infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
22,715 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

3946 Commits (f156e20d4e6e6ed7dceae7c304c53708a8b47a3a)

Author SHA1 Message Date
Tod Beardsley 056661e5dd
No at-signs in names please. 2013-12-26 10:26:01 -06:00
jvazquez-r7 b02e21a1d3
Land #2779, @wchen-r7's mod to raise Msf::OptionValidateError when PORTS is invalid 2013-12-26 09:27:27 -06:00
rbsec 86a94022c0 Fix lotus_domino_hashes not working. 
Some Lotus Domino servers prefix the "dspHTTPPassword" with a dollar
sign. Updated regex to take this into account.
 2013-12-24 11:57:13 +00:00
sinn3r 213556761a
Land #2765 - Added Poison Ivy Command and Control Scanner 2013-12-23 17:36:18 -06:00
sinn3r 0a07bbdf2e Minor changes 2013-12-23 17:35:42 -06:00
jvazquez-r7 88b3b2c78e Switch RHOSTS to TARGETS and add validation 2013-12-23 11:58:26 -06:00
Bruno Morisson 94da642f5c fixed typo: innacurated -> inaccurate 2013-12-21 20:36:43 +00:00
Bruno Morisson c387a850ca Fixed default value for RESOLVE (local) 2013-12-21 19:21:57 +00:00
Bruno Morisson 6ce0bab036 Cleanup, also split IP addresses separated by commas. 2013-12-21 00:15:00 +00:00
SeawolfRN bf2dc97595 Merge branch 'poisonivyscanner' of github.com:SeawolfRN/metasploit-framework into poisonivyscanner 2013-12-20 18:46:35 +00:00
SeawolfRN ae7a0159e7 Changed to Puts and get_once - also forgot the timeout... 2013-12-20 18:44:42 +00:00
jvazquez-r7 8be481f324
Land #2681, @mcantoni and @todb-r7's support for chargen 2013-12-20 11:53:08 -06:00
jvazquez-r7 12efa99ce5 Fix udp_sweep 2013-12-20 11:47:48 -06:00
jvazquez-r7 2dc7ef4398 Fix udp_probe 2013-12-20 11:45:27 -06:00
Tod Beardsley 2f34f8458b
Downcase chargen service name 2013-12-20 10:41:53 -06:00
Tod Beardsley 35c847da94
Add chargen to udp_probe and udp_sweep 
This simplifies the checks considerably for PR #2681 from @mcantoni
 2013-12-20 10:32:15 -06:00
jvazquez-r7 eba164d2e3 Clean chargen_probe 2013-12-20 09:10:15 -06:00
Bruno Morisson 6ac0aad38b Prevent report_* when RESOLVE is remote, since hostname may be unknown and local resolution fail, thus spitting out an error and failing 2013-12-19 23:37:13 +00:00
Bruno Morisson c881ef5472 Unreachable and time out error identification 2013-12-19 22:59:56 +00:00
Matteo Cantoni a199dc39af used the recvfrom timeout 2013-12-19 20:56:11 +01:00
Bruno Morisson 773d4c5cd1 commented out response packet vprint 2013-12-19 18:35:11 +00:00
Bruno Morisson ad8a156263 RHOSTS can be a comma separated list of hostnames 2013-12-19 18:33:32 +00:00
Bruno Morisson 564601e083 msftidy - fixed 2013-12-19 17:30:34 +00:00
Bruno Morisson 2480f023b1 Dropped scanner mixin. Tried to maintain usage 2013-12-19 17:15:44 +00:00
Bruno Morisson 21d959c58d RESOLVE option takes either "remote" or "local" 2013-12-19 00:38:47 +00:00
Bruno Morisson 1778a08e98 Keeping changes away from the "ip" variable 2013-12-19 00:19:58 +00:00
sinn3r d41f05e0b6
Land #2776 - Avoid having the same port twice 2013-12-18 18:09:43 -06:00
Bruno Morisson 7ebcd5a8c9 Option to perform host resolution on remote saprouter 2013-12-18 23:53:58 +00:00
jvazquez-r7 f21d666631
Land #2744, @rcvalle module for CVE-2013-2050 2013-12-18 16:19:25 -06:00
jvazquez-r7 0eac17083a Clean cfme_manageiq_evm_pass_reset 2013-12-18 16:16:32 -06:00
sinn3r ee87f357b0 Raise Msf::OptionValidateError when the PORTS option is invalid 
Instead of print_error for invalid ports, modules should be raising
Msf::OptionValidateError to warn the user about the invalid input.
 2013-12-18 15:04:53 -06:00
sinn3r 4028dcede7 Add an input check for datastore option PORTS 
If Rex::Socket.portspec_crack returns an empty array, we assume
there are no valid ports to test, so we raise an OptionValidateError
to warn the user about it.
 2013-12-18 14:55:51 -06:00
Ramon de C Valle b9a9b90088 Update module to use added bcrypt gem 2013-12-18 16:15:35 -02:00
Ramon de C Valle e20569181b Remove EzCrypto-related code as per review 2013-12-18 16:15:22 -02:00
Ramon de C Valle ef081cec49 Add missing disclosure date as per review 2013-12-18 15:47:23 -02:00
OJ 5e4c395f86 Fix small spacing issue 2013-12-18 17:14:47 +10:00
jvazquez-r7 80eea97ccd ChrisJohnRiley fix for sap_service_discovery 2013-12-17 13:31:56 -06:00
zeknox 2eee34babf added timeout options and rescue timeout 2013-12-16 20:00:13 -06:00
zeknox fe34d0e36e fixed syntax 2013-12-16 19:26:40 -06:00
zeknox 7b8de95f6b fixed database overwriting issues 2013-12-16 19:16:12 -06:00
zeknox 07f686bb1a added ResolverArgumentError rescue statement 2013-12-16 18:46:14 -06:00
SeawolfRN 24bc10905e Added Spaces and removed Interrupt 2013-12-16 22:12:35 +00:00
SeawolfRN bf561fef95 Corrected Extraneous Whitespace\Newlines 2013-12-16 16:38:49 +00:00
SeawolfRN 79022c2e29 Probably should have checked it worked... 2013-12-16 11:33:08 +00:00
SeawolfRN 59003a9842 Updated Poison Ivy Scanner 2013-12-15 22:02:14 +00:00
SeawolfRN 226cd241bf Added Poison Ivy Command and Control Scanner\n Auxiliary module to scan for Poison Ivy C&C on ports 80,8080,443 and 3460 2013-12-15 14:34:50 +00:00
Matteo Cantoni 999006e037 fixed some things, as suggested by jvazquez-r7 2013-12-14 19:41:31 +01:00
zeknox e6f1f648be modified wordlist path, modified report_goods to log udp or tcp, made wordlist not required 2013-12-13 10:49:44 -06:00
zeknox d6e19df8e2 added additional url reference 2013-12-12 22:57:23 -06:00
zeknox 9f18c57fce added period to description and changed tester to user 2013-12-12 22:11:02 -06:00
zeknox dba0e9bf77 msftidy done 2013-12-12 20:30:46 -06:00
zeknox 554cd41403 added dns_cache_scraper and useful wordlists 2013-12-12 20:18:18 -06:00
William Vu ff9cb481fb Land #2464, fixes for llmnr_response and friends 
Fixed conflict in lib/msf/core/exploit/http/server.rb.
 2013-12-10 13:41:45 -06:00
Tod Beardsley e737b136cc
Minor grammar/caps fixup for release 2013-12-09 14:01:27 -06:00
Ramon de C Valle 37826688ce Add cfme_manageiq_evm_pass_reset.rb 
This module exploits a SQL injection vulnerability in the "explorer"
action of "miq_policy" controller of the Red Hat CloudForms Management
Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier)
by changing the password of the target account to the specified
password.
 2013-12-09 16:49:07 -02:00
jvazquez-r7 c59b8fd7bc
Land #2741, @russell TCP support for nfsmount 2013-12-09 09:46:34 -06:00
Russell Sim 291a52712e Allow the NFS protocol to be specified in the mount scanner 2013-12-09 21:26:29 +11:00
sinn3r 1e30cd55f7
Land #2740 - Real regex for MATCH and EXCLUDE 2013-12-09 03:05:08 -06:00
sinn3r feca3efafb
Land #2728 - vBulletin Password Collector via nodeid SQL Injection 2013-12-09 02:12:42 -06:00
sinn3r 92412279ae Account for failed cred gathering attempts 
Sometimes the SQL error doesn't contain the info we need.
 2013-12-09 02:11:46 -06:00
Joe Vennix cd66cca8a1 Make browser autopwn datastore use OptRegexp. 2013-12-08 17:46:33 -06:00
jvazquez-r7 75fb38fe8d
Land #2724, @wchen-r7 and @jvennix-r7's module for CVE-2013-6414 2013-12-07 14:26:46 -06:00
jvazquez-r7 fdebfe3d2f Add references 2013-12-07 14:25:58 -06:00
sinn3r adc241faf8 Last one, I say 2013-12-06 15:52:42 -06:00
sinn3r 17193e06a9 Last commit, I swear 2013-12-06 15:49:44 -06:00
sinn3r 58a70779ac Final update 2013-12-06 15:48:59 -06:00
sinn3r 9f5768ae37 Another update 2013-12-06 14:53:35 -06:00
sinn3r af16f11784 Another update 2013-12-06 14:39:26 -06:00
sinn3r 87e77b358e Use the correct URI 2013-12-06 12:08:19 -06:00
sinn3r 5d4acfa274 Plenty of changes 2013-12-06 11:57:02 -06:00
sinn3r c07686988c random uri 2013-12-05 18:07:24 -06:00
jvazquez-r7 f2f8c08c8e Use blank? method 2013-12-05 16:36:44 -06:00
jvazquez-r7 a380d9b4f2 Add aux module for CVE-2013-3522 2013-12-05 15:58:05 -06:00
sinn3r 8e9723788d Correct description 2013-12-04 17:25:58 -06:00
sinn3r fb2fcf429f This one actually works 2013-12-04 17:22:42 -06:00
sinn3r d0071d7baa Add CVE-2013-6414 Rails Action View DoS 2013-12-04 14:57:30 -06:00
sinn3r 230db6451b Remove @peer for modules that use HttpClient 
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
 2013-12-03 12:58:16 -06:00
sinn3r 99dc9f9e7e Fix msftidy warning 2013-12-03 00:09:51 -06:00
Jonathan Claudius e37f7d3643 Use send_request_cgi instead of send_request_raw 2013-12-03 00:57:26 -05:00
Jonathan Claudius 14e600a431 Clean up res nil checking 2013-12-03 00:51:19 -05:00
Jonathan Claudius b796095582 Use peer vs. rhost and rport for prints 2013-12-03 00:49:05 -05:00
Jonathan Claudius 0480e01830 Account for nil res value 2013-12-03 00:45:57 -05:00
Jonathan Claudius c91d190d39 Add Cisco ASA ASDM Login 2013-12-03 00:16:04 -05:00
Tod Beardsley 55847ce074
Fixup for release 
Notably, adds a description for the module landed in #2709.
 2013-12-02 16:19:05 -06:00
sinn3r 20e0a7dcfb
Land #2709 - ZyXEL GS1510-16 Password Extractor 2013-12-02 13:13:01 -06:00
Sven Vetsch / Disenchant 39fbb59ba9 re-added the reference I accidentally deleted 2013-12-02 19:06:19 +01:00
Sven Vetsch / Disenchant cb98d68e47 added @wchen-r7's code to store the password into the database 2013-12-02 18:35:59 +01:00
jvazquez-r7 ba39a8e826
Land #2705, @jjarmoc's user object configuration on rails_devise_pass_reset 2013-12-02 11:04:29 -06:00
jvazquez-r7 8d6a534582
Change title 2013-12-02 08:54:37 -06:00
jvazquez-r7 24d09f2085
Land #2700, @juushya's Oracle ILO Brute Forcer login 2013-12-02 08:53:10 -06:00
Sven Vetsch / Disenchant 8e73023baa and now in the correct data structure 2013-12-01 17:38:35 +01:00
Sven Vetsch / Disenchant ef77b7fbbf added reference as requested at https://github.com/rapid7/metasploit-framework/pull/2709 2013-12-01 17:36:15 +01:00
Sven Vetsch / Disenchant aa62800184 added ZyXEL GS1510-16 Password Extractor 2013-11-29 10:42:17 +01:00
Karn Ganeshen bc41120b75 Updated 2013-11-29 12:47:47 +05:30
Karn Ganeshen 1109a1d157 Updated 2013-11-28 11:30:02 +05:30
Jeff Jarmoc 03838aaa79 Update rails_devise_pass_reset.rb 
Fixed erroneous status if FLUSHTOKENS is false.
 2013-11-27 22:27:45 -06:00
Jeff Jarmoc 7f8baf979d Adds the ability to configure object name in URI and XML. This allows exploiting other platforms that include devise. 
For example, activeadmin is exploitable if running a vulnerable devise and rails version with the following settings;
msf > use auxiliary/admin/http/rails_devise_pass_reset
msf auxiliary(rails_devise_pass_reset) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf auxiliary(rails_devise_pass_reset) > set RPORT 3000
RPORT => 3000
msf auxiliary(rails_devise_pass_reset) > set TARGETEMAIL admin@example.com
TARGETEMAIL => admin@example.com
msf auxiliary(rails_devise_pass_reset) > set TARGETURI /admin/password
TARGETURI => /admin/password
msf auxiliary(rails_devise_pass_reset) > set PASSWORD msf_pwnd
PASSWORD => msf_pwnd
msf auxiliary(rails_devise_pass_reset) > set OBJECTNAME admin_user
OBJECTNAME => admin_user
msf auxiliary(rails_devise_pass_reset) > exploit

[*] Clearing existing tokens...
[*] Generating reset token for admin@example.com...
[+] Reset token generated successfully
[*] Resetting password to "msf_pwnd"...
[+] Password reset worked successfully
[*] Auxiliary module execution completed
msf auxiliary(rails_devise_pass_reset) >
 2013-11-27 15:35:43 -06:00
Matteo Cantoni 3111aee866 fix match and boolean expression 2013-11-26 21:42:09 +01:00
jvazquez-r7 a7e6a79b15
Land #2685, @wchen-r7's update for the word injector description 2013-11-25 15:47:57 -06:00
jvazquez-r7 92807d0399
Land #2676, @todb-r7 module for CVE-2013-4164 2013-11-25 15:40:33 -06:00