RubyGems - nifflsploit - Versions diffs - 0.0.1 - Mend

nifflsploit 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +15 -0
data/.document +5 -0
data/.gitignore +49 -0
data/Gemfile +16 -0
data/LICENSE.txt +20 -0
data/README.rdoc +24 -0
data/Rakefile +53 -0
data/lib/nifflsploit/query.rb +30 -0
data/lib/nifflsploit/result.rb +39 -0
data/lib/nifflsploit/version.rb +3 -0
data/lib/nifflsploit.rb +10 -0
data/nifflsploit.gemspec +24 -0
data/spec/lib/nifflsploit/query_spec.rb +21 -0
data/spec/lib/nifflsploit/result_spec.rb +61 -0
data/spec/lib/nifflsploit_spec.rb +13 -0
data/spec/support/positive_response.html +1 -0
metadata +90 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    MDc2NjIxNTNlOWVjNzRmMTlhYjNhZWQ4OTI5ZTJiOWE0MGVmMzNiYg==
+  data.tar.gz: !binary |-
+    MDM1OTY2MDliZTE2ZTVhYjE3YjI1ZjI2MWVkNmVmNmRlZTQ3MjRiMA==
+!binary "U0hBNTEy":
+  metadata.gz: !binary |-
+    MjU0YzRkYmRjM2E5NDQ5MmNjZGQxMTI2YmY5ZGU5NGM2OGZkZTdhNTA1N2E4
+    N2YyYTBiOGNlMTNmMWUyZjlkZDRlMzhlZWJhNDYzY2UwNzlhZDczMDUyZmVm
+    YzI1NmQ2MDc1NDI3OTEzMGY3MWNhZWFlNmRiYzg1ODY0OWYyZTc=
+  data.tar.gz: !binary |-
+    NDY4YmM0OWJjYmJiZmRlYjc0MTBkNGJiM2JiOTc1YTY3MDdiNjgzZmRhYTA1
+    MzU1NWUwYjZlODRiNjk1N2Q1ZDcwNmUzNzIwZGY3ZjM1Y2QyNjc4NmU2NmYx
+    ZGI1NDM1MGZkYTkwNzdkYjkzMTJlNGUyY2Q1MTVkMzg0ZjlmYWI=

data/.document ADDED Viewed

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+-
+features/**/*.feature
+LICENSE.txt

data/.gitignore ADDED Viewed

@@ -0,0 +1,49 @@
+# rcov generated
+coverage
+coverage.data
+# rdoc generated
+rdoc
+# yard generated
+doc
+.yardoc
+# bundler
+.bundle
+# jeweler generated
+pkg
+# Have editor/IDE/OS specific files you need to ignore? Consider using a global gitignore:
+#
+# * Create a file at ~/.gitignore
+# * Include files you want ignored
+# * Run: git config --global core.excludesfile ~/.gitignore
+#
+# After doing this, these files will be ignored in all your git projects,
+# saving you from having to 'pollute' every project you touch with them
+#
+# Not sure what to needs to be ignored for particular editors/OSes? Here's some ideas to get you started. (Remember, remove the leading # of the line)
+#
+# For MacOS:
+#
+#.DS_Store
+# For TextMate
+#*.tmproj
+#tmtags
+# For emacs:
+#*~
+#\#*
+#.\#*
+# For vim:
+#*.swp
+# For redcar:
+#.redcar
+# For rubinius:
+#*.rbc

data/Gemfile ADDED Viewed

@@ -0,0 +1,16 @@
+source "http://rubygems.org"
+# Add dependencies required to use your gem here.
+# Example:
+#   gem "activesupport", ">= 2.3.5"
+gem "nokogiri"
+gem "rspec"
+# Add dependencies to develop your gem here.
+# Include everything needed to run rake, tests, features, etc.
+group :development do
+  gem "shoulda", ">= 0"
+  gem "rdoc", "~> 3.12"
+  gem "bundler", "~> 1.0.0"
+  gem "jeweler", "~> 1.8.4"
+  gem "rcov", ">= 0"
+end

data/LICENSE.txt ADDED Viewed

@@ -0,0 +1,20 @@
+Copyright (c) 2013 Michael Carlson (MIT License)
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc ADDED Viewed

@@ -0,0 +1,24 @@
+= Nifflsploit
+Nifflsploit is a wrapper around the exploit search on metasploit.com. It should be used to search for metasploit modules relating to CVEs. The name is derived from a small mammal in a childrens' novel that hunts for shiny objects.
+Usage:
+require 'nifflsploit'
+result = Nifflsploit.cve_search("CVE-2008-4250")
+result.name => "Microsoft Server Service Relative Path Stack Corruption"
+== Contributing to Nifflsploit
+* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet.
+* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it.
+* Fork the project.
+* Start a feature/bugfix branch.
+* Commit and push until you are happy with your contribution.
+* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
+== Copyright
+Copyright (c) 2013 Michael Carlson. See LICENSE.txt for
+further details.

data/Rakefile ADDED Viewed

@@ -0,0 +1,53 @@
+# encoding: utf-8
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "nifflsploit"
+  gem.homepage = "http://github.com/Prandium/nifflsploit"
+  gem.license = "MIT"
+  gem.summary = %Q{TODO: one-line summary of your gem}
+  gem.description = %Q{TODO: longer description of your gem}
+  gem.email = "me@mbcarlson.org"
+  gem.authors = ["Michael Carlson"]
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+require 'rcov/rcovtask'
+Rcov::RcovTask.new do |test|
+  test.libs << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+  test.rcov_opts << '--exclude "gems/*"'
+end
+task :default => :test
+require 'rdoc/task'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "nifflsploit #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/lib/nifflsploit/query.rb ADDED Viewed

@@ -0,0 +1,30 @@
+require 'open-uri'
+require 'cgi'
+require 'nokogiri'
+class Nifflsploit
+  class Query
+    BASE_URL = "http://www.metasploit.com/modules/framework/search?cve="
+    def self.cve(cve)
+      url = BASE_URL+CGI::escape(cve)
+      response = fetch_html(url)
+      document = Nokogiri::HTML.parse(response)
+      return document
+    end # def self.cve
+    private
+    def self.fetch_html(url)
+      # open is the open-uri, which returns a io-string object, so we need to convert that to a encoded string
+      response = open(url)
+      # open-uri will save the response as a temp file if it's too large, so check what the class is before parsing
+      if response.kind_of?(StringIO)
+        resp_string = response.string
+      else
+        resp_string = response.read
+      end
+      return resp_string
+    end # def fetch
+  end # class Query
+end # class Nifflsploit

data/lib/nifflsploit/result.rb ADDED Viewed

@@ -0,0 +1,39 @@
+require 'nokogiri'
+class Nifflsploit
+  class Result
+    attr_accessor :name, :rank, :authors, :references, :development, :module_options
+    def self.parse(document)
+      result = Nifflsploit::Result.new
+      result.name = document.xpath("/html/body/div/div/section/h1").text
+      result.rank = document.xpath("/html/body/div/div/section/div/ul[1]/li").text
+      # this xpath resolves to multiple authors, looking like [Author, Author], so we need to get the text
+      #  value for each author and return an array of authors
+      result.authors = document.xpath("/html/body/div/div/section/div/ul[2]/li").collect {|z| z.text}
+      # same as above, but we need the href attribute, not the text, so we need to navigate to the 'a' object
+      #  and get the href link text
+      result.references = document.xpath("/html/body/div/div/section/div/ul[3]/li").collect {|z| z.xpath("a").attr('href').text}
+      # result.development will look like {:source_code => "http://blarg.com", :history => "http://blarg2.com"}
+      result.development = {}
+      for link in document.xpath("/html/body/div/div/section/div/ul[4]/li")
+        key = link.xpath("a").text.downcase.gsub(/\s/, "_")
+        value = link.xpath("a").attr('href').text
+        result.development[key.to_sym] = value
+      end # for link
+      # result.module_options will look like {:PASSWORD => "The password to reset to (default: admin)", :Proxies => "proxy"}
+      result.module_options = {}
+      for row in document.xpath("/html/body/div/div/section/div/div[2]/table/tr")
+        key = row.xpath('td[1]').text
+        value = row.xpath('td[2]').text
+        result.module_options[key.to_sym] = value
+      end # for row
+      return result
+    end # def parse
+  end # class Result
+end # class Nifflsploit

data/lib/nifflsploit/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+class Nifflsploit
+  VERSION = "0.0.1"
+end

data/lib/nifflsploit.rb ADDED Viewed

@@ -0,0 +1,10 @@
+require 'nifflsploit/query'
+require 'nifflsploit/result'
+class Nifflsploit
+  def self.cve_search(cve)
+    response = Nifflsploit::Query.cve(cve)
+    result = Nifflsploit::Result.parse(response)
+    return result
+  end # def cve_search
+end # class Nifflsploit

data/nifflsploit.gemspec ADDED Viewed

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'nifflsploit/version'
+Gem::Specification.new do |gem|
+  gem.name          = "nifflsploit"
+  gem.version       = Nifflsploit::VERSION
+  gem.authors       = ["Michael Carlson"]
+  gem.email         = ["me@mbcarlson.org"]
+  gem.description   = %q{ A tool for finding metasploit module information related to CVEs }
+  gem.summary       = %q{ This gem allows searching for metasploit exploit modules for a given CVE. }
+  gem.homepage      = "https://github.com/Prandium/nifflsploit"
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ['lib']
+  gem.required_ruby_version     = '>= 1.9.2'
+  gem.add_development_dependency('rspec')
+  gem.add_development_dependency('nokogiri')
+end

data/spec/lib/nifflsploit/query_spec.rb ADDED Viewed

@@ -0,0 +1,21 @@
+require 'nokogiri'
+require 'nifflsploit/query'
+describe Nifflsploit::Query do
+  describe '#cve' do
+    context 'with a valid cve id' do
+      it 'returns an HTML Document object' do
+        result = Nifflsploit::Query.cve("CVE-2007-4387")
+        result.should be_kind_of(Nokogiri::HTML::Document)
+      end # it
+    end # context
+    context 'with an invalid cve id' do
+      it 'returns an HTML Document object' do
+        result = Nifflsploit::Query.cve("CVE-200-4387")
+        result.should be_kind_of(Nokogiri::HTML::Document)
+      end # it
+    end # context
+  end # describe cve
+end # describe Nifflsploit

data/spec/lib/nifflsploit/result_spec.rb ADDED Viewed

@@ -0,0 +1,61 @@
+require 'nokogiri'
+require 'open-uri'
+require 'nifflsploit/Result'
+describe Nifflsploit::Result do
+  context 'with a valid response' do
+    before do
+      file = open("spec/support/positive_response.html")
+      response = Tempfile.new("temp")
+      response.write(file.read)
+      response.rewind
+      result = Nokogiri::HTML.parse(response)
+      response.unlink
+      @result = Nifflsploit::Result.parse(result)
+    end # before
+    it 'returns the CVE name' do
+      @result.name.should eq("2Wire Cross-Site Request Forgery Password Reset Vulnerability")
+    end # it
+    it 'returns the exploit rank' do
+      @result.rank.should eq("Normal")
+    end # it
+    it 'returns the exploit authors' do
+      @result.authors.should be_kind_of(Array)
+      @result.authors.first.should eq("hkm < hkm [at] hakim.ws >")
+    end # it
+    it 'returns Vulnerability Reference links' do
+      @result.references.should be_kind_of(Array)
+      @result.references.first.should eq("http://cvedetails.com/cve/2007-4387/")
+    end # it
+    it 'returns Development links' do
+      @result.development.should be_kind_of(Hash)
+      @result.development[:source_code].should eq("http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/admin/2wire/xslt_password_reset.rb")
+    end # it
+    it 'returns Module Options hash' do
+      @result.module_options.should be_kind_of(Hash)
+      @result.module_options[:PASSWORD].should eq("The password to reset to (default: admin)")
+    end # it
+  end # context
+  context 'with an invalid response' do
+    before do
+      document = Nokogiri::HTML::Document.new
+      @result = Nifflsploit::Result.parse(document)
+    end # before
+    it 'returns an empty result object' do
+      @result.name.should be_empty
+      @result.rank.should be_empty
+      @result.authors.should be_empty
+      @result.references.should be_empty
+      @result.development.to_a.should be_empty
+      @result.module_options.to_a.should be_empty
+    end # it
+  end # context
+end # describe

data/spec/lib/nifflsploit_spec.rb ADDED Viewed

@@ -0,0 +1,13 @@
+require 'nifflsploit'
+describe Nifflsploit do
+  describe '#cve_search' do
+    before do
+      @result = Nifflsploit.cve_search("CVE-2007-4387")
+    end # before
+    it 'queries for a CVE and returns a result' do
+      @result.should be_kind_of(Nifflsploit::Result)
+    end # it
+  end # describe
+end # describe Nifflsploit

data/spec/support/positive_response.html ADDED Viewed

@@ -0,0 +1 @@

+ <!doctype html> <html lang="en"> <head> <script src="//cdn.optimizely.com/js/13222550.js"></script> <meta charset="utf-8"> <section id="mainContent" class="twoCol clearfix"> <title>2Wire Cross-Site Request Forgery Password Reset Vulnerability | Metasploit Exploit Database (DB)</title> <META NAME="Description" CONTENT="This module will reset the admin password on a 2Wire wireless router. This is done by using the /xslt page where authentication is not required, thus allowing configuration changes (such as resetting the password) as administrators."> <link rel="shortcut icon" href="/images/global/favicon.ico" type="image/x-icon" /> <script type="text/javascript" src="/js/jquery-1.4.4.js"></script> <script type="text/javascript" src="/js/html5.js"></script> <script type="text/javascript" src="/js/jquery.joverlay.min.js"></script> <script type="text/javascript" src="/js/hoverIntent.js"></script>  <link rel="stylesheet" type="text/css" href="/css/style.css"/> <link rel="stylesheet" type="text/css" href="/modules/modules.css"/> <script type="text/javascript" src="/js/browser.js"></script> <script type="text/javascript"> $(function(){ $("#headNav ul.nav li.pri").hoverIntent( config ); function showSub() { if(($(this).find("ul.sec").length>0) && ($(this).hasClass("active")==false)) { $("#headNav ul.nav li.pri ul.sec").css("display", "none"); $(".secNav").css("display", "none"); $(".secNav").css("display", "block"); $(this).find("ul.sec").fadeIn("fast"); } else if($(this).find("ul.sec").length==0) { $(".secNav, ul.sec").css("display", "none"); } } function hideSub() { if($(this).hasClass("active")==false) { $(".secNav").css("display", "none"); $(this).find("ul.sec").fadeOut("fast"); } if($("#headNav ul.nav li.active").length>0) { $(".secNav").css("display", "none"); $(".secNav").css("display", "block"); $("#headNav ul.nav li.active").find("ul.sec").fadeIn("fast"); } } $("#q-search").bind("focus click", function(){ if($(this).val()=="search for keyword") { $(this).val(''); } }); $("#q-search").bind("blur", function(){ if(($(this).val()=="search for keyword") || ($(this).val()=='')) { $(this).val('search for keyword'); } }); }); </script> <STYLE type="text/css"> /* @group global reset */ html, body, h1, h2, h3, h4, h5, h6, ul, ul li, ol, ol li, dl, p, input, button, label, td, abbr, article, aside, audio, bb, canvas, datagrid, datalist, details, dialog, eventsource, figure, footer, header, hgroup, mark, menu, meter, nav, output, progress, section, time, video, blockquote { margin: 0; padding: 0; } sup { vertical-align:top; line-height:1; } fieldset, dd, button, form { margin:0; padding:0; border: none; } ul li, ol li, menu li { list-style-type: none;} img, a img { border: none; } table { border-spacing:0; *border-collapse:collapse; width:100%; } header, footer, nav, menu, section, article, aside, details, summary { display:block; } /* @end */ /* @group Default Element Styles */ body { font-size: 14px; line-height: 20px; font-family: Arial, Helvetica, sans-serif; color: #29383f; background: #5f5f5f url("../images/body-bg.jpg") repeat-x; } a { color: #0197B8; text-decoration:none; } a:hover { color:inherit; *color: #333; } nav a{ color: #333333; text-decoration:none; } nav a:hover{ color: #EA5709; text-decoration:none; } h1,h2,h3,h4,h5 { font-family: "Trebuchet MS", Arial, Helvetica, sans-serif; color: #29383f; font-weight: normal; } h1 { font-size:36px; margin: 0 0 .5em 0; font-weight: normal; } h2 { font-size:34px; margin: 0 0 .5em 0; font-weight: normal; } h3 { font-size:24px; margin: 0 0 20px 0; font-weight: normal; } h4 { font-size:20px; margin: 0 0 .4em 0; font-weight: normal; } h5 { font-size:18px; margin: 0 0 .4em 0; font-weight: normal; } p { font-size:14px; margin:0 0 1.5em 0; } hr { display: block; border: 0; margin: 60px 0; height: 1px; background-color:#eee; color: #eee; } input[type="text"]{ display: block; font:normal 15px/19px arial; color: #4b4b4b; border: 1px solid #d7d7d7; padding:6px 10px; width:250px; box-shadow: 1px 1px 5px #F1F1F1 inset; -moz-box-shadow: 1px 1px 5px #F1F1F1 inset; -webkit-box-shadow: 1px 1px 5px #F1F1F1 inset; -khtml-box-shadow: 1px 1px 5px #F1F1F1 inset; } input.smallInput { width:90px; } input.itl { color:#999; } /* @end */ /* @group clearfix */ .clearfix:after { content: ".";display: block;height: 0;visibility: hidden; clear: both; } .clearfix { zoom: 1; }/* Clearfix for IE 7 */ /* @end */ /* @group sprites */ .icon { background-image:url(../images/sprite/icons.png); background-repeat:no-repeat; } /* @end */ /* @group Patterns */ .fLt { float:left; } .fRt { float:right; } .block { display:block; } .displayHidden { display:none; } .displayInlineBlock { display:inline-block; } .alignCenter { text-align:center; } .alignLeft { text-align:left; } .alignRight { text-align:right; } .rPos { position: relative; } .aPos { position: absolute; } .marB0 { margin-bottom:0px; } .marB5 { margin-bottom:5px; } .marB10 { margin-bottom:10px; } .marB15 { margin-bottom:15px; } .marB20 { margin-bottom:20px; } .marB25 { margin-bottom:25px; } .marB30 { margin-bottom:30px; } .marB35 { margin-bottom:35px; } .marB40 { margin-bottom:40px; } .marB45 { margin-bottom:45px; } .marB47 { margin-bottom:47px; } .marB50 { margin-bottom:50px; } .marB60 { margin-bottom:60px; } .marB70 { margin-bottom:70px; } .marB80 { margin-bottom:80px; } .marR20 { margin-right:20px; } .marT0 { margin-top:0; } .marT10 { margin-top:10px; } .marT20 { margin-top:20px; } .marT30 { margin-top:30px; } .marL25 { margin-left:25px; } .pad0 { padding: 0; } .alignCenter{ text-align: center; } .button, .button:visited { display:inline-block; font-family: "Trebuchet MS", Arial, Helvetica, sans-serif; padding:4px 16px 3px 10px; padding:4px 16px 4px 10px\\9; text-transform: uppercase; font-size: 15px; color: #0197B8; border: 1px solid #f1f1f1; background: #fff url(../images/button_bg.gif) repeat-x bottom; -moz-border-radius: 0 14px 14px 0; -webkit-border-radius: 0 14px 14px 0; -khtml-border-radius: 0 14px 14px 0; border-radius: 0 14px 14px 0; } .button:hover { color: #000; } .mainBtn, a.mainBtn { font-family: "Trebuchet MS", Arial, Helvetica, sans-serif; padding: 7px 15px; font-size: 15px; color: #fff; text-transform: uppercase; position: relative; -moz-border-radius: 20px; -webkit-border-radius: 20px; -khtml-border-radius: 20px; border-radius: 20px; border:none; cursor:pointer; background: #0197b8 url(../images/blue_button_bg.gif) repeat-x top; } .greyBtn{ border-left: 2px solid #E0E0E0; border-right: 2px solid #E0E0E0; font-family: "Trebuchet MS", Arial, Helvetica, sans-serif; padding: 7px 25px; *padding: 6px 25px 6px 25px; font-size: 15px; color: #00a8c6; text-transform: uppercase; -moz-border-radius: 20px; -webkit-border-radius: 20px; -khtml-border-radius: 20px; border-radius: 20px; cursor:pointer; background: #fff url(../images/grey_btn_bg.jpg) repeat-x bottom; zoom:1; } .greyBtn:hover{ background: #fff url(../images/grey_btn_hover_bg.jpg) repeat-x top; } .mainBtn:hover { background: #0197b8 url(../images/blue_button_bg.gif) repeat-x bottom; } .mainBtnSmall, a.mainBtnSmall { padding: 6px 30px; } .downloadBtn, a.downloadBtn { padding-left: 40px; *padding-left:30px; display: inline-block; margin-right:12px; } .downloadBtn em { background: url(../images/download.png) no-repeat top left; display:block; *display:none; position: absolute; top: -6px; left: -15px; width: 61px; height: 49px; padding-left: 50px; } .headBulletList h4{ background: url("../images/icons/bullet7.png") no-repeat 0 5px; padding-left: 25px; } .mobilisafeOverview .headBulletList p{ padding-left: 25px; } .headBulletList ul{ padding-left:25px; } .content_list { list-style-type: none; padding-left: 3px; } .content_list li { background: url(../images/icons/bullet7.png) no-repeat 0 3px; padding-left: 22px; margin-bottom: 10px; } .bulletList li { background: url(../images/bullet.png) no-repeat left 7px; padding-left: 14px; margin: 0 0 10px 2px; color: #333; } .contributorsList .bulletList a{color: #333;} .contributorsList .bulletList a:hover{color: #EA5709;} .numBullet li{ margin-bottom:20px; } .numBullet li:last-child{ margin-bottom: 0; } .numBullet span{ padding-right: 10px; color: #666; font-size: 16px; display: block; float: left; } .numBullet strong{ font-weight: normal; display: block; padding-left: 23px; } .numBullet strong .note{ font-size: 11px; font-style: normal; line-height: 14px; display: block; margin-top: 3px; } .subBulletList li { background: url(../images/icons/bullet-sub.png) no-repeat left 8px; padding-left:15px; margin: 0 0 10px 2px; } .smallList li { font:normal 12px/16px arial; color:#666; margin-bottom:6px; background: url(../images/sprite/bullet-small.png) no-repeat left 7px; padding-left:12px; } sup{ font-size: 10px; vertical-align: top; _line-height: 1px; line-height: -1px; } sup.note{ font-size: 10px; vertical-align: top; _line-height: 1px; line-height: -1px; } /* @end */ /* @group Header */ .header{ border-top: 3px solid #EA5709; padding: 0 20px 0 30px; background-color: #fff; } .header .logo{ padding-top: 22px; display: block; width: 240px; float: left; } .logo img{ display: block; } .header .primeNav{ width: 400px; float: right; } .toplinks{ width: 200px; float: right; margin-top: 37px; } .toplinks li{ background: url("../images/toplinks-divider.gif") no-repeat scroll right center transparent; float: left; font-weight: bold; } .toplinks li:last-child{ background: none; } .toplinks a{ font-family: "Trebuchet MS",Arial,Helvetica,sans-serif; font-size: 15px; color: #333333; display: block; font-weight: normal; padding: 0 10px; } .primeLinks{ width: 100px; background: url("../images/prime-nav-bg.png") no-repeat left top; float: right; padding: 40px 25px 35px; position: relative; } .primeLinks > a{ background: url("../images/arrow.png") no-repeat right 5px; display: block; } .primeLinks:hover ul{ display: block; } .primeLinks ul{ position: absolute; padding: 0 15px; width: 98px; left: 9px; top: 90px; background-color: #fff; display: none; } .primeLinks li{ padding: 8px 0; border-bottom: 1px solid #ddd; } .primeLinks li:last-child{ border-bottom: none; } .primeLinks li a{ font-size: 13px; line-height: 13px; font-family: "Trebuchet MS",Arial,Helvetica,sans-serif; } .bannerWrap{ padding: 50px 30px; text-align: center; background-color: #202020; background-color: rgba(0,0,0,0.7); } .bannerWrap h1{ font-size: 36px; line-height: 36px; color: #e7e7e7; margin-bottom: 20px; } .bannerWrap strong{ font: normal 22px/22px "Trebuchet MS", Arial, Helvetica, sans-serif; display: block; color: #EA5709; margin-bottom: 25px; } .bannerWrap p{ font: normal 14px/20px "Trebuchet MS", Arial, Helvetica, sans-serif; color: #a5a5a5; margin-bottom: 25px; } /* @end */ /* @group Freamwok */ .wrap { width: 980px; margin: 0 auto; box-shadow:0 0 15px #000000; -moz-box-shadow:0 0 15px #000000; -webkit-box-shadow:0 0 15px #000000; } .container{ padding: 50px 30px 40px; background-color: #fff; } .metaInfoBlock{ margin-bottom: 40px; } .metaInfoBlock article{ width: 270px; float: left; margin-right: 55px; } .metaInfoBlock article:last-child{ margin-right: 0; } .bannerBlock{ padding-top: 40px; background: url("../images/shadow-top.png") center top no-repeat; text-align: center; margin-bottom: 60px; } .bannerBlock strong{ font-size: 18px; font-weight: normal; line-height: 18px; color: #666; display: block; margin-bottom: 25px; } .bannerPad{ padding-bottom: 40px; background: url("../images/shadow-bot.png") center bottom no-repeat; } .bannerBlock p{ padding-top: 15px; font-size: 13px; line-height: 13px; color: #666; } .contributorsList h3{ margin-bottom: 30px; } .contributorsList article{ width: 190px; float: left; margin-right: 50px; } .contributorsList article:last-child{ margin-right: 0; } /* @end */ /* @group footer */ .footer{ border-top: 1px solid #ebebeb; } .footerPad{ border-top: 1px solid #fff; padding: 20px 30px; background-color: #f7f7f7; } .copyright{ width: 230px; float: left; } .copyright a{ display: block; width: 110px; float: left; margin-right: 7px; } .copyright span{ float: left; color: #333; } .copyright img{ display: block; } .footerNav{ width: 640px; *width: 640px; -bracket-:hack(; width: 640px; ); width: 640px\\9; float: right; } @-moz-document url-prefix() { .footerNav { width: 640px; } } .footerNav li{ padding-right: 15px; padding: 2px 15px 2px 0; float: left; font-weight: bold; } .footerNav li:last-child{ padding-right: 0; } .footerNav li.twitIcon{ background: url(../images/twitIcon.png) no-repeat left 2px; padding-left: 35px; } .footerNav a{ color: #29383F; } .footerNav a:hover{ color: ##EA5709; } .footerNav .blue{ color: #EA5709; } .footerNav .blue:hover{ color: #333; } .freeTools:hover {*color: #666} /* @end */</STYLE> </head> <body> <div class="wrap"> <header class="header"> <div class="clearfix"> <span class="logo"><a href="http://www.metasploit.com"><img src="/revamp/images/metasploit-logo.png" title="Metasploit" alt="Metasploit" border=0 /></a></span> <nav class="primeNav"> <div class="primeLinks"> <a href="http://www.rapid7.com/" target="_blank"><img src="/revamp/images/rapid7-logo.png" title="Rapid7" alt="Rapid7" /></a> <ul> <li><a href="http://www.rapid7.com/resources/free-tools.jsp" target="_blank">Free Tools</a></li> <li><a href="https://community.rapid7.com/" target="_blank">Community</a></li> <li><a href="http://www.rapid7.com/contact/" target="_blank">Contact</a></li> <li><a href="http://www.rapid7.com/company/" target="_blank">About</a></li> </ul> </div> <ul class="toplinks clearfix"> <li><a href="/modules/" title="Exploits database">Exploits</a></li> <li><a href="https://community.rapid7.com/community/metasploit/blog" target="_blank" title="Metasploit blog">Blog</a></li> <li><a href="http://www.rapid7.com/support/" target="_blank" title="Rapid7 support">Support</a></li> </ul> </nav> </div> </header> <div id="bodyContent"> <div id="breadcrumbs"> <a href="/" title="Home">Home</a> > <span>Exploit DB</span> </div> <section id="mainContent" class="twoCol clearfix"> <h1>2Wire Cross-Site Request Forgery Password Reset Vulnerability</h1> <div class="lCol"> <p>This module will reset the admin password on a 2Wire wireless router. This is done by using the /xslt page where authentication is not required, thus allowing configuration changes (such as resetting the password) as administrators.</p> <p> <a href="/modules/" class="fLt blueBtn"><span>Search Other Modules</span></a><br> </p> <br/><h2>Rank</h2> <ul> <li class='module_info'>Normal</li> </ul> <br/><h2>Authors</h2> <ul> <li>hkm < hkm [at] hakim.ws ></li> <li>Travis Phillips < ></li> </ul> <br/><h2>Vulnerability References</h2> <ul> <li><a href="http://cvedetails.com/cve/2007-4387/" rel="nofollow">CVE-2007-4387</a></li> <li><a href="http://www.osvdb.org/37667" rel="nofollow">OSVDB-37667</a></li> <li><a href="http://www.securityfocus.com/bid/36075" rel="nofollow">BID-36075</a></li> <li><a href="http://seclists.org/bugtraq/2007/Aug/225" rel="nofollow">http://seclists.org/bugtraq/2007/Aug/225</a></li> </ul> <br/><h2>Development</h2> <ul> <li class="modrefs"><a href="http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/admin/2wire/xslt_password_reset.rb">Source Code</a></li> <li class="modrefs"><a href="http://dev.metasploit.com/redmine/projects/framework/repository/changes/modules/auxiliary/admin/2wire/xslt_password_reset.rb">History</a></li> </ul>  <br/><h2>Usage Information</h2> <div class="msfconsole"> $ <b>msfconsole</b><br/> <br/>                 ##                          ###           ##    ##<br/>  ##  ##  #### ###### ####  #####   #####    ##    ####        ######<br/> ####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##<br/> ####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##<br/> ## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##<br/> ##   ##  #### ###   #####   #####     ##   ####   ####   #### ###<br/>                                       ##<br/> <br/> msf > <b>use auxiliary/admin/2wire/xslt_password_reset</b><br/> msf auxiliary(xslt_password_reset) > <b>set RHOST [TARGET IP]</b><br/> msf auxiliary(xslt_password_reset) > <b>run</b><br/> <br/> </div> <br/><h2>Module Options</h2> <div class="marB20"> <table cellpadding="6" cellspacing="0" width="100%" border="1"> <tr class='rowcola'> <td class='optreq'>PASSWORD</td> <td>The password to reset to (default: admin)</td> </tr> <tr class='rowcola'> <td class='optopt'>Proxies</td> <td>Use a proxy chain</td> </tr> <tr class='rowcola'> <td class='optreq'>RHOST</td> <td>The target address</td> </tr> <tr class='rowcola'> <td class='optreq'>RPORT</td> <td>The target port (default: 80)</td> </tr> <tr class='rowcola'> <td class='optopt'>VHOST</td> <td>HTTP server virtual host</td> </tr> <tr class='rowcola'> <td class='optopt'>DOMAIN</td> <td>The domain to use for windows authentification</td> </tr> <tr class='rowcola'> <td class='optopt'>DigestAuthIIS</td> <td>Conform to IIS, should work for most servers. Only set to false for non-IIS servers</td> </tr> <tr class='rowcola'> <td class='optopt'>FingerprintCheck</td> <td>Conduct a pre-exploit fingerprint verification</td> </tr> <tr class='rowcola'> <td class='optopt'>NTLM::SendLM</td> <td>Always send the LANMAN response (except when NTLMv2_session is specified)</td> </tr> <tr class='rowcola'> <td class='optopt'>NTLM::SendNTLM</td> <td>Activate the 'Negotiate NTLM key' flag, indicating the use of NTLM responses</td> </tr> <tr class='rowcola'> <td class='optopt'>NTLM::SendSPN</td> <td>Send an avp of type SPN in the ntlmv2 client Blob, this allow authentification on windows Seven/2008r2 when SPN is required</td> </tr> <tr class='rowcola'> <td class='optopt'>NTLM::UseLMKey</td> <td>Activate the 'Negotiate Lan Manager Key' flag, using the LM key when the LM response is sent</td> </tr> <tr class='rowcola'> <td class='optopt'>NTLM::UseNTLM2_session</td> <td>Activate the 'Negotiate NTLM2 key' flag, forcing the use of a NTLMv2_session</td> </tr> <tr class='rowcola'> <td class='optopt'>NTLM::UseNTLMv2</td> <td>Use NTLMv2 instead of NTLM2_session when 'Negotiate NTLM2' key is true</td> </tr> <tr class='rowcola'> <td class='optopt'>SSL</td> <td>Negotiate SSL for outgoing connections</td> </tr> <tr class='rowcola'> <td class='optopt'>SSLVersion</td> <td>Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)</td> </tr> <tr class='rowcola'> <td class='optopt'>USERNAME</td> <td>The HTTP username to specify for authentication</td> </tr> <tr class='rowcola'> <td class='optopt'>UserAgent</td> <td>The User-Agent header to use for all requests</td> </tr> <tr class='rowcola'> <td class='optopt'>VERBOSE</td> <td>Enable detailed status messages</td> </tr> <tr class='rowcola'> <td class='optopt'>WORKSPACE</td> <td>Specify the workspace for this module</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::header_folding</td> <td>Enable folding of HTTP headers</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::method_random_case</td> <td>Use random casing for the HTTP method</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::method_random_invalid</td> <td>Use a random invalid, HTTP method for request</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::method_random_valid</td> <td>Use a random, but valid, HTTP method for request</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::pad_fake_headers</td> <td>Insert random, fake headers into the HTTP request</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::pad_fake_headers_count</td> <td>How many fake headers to insert into the HTTP request</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::pad_get_params</td> <td>Insert random, fake query string variables into the request</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::pad_get_params_count</td> <td>How many fake query string variables to insert into the request</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::pad_method_uri_count</td> <td>How many whitespace characters to use between the method and uri</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::pad_method_uri_type</td> <td>What type of whitespace to use between the method and uri (accepted: space, tab, apache)</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::pad_post_params</td> <td>Insert random, fake post variables into the request</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::pad_post_params_count</td> <td>How many fake post variables to insert into the request</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::pad_uri_version_count</td> <td>How many whitespace characters to use between the uri and version</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::pad_uri_version_type</td> <td>What type of whitespace to use between the uri and version (accepted: space, tab, apache)</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::uri_dir_fake_relative</td> <td>Insert fake relative directories into the uri</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::uri_dir_self_reference</td> <td>Insert self-referential directories into the uri</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::uri_encode_mode</td> <td>Enable URI encoding (accepted: none, hex-normal, hex-all, hex-random, u-normal, u-all, u-random)</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::uri_fake_end</td> <td>Add a fake end of URI (eg: /%20HTTP/1.0/../../)</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::uri_fake_params_start</td> <td>Add a fake start of params to the URI (eg: /%3fa=b/../)</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::uri_full_url</td> <td>Use the full URL for all HTTP requests</td> </tr> <tr class='rowcola'> <td class='optopt'>HTTP::uri_use_backslashes</td> <td>Use back slashes instead of forward slashes in the uri </td> </tr> </table> </div>  </div> </section> </div> <footer class="footer"> <div class="footerPad clearfix"> <div class="clearfix copyright"> <a href="http://www.rapid7.com" target="_blank"><img src="/revamp/images/r7-footer-logo.png" title="Rapid7" alt="Rapid7" width="110" height="18" /></a> <span>© 2013 Rapid7</span> </div> <nav class="footerNav"> <ul class="clearfix"> <li><a href="https://community.rapid7.com/docs/DOC-2223" target="_blank">Legal</a></li> <li><a href="https://community.rapid7.com/login.jspa" target="_blank">Licence</a></li> <li><a href="http://www.rapid7.com/privacy.jsp" target="_blank">Privacy Policy</a></li> <li><a href="http://www.rapid7.com/disclosure.jsp" target="_blank">Disclosure Policy</a></li> <li><a href="http://www.rapid7.com/contact/" target="_blank">Contact</a></li> <li class="twitIcon"><a class="blue" href="http://twitter.com/Rapid7" target="_blank">@Rapid7</a></li> <li><a class="blue" href="http://twitter.com/metasploit" target="_blank">@Metasploit</a></li> </ul> </nav> </div> </footer> </div> </div> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-4622520-2']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> </body> </html>

metadata ADDED Viewed

@@ -0,0 +1,90 @@
+--- !ruby/object:Gem::Specification
+name: nifflsploit
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Michael Carlson
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2013-04-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: ! ' A tool for finding metasploit module information related to CVEs '
+email:
+- me@mbcarlson.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .document
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.rdoc
+- Rakefile
+- lib/nifflsploit.rb
+- lib/nifflsploit/query.rb
+- lib/nifflsploit/result.rb
+- lib/nifflsploit/version.rb
+- nifflsploit.gemspec
+- spec/lib/nifflsploit/query_spec.rb
+- spec/lib/nifflsploit/result_spec.rb
+- spec/lib/nifflsploit_spec.rb
+- spec/support/positive_response.html
+homepage: https://github.com/Prandium/nifflsploit
+licenses: []
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: 1.9.2
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.0.3
+signing_key:
+specification_version: 4
+summary: This gem allows searching for metasploit exploit modules for a given CVE.
+test_files:
+- spec/lib/nifflsploit/query_spec.rb
+- spec/lib/nifflsploit/result_spec.rb
+- spec/lib/nifflsploit_spec.rb
+- spec/support/positive_response.html