adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
22,246 Commits 27 Branches 1,043 Tags
cbbd7bfdf4e1c5cfab0e212fda2f754db92d2ec6
Commit Graph

610 Commits

Author SHA1 Message Date
jvazquez-r7 0eac17083a Clean cfme_manageiq_evm_pass_reset 2013-12-18 16:16:32 -06:00
Ramon de C Valle b9a9b90088 Update module to use added bcrypt gem 2013-12-18 16:15:35 -02:00
Ramon de C Valle e20569181b Remove EzCrypto-related code as per review 2013-12-18 16:15:22 -02:00
Ramon de C Valle ef081cec49 Add missing disclosure date as per review 2013-12-18 15:47:23 -02:00
Ramon de C Valle 37826688ce Add cfme_manageiq_evm_pass_reset.rb 
This module exploits a SQL injection vulnerability in the "explorer"
action of "miq_policy" controller of the Red Hat CloudForms Management
Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier)
by changing the password of the target account to the specified
password.
 2013-12-09 16:49:07 -02:00
sinn3r 230db6451b Remove @peer for modules that use HttpClient 
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
 2013-12-03 12:58:16 -06:00
Tod Beardsley 55847ce074 Fixup for release 
Notably, adds a description for the module landed in #2709.
 2013-12-02 16:19:05 -06:00
sinn3r 20e0a7dcfb Land #2709 - ZyXEL GS1510-16 Password Extractor 2013-12-02 13:13:01 -06:00
Sven Vetsch / Disenchant 39fbb59ba9 re-added the reference I accidentally deleted 2013-12-02 19:06:19 +01:00
Sven Vetsch / Disenchant cb98d68e47 added @wchen-r7's code to store the password into the database 2013-12-02 18:35:59 +01:00
Sven Vetsch / Disenchant 8e73023baa and now in the correct data structure 2013-12-01 17:38:35 +01:00
Sven Vetsch / Disenchant ef77b7fbbf added reference as requested at https://github.com/rapid7/metasploit-framework/pull/2709 2013-12-01 17:36:15 +01:00
Sven Vetsch / Disenchant aa62800184 added ZyXEL GS1510-16 Password Extractor 2013-11-29 10:42:17 +01:00
Jeff Jarmoc 03838aaa79 Update rails_devise_pass_reset.rb 
Fixed erroneous status if FLUSHTOKENS is false.
 2013-11-27 22:27:45 -06:00
Jeff Jarmoc 7f8baf979d Adds the ability to configure object name in URI and XML. This allows exploiting other platforms that include devise. 
For example, activeadmin is exploitable if running a vulnerable devise and rails version with the following settings;
msf > use auxiliary/admin/http/rails_devise_pass_reset
msf auxiliary(rails_devise_pass_reset) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf auxiliary(rails_devise_pass_reset) > set RPORT 3000
RPORT => 3000
msf auxiliary(rails_devise_pass_reset) > set TARGETEMAIL admin@example.com
TARGETEMAIL => admin@example.com
msf auxiliary(rails_devise_pass_reset) > set TARGETURI /admin/password
TARGETURI => /admin/password
msf auxiliary(rails_devise_pass_reset) > set PASSWORD msf_pwnd
PASSWORD => msf_pwnd
msf auxiliary(rails_devise_pass_reset) > set OBJECTNAME admin_user
OBJECTNAME => admin_user
msf auxiliary(rails_devise_pass_reset) > exploit

[*] Clearing existing tokens...
[*] Generating reset token for admin@example.com...
[+] Reset token generated successfully
[*] Resetting password to "msf_pwnd"...
[+] Password reset worked successfully
[*] Auxiliary module execution completed
msf auxiliary(rails_devise_pass_reset) >
 2013-11-27 15:35:43 -06:00
Tod Beardsley 84572c58a8 Minor fixup for release 
* Adds some new refs.
  * Fixes a typo in a module desc.
  * Fixes a weird slash continuation for string building (See #2589)
 2013-11-04 12:10:38 -06:00
Tod Beardsley 344413b74d Reorder refs for some reason. 2013-10-30 12:25:55 -05:00
Tod Beardsley 32794f9d37 Move OpenBravo to aux module land 2013-10-30 12:20:04 -05:00
Tod Beardsley 9bb9f8b27b Update descriptions on SMB file utils. 2013-10-28 13:48:25 -05:00
Tod Beardsley 0f63420e9f Be specific about the type of hash 
See #2583. Since there are several types of hashes, we need to be more
specific about this -- see modules/exploits/windows/smb/psexec.rb which
uses an "smb_hash" as a password type.

Also, the fixes in #2583 do not appear to address anything else reported
on the Redmine issue, namely, operating system and architecture
identification discovered with this module (assuming good credentials).
Therefore, the Redmine issue should not be considered resolved.

[SeeRM #4398]
 2013-10-28 13:40:07 -05:00
jvazquez-r7 9276a839d4 [FixRM #4398] Report credentials to database 2013-10-25 16:19:47 -05:00
sinn3r 7ee615223d Land #2570 - HP Intelligent Management SOM Account Creation 2013-10-24 14:14:06 -05:00
jvazquez-r7 69da39ad52 Add module for ZDI-13-240 2013-10-23 16:01:01 -05:00
sinn3r d1e1968cb9 Land #2566 - Download and delete a file via SMB 2013-10-23 12:28:57 -05:00
sinn3r 9a51dd5fc4 Do exception handling and stuff 2013-10-23 12:28:25 -05:00
sinn3r 0500842625 Do some exception handling 2013-10-23 12:22:49 -05:00
sinn3r 83a4ac17e8 Make sure fd is closed to avoid a possible resource leak 2013-10-23 12:16:18 -05:00
sinn3r af02fd0355 Use store_loot, sorry mubix 2013-10-23 12:13:05 -05:00
Rob Fuller 8f3228d191 chage author but basic copied from hdms upload_file 2013-10-22 21:13:30 -04:00
Rob Fuller b2b8824e2e add delete and download modules for smb 2013-10-22 16:31:56 -04:00
William Vu 2aed8a3aea Update modules to use new ZDI reference 2013-10-21 15:13:46 -05:00
sinn3r 032da9be10 Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
sinn3r 6430fa3354 Land #2539 - Support Windows CMD generic payload 
This also upgrades auxiliary/admin/scada/igss_exec_17 to an exploit
 2013-10-21 11:26:13 -05:00
jvazquez-r7 be1d6ee0d3 Support Windows CMD generic payload 2013-10-17 14:07:27 -05:00
Tod Beardsley 07ab53ab39 Merge from master to clear conflict 
Conflicts:
	modules/exploits/windows/brightstor/tape_engine_8A.rb
	modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
 2013-10-17 13:29:24 -05:00
Tod Beardsley 2833d58387 Add OSVDB for vbulletin exploit 2013-10-16 15:01:28 -05:00
Tod Beardsley 3c2dddd7aa Update reference with a non-plagarised source 2013-10-16 14:44:18 -05:00
Tod Beardsley c83262f4bd Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
Tod Beardsley cad7329f2d Minor updates to vbulletin admin exploit 2013-10-10 22:09:38 -05:00
jvazquez-r7 4f3bbaffd1 Clean module and add reporting 2013-10-09 13:54:28 -05:00
jvazquez-r7 5c36533742 Add module for the vbulletin exploit in the wild 2013-10-09 13:12:57 -05:00
Meatballs c460f943f7 Merge branch 'master' into data_dir 
Conflicts:
	modules/exploits/windows/local/always_install_elevated.rb
	plugins/sounds.rb
	scripts/meterpreter/powerdump.rb
	scripts/shell/spawn_meterpreter.rb
 2013-10-02 20:17:11 +01:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
FireFart 09fa7b7692 remove rport methods since it is already defined in Msf::Exploit::Remote::HttpClient 2013-09-25 23:50:34 +02:00
sinn3r d006ee52b1 Land #2344 - Sophos Web Protection Appliance patience.cgi Directory Traversal 2013-09-12 14:13:32 -05:00
jvazquez-r7 02a073a8fe Change module filename 2013-09-09 23:30:37 -05:00
jvazquez-r7 64348dc020 Update information 2013-09-09 23:29:48 -05:00
jvazquez-r7 2252aee398 Fix ltype on store_loot 2013-09-09 14:02:28 -05:00
jvazquez-r7 ce769b0c78 Add module for CVE-2013-2641 2013-09-09 13:56:45 -05:00