1a392e2292
Multi-fy the hyperic_hq_script_console exploit.
2014-06-27 08:34:55 -04:00
80bdf750e9
Multi-fy the new printf stager and add to sshexec.
2014-06-27 08:34:55 -04:00
ae25c300e5
Initial attempt to unify the command stagers.
2014-06-27 08:34:55 -04:00
6e1fa8ff5a
Refactor OS X hashdump creds
2014-06-26 15:10:35 -05:00
a60dfdaacb
Land #3471 - HP AutoPass License Server File Upload
2014-06-26 14:34:32 -05:00
ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape
2014-06-26 13:48:28 -05:00
0b6f7e4483
Land #3404 - MS14-009 .NET Deployment Service IE Sandbox Escape
2014-06-26 11:45:47 -05:00
6075c795e9
Land #3467 - failure message for nil payload
2014-06-26 11:12:37 -05:00
9cec330f05
Merge branch 'master' into staging/electro-release
2014-06-26 10:22:30 -05:00
4da28f1708
updated platform
2014-06-25 22:01:19 -04:00
48e93b7fc2
Merge branch 'feature/MSP-9715/linux_hashcracker' into staging/electro-release
2014-06-25 16:15:44 -05:00
54ccc261d1
Updates
...
Updated spacing, ranking, php command, platform, and merged *nix and
windows cmds
2014-06-25 16:34:51 -04:00
34c57f51b1
Merge branch 'staging/electro-release' of github.com:rapid7/metasploit-framework-private into staging/electro-release
2014-06-25 15:02:35 -05:00
ac61a8fe4f
deprecate jtr_unshadow
2014-06-25 15:01:35 -05:00
75be200b97
Merge branch 'feature/MSP-9714/jtr_aix' into staging/electro-release
2014-06-25 14:34:41 -05:00
70fd3344fd
Merge branch 'feature/MSP-9713/jtr_crack_fast' into staging/electro-release
2014-06-25 14:15:50 -05:00
9b35b0e13a
Revert "Land #3446 -- Meterpreter bins gem switch" due to build failures
...
This reverts commit bba8bd3498002234993f
2014-06-25 13:24:07 -05:00
61d8597a00
missing require
2014-06-25 10:13:41 -05:00
5b0a356045
properly strip extra colons
2014-06-25 10:04:48 -05:00
4e0bcc123d
More useful msg when domain is ignored
2014-06-25 10:01:07 -05:00
f5ea6db604
Merge pull request #86 from rapid7/feature/MSP-9719/postgres_crack
...
Feature/msp 9719/postgres crack
MSP-9719 #land
2014-06-25 09:19:55 -05:00
6696783b86
Merge pull request #85 from rapid7/feature/MSP-9717/mysql_crack
...
Feature/msp 9717/mysql crack
MSP-9717 #land
2014-06-25 08:55:35 -05:00
db8692444f
Merge branch 'feature/MSP-9742/windows_autologin' into staging/electro-release
2014-06-25 04:31:57 -05:00
f225ac92ab
Refactor smb_login
...
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
2014-06-25 04:13:37 -05:00
920bd1132e
replace manual packing with rex version
2014-06-25 00:16:28 -04:00
3ed7050b67
Lands 3420 after wrapping most lines at 80
2014-06-24 17:37:43 -05:00
3fe162a8b1
wraps most lines at 80
2014-06-24 17:36:10 -05:00
560fc93834
jtr_aix refactor
...
updated the aix cracker for jtr
2014-06-24 15:34:28 -05:00
b875a803d0
fix aix hashdump
...
aix hashdump now creates NonreplayableHash objects
2014-06-24 15:23:37 -05:00
bba8bd3498
Land #3446 -- Meterpreter bins gem switch
2014-06-25 03:00:11 +10:00
85611702f9
Merge branch 'upstream-master' into feature/MSP-9707/smb-bruteforce-refactor
2014-06-23 23:58:47 -05:00
002234993f
SMB lib fixes, unattend.xml cred gathering
2014-06-23 20:08:42 -05:00
615aeb66a5
Dont use or
2014-06-23 23:11:04 +01:00
752007848b
Tidy up code
...
Dont rescue Exception
Remove eol spaces
Dont use and
More verbose path
2014-06-23 23:08:33 +01:00
6651af2d9b
refactor jtr_linux cracker
2014-06-23 16:27:28 -05:00
2772d84a18
Major rework of this module, please see the diff
2014-06-23 16:13:42 -05:00
86869f0a81
remove extra parenthesis
2014-06-23 17:10:31 -04:00
8e37aea7c2
remove use of Q in packing and unpacking
2014-06-23 16:52:53 -04:00
57c4ed51e9
fix mssql incremental modes
2014-06-23 15:37:37 -05:00
1cbc324774
fix up incremental modes
...
those incrmenetal rules don't exist
in all versions. All and Alnum are too long
for a 'fast-mode' crack. We wwill do Digits though
which does all digits 0-8 and gets us blank passwords
for free.
2014-06-23 15:36:17 -05:00
520c82d7fc
deal with blank password in ntlm
2014-06-23 15:32:50 -05:00
c5f2efda18
fixed up casing
2014-06-23 15:26:12 -05:00
b246e66eb8
successfully cracking ntlm hashes
...
still need to handle casing for lm
2014-06-23 14:40:32 -05:00
a7d00f8144
simplify SHA1 code
2014-06-23 15:39:06 -04:00
77620193a1
remove character restriction on aes.final call
2014-06-23 15:37:19 -04:00
2d0b4b96ee
remove verbose exit if no salt found
2014-06-23 15:34:07 -04:00
275d8826bd
skype post module to extract password hash
2014-06-23 15:16:50 -04:00
57cc390681
fix how we save mssql hashes
...
since the 0x prefix is neccisary, just save the hash that way in the first place
2014-06-23 12:38:36 -05:00
c61f59d8a9
make sure to report the realm
2014-06-23 12:08:49 -05:00
dadd959c6a
refactor postgres hash cracking
...
refactored postgres_hashdump to report the creds
it logged in with. added a new jtr module for
dealing with postgres hashes instead of the
crappy old md5 one we had before
2014-06-23 12:02:39 -05:00
a0aca251f5
Land #3472 , releae fixes
2014-06-23 11:41:35 -05:00
0219c4974a
Release fixups, word choice, refs, etc.
2014-06-23 11:17:00 -05:00
267642aa4b
Fix description
2014-06-23 09:20:47 -05:00
cc3c06440f
Add module for ZDI-14-195, HP AutoPass License Traversal
2014-06-23 09:19:56 -05:00
40d1ec551e
Add WEP, PSK, and MGT
2014-06-21 23:15:20 -05:00
61f4c769eb
Land #3461 , Chromecast factory reset module
2014-06-21 17:43:31 -04:00
79bf80e6bf
Add generic error handling
...
Just in case a factory reset happens to fail.
2014-06-21 15:35:03 -05:00
469fae7058
Land #3465 , @hmoore-r7's module for SMC IPMI Port 49152 file exposure vulnerability
2014-06-20 17:22:28 -05:00
252d917bbb
Fix msftidy and favor && over and
2014-06-20 17:21:10 -05:00
8cfba5770a
missing require
2014-06-20 15:22:37 -05:00
d80f4d9e67
refactor jtr_mysql_fast and mysql_hashdump
...
have mysql_hashdump report the cred it logged in with
refactor jtr_mysql to use the new jtr cracker
2014-06-20 15:21:35 -05:00
669779defb
SMB cred creation refactor
2014-06-20 15:17:40 -05:00
e8b914a62f
Download rankings for reliable exploit, but depending on a specific version without autodetection
2014-06-20 14:33:02 -05:00
191c871e9b
[SeeRM #8815 ] Dont try to exploit when generate_payload_exe fails
2014-06-20 14:07:49 -05:00
35c0ef0c68
Merge branch 'feature/MSP-9716/mssql_crack' into staging/electro-release
2014-06-20 12:39:07 -05:00
99b1702559
Merge branch 'master' into staging/electro-release
...
Conflicts:
lib/msfenv.rb
2014-06-20 11:38:47 -05:00
f0d04fe77e
Do some randomizations
2014-06-20 11:38:10 -05:00
f26f8ae5db
Change module filename
2014-06-20 11:27:49 -05:00
33eaf643aa
Fix usage of :concat_operator operator
2014-06-20 11:27:23 -05:00
5542f846d6
Merge to solve conflicts
2014-06-20 11:24:08 -05:00
a929a55404
fix show command parsing
...
this ius better than a regex and handles special charachters
in usernames and passwords far better than the previous way
2014-06-20 10:48:42 -05:00
4203e75777
Land #3408 , @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950
2014-06-20 10:27:32 -05:00
f74594c324
Order metadata
2014-06-20 10:26:50 -05:00
a081beacc2
Use Gem::Version for string versions comparison
2014-06-20 09:44:29 -05:00
5d6b582adc
Update modules to use new path.
2014-06-19 18:44:19 -05:00
93da4dc561
account for mssql12 format
...
mssql2012 and later uses a new format. some versions
of john support this and some do not yet
2014-06-19 16:11:14 -05:00
45dc197827
Lands 3454, exploits/linux/ids/alienvault_centerd_soap_exec
2014-06-19 15:58:33 -05:00
d28ced5b7b
change module filename
2014-06-19 15:56:55 -05:00
a0386f0797
Fix cmd_concat_operator
2014-06-19 15:52:55 -05:00
4453dcdc8e
some minor fixes
2014-06-19 15:45:24 -05:00
fa5fc724eb
Fix the disclosure date
2014-06-19 15:36:17 -05:00
f7fd17106a
Add the final cari.net URL
2014-06-19 15:33:06 -05:00
aca532b994
making egypt happy
...
it's a full time job
2014-06-19 15:07:33 -05:00
dbd0bc5fa2
Refactor windows_autologin creds
2014-06-19 14:38:31 -05:00
9421beedb3
Refactor http_login
2014-06-19 14:12:21 -05:00
0ff8708e6d
some minor fixes
2014-06-19 13:08:43 -05:00
53352924d2
Merge branch 'staging/electro-release' into feature/MSP-9716/mssql_crack
...
Conflicts:
Gemfile
2014-06-19 12:45:53 -05:00
20f7cde9cc
add incremental and single modes
...
make sure we run single mode and incremnetal modes
during our runs through these hashes.
2014-06-19 12:38:01 -05:00
bb120fd1e2
report access level on mssql_hashdump
...
if we know we have admin access on mssql hashdumop
we should report that on the Login object.
2014-06-19 12:20:42 -05:00
d3c77b345c
report cracked credentials
...
also makes mssql_hashdump report the credentials it logged in with
2014-06-19 12:16:49 -05:00
62f4054858
startring refactor on jtr_mssql
...
started work on the mssql hash cracker
fixed some minor bugs with the underlying mixin
crackers now runs. still have to have the cred objects created
2014-06-18 14:50:08 -05:00
190923e9a7
Merge pull request #79 from rapid7/feature/MSP-9699/axis2-refactor
...
Refactor axis_login
2014-06-18 11:43:23 -05:00
86f523f00c
concator handling
2014-06-18 18:15:58 +02:00
4c3cc793ba
fix missing .present?
2014-06-18 10:52:27 -05:00
58b016202b
Merge branch 'staging/electro-release' into feature/MSP-9709/ssh-pubkey
2014-06-18 10:50:29 -05:00
2b0bb608b1
Merge branch 'master' into staging/electro-release
2014-06-18 10:49:58 -05:00
075eec39e1
Add Chromecast factory reset module
2014-06-18 10:04:17 -05:00
45ea59050c
Fix the if cleanup
2014-06-17 23:40:00 -05:00
288430d813
wraps some long lines
2014-06-17 22:30:28 -05:00
c685e0d06e
Land #3444 , chromecast wifi enumeration
2014-06-17 22:09:58 -04:00
5879ca3340
Merge branch 'upstream/master' into meatballs x64_injection
2014-06-18 10:24:33 +10:00
bab1e30557
Land #3460 , Ericom AccessNow Server BOF exploit
2014-06-17 19:10:34 -05:00
9af9d2f5c2
slight cleanup
2014-06-17 19:08:31 -05:00
5f176a56cb
Fix typo
2014-06-17 17:16:46 -05:00
d114dd1da2
Fix bugs. :fail != :failed
2014-06-17 17:12:50 -05:00
d6de0da5a7
Refactor axis_login
2014-06-17 17:07:53 -05:00
1133332702
Finish module
2014-06-17 15:01:35 -05:00
1394ad1431
Break my double quote habit
...
Doesn't it feel better? C doesn't love me anymore.
2014-06-17 14:22:55 -05:00
8f8af0e93a
Add draft version
2014-06-17 14:21:49 -05:00
03fa858089
Added newline at EOF
2014-06-17 21:05:00 +02:00
8e1949f3c8
Added newline at EOF
2014-06-17 21:03:18 +02:00
8376b4aa2b
Map constants to readable values
...
Thanks, @zeroSteiner and @kernelsmith. :)
2014-06-17 13:10:08 -05:00
b710014ece
Land #3435 -- Rocket Servergraph ZDI-14-161/162
2014-06-17 18:06:03 +10:00
508998263b
removed wrong module file
2014-06-17 08:57:46 +02:00
6f45eb13c7
moved module file
2014-06-17 08:56:07 +02:00
a5eed71d50
renamed and other module removed
2014-06-17 08:50:09 +02:00
e908b7bc25
renamed and other module removed
2014-06-17 08:49:46 +02:00
6237d56398
Refactor ssh_login_pubkey
...
* Fix a bug in LoginScanner::SSHKey (which was copy-pasted from SSH)
where the ssh_socket accessor was not being set because of a
shadowing local var
* Fix a bug in the db command dispatcher where an extra column was
added to the table, causing an unhandled exception when running the
creds command
* Add a big, ugly, untested class for imitating
Metasploit::Framework::CredentialCollection for ssh keys. This class
continues the current behavoir of silently ignoring files that are a)
encrypted or b) not private keys.
* Remove unnecessary proof gathering in the module (it's already
handled by the LoginScanner class)
2014-06-16 18:38:20 -05:00
f464c5ee97
dlink msearch commmand injection
2014-06-16 22:12:15 +02:00
d44d409ff2
Land #3407 , @julianvilas's exploit for Java JDWP RCE
2014-06-16 13:38:51 -05:00
6a780987d5
Do minor cleanup
2014-06-16 13:37:44 -05:00
f7b892e55b
Add module for AlienVault's ZDI-14-202
2014-06-16 12:10:30 -05:00
19da7d551e
Kill newline (race @wvu-r7 on this)
...
See PR #3453
2014-06-16 11:46:08 -05:00
2aa26fa290
Minor spacing and word choice fixups
2014-06-16 11:40:21 -05:00
2cedee1aef
Merge pull request #74 from rapid7/feature/MSP-9744/autologin_password
...
Land #74 , @wvu-r7's refactor of osx autologin_password module.
2014-06-16 11:29:49 -05:00
29f5344d26
Drop merge of service_data, since it doesn't exist
2014-06-16 09:27:01 -05:00
461fba97d7
Update forgotten call to js() in webview exploit.
2014-06-15 23:43:05 -05:00
5fe8814af6
Land #3330 adding admin check to smb_login
2014-06-15 14:42:26 -05:00
caa1e10370
Add feature for disabling Java Security Manager
2014-06-15 20:35:19 +02:00
12ec785bdb
clean up, echo stager, concator handling
2014-06-14 17:37:09 +02:00
8eb21ded97
clean up
2014-06-14 17:02:55 +02:00
9b43749916
Land #3418 - android adobe reader addjisf pdf exploit
...
Merge branch 'landing-3418' into upstream-master
2014-06-14 11:25:29 +01:00
3abfa3e12e
change to case switch
2014-06-13 19:17:28 -04:00
4b78f0ad7c
Merge branch 'feature/MSP-9723/glassfish_deployer' into staging/electro-release
2014-06-13 16:11:14 -05:00
07d8921b0b
Merge branch 'feature/MSP-9747/pgpass_creds' into staging/electro-release
2014-06-13 16:06:15 -05:00
d246e28cb3
Merge branch 'feature/MSP-9733/ftpnavigator' into staging/electro-release
2014-06-13 16:03:06 -05:00
2f1032d617
Add a missing comma and a comment
2014-06-13 15:48:14 -05:00
da74777570
Merge branch 'feature/MSP-9729/enum_cred_store' into staging/electro-release
2014-06-13 15:46:08 -05:00
72fdf6a607
Get rid of the rest of the service stuff
2014-06-13 15:45:13 -05:00
8be602e487
Merge branch 'feature/MSP-9734/ftpx' into staging/electro-release
2014-06-13 15:36:43 -05:00
1df7362774
Merge branch 'feature/MSP-9740/outlook' into staging/electro-release
2014-06-13 15:34:06 -05:00
81d47c4eb3
Merge branch 'feature/MSP-9730/epo_sql' into staging/electro-release
2014-06-13 15:31:41 -05:00
a3eea2f712
Add better handling of host and port
2014-06-13 15:22:09 -05:00
fa8c9bc4f3
Merge pull request #75 from rapid7/feature/MSP-9692/afp_login
...
MSP-9692 #land
2014-06-13 10:51:26 -05:00
2fe7593559
Land #3433 , @TecR0c's exploit for Easy File Management Web Server
2014-06-13 09:54:12 -05:00
eddac55c37
Remove spaces at EOL.
2014-06-13 08:37:44 -05:00
a3ae177347
echo stager, arch_cmd, echo module
2014-06-13 11:42:47 +02:00
894af92b22
echo stager, arch_cmd
2014-06-13 11:40:50 +02:00
4593c309f5
Fix a dummy because I can't read
2014-06-12 19:10:24 -05:00
9d89730026
Use realm instead of private
2014-06-12 18:46:13 -05:00
f452652f54
Merge pull request #61 from rapid7/feature/MSP-9708/ssh-bruteforce
...
Functional steps updated and passing, along with specs. Proof being maintained seemed off, but it's not persisted, just used for setting platform.
MSP-9708 #land
2014-06-12 18:37:44 -05:00
277c9d68bc
Remove service_name, since it doesn't make sense
2014-06-12 18:37:00 -05:00
5d19410294
Don't use getaddress with session.session_host
2014-06-12 18:30:51 -05:00
3a1578bead
Don't use getaddress with session.session_host
2014-06-12 18:29:46 -05:00
3ad3ca88e5
Use session.session_host
2014-06-12 18:26:01 -05:00
a7416332e3
Merge branch 'feature/MSP-9732/flashfxp' into staging/electro-release
2014-06-12 18:02:20 -05:00
d215b8e5b2
Merge pull request #47 from rapid7/feature/MSP-9712/winrm-bruteforce
...
45 merged, steps passing.
MSP-9712 #land
2014-06-12 16:04:17 -05:00
52d63f51bb
Merge pull request #50 from rapid7/feature/MSP-9705/postgres_login
...
Verily verified.
MSP-9705 #land
2014-06-12 15:49:39 -05:00
1969c8f018
Merge branch 'feature/MSP-9727/bulletproof_ftp' into staging/electro-release
2014-06-12 15:41:57 -05:00
ff2fc68d11
Fix busted vars
2014-06-12 15:37:06 -05:00
18a2e0928c
Merge branch 'feature/MSP-9737/wsftp_client' into staging/electro-release
2014-06-12 15:08:26 -05:00
539f30e720
refactor afp_login
2014-06-12 14:16:05 -05:00
1ab379a0fe
Land #3448 , ident =! indent
2014-06-12 14:15:06 -05:00
e9783200f2
Land #3447 , fix variable typo
2014-06-12 14:07:34 -05:00
96e492f572
Merge branch 'master' into staging/electro-release
2014-06-12 14:02:27 -05:00
86671796b7
Refactor autologin_password creds
2014-06-12 13:54:52 -05:00
cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key)
2014-06-12 13:41:44 -05:00
a647246148
Use correct variable name
2014-06-12 19:38:41 +01:00
62a4991508
Land #3446 , some code cleanup from @todb-r7
2014-06-12 13:35:36 -05:00
d9d16e436a
Refactor epo_sql creds
2014-06-12 13:23:11 -05:00
3f5e50d18f
Aux modules don't have ranking.
...
msftidy should have defintely caught this. That it didn't catch on
Travis-CI concerns me. Need to research this.
2014-06-12 13:21:59 -05:00
1aa029dbed
Avoid double quotes in the initialize/elewhere
...
There is no need to have double quotes there for uninterpolated strings,
and every other module uses single quotes.
2014-06-12 13:20:59 -05:00
74cb5cd79e
Fix bad copypasta
2014-06-12 13:17:12 -05:00
302e495451
Fix bad indent
2014-06-12 13:13:05 -05:00
89434a75c3
Fix bad indent
2014-06-12 13:10:50 -05:00
512395395b
Refactor pgpass_creds creds
2014-06-12 13:08:47 -05:00
c7bb0f1eb8
Fix bad copypasta
2014-06-12 12:59:35 -05:00
0d92ae08dd
Refactor enum_cred_store creds
2014-06-12 12:57:46 -05:00
fe33444858
Merge pull request #58 from rapid7/feature/MSP-9693/db2_auth
...
Errors resolved, cred created
MSP-9693 #land
2014-06-12 12:49:54 -05:00
429d85dc5d
Refactor flashfxp creds
2014-06-12 12:40:33 -05:00
e96a70a0f5
Refactor outlook creds
2014-06-12 12:31:12 -05:00
e85f829ee4
modules living inside scanner should include the Scanner mixin
2014-06-12 12:20:44 -05:00
fa4e835804
Fix up scanner mixin usage, actual test/bug fix
2014-06-12 11:52:34 -05:00
430b3d181e
Merge pull request #67 from rapid7/feature/MSP-9695/ftp_login
...
Access level string clarified, specs passing, valid looking cores with proper info
MSP-9695 #land
2014-06-12 11:33:18 -05:00
71a4f1ab33
Clarified RW access level
...
MSP-9695
2014-06-12 11:32:20 -05:00
67d4097e1d
Land #3271 , @claudijd's Cisco ASA SSL VPN Bruteforce Aux Module
2014-06-12 11:27:23 -05:00
487bf219f0
Rename to match the title
2014-06-12 11:23:34 -05:00
7650067b41
Fix metadata
2014-06-12 11:22:52 -05:00
e76c85c5d1
Fix usage of print_*
2014-06-12 11:13:45 -05:00
e4ff07dfa8
Merge branch 'staging/electro-release' into feature/MSP-9693/db2_auth
2014-06-12 10:52:06 -05:00
88f8b585a3
Merge branch 'staging/electro-release' into feature/MSP-9705/postgres_login
...
Conflicts:
Gemfile
Gemfile.lock
2014-06-12 10:47:02 -05:00
a5d88fd2ab
Space in arg list, because I don't hate feedom.
2014-06-12 10:29:14 -05:00
2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX
2014-06-11 22:27:25 -05:00
56efd82112
Correct the disclosure date.
2014-06-11 21:53:42 -05:00
6bc37cca0c
Land #3430 , @brandonprry's generic MongoDB injection enum.
2014-06-11 21:41:23 -05:00
23f7fe45ed
Add Chromecast wifi enumeration module
2014-06-11 21:00:47 -05:00
88273f87db
Targets update
2014-06-11 21:50:16 -04:00
2296dea5ad
Clean and fix
2014-06-12 01:55:27 +02:00
4f67db60ed
Modify breakpoint approach by step into
2014-06-12 01:23:20 +02:00
c074ebda7b
refactor telnet_login
2014-06-11 17:46:42 -05:00
85bee6ea12
Update ftp_login.rb
2014-06-11 17:29:23 -05:00
e6aba3ee35
Land #3438 , chromecast youtube video aux module
2014-06-11 18:21:12 -04:00
cca91dd7c5
Update mongodb_js_inject_collection_enum.rb
...
some @jvennix-r7 fixes
2014-06-11 17:07:57 -05:00
83a2dc250d
make ftp guest attempts optional
2014-06-11 16:37:59 -05:00
c8e1fab6ec
Merge branch 'staging/electro-release' into feature/MSP-9708/ssh-bruteforce
...
Conflicts:
lib/metasploit/framework/credential.rb
2014-06-11 16:28:01 -05:00
b756395eaa
Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce
...
Conflicts:
lib/metasploit/framework/credential_collection.rb
spec/lib/metasploit/framework/credential_collection_spec.rb
2014-06-11 16:21:59 -05:00
1164cf5363
refactor ftp_login
...
uses new cred goodness
2014-06-11 16:21:55 -05:00
87a9ee9a69
Merge pull request #59 from rapid7/feature/MSP-9697/tomcat_login
...
Feature/msp 9697/tomcat login
MSP-9697 #land
2014-06-11 15:35:09 -05:00
0bac24778e
Fix the case statements to match platform
2014-06-11 15:22:55 -05:00
d5b32e31f8
Fix a typo where platform was 'windows' not 'win'
...
This was reported by dracu on freenode
2014-06-11 15:10:33 -05:00
8b35815ead
Move module to post/firefox/manage.
2014-06-11 15:10:22 -05:00
bdd86bf863
Add check for windows bug (RM#8810).
2014-06-11 15:09:52 -05:00
81019ed850
Supermicro work
2014-06-11 15:03:54 -05:00
6c0d668f0a
Merge pull request #55 from rapid7/feature/MSP-9701/msssql_login
...
Feature/msp 9701/msssql login
MSP-9701 #land
2014-06-11 13:48:59 -05:00
84aa0d42ed
Merge pull request #57 from rapid7/bug/MSP-10004/rubyzip
...
Trevor added a 0.4.1 tag right before this PR landed, making this unmergable. Pulled in staging/electro-release, specs passing.
2014-06-11 13:48:03 -05:00
1903542683
Merge branch 'staging/electro-release' into bug/MSP-10004/rubyzip
...
Conflicts:
Gemfile
Gemfile.lock
2014-06-11 13:42:26 -05:00
e8752f9c56
Point to correct creds version
2014-06-11 13:38:35 -05:00
651871bd7a
Resolve upstream conflict
2014-06-11 13:34:45 -05:00
ac94f8e861
Refactor bulletproof_ftp creds
2014-06-11 13:04:58 -05:00
7147a88968
Refactor ftpnavigator creds
2014-06-11 12:57:45 -05:00
676afe391a
Refactor gpp creds
2014-06-11 12:48:00 -05:00
41ff4c3dce
Refactor ftpx creds
2014-06-11 12:35:15 -05:00
9593422f9c
Merge branch 'master' into staging/electro-release
2014-06-11 10:23:56 -05:00
34f98ddc50
Do minor cleanup
2014-06-11 09:20:22 -05:00
b27b00afbb
Added target 4.0 and cleaned up exploit
2014-06-11 06:22:47 -07:00
f1382af018
Added target 4.0 and cleaned up exploit
2014-06-11 06:20:49 -07:00
6ca5cf6c26
Add Chromecast YouTube remote control
2014-06-11 00:08:08 -05:00
fb8c1f4c4b
Refactor ssh_login to use LoginScanner stuffs
...
Also, Metasploit::Credential::Creation stuffs.
2014-06-10 17:30:06 -05:00
73c3409133
Prayer
...
Merge branch 'staging/electro-release' into feature/MSP-9711/vnc_login
2014-06-10 16:01:24 -05:00
c06fd21fb1
refactor tomcat_mgr_login
...
uses the new Metasploit::Credential magic now
2014-06-10 15:59:00 -05:00
693c4aae66
make sure we capture realms
...
need to account for the possability of
realms in mssql_login
2014-06-10 14:41:45 -05:00
b05e7fb9ac
Fix require
...
MSP-10004
Change 'zip/zip' to 'zip' to match >= 1.0.0 rubyzip API.
2014-06-10 13:58:07 -05:00
74d376e387
refactor db2_auth module
...
you know what it is
2014-06-10 13:43:07 -05:00
4d923a4809
Update to Rubyzip 1.X API
...
MSP-10004
`require 'zip'` instead of `'zip/zip'` and rename all classes to remove
redundant Zip prefix inside the Zip namespace.
2014-06-10 13:41:42 -05:00
44540e6d00
Land #3437 , CSS Injection MITM scanner
2014-06-10 13:36:35 -05:00
4aa1fee398
Land #3326 , @FireFart's Heartbleed - server response parsing
2014-06-10 13:27:28 -05:00
6b52da2901
Merge branch 'staging/electro-release' into feature/MSP-9693/db2_auth
2014-06-10 13:17:10 -05:00
9826a57429
Update coreftp.rb
2014-06-10 13:01:19 -05:00
dffc9b6852
Use the new hash syntax for consistency
2014-06-10 12:56:15 -05:00
af04d5dd05
Use the new hash syntax for consistency
2014-06-10 12:54:35 -05:00
00fcdc25f2
Use getaddress on rhost
2014-06-10 12:50:53 -05:00
d7fd7b8d1e
Refactor wsftp_client creds
2014-06-10 12:05:04 -05:00
0c89d6cdce
refactor mssql_login
...
now uses all the Metasploit::Credential goodness
2014-06-10 11:49:08 -05:00
15ceb1e826
put calls in right place it helps
2014-06-10 11:17:19 -05:00
63ec83ea90
missing public
...
missing the public in the invalidate_login call
now fixed
2014-06-10 11:12:17 -05:00
6362eac0b0
add invalidate_login call
2014-06-10 11:11:22 -05:00
e9d9806408
invalidate_login
...
added invalidate_login call
also made to_s on credential drop the @
if there is no realm present
2014-06-10 11:07:15 -05:00
dc590008a7
add invalidate_login call
...
add the new invalidate login call to make sure
we update the status on failed logins appropriately
2014-06-10 10:58:27 -05:00
521284253f
Be more clear about the vuln and impact
2014-06-10 10:29:23 -05:00
2c8a99143b
Land #3426 , @Meatballs1's Python v2.3.3 Compatible Command Shell payloads
2014-06-10 09:55:58 -05:00
Spencer McIntyre
William Vu
sinn3r
David Maloney
jakxx
James Lee
Chris Doughty
Trevor Rosen
Rob Fuller
Joshua Smith
OJ
HD Moore
Meatballs
Tod Beardsley
jvazquez-r7
Michael Messner
Christian Mehlmauer
jvennix-r7
scriptjunkie
Julian Vilas
Tim Wright
Samuel Huckins
Jon Cave
Brandon Perry
TecR0c
Luke Imhoff