adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,282 Commits 27 Branches 1,043 Tags
a01d58d72fa2cb66cd4c34feb33eefa99630cd8a
Commit Graph

2402 Commits

Author SHA1 Message Date
bwatters 54f5e565fa Land #14330, SpamTitan Gateway Remote Code Execution 
Merge branch 'land-14330' into upstream-master
 2021-01-04 12:14:12 -06:00
Christophe De La Fuente afea5cd74e Use opts['RHOST'] and opts['RPORT'] to creating the SNMP::Manager instance in connect_snmp 2020-12-16 15:15:27 +01:00
William Vu 9452c1dcfa Fix merge conflict from #14202, in linear history 2020-12-09 17:24:29 -06:00
Spencer McIntyre 90a99ae7c3 Land #14423, Expand wordpress_scanner to look for themes & plugins 2020-12-09 09:12:28 -05:00
h00die ac26d4d79b wordpress version update 2020-12-07 18:36:53 -05:00
dwelch-r7 1617b3ec9b Use zeitwerk for lib/msf/core folder 2020-12-07 10:31:45 +00:00
William Vu 010e110b8d Fix indentation 
Whoops!
 2020-12-07 01:35:13 -06:00
William Vu 6066ad47bd Remove unnecessary includes 2020-12-07 01:35:13 -06:00
William Vu e0561c03e9 Remove useless comment 2020-12-07 01:35:13 -06:00
William Vu 967f573b8d Refactor Msf::Exploit::Remote::SSH 2020-12-07 01:35:13 -06:00
Grant Willcox e26d6ca683 Land #14458, Add auxiliary support to autocheck mixin 2020-12-05 23:54:41 -06:00
Alan Foster 76e967353e Add auxiliary support to autocheck mixin 2020-12-03 01:09:06 +00:00
Spencer McIntyre f82ce5335d Support running local exploits from the meterpreter context 2020-12-01 15:22:48 -05:00
h00die a855a455ce wordpress version lib return plugin version 2020-11-22 07:52:00 -05:00
Alan Foster 79a3328cd3 Validate that AutoCheck is prepended 2020-11-11 22:15:40 +00:00
Spencer McIntyre a1561cff46 Add some additional error handling with more readable messages 2020-10-30 14:34:44 -04:00
Spencer McIntyre 17df870e74 Show the current NS server IP address when doing a transfer 2020-10-30 10:28:14 -04:00
Spencer McIntyre a312688391 Use the datastore nameservers when doing zone transfers when set 2020-10-29 17:52:18 -04:00
Spencer McIntyre 861879275e Land #14250, Fix how DNS enumeration displays AXFR results 2020-10-28 13:38:38 -04:00
Grant Willcox 1ad24fb5d0 Fix up dns_axfr function output so that we have start the output on a new line for better clarity 2020-10-28 09:41:19 -05:00
Grant Willcox ab7ed90457 Add in fixes from Spencer's review so we treat the zone object as an array not as a string, like we should have been doing 2020-10-27 15:20:29 -05:00
William Vu 1a341ae931 Add SharePoint SSI and ViewState RCE 
CVE-2020-16952
 2020-10-14 17:45:15 -05:00
Grant Willcox d79537e88c Fix up the DNS enumeration library so that AXFR records don't have stray [ and ] characters printed in the output 2020-10-09 14:01:09 -05:00
Grant Willcox 5986bc98f1 Land #14171, Replace erroneous calls to get_service with calls to service 2020-09-30 10:05:13 -05:00
Shelby Pace 6c76442639 Land #14153, display SRVHOST SRVPORT opts w/auto 2020-09-24 11:12:08 -05:00
William Vu f74eba731e Land #14151, Zerologon (CVE-2020-1472) module 2020-09-22 14:02:23 -05:00
Adam Galway 571504642a fixes get_service calls 2020-09-22 12:54:58 +01:00
Adam Galway a0d6431ed5 adds protocol to search terms 2020-09-22 12:44:32 +01:00
adfoster-r7 9ef5822d3a Revert "Replaces erroneous calls to get_service" 2020-09-18 19:09:25 +01:00
Christophe De La Fuente 673a5303c5 Add auto to server_conditions 
`show options` command will now display SRVHOST and SRVPORT options,
even if `auto` is selected in `CMDSTAGER::FLAVOR`
 2020-09-18 10:26:50 +02:00
Grant Willcox a5c30be10b Land #14143, Replace erroneous calls to get_service 2020-09-17 10:41:15 -05:00
Spencer McIntyre f407da63e8 Initial check for CVE-2020-1472 complete 2020-09-16 16:15:19 -04:00
William Vu 3508ba23d9 Don't expose HttpClient dev options to the user 
HttpKeepCookies and HttpPartialResponses have been removed.
 2020-09-16 12:26:11 -05:00
Adam Galway 4918ecf826 replaced get_service calls with services calls 2020-09-16 12:29:15 +01:00
William Vu a946bdb67c Add cookie management to HttpClient 2020-09-16 00:13:26 -05:00
William Vu 6e64d74a56 Fix send_request_cgi! behavior to use PRG pattern 2020-09-15 15:50:57 -05:00
Spencer McIntyre 58a56a2b24 Support an explicit backend for the SMB simple client 2020-08-28 17:28:07 -04:00
Niboucha Redouane 8d64cb9b6b Rename the common utilities from utils to common 2020-08-27 22:54:42 +02:00
Niboucha Redouane d66bb4058e Fix documentation, remove unused instance variable in SQLite TimeBasedBlind class (sleepdelay) 2020-08-27 19:08:27 +02:00
Niboucha Redouane 4e302dc42b Move get_bitmask to the SQLi::Utils module 2020-08-27 16:28:38 +02:00
Niboucha Redouane 2bb2b73dc2 Refactor to avoid repetitive code on Blind SQLi implementations 2020-08-27 16:28:38 +02:00
Niboucha Redouane 080e25ee6a Various fixes and enhacements to the comments, and addition of write_to_file method 2020-08-27 16:28:38 +02:00
Niboucha Redouane e0c59ede5c Comment the SQLite methods 2020-08-27 16:28:38 +02:00
Niboucha Redouane 1c69dfd5df Add safe mode for SQLi, and support limiting the number of rows to be returned 2020-08-27 16:28:38 +02:00
Niboucha Redouane a42ae5280b Update SQLite support to work with the new factory redesign 2020-08-27 16:28:38 +02:00
Niboucha Redouane 4374edd37a add truncated SQLi in SQLite, and update test module to add it as an option 2020-08-27 16:28:38 +02:00
Niboucha Redouane 8f9a849591 fix test module, and fix logging 2020-08-27 16:28:38 +02:00
Niboucha Redouane 477f7313a2 Avoid repertitive code in blind injections 2020-08-27 16:28:38 +02:00
Niboucha Redouane 26e5fc99de add SQLite injection library, and test module (against sqlite_lab) 2020-08-27 16:28:38 +02:00
Hynek Petrak f8bf996233 parent 1bd4a8d752 
author Hynek Petrak <hynek.petrak@gmail.com> 1595628792 +0200
committer Spencer McIntyre <Spencer_McIntyre@rapid7.com> 1598532753 -0400

Added module to dump hashes from LDAP

added hash formatters, documentation, ldap authentication

typo

sanitizing

added scenario for NASDeluxe

added few hash attribute examples

typo correction

Co-authored-by: bcoles <bcoles@gmail.com>

typo correction

Co-authored-by: bcoles <bcoles@gmail.com>

typo correction

Co-authored-by: bcoles <bcoles@gmail.com>

avoid option name conflicts

added test scenario

linted

linted

Dump all nameContexts, not just the first one. Search creds in multiple attributes.

attemt to dump special and operational attributes

check if ldap bind succeeded

sanitize the ldap hashes, skip invalid, remove {crypt} prefix

memory optimization for large LDAP servers

spaces at eols

put header to the ldif loot

added other LDAP hash formats, don't save empty ldif, dump root DSE

now we handle vmdir case too

explictly set md5crypt for $

Converted to scanner to improve performance on large networks

krbprincipalkey, memory optimization for ldap.search

handle additional hash types

be verbose about search errors

added per host timeout

catch exception from Net::Ldap

shorten the param value

handle pwdhistory entries

added comment about sambapwdhistory value

reject shorter empty sambapassordhistory entries

reject null nt and lm hashes

report assumed clear text passwords

refactored timeout for the sake of the loot

ignore {SASL} pass-trough auth entries

distinguish unresolved hashes from clear passwords

print ldap server error message, meaningful loot name

correct exception handling

handle hashes with eol

remove debug line

handle pkcs12 in binary form

attemt to control timeout on bind operation

leave LDAP#bind to be called implicitly in #search

remove debug line

fixed bug, when pillage broke the outer LDAP#search

learning ruby

monkey patched ldap connection handling, ignoring bind errors

commenting the net:LDAP misbehaviour

review fixes

review fixes

moving ldap.search into a function

remove fail_with, store loot from one place, print statistics

linting

consolidated ldap_new and connect, don't catch exceptions in the mixin

Complete the credential creation

Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2020-08-27 09:05:07 -04:00