6b43004962
Fix service cred check
2021-04-14 10:45:56 -05:00
d05e63744d
Require meterpreter sessions by default
...
Some older modules don't have proper session type requirements. A
sampling indicates they nearly always require meterpreter, so we can add
this pending a metadata unification for those modules.
2021-04-14 10:45:29 -05:00
861c538202
Make analyze output less verbose by default
2021-04-14 10:43:09 -05:00
d20285b507
Correct DNS PTR record crash
...
When using `auxiliary/gather/enum_dns` and setting `NS` to an internal system, the following crash occurs (which is fixed with this PR):
```
[-] Auxiliary failed: NoMethodError undefined method `ptr' for #<Dnsruby::RR::IN::PTR:0x00007f8b9e9cb450>
```
2021-04-14 09:58:50 -04:00
4c37e35d82
Land #14770 , guard when spawn is used with TcpServer mixin
2021-04-14 11:34:25 +01:00
821fd177bb
Fix Python HTTP stage when LURI is mis-slashed
2021-04-14 12:28:18 +10:00
5e495d72f5
avoid side effects on arguments
...
When passed arguments as `opts` prefer to avoid side-effects
from method execution.
This extends similar work from #12740
2021-04-13 16:11:09 -05:00
20f4050e5b
Update redis_login to check that authentication is required
2021-04-12 19:53:01 -04:00
14a3d48044
Fix grouping of transitive vulns and add spec
...
Properly merge the contents of the grouping sets when combining sets of
vulns. All permutations of simple double-transitive sets are now tested.
2021-04-09 03:53:52 -05:00
58a9dd6265
use local variable to avoid shells
2021-04-08 14:02:24 -04:00
f9c27a5808
added which in case command fails
2021-04-08 23:16:19 +05:30
b5007241a9
Attempt service-preserving analysis
2021-04-07 18:22:49 -05:00
d65fc926f0
Land #14873 , handle modules failing to be created when checking compatibility
2021-04-07 19:39:13 +01:00
893de0c45c
Land #14987 , Update RbMysql to the most recent version
2021-04-07 13:29:43 +01:00
a33903fb0d
Move analyze results to new class & add creds
2021-04-07 06:06:14 -05:00
26899ff013
Land #14992 , updates auto_target_host guard clause to additionally handle rhost being nil
2021-04-07 10:19:20 +01:00
258b9d3e28
Land #14998 , Change CVE references from CVE Details to NVD
2021-04-07 10:10:55 +01:00
6a5529c7cc
Land #14965 , Solman post module for CVE-2019-0307 and new action for cve_2020_6207_solman_rce auxiliary module
2021-04-07 09:46:56 +02:00
da6c575966
Update command_shell.rb
2021-04-06 08:34:56 +05:30
aa12afaf0a
Update command_shell.rb
2021-04-06 08:27:56 +05:30
de34d91144
Update lib/msf/base/sessions/command_shell.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2021-04-06 08:15:13 +05:30
cd796816b5
removed false as an indicator
2021-04-05 11:06:39 +05:30
d8b884044e
fix indentation
2021-04-04 15:39:25 +05:30
a94cca8e5c
changed comment and added single quote
2021-04-04 15:31:02 +05:30
c24b6f1ee7
removed to which in binary_exists
2021-04-04 13:35:11 +05:30
22ae40a072
Remove new AKB reference
...
I'm not sure it adds enough value due to the URL format.
2021-04-03 14:05:45 -05:00
48f743a9f2
Change CVE reference to NVD and add AKB reference
2021-04-03 12:56:26 -05:00
049813cfe9
hashcat logic fixes
2021-04-03 08:32:41 -04:00
a9b3c15601
guard host search on rhost set
...
During module instantiation auto_target process is expected to account
for existing hosts if `rhost` is set, however just testing if the module
responds to `rhost` is not sufficent to guard the query, a value must also
have been set.
2021-04-02 08:47:32 -05:00
12c5dd6f44
Fix db connection support for rpc service
2021-04-02 05:30:34 +01:00
278c56652e
Update RbMysql to the most recent code from this gem https://github.com/tmtm/ruby-mysql
2021-04-01 14:17:28 +01:00
b88734d8cb
Convert symbol data store options to strings for condition checks
2021-03-30 18:19:09 -04:00
838cf3afe8
Land #14937 , Improves performance of show command
2021-03-30 18:20:08 +01:00
9485834219
Corrects the count, so tables will start at zero
...
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2021-03-30 17:42:09 +01:00
1f4046c45f
Update references and delete check_addr in post module smdagent_get_properties.rb
2021-03-29 22:58:48 +03:00
48e120d4e9
Fix a bug from a missed reference and update the rex-socket gem
2021-03-29 13:56:25 -04:00
35106f7b99
Wire in the new RangeWalker improvements
2021-03-29 13:56:25 -04:00
a803d7a0d1
CVE-2019-0307
...
Add post module smdagent_get_properties.rb
Add lib sap_smd_agent_unencrypted_property.rb
Update auxiliary module cve_2020_6207_solman_rce.rb
Update lib sap_sol_man_eem_miss_auth.rb
2021-03-29 20:29:30 +03:00
80ae750df5
Land #14697 , Add Nagios XI mixin and auxiliary scanner module and docs
2021-03-26 18:12:16 -05:00
514f97f4fe
Fix bug in nagios_xi_version regex
2021-03-26 14:18:25 -04:00
83e31aeaa4
Use safe navigation operator for get_nsp regex
2021-03-26 13:44:17 -04:00
9039b5687f
Fix up version regex and also fix a description to be a little more accurate
2021-03-26 11:57:03 -05:00
1dbf1656d3
Update to introduce wrapping on some comments and also to fix up the CVE output a bit
2021-03-26 11:46:51 -05:00
975e41d521
Adds a new method to use metadata cache for show command
2021-03-26 15:08:29 +00:00
006faaab9a
Land #14924 , Add auxiliary and exploit modules for CVE-2020-6207 in SAP Solution Manager
2021-03-25 17:48:56 -04:00
65b35e4e6a
Remove unnecessary empty check for nagios_rce_version_prior hash
2021-03-25 15:06:27 -04:00
122dbbea1e
Add additional supported modules. Align results when printing in scanner.
2021-03-25 15:01:05 -04:00
6d1986e8ca
Avoid mixing return types in login.rb
2021-03-25 14:13:55 -04:00
707f163e15
Avoid type mixing as much as possible, add other feedback from code review
2021-03-25 11:19:31 -04:00
0487e451cf
Updated payload
...
Updated make_rce_payload, renamed get_agent_os to check_agent in lib sap_sol_man_eem_miss_auth.rb
Updated action_ssrf, action_exec in auxiliary module cve_2020_6207_solman_rce.rb
Updated execute_command, exploit in exploit module cve_2020_6207_solman_rs.rb
2021-03-25 14:20:54 +03:00
Adam Cammack