infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
19,961 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

19961 Commits (007b3de06dcd066e0ddf3deffb7470f32f91b524)

Author SHA1 Message Date
Nathan Einwechter a35d548979 Use HttpClient 2013-08-12 10:01:01 -04:00
sinn3r c87db60d2a Land #2207 - HP StorageWorks P4000 Virtual SAN Appliance Login Buffer Overflow 2013-08-12 01:19:01 -05:00
bcoles d63d7bc7da Add Open-FTPD 1.2 Writable Directory Traversal Execution 2013-08-12 08:49:49 +09:30
Nathan Einwechter 896320ed42 fix typo 2013-08-11 16:48:43 -04:00
Nathan Einwechter 4b14fa53e0 tidy debugs 2013-08-11 16:39:41 -04:00
Nathan Einwechter 90ef224c46 Implement CVE-2012-5019 2013-08-11 16:33:40 -04:00
jvazquez-r7 f2e5092fd5 Add module for ZDI-13-179 2013-08-10 18:44:33 -05:00
Nathan Einwechter 185ef2ecae msftidy 2013-08-10 16:01:44 -04:00
Nathan Einwechter 6fe4e3dd0e Added Intrasrv 1.0 BOF 2013-08-10 15:56:07 -04:00
jvazquez-r7 6a196d0a40 Land #2205, @wchen-r7 and @m-1-k-3's change for dlink_dir300_exec_telnet 2013-08-09 15:58:07 -05:00
jvennix-r7 8278808a37 Merge pull request #2204 from todb-r7/bug/undo-optstring-validator 
Revert "OptString specs and better validation"
 2013-08-09 13:42:46 -07:00
sinn3r 5436ec7dd3 Title change for dlink_dir300_exec_telnet 
Title change for dlink_dir300_exec_telnet. Also correct the email
format.
 2013-08-09 15:41:50 -05:00
Tod Beardsley 81defe8113 Add the string_list.txt fixture back 2013-08-09 15:39:40 -05:00
Tod Beardsley 02f460287b Revert "OptString specs and better validation" 
This reverts commit d66779ba4c.

Specifically, this commit was causing trouble when a datastore was
getting an Integer. For some reason (as yet undiscovered), the option
normalizer wasn't trying to Integer#to_s such arguments.

This kind of thing is going to happen a lot. For now, I'd rather just
end up with the ducktype, and attack the normalizer in a seperate fix.
 2013-08-09 15:30:42 -05:00
sinn3r 4558aca7ca Land #2136 - Removed requirement for note.data to be present 2013-08-09 15:29:25 -05:00
sinn3r 5128458c90 Land #2201 - Better check for ppr_flatten_rec 2013-08-09 14:44:23 -05:00
sinn3r 021c358159 Land #2203 - Fix regex for x64 detection 2013-08-09 13:23:38 -05:00
Tod Beardsley 6c0b067d7c Land #2163, known secret session cookie for RoR 
From @joernchen, leverages an infoleak to gain a shell on rails
applications. There is no patch, since you are expected to keep your
secrets, well, secret.
 2013-08-09 12:30:37 -05:00
Tod Beardsley 969b380d71 More explicit title, grammar check on description 2013-08-09 12:27:45 -05:00
Tod Beardsley 13ea8aaaad VALIDATE_COOKIE better grammar on fail message 2013-08-09 12:26:12 -05:00
Tod Beardsley 94e7164b01 Allow user to choose to validate the cookie or not 2013-08-09 12:22:28 -05:00
joernchen of Phenoelit 376c37d4cc Two more fixes, Arch and unneeded include. 2013-08-09 09:23:50 +02:00
Sagi Shahar 7178633140 Fixed architecture detection in bypassuac modules 2013-08-09 03:42:02 +02:00
Tod Beardsley 155c121cbb More spacing between ends 2013-08-08 16:35:38 -05:00
Tod Beardsley f4fc0ef3fb Moved classes into the Metasploit3 space 
I'm just worried about all those naked classes just hanging around in
the top namespace. This shouldn't impact functionality at all.

While most modules don't define their own classes (this is usually the
job of Msf::Exploit and Rex), I can't think of a reason why you
shouldn't (well, aside from reusability). And yet, very rarely do
modules do it. It's not unknown, though -- the drda.rb capture module
defines a bunch of Constants, and the
post/windows/gather/credentials/bulletproof_ftp.rb module defines some
more interesting things.

So, this should be okay, as long as things are defined in the context of
the Metasploit module proper.
 2013-08-08 16:22:34 -05:00
Tod Beardsley 4e166f3da4 Adding more blank lines between methods 
For readability
 2013-08-08 16:20:38 -05:00
jvazquez-r7 567873f3cc Use normalize_uri a little better 2013-08-08 15:12:51 -05:00
jvazquez-r7 4a609504e3 Land #2199, @jlee-r7's exploit for CVE-2013-4211 2013-08-08 14:57:28 -05:00
jvazquez-r7 06ebc686c4 Land #2194, @CharlieEriksen exploit for CVE-2013-5036 2013-08-08 14:50:28 -05:00
jvazquez-r7 40a61ec654 Do minor cleanup 2013-08-08 14:47:46 -05:00
Meatballs 318280fea7 Add 7/2k8 RTM versions 2013-08-08 20:02:14 +01:00
Meatballs d64352652f Adds unsupported Vista versions 2013-08-08 19:58:40 +01:00
Meatballs 08c32c250f File versions 2013-08-08 19:42:14 +01:00
sinn3r a03d71d60e Land #2181 - More targets for hp_sys_mgmt_exec 
Thanks mwulftange!
 2013-08-08 13:35:33 -05:00
sinn3r a73f87eaa5 No autodetect. Allow the user to manually select. 2013-08-08 13:34:25 -05:00
Charlie Eriksen 28b36ea29b Removing a space at EOL I missed. 2013-08-08 14:30:53 -04:00
Charlie Eriksen 1c6e994fe8 Adding improvements based on Juan's feedback 2013-08-08 14:29:35 -04:00
sinn3r 84090b73b1 Land #2197 - Tabassassin msftidy 2013-08-08 13:15:32 -05:00
James Lee 080ca0b1b1 Use fail_with when failing instead of print_error 2013-08-08 13:12:39 -05:00
jvazquez-r7 a7c80ebfc2 Land #2185, @bmerinofe's post module for dns cache dumping 2013-08-08 12:49:37 -05:00
jvazquez-r7 5d0e868701 Land #2192 after cleanup 2013-08-08 08:44:17 -05:00
jvazquez-r7 74eeacf9f2 Fix regex 2013-08-08 08:40:45 -05:00
James Lee ca7c0defe1 No need to rescue if we're just re-raising 2013-08-07 17:36:07 -05:00
James Lee c808930f15 Add module for CVE-2013-4211, openx backdoor 2013-08-07 17:24:47 -05:00
root 3a24765585 Adding CVE ID 2013-08-07 18:11:43 -04:00
sinn3r 9bc1eca944 Land #2198 - Mozilla Firefox CVE-2013-1690 (FBI) 2013-08-07 16:01:55 -05:00
jvazquez-r7 0f975da5f4 Update target info and something else... 2013-08-07 16:00:06 -05:00
jvazquez-r7 d1beb313f6 Add module for 2013-1690 2013-08-07 15:36:54 -05:00
Borja Merino 4fe8e51036 Merge pull request #2 from todb-r7/revert-bmerinofe-gemfile 
Revert Gemfile.lock to previous
 2013-08-07 10:33:43 -07:00
Tod Beardsley f307aa70d3 Add some old hard-tabs for sanity 2013-08-07 12:31:56 -05:00