diff --git a/modules/auxiliary/admin/http/ibm_drm_download.rb b/modules/auxiliary/admin/http/ibm_drm_download.rb index d74f2a5d26d5..395fe5541c37 100644 --- a/modules/auxiliary/admin/http/ibm_drm_download.rb +++ b/modules/auxiliary/admin/http/ibm_drm_download.rb @@ -42,7 +42,12 @@ def initialize(info = {}) 'Actions' => [ ['Download', { 'Description' => 'Download arbitrary file' }] ], - 'DefaultAction' => 'Download' + 'DefaultAction' => 'Download', + 'Notes' => { + 'Reliability' => [ ], + 'Stability' => [ CRASH_SAFE ], + 'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS ] + } ) ) @@ -112,7 +117,7 @@ def free_the_admin(session_id) 'ctype' => "multipart/form-data; boundary=#{post_data.bound}" }) - unless res && (res.code == 200) && res.body[/"data":"([0-9a-f\-]{36})/] + unless res && (res.code == 200) && res.body[/"data":"([0-9a-f-]{36})/] fail_with(Failure::NoAccess, "#{peer} - Failed to obtain the admin password.") end @@ -147,7 +152,7 @@ def login_and_csrf(password) 'cookie' => cookie }) - unless res && (res.code == 200) && res.body =~ /var csrfToken = "([0-9a-f\-]{36})";/ + unless res && (res.code == 200) && res.body =~ /var csrfToken = "([0-9a-f-]{36})";/ fail_with(Failure::NoAccess, "#{peer} - Failed to authenticate obtain CSRF cookie.") end csrf = Regexp.last_match(1) diff --git a/modules/auxiliary/admin/http/netgear_r6700_pass_reset.rb b/modules/auxiliary/admin/http/netgear_r6700_pass_reset.rb index 009c590b9712..b63d92994c01 100644 --- a/modules/auxiliary/admin/http/netgear_r6700_pass_reset.rb +++ b/modules/auxiliary/admin/http/netgear_r6700_pass_reset.rb @@ -51,7 +51,8 @@ def initialize(info = {}) 'Notes' => { 'SideEffects' => [ CONFIG_CHANGES ], # This module will change the configuration by # resetting the router to the default factory password. - 'Stability' => [ CRASH_SERVICE_DOWN ] # This module will crash the target service after it is run. + 'Stability' => [ CRASH_SERVICE_DOWN ], # This module will crash the target service after it is run. + 'Reliability' => [] }, 'RelatedModules' => [ 'exploit/linux/telnet/netgear_telnetenable' ], # This module relies on users also running exploit/linux/telnet/netgear_telnetenable to get the shell. 'DisclosureDate' => '2020-06-15', diff --git a/modules/auxiliary/admin/networking/arista_config.rb b/modules/auxiliary/admin/networking/arista_config.rb index 6f8c924c0527..bc5487bc9ea0 100644 --- a/modules/auxiliary/admin/networking/arista_config.rb +++ b/modules/auxiliary/admin/networking/arista_config.rb @@ -15,7 +15,12 @@ def initialize(info = {}) This module imports an Arista device configuration. }, 'License' => MSF_LICENSE, - 'Author' => [ 'h00die' ] + 'Author' => [ 'h00die' ], + 'Notes' => { + 'Stability' => [], + 'Reliability' => [], + 'SideEffects' => [] + } ) ) diff --git a/modules/auxiliary/admin/networking/cisco_vpn_3000_ftp_bypass.rb b/modules/auxiliary/admin/networking/cisco_vpn_3000_ftp_bypass.rb index bbda93483828..a5f517cdd592 100644 --- a/modules/auxiliary/admin/networking/cisco_vpn_3000_ftp_bypass.rb +++ b/modules/auxiliary/admin/networking/cisco_vpn_3000_ftp_bypass.rb @@ -29,7 +29,12 @@ def initialize(info = {}) [ 'OSVDB', '28139' ], [ 'OSVDB', '28138' ] ], - 'DisclosureDate' => '2006-08-23' + 'DisclosureDate' => '2006-08-23', + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'Reliability' => [], + 'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK] + } ) ) diff --git a/modules/auxiliary/admin/networking/f5_config.rb b/modules/auxiliary/admin/networking/f5_config.rb index f689ce2c6478..79b109e8ae7a 100644 --- a/modules/auxiliary/admin/networking/f5_config.rb +++ b/modules/auxiliary/admin/networking/f5_config.rb @@ -15,7 +15,12 @@ def initialize(info = {}) This module imports an F5 device configuration. }, 'License' => MSF_LICENSE, - 'Author' => ['h00die'] + 'Author' => ['h00die'], + 'Notes' => { + 'Stability' => [], + 'SideEffects' => [], + 'Reliability' => [] + } ) ) diff --git a/modules/auxiliary/admin/networking/juniper_config.rb b/modules/auxiliary/admin/networking/juniper_config.rb index c0601ea36a7d..31e80ce92eec 100644 --- a/modules/auxiliary/admin/networking/juniper_config.rb +++ b/modules/auxiliary/admin/networking/juniper_config.rb @@ -22,7 +22,12 @@ def initialize(info = {}) ['JUNOS', { 'Description' => 'Import JunOS Config File' }], ['SCREENOS', { 'Description' => 'Import ScreenOS Config File' }], ], - 'DefaultAction' => 'JUNOS' + 'DefaultAction' => 'JUNOS', + 'Notes' => { + 'Stability' => [], + 'SideEffects' => [], + 'Reliability' => [] + } ) ) diff --git a/modules/auxiliary/admin/networking/mikrotik_config.rb b/modules/auxiliary/admin/networking/mikrotik_config.rb index a2fe250faf5b..6f7c9fb6445d 100644 --- a/modules/auxiliary/admin/networking/mikrotik_config.rb +++ b/modules/auxiliary/admin/networking/mikrotik_config.rb @@ -20,7 +20,12 @@ def initialize(info = {}) ['ROUTEROS', { 'Description' => 'Import RouterOS Config File' }], ['SWOS', { 'Description' => 'Import SwOS Config File' }], ], - 'DefaultAction' => 'ROUTEROS' + 'DefaultAction' => 'ROUTEROS', + 'Notes' => { + 'Stability' => [], + 'SideEffects' => [], + 'Reliability' => [] + } ) ) diff --git a/modules/auxiliary/admin/networking/vyos_config.rb b/modules/auxiliary/admin/networking/vyos_config.rb index 6630884dd2d4..5a2232cd7ab4 100644 --- a/modules/auxiliary/admin/networking/vyos_config.rb +++ b/modules/auxiliary/admin/networking/vyos_config.rb @@ -15,7 +15,12 @@ def initialize(info = {}) This module imports a VyOS device configuration. }, 'License' => MSF_LICENSE, - 'Author' => [ 'h00die' ] + 'Author' => [ 'h00die' ], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) diff --git a/modules/auxiliary/admin/sap/cve_2020_6207_solman_rce.rb b/modules/auxiliary/admin/sap/cve_2020_6207_solman_rce.rb index 120f57cc4123..e064799d2dae 100644 --- a/modules/auxiliary/admin/sap/cve_2020_6207_solman_rce.rb +++ b/modules/auxiliary/admin/sap/cve_2020_6207_solman_rce.rb @@ -43,7 +43,12 @@ def initialize(info = {}) ['SECSTORE', { 'Description' => 'Get file with SolMan credentials from connected agent' }] ], 'DefaultAction' => 'LIST', - 'DisclosureDate' => '2020-10-03' + 'DisclosureDate' => '2020-10-03', + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [CONFIG_CHANGES, IOC_IN_LOGS], + 'Reliability' => [] + } ) ) register_options( diff --git a/modules/auxiliary/admin/sap/cve_2020_6287_ws_add_user.rb b/modules/auxiliary/admin/sap/cve_2020_6287_ws_add_user.rb index df069d878514..cb614b5d7700 100644 --- a/modules/auxiliary/admin/sap/cve_2020_6287_ws_add_user.rb +++ b/modules/auxiliary/admin/sap/cve_2020_6287_ws_add_user.rb @@ -29,7 +29,10 @@ def initialize(info = {}) [ 'URL', 'https://us-cert.cisa.gov/ncas/alerts/aa20-195a' ] ], 'Notes' => { - 'AKA' => [ 'RECON' ] + 'AKA' => [ 'RECON' ], + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [CONFIG_CHANGES, IOC_IN_LOGS], + 'Reliability' => [] }, 'Actions' => [ [ 'ADD', { 'Description' => 'Add the specified user' } ], diff --git a/modules/auxiliary/admin/sap/sap_igs_xmlchart_xxe.rb b/modules/auxiliary/admin/sap/sap_igs_xmlchart_xxe.rb index 4b5f6c626047..8117da2ae6c2 100644 --- a/modules/auxiliary/admin/sap/sap_igs_xmlchart_xxe.rb +++ b/modules/auxiliary/admin/sap/sap_igs_xmlchart_xxe.rb @@ -9,40 +9,45 @@ class MetasploitModule < Msf::Auxiliary def initialize(info = {}) super( - update_info( - info, - 'Name' => 'SAP Internet Graphics Server (IGS) XMLCHART XXE', - 'Description' => %q{ - This module exploits CVE-2018-2392 and CVE-2018-2393, two XXE vulnerabilities within the XMLCHART page - of SAP Internet Graphics Servers (IGS) running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53. These - vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when - submitting a POST request to the XMLCHART page to generate a new chart. - - Successful exploitation will allow unauthenticated remote attackers to read files from the server as the user - from which the IGS service is started, which will typically be the SAP admin user. Alternatively attackers - can also abuse the XXE vulnerability to conduct a denial of service attack against the vulnerable - SAP IGS server. - }, - 'Author' => [ - 'Yvan Genuer', # @_1ggy The researcher who originally found this vulnerability - 'Vladimir Ivanov' # @_generic_human_ This Metasploit module - ], - 'License' => MSF_LICENSE, - 'References' => [ - [ 'CVE', '2018-2392' ], - [ 'CVE', '2018-2393' ], - [ 'URL', 'https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_IGS-The-vulnerable-forgotten-component.pdf' ] - ], - 'Actions' => [ - [ 'READ', { 'Description' => 'Remote file read' } ], - [ 'DOS', { 'Description' => 'Denial Of Service' } ] - ], - 'DefaultAction' => 'READ', - 'DefaultOptions' => { - 'SSL' => false # Disable SSL (by default SAP IGS does not use SSL/TLS) - }, - 'DisclosureDate' => '2018-03-14' - ) + update_info( + info, + 'Name' => 'SAP Internet Graphics Server (IGS) XMLCHART XXE', + 'Description' => %q{ + This module exploits CVE-2018-2392 and CVE-2018-2393, two XXE vulnerabilities within the XMLCHART page + of SAP Internet Graphics Servers (IGS) running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53. These + vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when + submitting a POST request to the XMLCHART page to generate a new chart. + + Successful exploitation will allow unauthenticated remote attackers to read files from the server as the user + from which the IGS service is started, which will typically be the SAP admin user. Alternatively attackers + can also abuse the XXE vulnerability to conduct a denial of service attack against the vulnerable + SAP IGS server. + }, + 'Author' => [ + 'Yvan Genuer', # @_1ggy The researcher who originally found this vulnerability + 'Vladimir Ivanov' # @_generic_human_ This Metasploit module + ], + 'License' => MSF_LICENSE, + 'References' => [ + [ 'CVE', '2018-2392' ], + [ 'CVE', '2018-2393' ], + [ 'URL', 'https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_IGS-The-vulnerable-forgotten-component.pdf' ] + ], + 'Actions' => [ + [ 'READ', { 'Description' => 'Remote file read' } ], + [ 'DOS', { 'Description' => 'Denial Of Service' } ] + ], + 'DefaultAction' => 'READ', + 'DefaultOptions' => { + 'SSL' => false # Disable SSL (by default SAP IGS does not use SSL/TLS) + }, + 'DisclosureDate' => '2018-03-14', + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } + ) ) register_options( [ diff --git a/modules/auxiliary/dos/dns/bind_tsig_badtime.rb b/modules/auxiliary/dos/dns/bind_tsig_badtime.rb index 6d1456bb057e..b5991c5af500 100644 --- a/modules/auxiliary/dos/dns/bind_tsig_badtime.rb +++ b/modules/auxiliary/dos/dns/bind_tsig_badtime.rb @@ -28,7 +28,12 @@ def initialize(info = {}) ], 'DisclosureDate' => '2020-05-19', 'License' => MSF_LICENSE, - 'DefaultOptions' => { 'ScannerRecvWindow' => 0 } + 'DefaultOptions' => { 'ScannerRecvWindow' => 0 }, + 'Notes' => { + 'Stability' => [CRASH_SERVICE_DOWN], + 'SideEffects' => [], + 'Reliability' => [] + } ) ) diff --git a/modules/auxiliary/dos/http/cable_haunt_websocket_dos.rb b/modules/auxiliary/dos/http/cable_haunt_websocket_dos.rb index bea81c9aa248..02ad00b40383 100644 --- a/modules/auxiliary/dos/http/cable_haunt_websocket_dos.rb +++ b/modules/auxiliary/dos/http/cable_haunt_websocket_dos.rb @@ -36,7 +36,12 @@ def initialize(info = {}) ['URL', 'https://github.com/Lyrebirds/sagemcom-fast-3890-exploit'] ], 'DisclosureDate' => '2020-01-07', - 'License' => MSF_LICENSE + 'License' => MSF_LICENSE, + 'Notes' => { + 'Stability' => [CRASH_SERVICE_DOWN], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) diff --git a/modules/auxiliary/gather/peplink_bauth_sqli.rb b/modules/auxiliary/gather/peplink_bauth_sqli.rb index 0cc7a1436c8d..3e5c122fc298 100644 --- a/modules/auxiliary/gather/peplink_bauth_sqli.rb +++ b/modules/auxiliary/gather/peplink_bauth_sqli.rb @@ -27,7 +27,12 @@ def initialize(info = {}) [ 'URL', 'https://gist.github.com/red0xff/c4511d2f427efcb8b018534704e9607a' ] ], 'Targets' => [['Wildcard Target', {}]], - 'DefaultTarget' => 0 + 'DefaultTarget' => 0, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) register_options( diff --git a/modules/auxiliary/gather/redis_extractor.rb b/modules/auxiliary/gather/redis_extractor.rb index 01adf30400b5..2ab102fb90f1 100644 --- a/modules/auxiliary/gather/redis_extractor.rb +++ b/modules/auxiliary/gather/redis_extractor.rb @@ -16,7 +16,12 @@ def initialize(info = {}) }, 'Author' => ['Geoff Rainville noncenz[at]ultibits.com'], 'License' => MSF_LICENSE, - 'References' => [['URL', 'https://redis.io/topics/protocol']] + 'References' => [['URL', 'https://redis.io/topics/protocol']], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [], + 'Reliability' => [] + } ) ) register_options( diff --git a/modules/auxiliary/gather/saltstack_salt_root_key.rb b/modules/auxiliary/gather/saltstack_salt_root_key.rb index bbc48da70724..c686b8b6d841 100644 --- a/modules/auxiliary/gather/saltstack_salt_root_key.rb +++ b/modules/auxiliary/gather/saltstack_salt_root_key.rb @@ -49,7 +49,8 @@ def initialize(info = {}) 'DefaultAction' => 'Dump', 'Notes' => { 'Stability' => [CRASH_SAFE], - 'SideEffects' => [IOC_IN_LOGS] + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] } ) ) @@ -114,7 +115,7 @@ def yeet_prep_auth_info vprint_good('Received serialized auth info') # HACK: Strip assumed ZeroMQ header and leave assumed MessagePack "load" - res[4..-1] + res[4..] end def extract_root_key(auth_info) diff --git a/modules/auxiliary/gather/shodan_host.rb b/modules/auxiliary/gather/shodan_host.rb index eb8af607a05f..eb1447a24422 100644 --- a/modules/auxiliary/gather/shodan_host.rb +++ b/modules/auxiliary/gather/shodan_host.rb @@ -17,7 +17,12 @@ def initialize(info = {}) 'License' => MSF_LICENSE, 'References' => [ [ 'URL', 'https://honeyscore.shodan.io/'] - ] + ], + 'Notes' => { + 'Stability' => [], + 'SideEffects' => [], + 'Reliability' => [] + } ) ) register_options( diff --git a/modules/auxiliary/gather/vbulletin_getindexablecontent_sqli.rb b/modules/auxiliary/gather/vbulletin_getindexablecontent_sqli.rb index 78dd4d4ee52a..e5279a307e58 100644 --- a/modules/auxiliary/gather/vbulletin_getindexablecontent_sqli.rb +++ b/modules/auxiliary/gather/vbulletin_getindexablecontent_sqli.rb @@ -32,7 +32,12 @@ module has been tested successfully on VBulletin Version 5.6.1 on Ubuntu Linux. ['DumpAll', { 'Description' => 'Dump all tables used by vbulletin.' }] ], 'DefaultAction' => 'DumpUser', - 'DisclosureDate' => '2020-03-12' + 'DisclosureDate' => '2020-03-12', + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) register_options([ diff --git a/modules/auxiliary/gather/zookeeper_info_disclosure.rb b/modules/auxiliary/gather/zookeeper_info_disclosure.rb index f2c62ac11b37..845a50e72c5c 100644 --- a/modules/auxiliary/gather/zookeeper_info_disclosure.rb +++ b/modules/auxiliary/gather/zookeeper_info_disclosure.rb @@ -24,9 +24,14 @@ def initialize(info = {}) ], 'DisclosureDate' => '2020-10-14', 'License' => MSF_LICENSE, - 'DefaultOptions' => { 'VERBOSE' => true } - ) + 'DefaultOptions' => { 'VERBOSE' => true }, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [], + 'Reliability' => [] + } ) + ) register_options( [ diff --git a/modules/auxiliary/scanner/http/limesurvey_zip_traversals.rb b/modules/auxiliary/scanner/http/limesurvey_zip_traversals.rb index 5e9e45d9dead..68cb15f5c416 100644 --- a/modules/auxiliary/scanner/http/limesurvey_zip_traversals.rb +++ b/modules/auxiliary/scanner/http/limesurvey_zip_traversals.rb @@ -43,7 +43,12 @@ def initialize(info = {}) ['URL', 'https://www.secsignal.org/en/news/cve-2019-9960-arbitrary-file-download-in-limesurvey/'], ['URL', 'https://github.com/LimeSurvey/LimeSurvey/commit/1ed10d3c423187712b8f6a8cb2bc9d5cc3b2deb8'] ], - 'DisclosureDate' => '2020-04-02' + 'DisclosureDate' => '2020-04-02', + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) diff --git a/modules/auxiliary/scanner/http/springcloud_directory_traversal.rb b/modules/auxiliary/scanner/http/springcloud_directory_traversal.rb index 77d92bd4fa9d..2427ba83bec7 100644 --- a/modules/auxiliary/scanner/http/springcloud_directory_traversal.rb +++ b/modules/auxiliary/scanner/http/springcloud_directory_traversal.rb @@ -30,7 +30,12 @@ def initialize(info = {}) 'Dhiraj Mishra' # Metasploit module ], 'DisclosureDate' => '2020-06-01', - 'License' => MSF_LICENSE + 'License' => MSF_LICENSE, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) diff --git a/modules/auxiliary/scanner/http/synology_forget_passwd_user_enum.rb b/modules/auxiliary/scanner/http/synology_forget_passwd_user_enum.rb index b7168560c127..f18b6699b0eb 100644 --- a/modules/auxiliary/scanner/http/synology_forget_passwd_user_enum.rb +++ b/modules/auxiliary/scanner/http/synology_forget_passwd_user_enum.rb @@ -36,7 +36,12 @@ def initialize(info = {}) [ 'CVE', '2017-9554' ], [ 'URL', 'https://www.synology.com/en-global/security/advisory/Synology_SA_17_29_DSM' ] ], - 'DisclosureDate' => '2011-01-05' + 'DisclosureDate' => '2011-01-05', + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [ACCOUNT_LOCKOUTS, IOC_IN_LOGS], + 'Reliability' => [] + } ) ) diff --git a/modules/auxiliary/scanner/http/wp_duplicator_file_read.rb b/modules/auxiliary/scanner/http/wp_duplicator_file_read.rb index 3431c9ba6d1f..f5011c180a6d 100644 --- a/modules/auxiliary/scanner/http/wp_duplicator_file_read.rb +++ b/modules/auxiliary/scanner/http/wp_duplicator_file_read.rb @@ -28,7 +28,12 @@ def initialize(info = {}) 'Hoa Nguyen - SunCSR Team' # Metasploit module ], 'DisclosureDate' => '2020-02-19', - 'License' => MSF_LICENSE + 'License' => MSF_LICENSE, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) @@ -61,7 +66,7 @@ def run_host(ip) fail_with Failure::Unreachable, 'Connection failed' unless res fail_with Failure::NotVulnerable, 'Connection failed. Nothing was downloaded' if res.code != 200 - fail_with Failure::NotVulnerable, 'Nothing was downloaded. Change the DEPTH parameter' if res.body.length.zero? + fail_with Failure::NotVulnerable, 'Nothing was downloaded. Change the DEPTH parameter' if res.body.empty? print_status('Downloading file...') print_line("\n#{res.body}\n") diff --git a/modules/auxiliary/scanner/http/zenload_balancer_traversal.rb b/modules/auxiliary/scanner/http/zenload_balancer_traversal.rb index aa4f6045c02d..76fcff1bc756 100644 --- a/modules/auxiliary/scanner/http/zenload_balancer_traversal.rb +++ b/modules/auxiliary/scanner/http/zenload_balancer_traversal.rb @@ -26,7 +26,12 @@ def initialize(info = {}) 'References' => [ ['EDB', '48308'] ], - 'DisclosureDate' => '2020-04-10' + 'DisclosureDate' => '2020-04-10', + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) diff --git a/modules/auxiliary/scanner/scada/modbus_banner_grabbing.rb b/modules/auxiliary/scanner/scada/modbus_banner_grabbing.rb index 879e6c831aee..3c8632be5971 100644 --- a/modules/auxiliary/scanner/scada/modbus_banner_grabbing.rb +++ b/modules/auxiliary/scanner/scada/modbus_banner_grabbing.rb @@ -29,7 +29,12 @@ def initialize(info = {}) [ 'URL', 'https://en.wikipedia.org/wiki/Modbus#Modbus_TCP_frame_format_(primarily_used_on_Ethernet_networks)' ], [ 'URL', 'https://github.com/industrialarmy/Hello_Proto' ], ], - 'License' => MSF_LICENSE + 'License' => MSF_LICENSE, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) diff --git a/modules/auxiliary/server/teamviewer_uri_smb_redirect.rb b/modules/auxiliary/server/teamviewer_uri_smb_redirect.rb index 19a7dcedeb2f..d773fedf1f4c 100644 --- a/modules/auxiliary/server/teamviewer_uri_smb_redirect.rb +++ b/modules/auxiliary/server/teamviewer_uri_smb_redirect.rb @@ -34,7 +34,9 @@ def initialize(info = {}) [ 'URL', 'https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448' ] ], 'Notes' => { - 'SideEffects' => [IOC_IN_LOGS] + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] } ) ) diff --git a/modules/auxiliary/sqli/dlink/dlink_central_wifimanager_sqli.rb b/modules/auxiliary/sqli/dlink/dlink_central_wifimanager_sqli.rb index 8bc90049af3a..b0e53075a963 100644 --- a/modules/auxiliary/sqli/dlink/dlink_central_wifimanager_sqli.rb +++ b/modules/auxiliary/sqli/dlink/dlink_central_wifimanager_sqli.rb @@ -40,7 +40,12 @@ def initialize(info = {}) ], 'DefaultOptions' => { 'SSL' => true }, 'DefaultAction' => 'SQLI_DUMP', - 'DisclosureDate' => '2019-07-06' + 'DisclosureDate' => '2019-07-06', + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [CONFIG_CHANGES, IOC_IN_LOGS], + 'Reliability' => [] + } ) ) diff --git a/modules/exploits/multi/http/atutor_upload_traversal.rb b/modules/exploits/multi/http/atutor_upload_traversal.rb index 80e7946ed8a6..e7983b6583d0 100644 --- a/modules/exploits/multi/http/atutor_upload_traversal.rb +++ b/modules/exploits/multi/http/atutor_upload_traversal.rb @@ -77,7 +77,12 @@ def initialize(info = {}) 'SSL' => false, 'WfsDelay' => 3 # If exploitation via `Import New Language` doesn't work, wait this long before attempting exploiting via `Patcher` }, - 'DefaultTarget' => 0 + 'DefaultTarget' => 0, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS], + 'Reliability' => [] + } ) ) diff --git a/modules/post/android/local/koffee.rb b/modules/post/android/local/koffee.rb index 18305acd3842..791f90b632a4 100644 --- a/modules/post/android/local/koffee.rb +++ b/modules/post/android/local/koffee.rb @@ -53,7 +53,12 @@ def initialize(info = {}) 'DefaultAction' => 'TOGGLE_RADIO_MUTE', 'Platform' => 'Android', 'DisclosureDate' => '2020-12-02', - 'License' => MSF_LICENSE + 'License' => MSF_LICENSE, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [SCREEN_EFFECTS, CONFIG_CHANGES, IOC_IN_LOGS], + 'Reliability' => [] + } ) ) register_options([ diff --git a/modules/post/linux/gather/enum_containers.rb b/modules/post/linux/gather/enum_containers.rb index df280d6e3a41..79914ec85244 100644 --- a/modules/post/linux/gather/enum_containers.rb +++ b/modules/post/linux/gather/enum_containers.rb @@ -18,7 +18,12 @@ def initialize(info = {}) 'License' => MSF_LICENSE, 'Author' => ['stealthcopter'], 'Platform' => ['linux'], - 'SessionTypes' => ['shell', 'meterpreter'] + 'SessionTypes' => ['shell', 'meterpreter'], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) register_options( diff --git a/modules/post/linux/gather/haserl_read.rb b/modules/post/linux/gather/haserl_read.rb index 73a62b5decf6..236643185335 100644 --- a/modules/post/linux/gather/haserl_read.rb +++ b/modules/post/linux/gather/haserl_read.rb @@ -28,7 +28,12 @@ def initialize(info = {}) ['URL', 'https://twitter.com/steaIth/status/1364940271054712842'], ['URL', 'https://gitlab.alpinelinux.org/alpine/aports/-/issues/12539'], ['CVE', '2021-29133'] - ] + ], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) register_options([ diff --git a/modules/post/multi/gather/enum_hexchat.rb b/modules/post/multi/gather/enum_hexchat.rb index c374db73640c..b7672dbdaa5a 100644 --- a/modules/post/multi/gather/enum_hexchat.rb +++ b/modules/post/multi/gather/enum_hexchat.rb @@ -33,7 +33,12 @@ def initialize(info = {}) 'DefaultAction' => 'ALL', 'References' => [ ['URL', 'https://hexchat.readthedocs.io/en/latest/settings.html'] - ] + ], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) register_options([ diff --git a/modules/post/multi/gather/enum_software_versions.rb b/modules/post/multi/gather/enum_software_versions.rb index ef655d348036..d79a919815aa 100644 --- a/modules/post/multi/gather/enum_software_versions.rb +++ b/modules/post/multi/gather/enum_software_versions.rb @@ -23,7 +23,12 @@ def initialize(info = {}) 'License' => MSF_LICENSE, 'Author' => [ 'gwillcox-r7' ], 'Platform' => %w[win linux osx bsd solaris android], - 'SessionTypes' => [ 'meterpreter', 'shell' ] + 'SessionTypes' => [ 'meterpreter', 'shell' ], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) end diff --git a/modules/post/multi/gather/saltstack_salt.rb b/modules/post/multi/gather/saltstack_salt.rb index 77c4f558eb93..92ae318f81a0 100644 --- a/modules/post/multi/gather/saltstack_salt.rb +++ b/modules/post/multi/gather/saltstack_salt.rb @@ -28,7 +28,12 @@ def initialize(info = {}) 'c2Vlcgo' ], 'SessionTypes' => %w[shell meterpreter], - 'License' => MSF_LICENSE + 'License' => MSF_LICENSE, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) register_options( diff --git a/modules/post/multi/gather/unix_cached_ad_hashes.rb b/modules/post/multi/gather/unix_cached_ad_hashes.rb index f9d929436df2..a6dd7fdeedb7 100644 --- a/modules/post/multi/gather/unix_cached_ad_hashes.rb +++ b/modules/post/multi/gather/unix_cached_ad_hashes.rb @@ -40,7 +40,12 @@ def initialize(info = {}) 'License' => MSF_LICENSE, 'Author' => [ 'Tim Brown '], 'Platform' => %w[linux osx unix solaris aix], - 'SessionTypes' => [ 'meterpreter', 'shell' ] + 'SessionTypes' => [ 'meterpreter', 'shell' ], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) end diff --git a/modules/post/multi/gather/unix_kerberos_tickets.rb b/modules/post/multi/gather/unix_kerberos_tickets.rb index 75d2dfe74fea..24fb123c6a3b 100644 --- a/modules/post/multi/gather/unix_kerberos_tickets.rb +++ b/modules/post/multi/gather/unix_kerberos_tickets.rb @@ -42,7 +42,12 @@ def initialize(info = {}) 'License' => MSF_LICENSE, 'Author' => [ 'Tim Brown '], 'Platform' => %w[linux osx unix solaris aix], - 'SessionTypes' => [ 'meterpreter', 'shell' ] + 'SessionTypes' => [ 'meterpreter', 'shell' ], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) register_options([ diff --git a/modules/post/multi/sap/smdagent_get_properties.rb b/modules/post/multi/sap/smdagent_get_properties.rb index a7ccae0957be..dea0e790e8da 100644 --- a/modules/post/multi/sap/smdagent_get_properties.rb +++ b/modules/post/multi/sap/smdagent_get_properties.rb @@ -44,6 +44,11 @@ def initialize(info = {}) stdapi_net_resolve_host ] } + }, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] } ) ) diff --git a/modules/post/networking/gather/enum_cisco.rb b/modules/post/networking/gather/enum_cisco.rb index 1828c0f58fe1..83ff60b657f4 100644 --- a/modules/post/networking/gather/enum_cisco.rb +++ b/modules/post/networking/gather/enum_cisco.rb @@ -18,7 +18,12 @@ def initialize(info = {}) 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], 'Platform' => [ 'cisco'], - 'SessionTypes' => [ 'shell' ] + 'SessionTypes' => [ 'shell' ], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) diff --git a/modules/post/networking/gather/enum_f5.rb b/modules/post/networking/gather/enum_f5.rb index 7d3afd3bdeb2..4c56b9a3f9b7 100644 --- a/modules/post/networking/gather/enum_f5.rb +++ b/modules/post/networking/gather/enum_f5.rb @@ -16,7 +16,12 @@ def initialize(info = {}) }, 'License' => MSF_LICENSE, 'Author' => [ 'h00die'], - 'SessionTypes' => [ 'shell' ] + 'SessionTypes' => [ 'shell' ], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) end diff --git a/modules/post/networking/gather/enum_mikrotik.rb b/modules/post/networking/gather/enum_mikrotik.rb index ad2dc69ab806..46faea9b35fb 100644 --- a/modules/post/networking/gather/enum_mikrotik.rb +++ b/modules/post/networking/gather/enum_mikrotik.rb @@ -18,7 +18,12 @@ def initialize(info = {}) 'License' => MSF_LICENSE, 'Author' => ['h00die'], 'Platform' => ['mikrotik'], - 'SessionTypes' => ['shell'] + 'SessionTypes' => ['shell'], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) end diff --git a/modules/post/networking/gather/enum_vyos.rb b/modules/post/networking/gather/enum_vyos.rb index 5b0784456171..41035d4c479a 100644 --- a/modules/post/networking/gather/enum_vyos.rb +++ b/modules/post/networking/gather/enum_vyos.rb @@ -16,7 +16,12 @@ def initialize(info = {}) }, 'License' => MSF_LICENSE, 'Author' => ['h00die'], - 'SessionTypes' => ['shell'] + 'SessionTypes' => ['shell'], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) end diff --git a/modules/post/osx/escalate/tccbypass.rb b/modules/post/osx/escalate/tccbypass.rb index 0c444c86932a..dbf772ea613f 100644 --- a/modules/post/osx/escalate/tccbypass.rb +++ b/modules/post/osx/escalate/tccbypass.rb @@ -32,7 +32,9 @@ def initialize(info = {}) ['URL', 'https://github.com/mattshockl/CVE-2020-9934'], ], 'Notes' => { - 'SideEffects' => [ ARTIFACTS_ON_DISK, SCREEN_EFFECTS ] + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [ CONFIG_CHANGES, ARTIFACTS_ON_DISK, SCREEN_EFFECTS ], + 'Reliability' => [] }, 'Platform' => [ 'osx' ], 'SessionTypes' => [ 'shell', 'meterpreter' ] diff --git a/modules/post/osx/gather/gitignore.rb b/modules/post/osx/gather/gitignore.rb index 03cc9be20413..612fdf7b6402 100644 --- a/modules/post/osx/gather/gitignore.rb +++ b/modules/post/osx/gather/gitignore.rb @@ -11,9 +11,14 @@ def initialize(info = {}) 'License' => MSF_LICENSE, 'Author' => [ 'N!ght Jmp'], 'Platform' => [ 'osx' ], - 'SessionTypes' => [ 'meterpreter', 'shell' ] + 'SessionTypes' => [ 'meterpreter', 'shell' ], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) - ) + ) register_options([ OptString.new('MODE', [false, 'Gitignore retrieval modes: 1). Find gitignore file locations. 2). Retrieve specific gitignore/file contents', '']), OptString.new('FILE', [false, 'Filepath of gitignore/file to retrieve (For mode 2)', '']) diff --git a/modules/post/windows/gather/avast_memory_dump.rb b/modules/post/windows/gather/avast_memory_dump.rb index 0de6b293257f..4b183115e221 100644 --- a/modules/post/windows/gather/avast_memory_dump.rb +++ b/modules/post/windows/gather/avast_memory_dump.rb @@ -20,7 +20,12 @@ def initialize(info = {}) 'License' => MSF_LICENSE, 'Author' => [ 'DLL_Cool_J' ], 'Platform' => [ 'win'], - 'SessionTypes' => [ 'meterpreter'] + 'SessionTypes' => [ 'meterpreter'], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK], + 'Reliability' => [] + } ) ) diff --git a/modules/post/windows/gather/credentials/pulse_secure.rb b/modules/post/windows/gather/credentials/pulse_secure.rb index c09c24f0442e..0c281ff636aa 100644 --- a/modules/post/windows/gather/credentials/pulse_secure.rb +++ b/modules/post/windows/gather/credentials/pulse_secure.rb @@ -50,6 +50,11 @@ def initialize(info = {}) stdapi_sys_process_memory_write ] } + }, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] } ) ) @@ -228,7 +233,7 @@ def find_creds next unless key_names key_names.each do |key_name| - ive_index = key_name[4..-1] # remove 'ive:' + ive_index = key_name[4..] # remove 'ive:' # We get the encrypted password value from registry reg_path = "HKEY_USERS\\#{profile['SID']}\\Software\\Pulse Secure\\Pulse\\User Data\\ive:#{ive_index}" vals = registry_enumvals(reg_path) diff --git a/modules/post/windows/gather/credentials/xshell_xftp_password.rb b/modules/post/windows/gather/credentials/xshell_xftp_password.rb index c6c7398c57f1..32145d7d678f 100644 --- a/modules/post/windows/gather/credentials/xshell_xftp_password.rb +++ b/modules/post/windows/gather/credentials/xshell_xftp_password.rb @@ -36,6 +36,11 @@ def initialize(info = {}) stdapi_fs_stat ] } + }, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] } ) ) @@ -50,11 +55,11 @@ def try_encode_file(data) # version 6.0 The character set of the session file will use Unicode # version <= 5.3 The character set of the session file will use ANSI if data[0].unpack('C') == [255] && data[1].unpack('C') == [254] - data[2..-1].force_encoding('UTF-16LE').encode('UTF-8') + data[2..].force_encoding('UTF-16LE').encode('UTF-8') elsif data[0].unpack('C') == [254] && data[1].unpack('C') == [187] && data[2].unpack('C') == [191] data elsif data[0].unpack('C') == [254] && data[1].unpack('C') == [255] - data[2..-1].force_encoding('UTF-16BE').encode('UTF-8') + data[2..].force_encoding('UTF-16BE').encode('UTF-8') else data end diff --git a/modules/post/windows/gather/enum_onedrive.rb b/modules/post/windows/gather/enum_onedrive.rb index bf571deacfbf..c114e207e86a 100644 --- a/modules/post/windows/gather/enum_onedrive.rb +++ b/modules/post/windows/gather/enum_onedrive.rb @@ -27,7 +27,12 @@ def initialize(info = {}) 'License' => MSF_LICENSE, 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], - 'Author' => ['Stuart Morgan '] + 'Author' => ['Stuart Morgan '], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) ) end diff --git a/modules/post/windows/gather/exchange.rb b/modules/post/windows/gather/exchange.rb index e076c4ac501a..0712b0883dd3 100644 --- a/modules/post/windows/gather/exchange.rb +++ b/modules/post/windows/gather/exchange.rb @@ -46,6 +46,11 @@ def initialize(info = {}) stdapi_fs_stat ] } + }, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] } ) ) diff --git a/modules/post/windows/gather/forensics/fanny_bmp_check.rb b/modules/post/windows/gather/forensics/fanny_bmp_check.rb index 6529f114d255..319236408c01 100644 --- a/modules/post/windows/gather/forensics/fanny_bmp_check.rb +++ b/modules/post/windows/gather/forensics/fanny_bmp_check.rb @@ -27,7 +27,12 @@ def initialize(info = {}) 'References' => [ ['URL', 'https://securelist.com/a-fanny-equation-i-am-your-father-stuxnet/68787'], ['CVE', '2010-2568'] - ] + ], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [], + 'Reliability' => [] + } ) ) end diff --git a/modules/post/windows/manage/add_user.rb b/modules/post/windows/manage/add_user.rb index d469f34338ca..f724660e99ad 100644 --- a/modules/post/windows/manage/add_user.rb +++ b/modules/post/windows/manage/add_user.rb @@ -37,6 +37,11 @@ def initialize(info = {}) stdapi_sys_process_get_processes ] } + }, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'Reliability' => [], + 'SideEffects' => [IOC_IN_LOGS, CONFIG_CHANGES] } ) ) diff --git a/modules/post/windows/manage/execute_dotnet_assembly.rb b/modules/post/windows/manage/execute_dotnet_assembly.rb index b38bc457cca4..31a0aa8f01b5 100644 --- a/modules/post/windows/manage/execute_dotnet_assembly.rb +++ b/modules/post/windows/manage/execute_dotnet_assembly.rb @@ -48,6 +48,11 @@ def initialize(info = {}) stdapi_sys_process_thread_create ] } + }, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] } ) ) diff --git a/modules/post/windows/manage/install_python.rb b/modules/post/windows/manage/install_python.rb index 6ae25dc95137..a1207231709f 100644 --- a/modules/post/windows/manage/install_python.rb +++ b/modules/post/windows/manage/install_python.rb @@ -27,7 +27,12 @@ def initialize(info = {}) 'References' => [ ['URL', 'https://docs.python.org/3/using/windows.html#windows-embeddable'], ['URL', 'https://attack.mitre.org/techniques/T1064/'] - ] + ], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'Reliability' => [], + 'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS] + } ) ) register_options(