Commit Graph

129 Commits (f2579fa7a06d0473a12bb8c0b951f52370f07fd5)

Author SHA1 Message Date
David Maloney 63ec83ea90
missing public
missing the public in the invalidate_login call
now fixed
2014-06-10 11:12:17 -05:00
David Maloney e9d9806408
invalidate_login
added invalidate_login call
also made to_s on credential drop the @
if there is no realm present
2014-06-10 11:07:15 -05:00
David Maloney 32f87b985c
refactor mysql_login
refactor mysql_login to use the new
Metasploit::Credential apradigm
2014-06-09 14:20:58 -05:00
David Maloney d1f7f93e4b
refactor mysql_hashdump
mysql_hashdump now uses Metasploit::Credential to
save hashes.
2014-06-04 11:59:47 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat
[SeeRM #8496]
2013-10-15 13:51:57 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
jvazquez-r7 ad21a107ec up to date 2013-05-06 15:48:59 -05:00
jvazquez-r7 ee98f28017 up to date 2013-03-12 16:58:48 +01:00
sinn3r a68ad8f600 Merge branch 'bug/rm7021-MySQL-login-scanner-exception' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-bug/rm7021-MySQL-login-scanner-exception 2013-01-30 13:22:33 -06:00
lmercer b4eed328a7 MySQL login scanner unhandled exception 2013-01-26 01:26:18 -05:00
Robin Wood 20b36cdf7a added extra checking for strict databases 2013-01-22 15:42:23 +00:00
jvazquez-r7 b2c7223108 Cleanup for mysql_file_enum.rb 2013-01-21 12:26:35 +01:00
Robin Wood 4d5a7a3d4d Brute force directory and file names with MySQL 2013-01-20 21:32:02 +00:00
Robin Wood e7604f80b2 added a warning and using optpath 2013-01-20 21:24:00 +00:00
Robin Wood 6da4b72d85 added a warning and using optpath 2013-01-20 21:23:59 +00:00
Robin Wood ebb0635e0a stopped using fixed table name 2013-01-20 21:23:59 +00:00
Robin Wood fce58ad96d Fixed msftidy stuff 2013-01-20 21:23:58 +00:00
Robin Wood 23d1eb7a80 File/dir brute forcer using MySQL 2013-01-20 21:23:58 +00:00
sinn3r 5bc1066c69 Change how modules use the mysql login functions 2013-01-07 16:12:10 -06:00
Christian Mehlmauer 4d8a2a0885 msftidy: remove $Revision$ 2013-01-03 01:01:18 +01:00
Christian Mehlmauer 95948b9d7c msftidy: remove $Revision$ 2013-01-03 00:58:09 +01:00
Christian Mehlmauer ca890369b1 msftidy: remove $Id$ 2013-01-03 00:54:48 +01:00
David Maloney f75ff8987c updated all my authour refs to use an alias 2012-09-19 21:46:14 -05:00
sinn3r 9d97dc8327 Add Metasploit blogs as references, because they're useful. 2012-09-03 15:57:27 -05:00
sinn3r b46fb260a6 Comply with msftidy
*Knock, knock!*  Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
sinn3r d626de66f7 Print out where the scheme info is stored.
This module needs to print out where the scheme is stored so the
user knows where it is, see complaint:
https://community.rapid7.com/message/4448
2012-07-08 18:24:18 -05:00
James Lee 3e974415d9 Give some verbose feedback if connection failed 2012-06-23 00:58:27 -06:00
Thomas Grainger 78876b74dd Maintain scanner module standard 2012-06-17 20:09:01 +02:00
Thomas Grainger 74cbca5809 Print out successful mysql connection URI 2012-06-17 13:19:53 +02:00
Tod Beardsley 3c73133a44 Fixing up mysql module text 2012-06-13 13:59:58 -05:00
Tod Beardsley ca8769d725 Whitespace on mysql module. 2012-06-13 13:59:38 -05:00
HD Moore 5922ec1f7a Permissions 2012-06-12 15:20:25 -05:00
Steve Tornio efbaff8b37 add osvdb ref 2012-06-11 22:47:30 -05:00
HD Moore 59f591ac46 Adds jcran's MySQL bruteforce and dump module for CVE-2012-2122 2012-06-11 01:42:06 -05:00
David Maloney c386e1ce31 Add an option to the schemadump modules to not display output to the
screen
2012-05-21 16:09:07 -05:00
David Maloney 348da8e5a6 Fixes an issue with mysql probes not timing out properly. 2012-04-30 12:22:49 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
David Maloney ca7aa21202 Removed schema features from database hashdump modules
now that there are dedicated schemadump modules.
2012-01-28 16:55:39 -06:00
Tod Beardsley ad6f8257e1 MSFTidy fixes. 2012-01-18 15:01:32 -06:00
David Maloney 52be1c3a7a Add schemadump module for MySql 2012-01-11 12:16:22 -08:00
David Maloney 4ef7c373e9 Fix to typo in the tables being pushed. 2011-11-22 00:06:58 -06:00
James Lee 67120d4263 msftidy on aux modules, see #5749 2011-11-20 13:12:07 +11:00
David Maloney c984ea41d1 Quick fix to cred sourcing to eliminate spaces in the source type 2011-11-10 20:39:13 -08:00
David Maloney a88f954640 More Cred Sourcing
git-svn-id: file:///home/svn/framework3/trunk@14197 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 01:49:57 +00:00
Tod Beardsley 568bde7aa4 Fixes #5404
See #5350
See #5246
See #5241
See #5173

Adds password hash dumping as loot for Postgres, MSSQL, MySQL, and several Oracle flavors of RDBMS. Thanks TheLightCosine!



git-svn-id: file:///home/svn/framework3/trunk@13854 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 17:05:01 +00:00
David Rude 41f4677dae Convert the table to CSV
git-svn-id: file:///home/svn/framework3/trunk@13568 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-15 17:48:42 +00:00
Wei Chen 83dd71c905 Add MySQL hashdump auxiliary module
git-svn-id: file:///home/svn/framework3/trunk@13567 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-15 16:28:31 +00:00
Tod Beardsley 24388f3a38 Adding a CVE reference for weak/blank/guessable passwords.
git-svn-id: file:///home/svn/framework3/trunk@11465 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-04 15:30:17 +00:00
Tod Beardsley 80853f0e10 Make the MySQL aux scanner a little more helpful in the event of a missing target.
git-svn-id: file:///home/svn/framework3/trunk@11094 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-22 14:12:35 +00:00
Joshua Drake 4590844871 tons of indentation fixes, some other style tweaks
git-svn-id: file:///home/svn/framework3/trunk@10394 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 08:06:27 +00:00
Tod Beardsley 6d6a547b34 Fixes #2412. Adds a creds table, modifies the db_report_auth API, adds the db_creds and db_add_cred commands.
git-svn-id: file:///home/svn/framework3/trunk@10034 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-18 00:58:20 +00:00
Tod Beardsley e67e231659 Adds Rex::Text.to_hex_ascii(), replaces the gsub on the banner checks to use it.
git-svn-id: file:///home/svn/framework3/trunk@9804 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-13 18:52:27 +00:00
Joshua Drake 0882838491 ensure binary mode when opening files, whitespace fixes
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 23:33:07 +00:00
Tod Beardsley 0c7f1a7449 Moving MySQL version requirements even farther back.
git-svn-id: file:///home/svn/framework3/trunk@9295 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-12 20:19:09 +00:00
Tod Beardsley ca3df5dd5e Give an error message, don't just quietly fail.
git-svn-id: file:///home/svn/framework3/trunk@9293 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-12 18:23:30 +00:00
Tod Beardsley f9aa3a0c70 Bumping acceptable MySQL scan target back to version 4.1.11
git-svn-id: file:///home/svn/framework3/trunk@9288 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-12 14:52:00 +00:00
Joshua Drake 0ea6eca4bc big module whitespace/formatting cleanup pass
git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-30 08:40:19 +00:00
Tod Beardsley 08117ca000 Forcing :critical => true for report_auth_info
git-svn-id: file:///home/svn/framework3/trunk@9150 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-26 22:23:37 +00:00
James Lee dd26a227ef targ_host -> target_host
git-svn-id: file:///home/svn/framework3/trunk@8908 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-25 01:05:23 +00:00
Tod Beardsley 83d96d713c Refactoring Auxiliary::AuthBrute. Now that several modules actually use it, the real use cases have become obvious. So, refactored for simplicity and readability. Also touched up all the authentication modules to behave consistently.
git-svn-id: file:///home/svn/framework3/trunk@8879 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-22 20:07:26 +00:00
HD Moore 480380003c Make verbose status printing standardized across login modules
git-svn-id: file:///home/svn/framework3/trunk@8866 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-21 18:42:47 +00:00
Tod Beardsley 542a9a0617 Report MySQL application-level protocol errors (such as host not allowed messages).
git-svn-id: file:///home/svn/framework3/trunk@8767 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 17:56:03 +00:00
Tod Beardsley a5e187bd69 Add the ability to slow down brute force sessions.
git-svn-id: file:///home/svn/framework3/trunk@8719 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 23:29:26 +00:00
Tod Beardsley 09a669875c Bumping the minimum version of MySQL to try back to 4.1.20, no problems seen
on that build.



git-svn-id: file:///home/svn/framework3/trunk@8691 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 16:52:22 +00:00
Tod Beardsley 453451a26d Check the version number of the remote MySQL server before attempting
to log in. Sadly, the library we're using right now doesn't know
how to correctly negotiate 4.x and 3.x versions of MySQL. Until that
gets resolved (by writing a new library for these old versions), 
this will at least prevent false positives/negatives from getting
reported.



git-svn-id: file:///home/svn/framework3/trunk@8681 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 22:56:00 +00:00
Tod Beardsley 38a3b8203e Properly checking for credential duplication.
git-svn-id: file:///home/svn/framework3/trunk@8551 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 18:11:18 +00:00
James Lee ca7f85c054 more consistent printing of found credentials
git-svn-id: file:///home/svn/framework3/trunk@8164 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 19:06:03 +00:00
James Lee 08eb80f4a9 use the authbrute mixin
git-svn-id: file:///home/svn/framework3/trunk@8150 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-18 22:22:22 +00:00
HD Moore 0b7df74615 Rename modules to be consistent with the new convention
git-svn-id: file:///home/svn/framework3/trunk@8129 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 02:55:08 +00:00
James Lee 37d84a5ccc save the discovered version
git-svn-id: file:///home/svn/framework3/trunk@8035 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-30 18:21:07 +00:00
kris 37bec306a7 ruby 1.9 / unpack fix
git-svn-id: file:///home/svn/framework3/trunk@8032 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-30 09:02:55 +00:00
HD Moore 3d421cfefd SQLMap update and consitency fix for Bernardo's name
git-svn-id: file:///home/svn/framework3/trunk@7979 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-26 05:24:37 +00:00
HD Moore 9ec132d86f Fixes #720. Adds inquis's mysql brute forcer using the new mixin
git-svn-id: file:///home/svn/framework3/trunk@7978 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-26 05:22:34 +00:00
kris eb92aa7412 add db reporting
git-svn-id: file:///home/svn/framework3/trunk@6482 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-14 16:09:24 +00:00
kris 37c2e301ed replacing defunct framework URL in header comments in most modules and pcap_log
git-svn-id: file:///home/svn/framework3/trunk@6479 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-13 14:33:26 +00:00
kris b9c9df1ef2 better exception handling
git-svn-id: file:///home/svn/framework3/trunk@6472 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-10 01:44:06 +00:00
kris 446c4edf71 adding a MySQL version enumeration aux scanner module
git-svn-id: file:///home/svn/framework3/trunk@6465 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-07 22:13:25 +00:00