes the grammar on the SMTP enumeration module and the Cisco CDP
module, and adds a more informative description and reference for the
CDP module introduced on PR #4061.
2014-11-24 10:50:43 -06:00
Jon Hart e9750e2df8
Minor style/usability cleanups 2014-11-24 06:57:31 -08:00
sinn3r 57419bb0fc Fix #4253 - Print access level for snmp_login
Fix #4253 - module should print the access level
2014-11-22 23:09:15 -06:00
tate 9828598cb7 removing timeout method and option 2014-11-22 00:28:56 -07:00
tate 57b04f96a7 working with DLSw protocol check 2014-11-21 23:54:00 -07:00
tate b9a274f869 improving DLSw detection 2014-11-21 18:58:02 -07:00
jvazquez-r7 3ac1f7d4fb
Land #4242, @Meatballs1 fix for sap_service_discovery report_note
* I cannot reproduce @Meatballs1 issue
* But I noticed report_note should :update with :unique_data
* Fixed the :update
2014-11-21 10:16:08 -06:00
jvazquez-r7 e30ee9fee2 Update with :unique_data 2014-11-21 10:14:39 -06:00
HD Moore 99a23ada5c Module cleanup, error handling, and reporting 2014-11-20 16:18:20 -06:00
Jon Hart e255db9429
Partial commit 2014-11-20 13:49:36 -08:00
Jon Hart 94e5ba13a4 YARD and spec cleanup 2014-11-20 13:28:01 -08:00
Jon Hart df36ac910d Mostly complete Kademlia PING / BOOTSTRAP scanner 2014-11-20 13:28:01 -08:00
Jon Hart ab49d01a1b Add beginnings of Kademlia gather module and protocol support 2014-11-20 13:28:00 -08:00
HD Moore 2f6c4a9ba4 Slight tweak to description/author email formatting 2014-11-20 14:53:52 -06:00
Meatballs ee15179441
Fix service discovery errors 2014-11-20 18:22:33 +00:00
Rich Whitcroft 8306d739e3 add scanner module to extract domain from NTLM challenge 2014-11-20 11:02:21 -05:00
tate a4a1048f95 modified to get data collection off sock working 2014-11-19 11:17:58 -07:00
Jon Hart 7d6e7a6bfa
Minor Ruby style and module usability cleanup 2014-11-18 16:33:05 -08:00
tate 6b8b49ff98 improving metasploit module based on feedback 2014-11-18 15:03:18 -07:00
jvazquez-r7 542eb6e301 Handle exception in brute force exploits 2014-11-18 12:17:10 -08:00
Jon Hart 82f89e620b Clean up nfs mount scanner to *print_* better 2014-11-18 12:17:10 -08:00
Jon Hart b2f9307e0a vprint # of RPC programs, since the table comes right after 2014-11-18 12:17:10 -08:00
Jon Hart a9f9a8b116 Introduce new ::Rex::Proto::SunRPC::RPCError, making run_host cleaner 2014-11-18 12:17:10 -08:00
Jon Hart c7794a7ed9 Clean up Ruby style in sunrpc_portmapper 2014-11-18 12:17:09 -08:00
Jon Hart 059d84e4ca More consistent *print_* and Rex::Ui::Text::Table for sunrpc_portmapper 2014-11-18 12:17:09 -08:00
tate 703e0486fb Add DLSw leak capture module for CVE-2014-7992 2014-11-17 20:35:54 -07:00
HD Moore 9fe4994492 Chris McNab has been working with MITRE to add these CVEs
These CVEs are not live yet, but have been confirmed by cve-assign
t
2014-11-16 18:42:53 -06:00
William Vu a521d469ed
Land #4194, Quake protocol support 2014-11-15 17:44:19 -06:00
Jon Hart 57aef9a6f5
Land #4177, @hmoore-r7's fix for #4169 2014-11-13 18:29:57 -08:00
Jon Hart ebf6fe4e56
Minor style cleanup 2014-11-12 16:44:43 -08:00
Jon Hart 07a1653e57
Add gather module for Quake servers 2014-11-12 13:32:56 -08:00
Tod Beardsley 54158c8662
Land #4005, TNS poison checker 2014-11-12 13:29:59 -06:00
Tod Beardsley d242bc220b
Minor fixups and disclosure date for TNS module 2014-11-12 13:25:10 -06:00
Tod Beardsley 955a5142ca Edit e-mail address for antispam 2014-11-12 13:19:04 -06:00
Tod Beardsley 7e05f88399
Reapply PR #4113 (removed via #4175) 2014-11-11 15:06:43 -06:00
HD Moore 6b4eb9a8e2 Differentiate failed binds from connects, closes #4169
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:

1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.

Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
Tod Beardsley 017a44c0ae
Revert errored merge of deea30d
Revert "Merge branch 'master' of https://github.com/farias-r7/metasploit-framework into upstream-master"

This reverts commit deea30ddb4, reversing
changes made to 14514d7b8b.
2014-11-11 14:38:47 -06:00
HD Moore 96ba6da697
Add the UDP scanner template, lands #4113.
There is some additional work to do regarding CHOST/CPORT, but this is not tied to the udp template changes.
2014-11-11 11:59:30 -06:00
Nikita c0285067c9 Add new module to test TNS poison
msf auxiliary(tnspoison_checker) > show options 

Module options (auxiliary/scanner/oracle/tnspoison_checker1):

   Name     Current Setting                          Required  Description
   ----     ---------------                          --------  -----------
   RHOSTS   172.16.2.100, 172.16.2.24, 172.16.2.101  yes       The target address range or CIDR identifier
   RPORT    1521                                     yes       The target port
   THREADS  1                                        yes       The number of concurrent threads

msf auxiliary(tnspoison_checker) > exploit 

[+] 172.16.2.100:1521 is vulnerable
[*] Scanned 1 of 3 hosts (033% complete)
[-] 172.16.2.24:1521 is not vulnerable 
[*] Scanned 2 of 3 hosts (066% complete)
[-] 172.16.2.101:1521 unable to connect to the server
[*] Scanned 3 of 3 hosts (100% complete)
[*] Auxiliary module execution completed
2014-11-11 17:29:27 +03:00
Tod Beardsley cca30b536f
Land #4094, fixes for OWA brute forcer
Fixes #4083

Thanks TONS to @jhart-r7 for doing most of the work on this!
2014-11-05 14:00:26 -06:00
Jon Hart ff8d481eec Update description to remove comments about defaults. Default to 2013 2014-11-04 21:21:19 -08:00
Jon Hart 2c028ca7a6 Move redirect check before body check -- a redirect won't have a body 2014-11-04 14:19:21 -08:00
Jon Hart 7855ede2de Move userpass emptiness checking into setup 2014-11-04 14:07:39 -08:00
Tod Beardsley 5fb268bbdf
Updates to better OWA fix 2014-11-04 14:32:54 -06:00
Jon Hart b0e388f4c3
Land #3516, @midnitesnake's snmp_enumusers fix for Solaris, OS X 2014-11-04 08:23:16 -08:00
Tod Beardsley 51b96cb85b
Cosmetic title/desc updates 2014-11-03 13:37:45 -06:00
Jon Hart 8f197d4918 Move to build_probe 2014-11-03 08:41:51 -08:00
Jon Hart 121ebdfef6 update_info 2014-10-31 13:17:50 -07:00
Jon Hart b99e71dcdd Example UDPScanner style cleanup, move most to UDPScanner 2014-10-31 12:14:04 -07:00
Jon Hart ff0b52cffb Example per-batch vprint, a useful default 2014-10-31 10:31:31 -07:00
Jon Hart 94d4388af9 Improvements to example UDPScanner 2014-10-31 09:53:10 -07:00
Jon Hart d9f0a10737 Add new example template for scanning UDP services 2014-10-31 08:06:31 -07:00
Jon Hart 15e1c253fa Numerous cleanups for snmp_enumusers
* Bring in line with Ruby standards
* More sane format for adding new OSs
* Better logging for use on larger networks
* Better error handling
2014-10-29 23:54:32 -07:00
Jon Hart ba5035c7ef
Prevent calling match when there is no WWW-auth header 2014-10-28 17:13:57 -07:00
Jon Hart a5d883563d
Abort if 2013 desired but redirect didn't happen 2014-10-28 15:59:22 -07:00
Jon Hart 7ca4ba26b0
Show more helpful vprint messages when login fails 2014-10-28 15:48:04 -07:00
Jon Hart bce8f34a71
Set proper Cookie header from built cookie string 2014-10-28 15:41:36 -07:00
Jon Hart a3e1e11987
Ensure necessary cookies are present in OWA 2010 login response 2014-10-28 15:40:15 -07:00