8b79634338
Update a few stragglers
...
And since eaton_xpert_backdoor was copied from my fortinet_backdoor
module, update the error handling there, too.
2018-12-12 15:47:18 -06:00
6e77ae7e3e
Update my SSH scanner modules
...
Especially with proper error handling for Net::SSH::CommandStream.
2018-12-12 15:36:54 -06:00
7cffbac65b
Update additional scanner modules.
2018-12-12 15:32:31 -06:00
fa2164ebb9
Update to match coding style.
2018-12-12 15:32:31 -06:00
eceb47a9da
Move CREATE_SESSION option to advanced option CreateSession
2018-12-12 15:32:31 -06:00
8a7187ad79
Add CREATE_SESSION option to CommanShell
...
Register the CREATE_SESSION option in command_shell_options so it
can be used with all modules that use start_session.
Modify ssh_login.rb, ssh_login_pubkey.rb, and telnet_login.rb to
use the new CREATE_SESSION option.
When CREATE_SESSION is set to true (default) a new session is
created with each successful login. When set to false a new session
is not created but the successful login is still registered in the
credentials database.
2018-12-12 15:32:31 -06:00
904f342848
Option to not create shell on login.
2018-12-12 15:32:30 -06:00
509e1c2587
Land #10973 , Rework DisclosureDate check in msftidy, including ISO 8601 support
2018-11-19 10:46:18 -06:00
90b9204703
Update DisclosureDate to ISO 8601 in my modules
...
Basic msftidy fixer:
diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
# Check disclosure date format
if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
d = $1 #Captured date
+ File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+ fixed('Probably updated traditional DisclosureDate to ISO 8601')
# Flag if overall format is wrong
if d =~ /^... (?:\d{1,2},? )?\d{4}$/
# Flag if month format is wrong
2018-11-16 12:18:28 -06:00
189f29e534
Land #10572 eaton ssh private key scanner
2018-11-15 17:16:36 -05:00
de014f0599
remove variable only used once
2018-11-15 17:14:13 -05:00
3849d5de18
resolve description update request
2018-11-13 16:21:43 -05:00
1c2da8a5c8
correct trailing space issue
2018-11-10 15:40:03 -05:00
33f624bbb2
Module updated to reflect requested changes
2018-11-10 14:36:06 -05:00
e9b3502f98
Fix Net::SSH::CommandStream session open failure
...
I suspected this might be a problem for libssh servers.
2018-11-02 01:08:05 -05:00
e1a7c35834
Clean up check_banner
2018-10-25 05:20:20 -05:00
f90992dc08
Fix typo.
2018-10-25 17:55:01 +08:00
760b14e71d
Update the version match code.
2018-10-25 15:33:54 +08:00
9c49acb924
Fail scanner instead of returning
2018-10-23 10:07:38 -05:00
58a1b65e60
Update Exploit::CheckCode::Unknown
...
Brain fart.
2018-10-23 09:34:48 -05:00
899238a4e3
Update libssh_auth_bypass with command output
2018-10-23 09:34:42 -05:00
accf9edf89
Land #10835 , libssh fingerprint improvements
2018-10-19 19:48:23 -05:00
abd425c863
Land #10819 , os_name population for ssh_login*
2018-10-19 15:53:38 -05:00
db7bd3d50c
Update style
2018-10-19 15:52:26 -05:00
e4c71265fb
Improve banner checking in libssh_auth_bypass
...
Now we do the right thing when libssh is patched.
2018-10-19 15:21:12 -05:00
21397330f8
Refactor fortinet_backdoor copypasta
2018-10-19 00:07:18 -05:00
863ab3447f
Add libssh auth bypass module
2018-10-18 23:03:23 -05:00
763506f28d
ssh_login now populates the os_name field
2018-10-16 22:02:44 -04:00
4c036e70c1
Fix http://seclists.org links to https://
...
I have no idea how this happened in my own code. I was seeing https://.
2018-09-15 18:54:45 -05:00
35fb0d19ab
Refactor SSH mixins and update modules
2018-09-05 23:53:11 -05:00
3546b9388c
correct CVE Reference
2018-09-05 10:29:49 -04:00
b8687d501c
msftidy corrections
2018-08-31 18:55:20 -04:00
578d2375d7
Add full disclosure for CVE-2018-15473
2018-08-22 14:49:13 -05:00
06582a00a0
Add module doc for ssh_enumusers
...
And update description in module.
2018-08-20 19:26:51 -05:00
819b8504e2
Add a little better randomization
2018-08-20 17:10:14 -05:00
b38a442bb0
Refactor once more with feeling
...
Also flesh out malformed-packet auth method. Let's not be lazy here. :-)
2018-08-20 16:25:32 -05:00
75403d7e05
Add testing note about logging
2018-08-17 20:20:12 -05:00
7287779555
Make false positive check optional
...
I couldn't repro this with pubkey-only auth. It also goes to the log.
2018-08-17 20:05:04 -05:00
8e3af2dcfc
Add CVE-2018-15473 to ssh_enumusers
2018-08-17 18:48:44 -05:00
60c0272270
Make style consistent
2018-08-15 21:27:40 -05:00
45e0b53fc8
Fix spacing issue with rocket
2018-08-15 14:59:52 -07:00
09434bd57c
Fix tabbing caused by incorrect VM nvim configuration
2018-08-15 07:00:45 -07:00
905f26372d
Remove host key checks on ssh scanner modules
2018-08-15 06:48:35 -07:00
4ecc1ff551
Modify loots, notes and services search methods
...
Modify loots and services method signatures. Remove workspace as a
positional argument, move into opts hash argument and update callers.
Made host search for these models more uniform. Update find_or_create
methods to handle difference in opts between find and report
operations.
2018-05-21 17:37:51 -04:00
217dea60fc
Update blog link to up-to-date blog post
2018-03-26 15:43:10 -04:00
97dbc1273a
copy pasta
2018-03-12 20:14:08 -04:00
ec7a62bc4c
move ssh platforms to lib
2018-03-08 21:23:11 -05:00
c7bbc6eca4
juniper post enum module
2018-02-22 21:08:21 -05:00
3880f6a65e
Finally fix "Unknown admin user ''" after 2yrs
...
The failed password auth was necessary after all. I misread the PoC. :'(
Apparently the password auth sets the username, while the backdoored
keyboard-interactive auth sets the password.
2018-02-21 20:44:35 -06:00
cc2495dd9c
Explain fortinet-backdoor -> FortinetBackdoor
2018-02-21 17:05:30 -06:00
William Vu