adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
24,151 Commits 27 Branches 1,043 Tags
2aecab89bbdafea44db2c10a7fa69968dab39dec
Commit Graph

12794 Commits

Author SHA1 Message Date
Christian Mehlmauer f115a7f6e1 Fix intendation 2014-04-10 02:52:05 +02:00
gigstorm f1443c039e Updated hash value to SSLv3 
Tested and working on server that has SSLv3 only enabled
 2014-04-11 14:01:28 -07:00
gigstorm 6ab3478c7e Update to include SSL Version 3 protocol 
SSL Version 3 will also respond to this and a server configured to respond to SSL version 3 but not TLS will show false negative without this option (proven).  May need to update cipher suites to include this option.
 2014-04-11 12:41:17 -07:00
William Vu 6599999b8a Land #3232, Heartbleed memory dump filtering 2014-04-11 12:46:01 -05:00
Sebastiano Di Paola a63f020a68 Fixing coding style 2014-04-11 19:39:57 +02:00
Sebastiano Di Paola 4acacb005d Fixed a bug...referring to wrong variable after filtering with regexp 2014-04-11 19:33:23 +02:00
Sebastiano Di Paola 83fe1cec65 Cleaned up Array.join call 2014-04-11 19:24:32 +02:00
Sebastiano Di Paola 55ec969bd9 Renamed FILTER -> DUMPFILTER, more intuitive and coherent 2014-04-11 19:07:57 +02:00
Sebastiano Di Paola 8268009b36 Renamed PATTERN_FILTER -> FILTER 2014-04-11 19:03:25 +02:00
Sebastiano Di Paola c378fe95c1 Added missing space in comment 2014-04-11 19:01:01 +02:00
Sebastiano Di Paola f8f710547c Fixed call to String.match with regexp pattern 2014-04-11 18:59:59 +02:00
Sebastiano Di Paola 638cb41a3f Remove Spaces at EOL, fixed if test on pattern variable 2014-04-11 18:58:05 +02:00
Sebastiano Di Paola 34fa4e29d9 Restored FTP option 2014-04-11 18:16:19 +02:00
Sebastiano Di Paola eb0e35bf25 Fixed store on file option 2014-04-11 18:07:14 +02:00
sinn3r b69662fa42 Land #3233 - eScan Password Command Injection 2014-04-11 11:05:48 -05:00
jvazquez-r7 0c8f5e9b7d Add @Firefart's feedback 2014-04-11 10:21:33 -05:00
Sebastiano Di Paola c4029ea582 - Rubbish that was left dangling here around 2014-04-11 17:20:54 +02:00
Sebastiano Di Paola 1808fe470a fixed conflicts, used OptRegexp for pattern 2014-04-11 17:16:06 +02:00
Sebastiano Di Paola 4315ad2987 Fixed conflict and used OptRegexp type for pattern 2014-04-11 17:15:39 +02:00
jvazquez-r7 813e0eab89 Land #3233, @wvu-r7's improvements fort heartbleed modules 2014-04-11 09:33:57 -05:00
jvazquez-r7 e2ec53272e Fix also negative numbers 2014-04-11 09:33:27 -05:00
jvazquez-r7 fb5881d8e2 Land #2324, @sensepost and @Firefart's sftp support for heartbleed 2014-04-11 08:47:22 -05:00
jvazquez-r7 2134d676b4 Use verbose by default 2014-04-11 07:58:56 -05:00
William Vu 6675464c20 Fix a few things in the Heartbleed modules 2014-04-10 16:06:40 -05:00
Sebastiano Di Paola 9adf629ee7 Added feature to dump to file leaked memory 2014-04-10 22:51:07 +02:00
jvazquez-r7 fe066ae944 Land #3207, @7a69 MIPS BE support for Fritz Box's exploit 2014-04-09 23:20:45 -05:00
jvazquez-r7 fdda69d434 Align things 2014-04-09 23:19:41 -05:00
jvazquez-r7 386e2e3d29 Do final / minor cleanup 2014-04-09 23:19:12 -05:00
Christian Mehlmauer 4fc272c0e9 Fix merge error 2014-04-10 00:53:14 +02:00
jvazquez-r7 f398924280 Land @Firefart's new fix for the jabber case 2014-04-09 17:52:53 -05:00
Christian Mehlmauer 98816c3a01 Added @sensepost FTP implemenation 2014-04-10 00:48:09 +02:00
singe ccfcf2cedb Added FTP STARTTLS support to heartbleed scanner. 2014-04-10 00:45:59 +02:00
jvazquez-r7 c0e682b518 Land #3225, @wvu-r7's and @hmoore-r7's improvements for openssl_heartbeat_client_memory 2014-04-09 17:39:04 -05:00
jvazquez-r7 ccdc5bd281 Switch to get since @wvu-r7 also tested successfully with get 2014-04-09 17:30:00 -05:00
William Vu b905aece38 Fix job not backgrounding 2014-04-09 17:03:57 -05:00
HD Moore ed247498b6 Make TLS negotiation optional 2014-04-09 17:03:38 -05:00
jvazquez-r7 b0b979ce62 Meterpreter sessions won't get root in this way 2014-04-09 16:59:12 -05:00
jvazquez-r7 a2ce2bfa56 Fix disclosure date 2014-04-09 16:41:49 -05:00
jvazquez-r7 ff232167a6 Add module for eScan command injection 2014-04-09 16:39:06 -05:00
sinn3r 2de210f1c3 Land #3216 - Update @Meatballs1 and @FireFart in authors.rb 2014-04-09 16:38:10 -05:00
William Vu f56f34fb69 Land #3212, @hmoore-r7's client-side Heartbleed 2014-04-09 15:42:36 -05:00
Christian Mehlmauer a86a8fed05 Changed heartbleed jabber implementation to match openssl s_client 
see here for example implementation:
https://github.com/openssl/openssl/blob/master/apps/s_client.c#L1719
 2014-04-09 22:20:32 +02:00
William Vu 2f9a400efa vprint_status the other message message 2014-04-09 15:11:02 -05:00
William Vu 84ce72367b Make the output less verbose 2014-04-09 14:57:51 -05:00
Christian Mehlmauer 856ad7e83d heartbleed - Better output on wrong jabber domain and add. nil? check 2014-04-09 21:53:17 +02:00
Jeff Jarmoc 7a424784f8 Change default TLS Version to 1.0 
Canonical testing shows this to be more widely supported, and yielding far more vulnerable hosts.  Changing default to reflect that.

Experience of others in #metasploit seems similar.
 2014-04-09 13:45:00 -05:00
Christian Mehlmauer fec089d88d Land #3219, openssl_heartbleed XMPP fix from @natronkeltner 2014-04-09 20:42:55 +02:00
Christian Mehlmauer e2b50d3709 fix openssl_heardbleed 
-) XMPP Domain now configurable
-) Missing get_once to initiate the TLS connection
 2014-04-09 20:39:33 +02:00
jvazquez-r7 5696e52fac Fix jabber to field 2014-04-09 13:48:45 -05:00
jvazquez-r7 28a471e446 Land #3221, @Firefart's fix for pop3 starttls 2014-04-09 13:31:45 -05:00