Commit Graph

827 Commits (e16c57ed07133b58c33b9ce5a875ecbc67b1368d)

Author SHA1 Message Date
sinn3r ed6ee27896 Change public ip option name and store cookie to db 2015-02-05 09:48:45 -06:00
sinn3r 75c697c4dc Final 2015-02-05 04:36:44 -06:00
sinn3r 1ccfb6cb43 IE UXSS 2015-02-05 03:03:28 -06:00
William Vu 46210a4963
Fix punctuation 2015-01-26 12:05:54 -06:00
Tod Beardsley bae19405a7
Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
jvazquez-r7 c6901caf39 Change module location 2015-01-24 10:14:46 -06:00
Jon Hart e46395f592
Land #4596, @pdeardorff-r7's memcached extractor 2015-01-22 08:00:19 -08:00
Jon Hart 1cdcd3ccfa
Use a more consistent format in Rex table and loot for memcache 2015-01-22 07:59:48 -08:00
pdeardorff-r7 0d4d06fb83 Print table for all scans, add preview size option 2015-01-20 11:12:47 -08:00
Jon Hart f1bf607386
Minor Ruby style cleanup 2015-01-20 08:47:47 -08:00
Jon Hart ef89a3d323
Add protocol reference 2015-01-20 08:34:08 -08:00
Jon Hart 9c97824d5c
Move MAXKEYS to advanced 2015-01-20 08:28:49 -08:00
Jon Hart 9d430eb1d5
Use the simpler 'version' command to get the version 2015-01-20 08:16:22 -08:00
Jon Hart 6588f92206
Move rex connection errors to vprint since this is a Scanner 2015-01-20 08:11:09 -08:00
Jon Hart 10100df054
report_service 2015-01-20 08:09:35 -08:00
Jon Hart b0bbce1190
Include peer in most prints 2015-01-20 08:00:02 -08:00
William Vu 84ecde30d1
Land #4586, mcafee_epo_xxe aux module 2015-01-18 00:50:10 -06:00
William Vu 57ca285f8a
Fix msftidy warnings 2015-01-18 00:49:52 -06:00
pdeardorff-r7 db3185231a add maxkeys option, dont store loot if localhost and improve streaming 2015-01-17 09:25:32 -08:00
pdeardorff-r7 f1bcbb7d78 Merge remote-tracking branch 'live/master' into feature/memcached-module 2015-01-16 09:57:17 -08:00
Brent Cook 7ef721bdd6 Might as well format the url all at once. 2015-01-16 09:01:25 -06:00
Brandon Perry 1929f36050 Update mcafee_epo_xxe.rb 2015-01-15 16:50:14 -06:00
Joe Vennix 8c3d4c8d07
Spelling tweak. 2015-01-15 15:19:46 -06:00
Joe Vennix 35c9a13199 Handle the usage of // (same-scheme) URLs. 2015-01-15 15:09:50 -06:00
pdeardorff-r7 507050b316 rescue from down memcached server or timeout 2015-01-15 09:51:42 -08:00
pdeardorff-r7 0e893cd772 Merge remote-tracking branch 'live/master' into feature/memcached-module 2015-01-15 09:40:21 -08:00
pdeardorff-r7 4d2ad8865f remove debug line 2015-01-15 09:37:51 -08:00
pdeardorff-r7 154eb7956c fix storing of loot and support localhost session 2015-01-15 09:36:15 -08:00
Brandon Perry 4e4ca15422 Update mcafee_epo_xxe.rb 2015-01-15 11:02:11 -06:00
Brandon Perry e53522b64b Update mcafee_epo_xxe.rb 2015-01-15 10:28:52 -06:00
Brandon Perry 86d5358299 Update mcafee_epo_xxe.rb 2015-01-15 09:56:02 -06:00
Brandon Perry 53e1304afb Update mcafee_epo_xxe.rb 2015-01-14 18:19:27 -06:00
Brandon Perry 1ed07bac32 Update mcafee_epo_xxe.rb 2015-01-14 11:01:14 -06:00
Brandon Perry 794bb65817 Create mcafee_epo_xxe.rb 2015-01-14 10:54:58 -06:00
pdeardorff-r7 99cf668441 add memcached extractor module 2015-01-12 16:40:06 -08:00
sinn3r 4257fef91b
Land #4101 - Konica MFP FTP and SMB credential gathering module 2015-01-05 10:31:28 -06:00
Tod Beardsley 264d3f9faa
Minor grammar fixes on modules 2014-12-31 11:45:14 -06:00
Tod Beardsley d10222365b
Add Rafay's blog as a reference 2014-12-29 08:12:19 -06:00
Tod Beardsley 1236684954
Use get_uri instead, note lack of Rex::Text method
See rapid7#4461
2014-12-28 15:06:34 -06:00
Tod Beardsley 788e315fd4
Fix msftidy warnings 2014-12-28 14:53:29 -06:00
Joe Vennix 8d73794cc8
Add hint for exploit on old devices. 2014-12-23 12:29:08 -06:00
Joe Vennix e45af903d9
Add patch discovery date. 2014-12-19 12:04:41 -06:00
Joe Vennix 25313b1712
Use the hash to pass the script. 2014-12-19 02:30:37 -06:00
Joe Vennix 84ea628284
Add Android cookie theft attack. 2014-12-16 19:12:01 -06:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Deral Heiland 0887127264 Fixed several recommended changes by jvazquez-r7 and jlee-r7 2014-11-30 00:53:24 -05:00
HD Moore 9fe4994492 Chris McNab has been working with MITRE to add these CVEs
These CVEs are not live yet, but have been confirmed by cve-assign
t
2014-11-16 18:42:53 -06:00
Jon Hart 57aef9a6f5
Land #4177, @hmoore-r7's fix for #4169 2014-11-13 18:29:57 -08:00
Tod Beardsley dd1920edd6
Minor typos and grammar fixes 2014-11-13 14:48:23 -06:00
HD Moore 6b4eb9a8e2 Differentiate failed binds from connects, closes #4169
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:

1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.

Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
Deral Heiland 5bf8901822 Fixed several recommended changes by jvazquez-r7, Also Correct a XML parsing issue 2014-11-09 02:43:36 -05:00
Pedro Ribeiro e7b448537f Add OSVDB ids 2014-11-08 11:05:34 +00:00
jvazquez-r7 9d6e0664a4 Guess service name and port 2014-11-07 20:56:01 -06:00
jvazquez-r7 a44640c9fc Use single quotes 2014-11-07 20:48:04 -06:00
jvazquez-r7 7c1c08fc19 Use single quotes without interpolation 2014-11-07 20:46:47 -06:00
jvazquez-r7 0373156cce Use unless over if not 2014-11-07 20:42:08 -06:00
jvazquez-r7 f5a920da99 Use || operator 2014-11-07 20:41:44 -06:00
jvazquez-r7 64754a5609 Delete unnecessary begin..end block 2014-11-07 20:38:36 -06:00
jvazquez-r7 0919f74a3d Delete unused variable 2014-11-07 20:37:57 -06:00
jvazquez-r7 22b875d0f3 Reduce code complexity 2014-11-07 20:37:40 -06:00
jvazquez-r7 b1517e6ace Delete unnecessary nil comparision 2014-11-07 20:34:13 -06:00
jvazquez-r7 aa1fec7f02 Use fail_with 2014-11-07 20:33:33 -06:00
jvazquez-r7 d630eac272 Reduce code complexity 2014-11-07 20:32:15 -06:00
jvazquez-r7 cea30b5427 Use built-in format for RPORT 2014-11-07 20:30:32 -06:00
jvazquez-r7 e99cc00a57 No more than 100 columns on description 2014-11-07 20:29:38 -06:00
Pedro Ribeiro c00a3ac9cd Add full disclosure URL 2014-11-07 08:06:21 +00:00
Pedro Ribeiro 8a0249cdbf Address Juan's points 2014-11-06 21:02:28 +00:00
Pedro Ribeiro e71ba1ad4a Push exploit for CVE-2014-6038/39 2014-11-05 20:12:03 +00:00
William Vu ebb8b70472
Land #4015, another Android < 4.4 UXSS module 2014-11-04 15:52:29 -06:00
Tod Beardsley 51b96cb85b
Cosmetic title/desc updates 2014-11-03 13:37:45 -06:00
sinn3r 6f013cdcaf Missed these 2014-10-31 18:48:48 -05:00
sinn3r d6a830eb6e Rescue the correct exception: Rex::HostUnreachable 2014-10-31 16:43:33 -05:00
Joe Vennix 1e9f9ce425
Handle invalid JSON errors and fix typo. 2014-10-31 11:01:49 -05:00
sinn3r 92ad2c434d
Land #4081 - Xerox workcentre 5735 LDAP service redential extractor 2014-10-30 13:52:07 -05:00
sinn3r 470a067384 Final changes 2014-10-30 13:51:44 -05:00
sinn3r 02b1c5c4bc Final changes 2014-10-30 13:37:02 -05:00
sinn3r 127d1640da Print password 2014-10-30 13:27:40 -05:00
Deral Heiland a6980b9eb8 Updated to module based feedback from wchen-r7 2014-10-30 12:59:11 -04:00
Joe Vennix 6dc13f90cd
Update descriptions to mention Webview bugginess. 2014-10-30 10:55:56 -05:00
Joe Vennix 0ad9f95806
Remove stray alert() for debugging. 2014-10-30 10:52:06 -05:00
Joe Vennix 88040fbce0
Add another Android < 4.4 UXSS exploit. 2014-10-30 10:34:14 -05:00
Peter Arzamendi 9d56f0298a Changed upper XXX to lower XXX. 2014-10-29 20:09:02 -05:00
Deral Heiland 6c13c14be1 Konica MFP ftp and SMB credential gathering module 2014-10-29 16:12:16 -04:00
Peter Arzamendi b35a8935db Updated get_once for get_once undefined method and EOFError 2014-10-29 13:47:07 -05:00
Peter Arzamendi 2bc8767751 Updated rescue to catch other errors from the socket API 2014-10-29 08:03:28 -05:00
Peter Arzamendi 604cad9fbb Updated timeout to default to 45 seconds to wait for the print job to finish. 2014-10-28 15:45:28 -05:00
Peter Arzamendi b17d6a661d Moved module to auxiliary/gather and updated timeout to wait for the printer job to complete before we try to grab the creds. 2014-10-28 15:23:47 -05:00
Peter Arzamendi 0e42cf25d1 Updated per wchen-r7's recommendations. Still waiting to hear on Nokogiri 2014-10-28 15:13:16 -05:00
sinn3r 6b9742b444
Land #3966 - Add exploit for CVE-2014-4872 BMC / Numara Track-It! 2014-10-20 11:23:23 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Tod Beardsley 6ea3a78b47
Clarify the description on HP perfd module
Introduced in #3992
2014-10-14 11:58:52 -05:00
Jon Hart 76275a259a
Minor style cleanup of help and a failure message 2014-10-12 18:34:13 -07:00
Jon Hart c3a58cec9e
Make note of other commands to investigate 2014-10-11 13:07:52 -07:00
Jon Hart c80a5b5796 List commands in sorted order 2014-10-11 13:00:30 -07:00
Jon Hart 4ffc8b153c
Support running more than one perfd command in a single pass 2014-10-11 11:38:00 -07:00
Jon Hart c72593fae4
Store just banner for service, loot the rest. Also, minor style. 2014-10-11 11:12:49 -07:00
Jon Hart 9550c54cd2
Correct indentation and whitespace 2014-10-11 10:39:12 -07:00
Roberto Soares Espreto 7bd0f2c114 Changed Name, array in OptEnum and operator 2014-10-11 09:03:18 -03:00
Roberto Soares Espreto cbde2e8cd1 Variable cmd now with interpolation 2014-10-10 18:21:16 -03:00
Roberto Soares Espreto 291bfed47e Using Rex.sleep instead of select 2014-10-10 15:17:40 -03:00
Roberto Soares Espreto bd315d7655 Changed print_good and OptEnum 2014-10-10 13:54:42 -03:00
Roberto Soares Espreto 08fdb4fab2 Add module to enumerate environment HP via perfd daemon 2014-10-10 13:09:36 -03:00
Pedro Ribeiro 8163b7de96 Thanks for helping me clean up Todd! 2014-10-09 18:20:31 +01:00
Pedro Ribeiro 9d1e206e43 Incorporate cred changes and other minor fixes 2014-10-09 17:59:38 +01:00
Pedro Ribeiro 4817e1e953 Update trackit_sql_domain_creds.rb 2014-10-08 21:41:04 +01:00
Brendan Coles 3c7be9c4c5 Remove hash rockets from references #3766
[SeeRM #8776]
2014-10-08 09:01:19 +00:00
Pedro Ribeiro 6af6b502c3 Remove spaces at EOL 2014-10-08 08:30:30 +01:00
Pedro Ribeiro 713ff5134a Add OSVDB id 2014-10-08 08:24:44 +01:00
Pedro Ribeiro bd812c593c Add full disclosure URL 2014-10-08 08:24:04 +01:00
Pedro Ribeiro bbac61397d Restore :address to rhost and explain why 2014-10-08 08:23:43 +01:00
Pedro Ribeiro 9cb0ad1ac2 Change the reporting address to the real value 2014-10-08 01:18:17 +01:00
Pedro Ribeiro 6e9bebdaf9 Fix noob mistake in assignment 2014-10-08 01:04:15 +01:00
Pedro Ribeiro 7dbfa19e65 Add exploit for Track-It! domain/sql creds vuln 2014-10-07 23:54:43 +01:00
Christian Mehlmauer f45b89503d change WPVULNDBID to WPVDB 2014-10-03 17:13:18 +02:00
Christian Mehlmauer 33b37727c7 Added wpvulndb links 2014-10-02 23:03:31 +02:00
jvazquez-r7 c00094ba6e
Land #3345, @mvdevnull's auxiliary module for OSVDB 106815, Alienvault sqli 2014-09-19 15:01:21 -05:00
jvazquez-r7 62414e2214 Add Timeout to exploit sqli 2014-09-19 15:00:54 -05:00
jvazquez-r7 db6372ec8b Do minor module cleanup 2014-09-19 14:43:35 -05:00
jvazquez-r7 4a9294e3bf Mark module as not executable 2014-09-19 14:36:44 -05:00
Joe Vennix 59dfa624c4
Add a REMOTE_JS datastore option for BeEf hooks etc. 2014-09-16 13:31:03 -05:00
Tod Beardsley 4fc1ec09c7
Land #3759, Android UXSS, with ref/desc fixes
Incidentally, this also closes jvennix-r7#14 (let's see if I can close a
PR by merging from another repo!)

Also fixes #3782 (opened by accident).
2014-09-11 14:27:51 -05:00
Tod Beardsley fbba4b32e0
Update the title and desc to be more descriptive
See #3759
2014-09-11 14:06:14 -05:00
Tod Beardsley d627ab7628
Add refs for Android UXSS
See #3759
2014-09-11 14:05:50 -05:00
sinn3r 280e16c241
Land #3677 - Updated shodan_search for new API 2014-09-10 11:39:00 -05:00
sinn3r 006393360e Add conditions to check healthy shodan results 2014-09-10 11:38:06 -05:00
Joe Vennix 7793ed4fea
Add some common UXSS scripts. 2014-09-09 02:31:27 -05:00
Joe Vennix 27889ea411
Add a safety fallback on js load. 2014-09-08 00:46:47 -05:00
Joe Vennix 8407d45c9c
Rework the timers. 2014-09-08 00:40:00 -05:00
Joe Vennix 5c9c8edfcf
Fix refs. 2014-09-07 23:33:45 -05:00
Joe Vennix 5efaf7d4cf
rename module, handle asyncness. 2014-09-07 23:25:08 -05:00
Joe Vennix 1bf89fb6bd Add Android <= 4.3 AOSP UXSS module. 2014-09-07 20:44:03 -05:00
Chris Hebert abffdd8705 Update alienvault_newpolicyform_sqli.rb
cleaned up according to msftidy.rb suggestions

modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:17 - [WARNING] Spaces at EOL
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:18 - [WARNING] Tabbed indent: "\tlack of input filtering to read an arbitrary file from the file system.\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Space-Tab mixed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Tabbed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Space-Tab mixed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Tabbed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:110 - [WARNING] Spaces at EOL
2014-09-04 21:46:37 -04:00
Chris Hebert 664cc131e3 Update alienvault_newpolicyform_sqli.rb
added 'ctx' variable relating to jvazquez-r7 note added on Jun 9
2014-09-04 21:34:24 -04:00
jvazquez-r7 ff210a7c0a delete parenthesis 2014-09-04 16:16:29 -05:00
William Vu 2d8c7a7a4d
Refactor if statement to early return
This eliminates the protracted if statement and aligns the code body.
2014-09-04 15:05:30 -05:00
John Sawyer 3281781f6a Addressed r7 comments, fixed bug in results loop 2014-09-01 13:43:31 -04:00
Jon Hart 246f021437 Update natpmp_external_address to use Msf::Auxiliary::UDPScanner 2014-08-26 10:49:53 -07:00
Jon Hart 162508f532 Update NAT-PMP modules to use new/updated mixins 2014-08-26 10:49:53 -07:00
Jon Hart 816404bb88 Move common NAT-PMP functionality into a central place 2014-08-26 10:49:53 -07:00
Jon Hart ca11eae3a9 Show a useful failure message when the external address probe fails 2014-08-26 10:49:52 -07:00
John Sawyer 0a27a18104 Committing changes from r7 comments 2014-08-23 00:08:27 -04:00
John Sawyer 1959f7a235 Updated shodan_search for new API 2014-08-20 00:48:13 -04:00
jvazquez-r7 674c3ca260 Use [] for references 2014-07-30 10:44:42 -05:00
Christian Mehlmauer 3d2a62bc29
Updated W3 Total Cache Hash extract module 2014-07-29 19:49:48 +02:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
William Vu 43f41de124
Land #3508, CVE-2014-4671 Flash JSONP disclosure 2014-07-11 10:11:48 -05:00
joev b8225ae2dc
Remove unnecessary ||= and ivars. 2014-07-10 16:06:28 -05:00
joev e0389dfbc3
Update code as per @wvu's code review. 2014-07-10 15:03:40 -05:00
joev dd439066ca
Patch rhost to display hostname of JSONP_URL. 2014-07-10 12:02:22 -05:00
joev 841cb6a590
STEAL_URL -> STEAL_URLS. 2014-07-10 09:14:32 -05:00
joev fad30bc874
Add flash rosetta exploit module for stealing URLs. 2014-07-10 09:09:10 -05:00
HD Moore 002234993f
SMB lib fixes, unattend.xml cred gathering 2014-06-23 20:08:42 -05:00
Meatballs 615aeb66a5
Dont use or 2014-06-23 23:11:04 +01:00
Meatballs 752007848b
Tidy up code
Dont rescue Exception
Remove eol spaces
Dont use and
More verbose path
2014-06-23 23:08:33 +01:00
HD Moore 2772d84a18 Major rework of this module, please see the diff 2014-06-23 16:13:42 -05:00
William Vu a0aca251f5
Land #3472, releae fixes 2014-06-23 11:41:35 -05:00
Tod Beardsley 0219c4974a
Release fixups, word choice, refs, etc. 2014-06-23 11:17:00 -05:00
William Vu 40d1ec551e
Add WEP, PSK, and MGT 2014-06-21 23:15:20 -05:00
Spencer McIntyre c685e0d06e
Land #3444, chromecast wifi enumeration 2014-06-17 22:09:58 -04:00
William Vu 1394ad1431
Break my double quote habit
Doesn't it feel better? C doesn't love me anymore.
2014-06-17 14:22:55 -05:00
William Vu 8376b4aa2b
Map constants to readable values
Thanks, @zeroSteiner and @kernelsmith. :)
2014-06-17 13:10:08 -05:00
Tod Beardsley 2aa26fa290
Minor spacing and word choice fixups 2014-06-16 11:40:21 -05:00
Tod Beardsley 1ab379a0fe
Land #3448, ident =! indent 2014-06-12 14:15:06 -05:00
Tod Beardsley e9783200f2
Land #3447, fix variable typo 2014-06-12 14:07:34 -05:00
William Vu cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key) 2014-06-12 13:41:44 -05:00
Jon Cave a647246148 Use correct variable name 2014-06-12 19:38:41 +01:00
Tod Beardsley 3f5e50d18f
Aux modules don't have ranking.
msftidy should have defintely caught this. That it didn't catch on
Travis-CI concerns me. Need to research this.
2014-06-12 13:21:59 -05:00
joev 6bc37cca0c
Land #3430, @brandonprry's generic MongoDB injection enum. 2014-06-11 21:41:23 -05:00
William Vu 23f7fe45ed
Add Chromecast wifi enumeration module 2014-06-11 21:00:47 -05:00
Brandon Perry cca91dd7c5 Update mongodb_js_inject_collection_enum.rb
some @jvennix-r7 fixes
2014-06-11 17:07:57 -05:00
Brandon Perry 4367e8ef0c Update mongodb_js_inject_collection_enum.rb
Fix some logic bugs that caused incorrect results.
2014-06-07 21:03:28 -05:00
Brandon Perry dc89621d5c Update mongodb_js_inject_collection_enum.rb
No need to make extra requests. Off by one.
2014-06-07 20:09:00 -05:00
Brandon Perry 2663af986b Update mongodb_js_inject_collection_enum.rb
This adds a bit more error handling, and better decision making in regards to false responses.
2014-06-07 19:58:12 -05:00
Brandon Perry 4071fb332b Create mongodb_js_inject_collection_enum.rb
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7

https://gist.github.com/brandonprry/c2de8ac2be825007c4de
2014-06-07 11:20:34 -05:00
jvazquez-r7 69e8286838 Fix title 2014-05-27 10:29:32 -05:00
jvazquez-r7 1316365c2f Fix description 2014-05-27 10:22:39 -05:00
jvazquez-r7 abe1d6ffc7
Land #3190, @Karmanovskii's module to fingerprint MyBB database 2014-05-27 10:20:24 -05:00
jvazquez-r7 86221de10e Fix message 2014-05-27 10:18:27 -05:00
jvazquez-r7 b96c2dd0ca Change module filename 2014-05-27 10:15:39 -05:00
jvazquez-r7 1d8c46155b Do last code cleaning 2014-05-27 10:14:55 -05:00
Karmanovskii eacf70af83 Update mybb_get_type_db.rb
26.05.2014  23:26
I deleted mimicking IE11
2014-05-26 23:26:28 +04:00
Chris Hebert 99046ba12a Update alienvault_newpolicyform_sqli.rb
Added EDB link - should be ready now.
2014-05-23 10:07:45 -04:00
Tod Beardsley fa353e6bd9
Add CVE, IBM ref for SameTime modules 2014-05-22 11:34:04 -05:00
Karmanovskii e26dee5e22 Update mybb_get_type_db.rb
19/05/2014
I deleted      -     #return Exploit::CheckCode::Unknown  # necessary ????
2014-05-19 21:32:30 +04:00
Karmanovskii 06912ac2b6 Update mybb_get_type_db.rb
1.Changed "Rex::Proto::Http::Client" to "Msf::Exploit::Remote::HttpClient"
2.changed the name of the variable "_Version_server".
2014-05-17 16:30:29 +04:00
Karmanovskii cbb84e854c Update mybb_get_type_db.rb
14.05.2014
Eliminated notes jvazquez-r7
2014-05-14 14:56:40 +04:00
Christian Mehlmauer 3f3283ba06
Resolved some msftidy warnings (Set-Cookie) 2014-05-12 21:23:30 +02:00
Chris Hebert 681e4194ea Update alienvault_newpolicyform_sqli.rb
and the new variable as well.
2014-05-10 20:19:40 -04:00
Chris Hebert 3ae3c478bd Update alienvault_newpolicyform_sqli.rb
enhanced as requested by Christian Mehlmauer 
changed xnDa to a random string to make IDS harder to detect.
2014-05-10 20:17:30 -04:00
Chris Hebert 1affbfbe9d Update alienvault_newpolicyform_sqli.rb
fixed reinitialize i=0, full = '' and filename .....
 spotted by Spencer McIntyre - thanks.
2014-05-10 18:49:41 -04:00
Chris Hebert 8e79663001 Update alienvault_newpolicyform_sqli.rb
Added vendor advisory
2014-05-10 18:31:12 -04:00
Chris Hebert ec1df58bf7 Update alienvault_newpolicyform_sqli.rb
Changed reference --  OSVDB # 106815
(waiting for EDB - no response yet)
2014-05-10 18:14:09 -04:00
Chris Hebert 473efe1040 Update alienvault_newpolicyform_sqli.rb 2014-05-10 17:28:50 -04:00
mvdevnull 117e0b839b Add module - alienvault_newpolicyform_sqli 2014-05-09 15:10:58 -04:00
Tod Beardsley c6affcd6d3
Fix caps, description on F5 module
The product name isn't "Load Balancer" as far as I can tell.
2014-05-05 13:38:53 -05:00
jvazquez-r7 9cd6c5ef2b
Land #3297, @Th4nat0s's F6 backends disclosure module 2014-04-30 09:31:37 -05:00
jvazquez-r7 4e80e1c239 Clean up pull request code 2014-04-30 09:31:07 -05:00
Thanat0s 70314494ca test nil of port & host 2014-04-28 23:33:01 +02:00
Thanat0s fe3f7fd76a Obey to reviewer.. code fix 2014-04-28 23:26:29 +02:00
Thanat0s 2396d497d8 move scanner to gather 2014-04-28 12:57:54 +02:00
Spencer McIntyre 9ccb9397e3
Land #3264, throttl and csv output support for module 2014-04-23 19:00:28 -04:00
Spencer McIntyre e2b92a824f Change white space for authors in dns_reverse_lookup 2014-04-23 18:56:27 -04:00
Thanat0s 457c48b89b Error on sleep 2014-04-23 11:38:23 +02:00
sinn3r d7513b0eb2 Handle nil properly when no results are found 2014-04-15 18:19:29 -05:00
Tod Beardsley 40a359f312 Include a vhost for Shodan or else it complains
Works now. The rhost option was not keeping the custom vhost option.

````
msf auxiliary(shodan_search) > rexploit
[*] Reloading module...

[*] Total: 13443 on 269 pages. Showing: 1
[*] Country Statistics:
[*] United States (US): 2006
[*] Germany (DE): 1787
[*] Korea, Republic of (KR): 1061
[*]     Italy (IT): 916
[*] Hungary (HU): 604
[*] Collecting data, please WaitUntilAuthEmptyt...

IP Results
==========
````
2014-04-14 21:23:27 -05:00
Tod Beardsley 1436f68955
Fix shodan to not muck with datastore 2014-04-14 21:21:11 -05:00
Thanat0s 176204d62d With implemented remarks 2014-04-14 21:11:04 +02:00
Thanat0s dd7bceee56 fix threaded issues 2014-04-12 17:43:39 +02:00
Thanat0s d493c48cc6 add thottling,notes insert and output to dns_rev_lookup 2014-04-12 16:36:18 +02:00
Tod Beardsley 56662bd89b
Correct corpwatch_lookup_name datastore usage
[SeeRM #8498]
2014-04-10 16:56:55 -05:00
Tod Beardsley 06dedeec8f
Update corpwatch_lookup_id to run correctly
[SeeRM #8498]
2014-04-10 16:52:34 -05:00
Tod Beardsley 062175128b
Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
Tod Beardsley 7572d6612e
Spelling and grammar on new release modules 2014-04-07 12:18:13 -05:00
Karmanovskii 5dbd124ef9 Update mybb_get_type_db.rb 2014-04-05 02:53:43 -07:00
Karmanovskii c035715a71 Update mybb_get_type_db.rb
Changed the name of the variable _Version_server on _version_server according to the recommendation of jvazquez-r7
2014-04-05 02:50:53 -07:00
jvazquez-r7 e2cbcf3c5d
Land #3179, @brandonprry AlienVault sqli aux module 2014-04-04 09:17:11 -05:00
jvazquez-r7 ff6105e55d Add check codes 2014-04-04 09:13:43 -05:00
Brandon Perry 44db611845 defaultoptions, not option 2014-04-04 05:55:35 -07:00
jvazquez-r7 6f14cd225d Do minor clean up 2014-04-03 23:22:44 -05:00
Christian Mehlmauer 253a1c1f87
Land #3180, EMC Cloud Tiering Appliance Unauthed XXE with root perms 2014-04-03 22:02:13 +02:00
Brandon Perry a57da00932 fix refs line 2014-04-03 14:07:00 -07:00
Brandon Perry 51f83fccde add some checks in vase the file wasn't retrievable 2014-04-03 14:04:05 -07:00
Brandon Perry e2ded663a6 make more robust 2014-04-03 06:15:09 -07:00
Brandon Perry 53b8148438 make more random 2014-04-03 05:52:35 -07:00
Brandon Perry 77b64ee77d make more random 2014-04-03 05:41:00 -07:00
Brandon Perry 75dc4c459b msftidy 2014-04-02 13:22:21 -07:00
Brandon Perry bb82277a41 msftidy 2014-04-02 13:20:13 -07:00
Brandon Perry abc0b31f26 exploithub wat 2014-04-02 13:18:48 -07:00
Brandon Perry 765657d55a alienvault module 2014-04-02 13:09:46 -07:00
Brandon Perry d3f353118a edb update 2014-04-02 13:06:54 -07:00
Brandon Perry 32cd846fe4 emc cta xxe module 2014-04-02 13:05:53 -07:00
Karmanovskii b11df0eaf0 Update and rename myBB_GetTypeDB.rb to mybb_get_type_db.rb 2014-03-28 16:47:49 -07:00
William Vu 2344a9368e
Fix warnings generated by #3158
Keeping ManualRanking for DoS modules.
2014-03-31 12:35:15 -05:00
Karmanovskii 0b51e7459c Update myBB_GetTypeDB.rb
I have added detection MyBB forum.
2014-03-24 12:19:51 -07:00
Tod Beardsley cd9182c77f
Msftidy warning fix on Joomla module.
Pre-commit hooks people.
2014-03-24 12:03:12 -05:00
sinn3r 93ad818358 Fix header and e-mail format for author 2014-03-20 12:07:50 -05:00
Brandon Perry 9b2cfb6c84 change default targeturi to something more universal 2014-03-19 21:03:50 -05:00
Brandon Perry b52a535609 add official url 2014-03-19 20:41:32 -05:00
Brandon Perry ab42cb1bff better error handling for the user 2014-03-19 18:46:57 -05:00
Brandon Perry 2ef2f9b47c use vars_get 2014-03-19 07:51:34 -07:00
Brandon Perry 920b2da720 Merge branch 'master' into joomla_sqli 2014-03-19 07:43:32 -07:00
Brandon Perry a01dd48640 a bit better error message if injection works but no file 2014-03-13 13:38:43 -07:00
Brandon Perry b0688e0fca clarify LOAD_FILE perms in description 2014-03-13 13:11:27 -07:00
Brandon Perry 2734b89062 update normalize_uri calls 2014-03-13 06:55:15 -07:00
Brandon Perry 7540dd83eb randomize markers 2014-03-12 20:11:55 -05:00
Brandon Perry 3fedafb530 whoops, extra char 2014-03-12 19:54:58 -05:00
Brandon Perry aa00a5d550 check method 2014-03-12 19:47:39 -05:00
Brandon Perry 9cb1c1a726 whoops, typoed the markers 2014-03-12 10:58:34 -07:00
Brandon Perry 6636d43dc5 initial module 2014-03-12 10:46:56 -07:00
William Vu 170608e97b Fix first chunk of msftidy "bad char" errors
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
Karmanovskii 6d748f49d3 Update myBB_GetTypeDB.rb
1.I added comment header;
2.I made ​​a link to your account as a comment;
3.I added a link https://github.com/rapid7/metasploit-framework/pull/3070
Items 2 and 3 on the advice wchen-r7
2014-03-07 10:49:30 -08:00
Karmanovskii 162527c0e4 Update and rename modules/auxiliary/analyze/myBB_GetTypeDB.rb to modules/auxiliary/gather/myBB_GetTypeDB.rb
Minor changes and bug: "Msf :: Auxiliary" - forgot to change
2014-03-06 09:43:23 -08:00
sinn3r f0e97207b7 Fix email format 2014-03-04 17:51:24 -06:00
Brandon Perry c86764d414 update default password to root 2014-03-04 11:55:30 -08:00
Brandon Perry 2b06791ea6 updates regarding PR comments 2014-03-04 10:08:31 -08:00
Brandon Perry a3523bdcb9 Update mantisbt_admin_sqli.rb
remove extra new line and fix author line
2014-03-04 08:44:53 -06:00
Brandon Perry 98b59c4103 update desc 2014-03-03 12:40:58 -08:00
Brandon Perry c5d1071456 add mantisbt aux module 2014-03-03 12:36:38 -08:00
James Lee d2945b55c1
Fix typo
inside_workspace_boundary() -> inside_workspace_boundary?()
2014-02-24 14:46:08 -06:00
Tod Beardsley 1236a4eb07
Fixup on description and some option descrips 2014-02-10 14:41:59 -06:00
sinn3r 8a8bc74687
Land #2940 - DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials 2014-02-10 13:49:02 -06:00
sinn3r 306b31eee3
Small changes before merging 2014-02-10 13:47:31 -06:00
jvazquez-r7 ac52edabd5
Land #2801, Land @kicks4kittens IBM Sametime modules 2014-02-06 10:17:03 -06:00
jvazquez-r7 30c325c22e Make better json check 2014-02-06 10:16:26 -06:00
kicks4kittens 564f9bccc8 Correct print output
Printing the room details is the purpose of the module.
Reinstated printing the table in non-verbose mode (users won't know it's there otherwise)
2014-02-05 22:00:02 +01:00
kicks4kittens 445cd7be5a remove "on {peer}
line already includes {peer} info
2014-02-05 21:57:58 +01:00
kicks4kittens 4c0c9101aa Correct check, reinstate print
Corrected JSON check (response is empty, but valid JSON on check success)
Reinstated print to warn user (not only in VERBOSE)
2014-02-05 21:56:56 +01:00
kicks4kittens 60cf68f899 added default SSL 2014-02-05 21:54:02 +01:00
kicks4kittens 3560b41eb2 correct variable name
body isn't valid, replaced with res.body and tested
2014-02-05 21:51:55 +01:00
Tod Beardsley 9953821451
Fix desc on Drupal module, some peer prints 2014-02-03 12:16:06 -06:00
bcoles 9b9b2fab58 Add DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials module 2014-02-04 02:00:11 +10:30
sinn3r f7ecae3f75
Land #2909 - Drupal OpenID External Entity Injection 2014-01-24 15:03:07 -06:00
sinn3r c8e2301111 Be more informative about why CheckCode::Unknown
This is just kind of personal preference here. In case users wonder
why Unknown.
2014-01-24 15:01:52 -06:00
jvazquez-r7 cf17bf2e72 Small fix 2014-01-23 19:34:50 -06:00
jvazquez-r7 43de7eb74f Use REXML 2014-01-23 19:32:42 -06:00
jvazquez-r7 5a59e3d4e4 Fix typo 2014-01-23 18:53:58 -06:00
jvazquez-r7 f529eb1d4b Clean code 2014-01-23 18:51:24 -06:00
jvazquez-r7 8e17d38c77 Add check method 2014-01-23 18:30:18 -06:00
jvazquez-r7 b0deb45fad Add Drupal advisory as reference 2014-01-23 18:10:57 -06:00
jvazquez-r7 6d0d7eda10 Delete garbage comment 2014-01-23 18:09:05 -06:00
jvazquez-r7 72b72effa6 Add module for CVE-2012-4554 2014-01-23 18:04:31 -06:00
sinn3r 7080bb336c Update ColdFusion check 2014-01-19 17:05:03 -06:00
sinn3r 4fdd2c19a1 Update vbulletin check 2014-01-19 16:54:27 -06:00
jvazquez-r7 01ab6fd545 Do small fixes 2014-01-17 17:59:03 -06:00
jvazquez-r7 5ec062ea1c Beautify print message 2014-01-17 17:42:26 -06:00
jvazquez-r7 d96772ead1 Clean multi-threading on ibm_sametime_enumerate_users 2014-01-17 17:38:16 -06:00
jvazquez-r7 bb3d9da0bb Do first cleaning on ibm_sametime_enumerate_users 2014-01-17 16:33:25 -06:00
jvazquez-r7 584401dc3f Clean ibm_sametime_room_brute code 2014-01-17 15:57:12 -06:00
jvazquez-r7 4d079d47b8 Enable SSL by default 2014-01-17 15:34:33 -06:00
jvazquez-r7 277711b578 Fix metadata 2014-01-17 15:31:51 -06:00
jvazquez-r7 10fd5304ce Parse response body just one time 2014-01-17 15:17:25 -06:00
jvazquez-r7 fe64dbde83 Use rhost and rport methods 2014-01-17 14:49:50 -06:00
jvazquez-r7 5e8ab6fb89 Clea ibm_sametime_version 2014-01-17 12:23:11 -06:00
kicks4kittens d0d82fe405 Fixed code issues as requested in PR2801
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:53:14 +01:00
kicks4kittens 87648476e1 Fixed code issues as requested in PR2801
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:52:45 +01:00
kicks4kittens 55d4ad1b6a Fixed code issues as requested in PR2801
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:51:19 +01:00
Tod Beardsley feaf6c23cf
Merge and Unconflict client.rb, new module splat
The only conflict was the regex option for no encoding, which was added
after @Meatballs1's original PR for rapid7/metasploit-framework#1421

Also fixes the module with the new license splat.

Conflicts:
	lib/rex/proto/smb/client.rb
2013-12-30 16:53:13 -06:00
kicks4kittens 17c0751677 Create ibm_sametime_room_brute.rb
init
2013-12-26 13:02:52 +01:00
kicks4kittens 7ba1950424 Create ibm_sametime_enumerate_users.rb
init
2013-12-26 13:01:48 +01:00
kicks4kittens 2d6f41d67f Create ibm_sametime_version.rb
init
2013-12-26 13:00:39 +01:00
OJ 5e4c395f86 Fix small spacing issue 2013-12-18 17:14:47 +10:00
zeknox 2eee34babf added timeout options and rescue timeout 2013-12-16 20:00:13 -06:00
zeknox fe34d0e36e fixed syntax 2013-12-16 19:26:40 -06:00
zeknox 7b8de95f6b fixed database overwriting issues 2013-12-16 19:16:12 -06:00
zeknox 07f686bb1a added ResolverArgumentError rescue statement 2013-12-16 18:46:14 -06:00
zeknox e6f1f648be modified wordlist path, modified report_goods to log udp or tcp, made wordlist not required 2013-12-13 10:49:44 -06:00
zeknox d6e19df8e2 added additional url reference 2013-12-12 22:57:23 -06:00
zeknox 9f18c57fce added period to description and changed tester to user 2013-12-12 22:11:02 -06:00
zeknox dba0e9bf77 msftidy done 2013-12-12 20:30:46 -06:00
zeknox 554cd41403 added dns_cache_scraper and useful wordlists 2013-12-12 20:18:18 -06:00
Tod Beardsley e737b136cc
Minor grammar/caps fixup for release 2013-12-09 14:01:27 -06:00
sinn3r 92412279ae Account for failed cred gathering attempts
Sometimes the SQL error doesn't contain the info we need.
2013-12-09 02:11:46 -06:00
jvazquez-r7 f2f8c08c8e Use blank? method 2013-12-05 16:36:44 -06:00
jvazquez-r7 a380d9b4f2 Add aux module for CVE-2013-3522 2013-12-05 15:58:05 -06:00
joev 0612f340f1 Commas are good. 2013-11-13 14:38:50 -06:00
joev ad5f82d211 Add missing refs to aux/gather/android_htmlfileprovider. 2013-11-13 14:36:18 -06:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Tod Beardsley ba2c52c5de
Fixed up some more weird splat formatting. 2013-10-16 16:25:48 -05:00
Tod Beardsley 5d86ab4ab8
Catch mis-formatted bracket comments. 2013-10-15 14:52:12 -05:00
Tod Beardsley ed0b84b7f7
Another round of re-splatting. 2013-10-15 14:14:15 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat
[SeeRM #8496]
2013-10-15 13:51:57 -05:00
Meatballs 9ca9b4ab29
Merge branch 'master' into data_dir
Conflicts:
	lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
sinn3r c10f0253bc Land #2472 - Clean up the way Apple Safari UXSS aux module does data collection 2013-10-07 15:47:28 -05:00
Tod Beardsley 293927aff0
msftidy fix for coldfusion exploit 2013-10-07 12:22:48 -05:00
joev 47e7a2de83 Kill stray debugger statement. 2013-10-06 19:32:22 -05:00
joev c2a81907ba Clean up the way Apple Safari UXSS aux module does data collection.
[FIXRM #7918]
2013-10-06 19:28:16 -05:00
jvazquez-r7 1fe0c50df0 Ignore unexpected answers 2013-10-02 20:41:02 -05:00
Meatballs c460f943f7
Merge branch 'master' into data_dir
Conflicts:
	modules/exploits/windows/local/always_install_elevated.rb
	plugins/sounds.rb
	scripts/meterpreter/powerdump.rb
	scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
FireFart 84ec2cbf11 remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient 2013-09-25 23:42:44 +02:00
Tod Beardsley b4b7cecaf4 Various minor desc fixes, also killed some tabs. 2013-09-16 15:50:00 -05:00
jvazquez-r7 2741983158 Update description 2013-09-13 18:31:11 -05:00
jvazquez-r7 40aeaf445b Add auxiliary module for HP SNAC Auth Bypass 2013-09-13 18:29:57 -05:00
Tab Assassin 785c2eeb95 Retab changes for PR #1421 2013-09-05 16:20:04 -05:00
Tab Assassin a5cf67a9af Merge for retab 2013-09-05 16:19:51 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
jvazquez-r7 b9360b9de6 Land #2286, @wchen-r7's patch for undefined method errors 2013-08-26 20:46:05 -05:00
sinn3r 6b8feaff8c Type conversion 2013-08-26 13:56:11 -05:00
sinn3r 50e7d8015a Validate datastore option "YEAR"
The YEAR option is a numeric value, so should be OptInt in order to
go through validation.

[FixRM #8345]
[FixRM #8344]
2013-08-21 01:38:16 -05:00
sinn3r 8806e76e4d Fix undefined method error
[FixRM #8343]
2013-08-21 00:44:10 -05:00
sinn3r 86d6bce8c4 [FixRM #8312] - Fix file handle leaks
Fix file handle leaks for [SeeRM #8312]
2013-08-18 20:31:13 -05:00
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
Tod Beardsley 164153f1e6 Minor updates to titles and descriptions 2013-07-22 13:04:54 -05:00
sinn3r 4a3dc2e365 Print all the creds! All your base belong to me.
After a short discussion with Tod, we think it's best to print the
creds by default.  If some dude runs Metasploit in a public place,
dumps passwords, and gets shoulder surfed, well, sucks for them :-p
2013-07-09 19:56:44 -05:00
sinn3r d3433a017b Print hash too 2013-07-09 16:39:24 -05:00
jvazquez-r7 234624793c Add module for CVE-2013-1814 2013-07-09 14:03:35 -05:00
sinn3r 0ecffea66f Updates fingerprint() for CF10 2013-05-28 14:42:11 -05:00
ringt 54eeb8f000 Adding new version...old version does not work in windows, doesnt fingerprint, and a few other minor things 2013-05-21 13:13:21 -05:00