adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

11360 Commits

Author SHA1 Message Date
Grant Willcox 810fa6be6e Change module name to lowercase snakecase, update attribution to conform to standards, store captured creds in database 2021-09-16 12:30:08 -05:00
Grant Willcox 2e5fc391c7 Add in initial writeup of netgear_PNPX_GetShareFolderList_auth_bypass.rb 2021-09-15 15:31:47 -05:00
space-r7 c491687b78 Land #14631, add Jira user enum module 2021-09-15 12:37:17 -05:00
space-r7 c151937226 Update versions tested and vulnerable versions 2021-09-15 12:35:34 -05:00
space-r7 50301f9045 rubocop changes 2021-09-15 10:30:07 -05:00
space-r7 1dedffded1 use array for user names, skip empty user names 2021-09-15 09:29:40 -05:00
Robin fcf48c5817 Fixing a problem where the module reported failure but actually 
succeeded
 2021-09-15 10:59:03 +01:00
Hynek Petrak eaed5d30c7 Allow authenticated user creation 2021-09-10 12:42:20 +02:00
Ashley Donaldson 0927737948 Adapted WinRM module logging to MSF logging 
Separated WinRM module into separate files
 2021-09-10 15:54:50 +10:00
Ashley Donaldson b0e1502c86 Implemented suggestions from code review 
- Use a literal hash
- Comment meaning of NTLM transforms
- store loot with data ready to go, to keep database in sync with file
 2021-09-10 08:25:25 +10:00
Grant Willcox 7d3d57817f Add in final changes so that we verify what we insert into the database more and only insert valid formats of data, and then also update the documentation accordingly 2021-09-08 17:27:53 -05:00
Grant Willcox 8057b63329 Add in documentation for various scenarios, fix up another database error, and also improve error handling of invalid responses from the server 2021-09-08 17:27:51 -05:00
Grant Willcox d813e82fa3 Fix up saving data to the database so we have all the necessary info, fix web search to save all IPs discovered and fix up a connection issue encountered during testing 2021-09-08 17:27:49 -05:00
Yvain Douard 3ba0d5e3be facets outfile 2021-09-08 17:27:48 -05:00
Grant Willcox e1cfc8d956 Bring documentation in line with standards and also update the module to fix a bug and to make it more conformant 2021-09-08 17:27:46 -05:00
Owein 9de8ad8108 with web search and possible lists of results: do not use newline to list it but pass the list as is to the table 2021-09-08 17:27:43 -05:00
Owein 8ab247066c facets will work, a little listing of options' values in the readme won't hurt. 2021-09-08 17:27:41 -05:00
Owein 1686e98d6e was missing the function for writing to a file. 
rid of a loop that we didn't want.
 2021-09-08 17:27:40 -05:00
Owein d49405df34 zoomeye more comprehensive output 2021-09-08 17:27:38 -05:00
Spencer McIntyre 3443345417 Land #15655, Cleanup rbmysql options 2021-09-08 13:44:53 -04:00
adfoster-r7 f1ec12cb7e Cleanup rbmysql options 2021-09-08 15:51:21 +01:00
Ashley Donaldson 3acddf75b4 Suggested changes from code review 
* Report socket info
* Use existing Event class
* Remove debugging prints
* Comment obscure constant
 2021-09-08 07:36:59 +10:00
h00die 3c82f43644 only scan exploitable wordpress things 2021-09-06 11:56:32 -04:00
Ashley Donaldson a65bfc9b00 If we're told on the first request that our creds are wrong, don't try again 2021-09-07 00:10:39 +10:00
Ashley Donaldson 78d6c26ec0 Make winrm_cmd module work with the changes 2021-09-06 23:36:59 +10:00
Ashley Donaldson 00100f426c Handle the server ceasing to respond 2021-09-06 23:24:23 +10:00
Ashley Donaldson 170d911c71 Fixed edge case; scanner automagically changes the SSL value based on the port 2021-09-06 22:49:52 +10:00
Ashley Donaldson eeef8a3085 Support domain login in WinRM module 2021-09-06 10:25:36 +10:00
Ashley Donaldson 7a75a91dc6 Request stdout on a separate thread, so we are alerted when the shell dies. 2021-09-06 09:33:44 +10:00
adfoster-r7 c0e81acc92 Add missing python3 shebang 2021-09-03 19:58:46 +01:00
Ashley Donaldson 142526904a Moved command shell creation across to winrm_login, rather than winrm_cmd 2021-09-03 13:34:07 +10:00
Spencer McIntyre 5138e1c7d3 Remove extra invocation of prepend_db_passwords 2021-09-02 11:57:38 -04:00
Spencer McIntyre dd86907b17 Move the prepend_db calls into the mixin 2021-09-02 11:57:38 -04:00
Spencer McIntyre 2db16478b1 Switch to PrivateCredentialCollection 
These module should be using the PrivateCredentialCollection.
 2021-09-02 11:57:38 -04:00
Spencer McIntyre 5d443b9409 Update AuthBrute modules 
This updates existing modules that use the AuthBrute mixin to use the
new build_credential_collection API to consistently handle the new
option.
 2021-09-02 11:57:38 -04:00
Spencer McIntyre a76eb67d89 Add the DB_SKIP_EXISTING option 2021-09-02 11:57:36 -04:00
Spencer McIntyre 2981e23d0a Initial DB_SKIP_EXISTING option 2021-09-02 11:56:53 -04:00
Alan Foster 134fef21c4 Improve validation rhosts validation 2021-09-02 13:00:01 +01:00
Ashley Donaldson b50a1aa988 Moved reusable functionality into separate file 2021-09-02 21:58:07 +10:00
Ashley Donaldson a530336630 Fix segfault apparently caused by using the Rex HTTP client in a finalizer 2021-09-02 19:08:25 +10:00
Ashley Donaldson 1138a5bba7 Better messages in the session info table 2021-09-02 17:31:57 +10:00
Ashley Donaldson fdfac2212f Cleanup up old socket-based approach 2021-09-02 16:58:07 +10:00
Ashley Donaldson f16d91f8b4 Coerce failure immediately on bad password when setting up a session 2021-09-02 15:00:48 +10:00
Ashley Donaldson 6648a47ce7 Check stdin repeatedly 2021-09-02 13:23:26 +10:00
adfoster-r7 ded8200396 Land #15537, Add support for ruby 3 2021-09-01 10:30:54 +01:00
Ashley Donaldson b78b7413ef Use stdin rather than separate commands 2021-09-01 17:05:42 +10:00
Ashley Donaldson 3192f9b4f7 Neatness improvements 2021-08-31 22:30:31 +10:00
Ashley Donaldson 3839bc5dea Use rex sockets for WinRM transport 2021-08-31 21:36:25 +10:00
Ashley Donaldson 8d047dca59 Basic command shell operational. Does not yet utilise Rex sockets. 2021-08-31 15:34:04 +10:00
Ashley Donaldson 3dc1b22cdc Created WinRM command shell type 2021-08-31 11:00:53 +10:00