Joshua Smith
b21d5c1801
use TARGET_URI if given, otherwise TARGET_URIS_FILE
2014-03-31 18:05:20 -04:00
Spencer McIntyre
5e9e7e15c8
Return whether result is nil or not.
2014-03-31 18:05:20 -04:00
Spencer McIntyre
0ac112b5e7
Support checking a single URI for ntlm information.
2014-03-31 18:05:19 -04:00
Tod Beardsley
6474c7be5c
Land #3166 and also #3167
...
[Closes #3167 ]
2014-03-31 16:21:07 -05:00
William Vu
3b6d73420e
Fix syntax error in dns_amp
2014-03-31 16:18:49 -05:00
William Vu
d9df2fbf08
Land #3158 , msftidy rank check for aux modules
2014-03-31 15:17:30 -05:00
Joshua Smith
159bc264a4
unretards the uri normalize loop
2014-03-31 15:58:21 -04:00
Joshua Smith
2290249a42
uses fail_with to bomb out on datastore probs
2014-03-31 15:52:05 -04:00
Joshua Smith
4f121e3e03
fixes if-logic for error condition
2014-03-31 15:38:05 -04:00
Tod Beardsley
894bbcae97
More fix-up on the DNS amplication scanner
2014-03-31 14:37:10 -05:00
Tod Beardsley
4d597174d0
Merge up from upstream/master
2014-03-31 14:33:28 -05:00
William Vu
387da26f8d
Land #3159 , HP LaserJet printer SNMP enumeration
2014-03-31 12:48:23 -05:00
William Vu
c6ceb8cdfd
Land #2929 , DNS recursion amplification scanner
2014-03-31 12:47:46 -05:00
William Vu
aaa15d13d9
Land #2928 , extended SMTP open relay checks
2014-03-31 12:47:10 -05:00
Tod Beardsley
ffdca3bf42
Fixup on some modules for release
...
There may be more coming, but if not, this should cover
this week's minor style changes.
2014-03-31 12:42:19 -05:00
Joshua Smith
2530fb9741
adds the return back in (forgot in prev commit)
2014-03-28 19:27:04 -04:00
Joshua Smith
dc4b8461e8
unbreaks & DRYs my previous change.
2014-03-28 19:15:38 -04:00
Matteo Cantoni
c559a6b39f
fix description
...
(cherry picked from commit 7c860b9553
)
2014-03-28 17:36:21 -05:00
Matteo Cantoni
ae53d75cdb
Module to HP LaserJet Printer SNMP Enumeration
...
(cherry picked from commit f18fef1864
)
2014-03-28 17:36:21 -05:00
William Vu
2344a9368e
Fix warnings generated by #3158
...
Keeping ManualRanking for DoS modules.
2014-03-31 12:35:15 -05:00
jvazquez-r7
9374777da1
Land #2996 , @mcantoni's jboss status aux module
2014-03-28 16:07:08 -05:00
jvazquez-r7
7689751c10
Module module location
2014-03-28 16:05:37 -05:00
jvazquez-r7
e3ec0e7624
Clean up jboss_status module
2014-03-28 16:04:43 -05:00
William Vu
5458200434
Fix a couple minor annoyances in PJL
2014-03-28 02:19:30 -05:00
William Vu
c1fdc4d945
Fix a couple things that were bugging me
2014-03-28 02:15:38 -05:00
coma
107901b481
Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra msftidy fix
2014-03-26 22:37:21 -07:00
coma
30da3575e8
Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra
2014-03-26 21:53:12 -07:00
Tod Beardsley
5b8d8d8009
Get Pro and Framework back in sync.
2014-03-26 09:25:19 -05:00
William Vu
cd448ba46c
Land #3132 , ntp_monlist improvements
2014-03-25 15:19:45 -05:00
William Vu
1c4797337f
Clean up rapid7/metasploit-framework#3132
2014-03-25 14:04:43 -05:00
jvazquez-r7
d83f665466
Delete commas
2014-03-25 13:34:02 -05:00
Ramon de C Valle
e27adf6366
Fix msftidy warnings
2014-03-25 10:39:40 -03:00
Ramon de C Valle
473f745c3c
Add katello_satellite_priv_esc.rb
...
This module exploits a missing authorization vulnerability in the
"update_roles" action of "users" controller of Katello and Red Hat
Satellite (Katello 1.5.0-14 and earlier) by changing the specified
account to an administrator account.
2014-03-24 23:44:44 -03:00
Brandon Turner
460a1f551c
Fix for R7-2014-05
2014-03-24 14:12:12 -05:00
Tod Beardsley
cd9182c77f
Msftidy warning fix on Joomla module.
...
Pre-commit hooks people.
2014-03-24 12:03:12 -05:00
Joshua Smith
312f117262
updates file read to close file more quickly
2014-03-21 14:53:15 -04:00
Matteo Cantoni
4b2a2d4dea
Improve NTP monlist auxiliary module
2014-03-21 16:39:53 +01:00
Matteo Cantoni
fbcd661504
removed snmp_enum_hp_laserjet from this pull request
2014-03-21 15:58:53 +01:00
Spencer McIntyre
aa26405c23
Cleanup an expression and avoid fail_with
2014-03-20 17:33:09 -04:00
sinn3r
0c4b71c8bf
Land #3094 - Joomla weblinks-categories Unauth SQLI Arbitrary File Read
2014-03-20 12:08:18 -05:00
sinn3r
93ad818358
Fix header and e-mail format for author
2014-03-20 12:07:50 -05:00
Spencer McIntyre
74398c4b6e
Allow using a single URI and/or a list of URIs
2014-03-20 09:54:02 -04:00
Joshua Smith
a8d919feb0
use TARGET_URI if given, otherwise TARGET_URIS_FILE
2014-03-19 23:32:04 -05:00
Brandon Perry
9b2cfb6c84
change default targeturi to something more universal
2014-03-19 21:03:50 -05:00
Brandon Perry
b52a535609
add official url
2014-03-19 20:41:32 -05:00
Brandon Perry
ab42cb1bff
better error handling for the user
2014-03-19 18:46:57 -05:00
William Vu
b79920ba8f
Land #3089 , InvalidWordCount fix for smb_login
...
[FixRM #8730 ]
2014-03-19 16:12:56 -05:00
sinn3r
fe0b76e24e
Land #2994 - OWA 2013 support
2014-03-19 13:16:37 -05:00
Brandon Perry
2ef2f9b47c
use vars_get
2014-03-19 07:51:34 -07:00
Brandon Perry
920b2da720
Merge branch 'master' into joomla_sqli
2014-03-19 07:43:32 -07:00
xistence
8fdb5250d4
changes to smtp relay aux module
2014-03-17 15:09:29 +07:00
David Maloney
da0c37cee2
Land #2684 , Meatballs PSExec refactor
2014-03-14 13:01:20 -05:00
Brandon Perry
a01dd48640
a bit better error message if injection works but no file
2014-03-13 13:38:43 -07:00
Brandon Perry
b0688e0fca
clarify LOAD_FILE perms in description
2014-03-13 13:11:27 -07:00
Brandon Perry
2734b89062
update normalize_uri calls
2014-03-13 06:55:15 -07:00
William Vu
5aad8f2dc3
Land #3088 , SNMP timestamp elements fix
2014-03-13 02:22:14 -05:00
Brandon Perry
7540dd83eb
randomize markers
2014-03-12 20:11:55 -05:00
Brandon Perry
3fedafb530
whoops, extra char
2014-03-12 19:54:58 -05:00
Brandon Perry
aa00a5d550
check method
2014-03-12 19:47:39 -05:00
Brandon Perry
9cb1c1a726
whoops, typoed the markers
2014-03-12 10:58:34 -07:00
Brandon Perry
6636d43dc5
initial module
2014-03-12 10:46:56 -07:00
Tod Beardsley
206660ddde
Recreate the intent of cfebdae from @parzamendi-r7
...
The idea was to rescue on a NoReply instead of just fail, and was part
of a fix in #2656 .
[SeeRM #8730 ]
2014-03-11 14:30:01 -05:00
sho-luv
f7af9780dc
Rescue InvalidWordCount error
...
This is a cherry-pick of commit ea86da2 from PR #2656
2014-03-11 14:17:36 -05:00
James Lee
f51ee2d6b4
snmp_enum: Treat missing timestamp elements as 0
...
Timestamps don't always have all the elements we expect. This treats
them as zeroes to ensure that we don't raise silly exceptions in that
case.
2014-03-11 12:44:07 -05:00
William Vu
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
jvazquez-r7
8cfa5679f2
More nick instead of name
2014-03-10 16:12:44 +01:00
jvazquez-r7
bc8590dbb9
Change DoS module location
2014-03-10 16:12:20 +01:00
sinn3r
e32ff7c775
Land #3077 - Allow TFTP server to take a host/port argument
2014-03-08 00:58:52 -06:00
Tod Beardsley
151e2287b8
OptPath, not OptString.
2014-03-07 10:52:45 -06:00
Tod Beardsley
5cf1f0ce4d
Since dirs are required, server will send/recv
...
This does change some of the meaning of the required-ness of the
directories. Before, if you wanted to serve files, but not receive any,
you would just fail to set a OUTPUTPATH.
Now, since both are required, users are required to both send and
recieve. This seems okay, you can always just set two different
locations and point the one you don't want at /dev/null or something.
2014-03-07 10:49:11 -06:00
Tod Beardsley
37fa4a73a1
Make the path options required and use /tmp
...
Otherwise it's impossible to run this module without setting the options
which were not otherwise validated anyway.
2014-03-07 10:41:18 -06:00
Spencer McIntyre
ebee365fce
Land #2742 , report_vuln for MongoDB no auth
2014-03-06 19:34:45 -05:00
Spencer McIntyre
84f280d74f
Use a more descriptive MongoDB vulnerability title
2014-03-06 19:20:52 -05:00
Tod Beardsley
8a0531650c
Allow TFTP server to take a host/port argument
...
Otherwise you will tend to listen on your default ipv6 'any' address and
bound to udp6 port 69, assuming you haven't bothered to disable your
automatically-enabled ipv6 stack.
This is almost never correct.
2014-03-06 16:13:20 -06:00
sinn3r
7cb6e7e261
Land #3057 - MantisBT Admin SQL Injection Arbitrary File Read
2014-03-04 17:52:29 -06:00
sinn3r
f0e97207b7
Fix email format
2014-03-04 17:51:24 -06:00
Brandon Perry
c86764d414
update default password to root
2014-03-04 11:55:30 -08:00
Brandon Perry
2b06791ea6
updates regarding PR comments
2014-03-04 10:08:31 -08:00
Brandon Perry
a3523bdcb9
Update mantisbt_admin_sqli.rb
...
remove extra new line and fix author line
2014-03-04 08:44:53 -06:00
Brandon Perry
98b59c4103
update desc
2014-03-03 12:40:58 -08:00
Brandon Perry
c5d1071456
add mantisbt aux module
2014-03-03 12:36:38 -08:00
Tod Beardsley
de6be50d64
Minor cleanup and finger-wagging about a for loop
2014-03-03 14:12:22 -06:00
William Vu
fd1586ee6a
Land #2515 , plaintext creds fix for John
...
[FixRM #8481 ]
2014-02-28 09:53:47 -06:00
Spencer McIntyre
12e4e0e36d
Return whether result is nil or not.
2014-02-28 10:17:37 -05:00
Spencer McIntyre
dfa91310c2
Support checking a single URI for ntlm information.
2014-02-28 08:47:29 -05:00
jgor
8be33f42fe
Define service as udp
2014-02-27 12:53:29 -06:00
Peter Arzamendi
ea5fe9ec0a
Updated to use get_cookie
2014-02-27 08:52:54 -06:00
Peter Arzamendi
9e52a10f2d
Set SSL to default to true and removed SSL from register_options. Updated Author to include full name
2014-02-26 20:49:03 -06:00
jvazquez-r7
bfdefdb338
Land #3023 , @m-1-k-3's module for Linksys WRT120N bof reset password
2014-02-26 09:36:14 -06:00
jvazquez-r7
6ba26bf743
Use normalize_uri
2014-02-26 09:35:42 -06:00
jvazquez-r7
582372ec3e
Do minor cleanup
2014-02-26 09:32:11 -06:00
jvazquez-r7
0531abb691
Land #3026 , @ribeirux DoS module for CVE-2014-0050
2014-02-26 08:53:55 -06:00
jvazquez-r7
449d0d63d1
Do small clean up
2014-02-26 08:52:51 -06:00
Michael Messner
b79197b8ab
feedback included, cleanup, login check
2014-02-26 13:44:36 +01:00
William Vu
63bbe7bef2
Land #3034 , 302 redirect for http_basic
2014-02-25 13:54:58 -06:00
William Vu
4cc91095de
Fix minor formatting issues
2014-02-25 13:48:37 -06:00
kn0
6783e31c67
Used the builtin send_redirect method in Msf::Exploit::Remote::HttpServer instead of creating a redirect inline
2014-02-24 15:59:49 -06:00
ribeirux
ead7cbc692
Author and URI fixed
2014-02-24 22:20:34 +01:00
kn0
f1e71b709c
Added 301 Redirect option to Basic Auth module
2014-02-24 14:59:20 -06:00
William Vu
6f398f374e
Land #3032 , inside_workspace_boundary? typo fix
2014-02-24 14:55:09 -06:00
James Lee
d2945b55c1
Fix typo
...
inside_workspace_boundary() -> inside_workspace_boundary?()
2014-02-24 14:46:08 -06:00
sinn3r
5cdd9a2ff3
Land #2995 - sqlmap minor cleanup, description & file tests
2014-02-24 10:39:01 -06:00
ribeirux
8f7f1d0497
Add module for CVE-2014-0050
2014-02-22 14:56:59 +01:00
Michael Messner
ec8e1e3d6f
small fixes
2014-02-21 21:59:45 +01:00
Michael Messner
1384150b7a
make msftidy happy
2014-02-21 21:56:46 +01:00
Michael Messner
c77fc034da
linksys wrt120 admin reset exploit
2014-02-21 21:53:56 +01:00
jvazquez-r7
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
xistence
1864089085
removed rport definition
2014-02-17 11:32:24 +07:00
Matteo Cantoni
8a24da9eea
Module to query Jboss status servlet
2014-02-15 17:46:52 +01:00
Tod Beardsley
f6be574453
Slightly better file checks on sqlmap.py
2014-02-15 09:58:03 -06:00
Tod Beardsley
dacbf55fc1
Minor cleanup of title and desc on sqlmap
2014-02-15 09:55:06 -06:00
Royce Davis
0e7074c139
Modififed output for smb_enumshares module
2014-02-14 13:39:13 -06:00
Royce Davis
6dc9840064
Modified output for smb_enumshares
2014-02-14 13:12:52 -06:00
Russell Sim
ee3f1fc25b
Record successful passwordless access to mongodb
2014-02-14 08:52:17 +11:00
Matteo Cantoni
7c860b9553
fix description
2014-02-13 21:11:50 +01:00
Peter Arzamendi
5ef40e3844
Removed bad sets on datastore['USERNAME'] and datastore['PASSWORD']
2014-02-12 13:31:03 -06:00
Peter Arzamendi
2b8a8259f9
Updates to support OWA 2013 and some syntax changes
2014-02-12 09:40:49 -06:00
xistence
6944c54d13
Added EXTENDED option to smtp_relay
2014-02-12 15:44:53 +07:00
jvazquez-r7
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
Tod Beardsley
1236a4eb07
Fixup on description and some option descrips
2014-02-10 14:41:59 -06:00
sinn3r
8a8bc74687
Land #2940 - DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials
2014-02-10 13:49:02 -06:00
sinn3r
306b31eee3
Small changes before merging
2014-02-10 13:47:31 -06:00
xistence
02fb84db20
Changed dns_amp to avoid false positives
2014-02-10 17:13:06 +07:00
jvazquez-r7
ac52edabd5
Land #2801 , Land @kicks4kittens IBM Sametime modules
2014-02-06 10:17:03 -06:00
jvazquez-r7
30c325c22e
Make better json check
2014-02-06 10:16:26 -06:00
kicks4kittens
564f9bccc8
Correct print output
...
Printing the room details is the purpose of the module.
Reinstated printing the table in non-verbose mode (users won't know it's there otherwise)
2014-02-05 22:00:02 +01:00
kicks4kittens
445cd7be5a
remove "on {peer}
...
line already includes {peer} info
2014-02-05 21:57:58 +01:00
kicks4kittens
4c0c9101aa
Correct check, reinstate print
...
Corrected JSON check (response is empty, but valid JSON on check success)
Reinstated print to warn user (not only in VERBOSE)
2014-02-05 21:56:56 +01:00
kicks4kittens
60cf68f899
added default SSL
2014-02-05 21:54:02 +01:00
kicks4kittens
3560b41eb2
correct variable name
...
body isn't valid, replaced with res.body and tested
2014-02-05 21:51:55 +01:00
kicks4kittens
38add0ab50
alter print_status
...
Altered print_status to print_good to differentiate when user is online easier
2014-02-05 21:49:39 +01:00
sinn3r
89e1bcc0ca
Deprecate modules with date 2013-something
...
These modules had an expiration date of 2013.
2014-02-04 14:49:18 -06:00
William Vu
a58698c177
Land #2922 , multithreaded check command
2014-02-04 11:21:05 -06:00
jvazquez-r7
cccf2e4258
Land #2926 , @xistence A10 Networks Loadbalancer dir traversal module
2014-02-04 07:28:51 -06:00
jvazquez-r7
cc09367c62
Change the datastore name option
2014-02-04 07:28:14 -06:00
jvazquez-r7
ffd90a3d38
Add confirmation datastore option
2014-02-03 12:40:58 -06:00
Tod Beardsley
9953821451
Fix desc on Drupal module, some peer prints
2014-02-03 12:16:06 -06:00
bcoles
9b9b2fab58
Add DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials module
2014-02-04 02:00:11 +10:30
jvazquez-r7
a92256e8d1
Clean a10networks_ax_directory_traversal
2014-02-03 08:41:23 -06:00
jvazquez-r7
53c2a737e9
Don't register rport again
2014-01-31 09:42:41 -06:00
jvazquez-r7
452042e757
Land #2925 , @xistence aux module for Support Center Plus traversal
2014-01-31 09:38:01 -06:00
jvazquez-r7
e9f04d9203
Do final cleanup for Support Center Plus module
2014-01-31 09:37:40 -06:00
jvazquez-r7
32c5d77ebd
Land #2918 , @wvu's fix for long argument lists
2014-01-31 08:49:22 -06:00
xistence
e81a0ed22b
Changes as requested for SupportCenterPlus module
2014-01-31 13:28:45 +07:00
William Vu
56287e308d
Clean up unused variables
2014-01-30 11:20:21 -06:00
xistence
8ac0ef396e
Added DNS recursion amplification scanner
2014-01-29 14:21:21 +07:00
xistence
d3be54fed6
Added Extended SMTP Open Relay aux module
2014-01-29 13:46:54 +07:00
xistence
c8296298b3
added A10Networks AX loadbalancer Dir Traversal Auxiliary Module
2014-01-28 16:37:25 +07:00
xistence
32d7f15a5c
added ManageEngine Support Center Plus directory traversal auxiliary module
2014-01-28 15:45:23 +07:00
jvazquez-r7
f766a74150
Land #2920 , @wvu-r7's author metadata update for printer aux modules
2014-01-27 13:02:31 -06:00