f843740fcb
more fixes
2012-11-01 11:59:18 -05:00
22fbfb3601
cleanup
2012-11-01 17:38:04 +01:00
e720769747
Added module for ZDI-12-171
2012-11-01 17:17:45 +01:00
aeb837838f
typo
2012-11-01 11:03:50 -05:00
84c8660c96
Fix targets to be more specific
2012-11-01 11:00:45 -05:00
0eccfaf1bb
Add a disclosure date
2012-11-01 10:24:28 -05:00
59f5d9bc5d
Man i'm rusty at writing for framework
...
Fixes up all sinn3r's findings so far
2012-11-01 08:37:21 -05:00
00b9fb3c90
Switc smart mgirate to post mod as it should be
2012-10-31 17:03:49 -05:00
dd7ab11e38
Minor cleanup
2012-10-31 16:14:34 -05:00
86f6d59d2e
Adding the winrm powershell exploit
...
also adds the smart_migrate meterp script for autorun purposes
2012-10-31 15:46:11 -05:00
ef0f415c51
related to #980 adds support for HttpClient
2012-10-31 17:46:57 +01:00
91e6b7cd28
added ie8 target
2012-10-31 11:57:38 +01:00
a3358a471f
Merge branch 'aladdin_bof' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-aladdin_bof
2012-10-31 11:57:20 +01:00
ec8a2955e1
Add OSVDB-86723 Aladdin Knowledge System ChooseFilePath Bof
2012-10-31 03:32:43 -05:00
53c7479d70
Add Windows 8 support
...
Verified with Windows 8 Enterprise Evaluation
2012-10-29 20:12:47 +02:00
0e3bc7d060
hp operations agent mods: fix use of pattern_create, use ropdb
2012-10-29 15:45:40 +01:00
e9b9c96221
Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler
2012-10-28 18:10:17 -05:00
5ce6526125
first official release
2012-10-28 13:49:32 -05:00
19920b3275
update module titles for hp operation agent vulns
2012-10-28 02:38:39 +01:00
320a23286a
Merge branch 'warnings' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-warnings
2012-10-27 18:52:34 -05:00
7db7f1bfdf
Merge branch 'turboftp_update' of git://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-turboftp_update
2012-10-27 18:51:41 -05:00
c015372ce0
Merge branch 'hp_operations_agent_coda_8c' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_operations_agent_coda_8c
2012-10-27 18:45:36 -05:00
73deeacd7e
deleted unnecessary http headers according to my tests
2012-10-28 00:52:52 +02:00
b4b1b77a77
deleted unnecessary http headers according to my tests
2012-10-28 00:51:18 +02:00
51bc806014
Added module for CVE-2012-2019
2012-10-27 22:45:37 +02:00
bcb80431d6
Added module for CVE-2012-2020
2012-10-27 22:43:16 +02:00
b48e355a6d
fixed typo and defined badchars
2012-10-24 20:04:54 +02:00
ede5d0f46b
This is meant to be a warning, so we use print_warning
2012-10-24 00:55:54 -05:00
799c22554e
Warn user if a file/permission is being modified during new session
2012-10-24 00:54:17 -05:00
f1423bf0b4
If a message is clearly a warning, then use print_warning
2012-10-24 00:44:53 -05:00
be9a954405
Merge remote branch 'jlee-r7/cleanup/post-requires'
2012-10-23 15:08:25 -05:00
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
21f6127e29
Platform windows cleanup
...
Change all Platform 'windows' to 'win', as it internally is an alias
anyway and only causes unnecessary confusion to have two platform names
that mean the same.
2012-10-23 20:33:01 +02:00
9c95c7992b
Require's for all the include's
2012-10-23 13:24:05 -05:00
33ce74fe8c
Merge branch 'msftidy-1' of git://github.com/schierlm/metasploit-framework into schierlm-msftidy-1
2012-10-23 02:10:56 -05:00
b2db3e133d
Rescue when the service is crashed
...
Failed exploit attempts leave the service in a state where the port is
still open but login attmempts reset the connection. Rescue that and
give the user an indication of what's going on.
2012-10-22 17:57:30 -05:00
7437d9844b
standardizing author info
2012-10-22 17:01:58 -04:00
5b18a34ad4
References cleanup
...
Uppercase MSB, spaces in URLs.
2012-10-22 22:37:01 +02:00
f9ac55c221
Infohash key cleanups
...
Replace obvious typos in infohash keys. Note that this *does*
affect the behaviour as those keys have been ignored before.
2012-10-22 21:24:36 +02:00
e9f7873afc
Version cleanup
...
Remove all values that are neither 0 nor $Revision$.
2012-10-22 20:57:02 +02:00
657d527f8d
DisclosureDate cleanup: Try parsing all dates
...
Fix all dates unparsable by `Date.strptime(value, '%b %d %Y')`
2012-10-22 20:04:21 +02:00
70ac7c8345
Author cleanup: fix unmatched angle brackets
2012-10-22 19:45:27 +02:00
ad9946689e
Update description
2012-10-21 16:40:01 -05:00
1821c11369
Code cleanup
2012-10-21 16:40:01 -05:00
c404b72d08
Doesn't make a lot of sense setting DefaultTarget to an older one
2012-10-21 16:40:01 -05:00
c7d12d94b7
turboftp exploit
2012-10-21 16:40:00 -05:00
60dc83748c
Update modules/exploits/windows/browser/mozilla_mchannel.rb
2012-10-17 12:25:44 -03:00
9192a01803
All exploits need a disclosure date.
2012-10-15 16:29:12 -05:00
529f88c66d
Some msftidy fixes
2012-10-14 19:16:54 -05:00
97ac7fa184
Merge branch 'module-wle-service-permissions' of git://github.com/zeroSteiner/metasploit-framework
2012-10-14 18:27:32 -05:00
3ab24cdbb9
added exploits/windows/local/service_permissions
2012-10-11 22:42:36 -04:00
55c0cda86c
Merge branch 'fix_vprint_reduceright' of git://github.com/kernelsmith/metasploit-framework into kernelsmith-fix_vprint_reduceright
2012-10-11 16:55:52 -05:00
c911eeece2
change vprint_error to print_error
...
exploits/windows/browser/mozilla_reduceright does not tell you when an
incompatible browser connects like most other browser exploits do
(unless verbose is true). This change just changes the vprint to print
to be more consistent w/other browser exploits
2012-10-11 16:51:17 -05:00
1ea73b7bd2
Small description change and favor the use of print_error
2012-10-10 13:37:23 -05:00
f32ce87071
delete comment added by error
2012-10-10 19:32:25 +02:00
13e914d65e
added on_new_session handler to warn users about cleanup
2012-10-10 19:31:38 +02:00
37dc19951b
Added module for ZDI-12-169
2012-10-10 19:14:54 +02:00
abb4bdd408
metadata formatting, and a little res gotcha
2012-10-08 15:00:51 -05:00
ef9d627e13
Added module for ZDI-12-106
2012-10-08 20:04:01 +02:00
e9b70a3a4f
Merge branch 'avaya_winpmd_unihostrouter' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-avaya_winpmd_unihostrouter
2012-10-07 15:35:30 -05:00
0acd9e4eec
Merge branch 'ms10_002_ropdb_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms10_002_ropdb_update
2012-10-07 17:49:45 +02:00
40983460bf
added module for avaya winpmd bof, osvdb 73269
2012-10-07 12:05:13 +02:00
bdb9b75e1e
Use RopDb, and print what target the module has selected.
2012-10-07 01:42:29 -05:00
5b656087b5
Use RopDb in adobe_flash_otf_font, also cleaner code & output
2012-10-06 21:03:41 -05:00
874fe64343
Merge branch 'ms11_050_ropdb_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms11_050_ropdb_update
2012-10-06 14:10:36 +02:00
e02adc1f35
Merge branch 'mubix-bypassuac_uac_check'
2012-10-06 02:09:16 -05:00
33429c37fd
Change print_error to print_debug as a warning
2012-10-06 02:08:19 -05:00
94d5eb7a8c
Use RopDb in MS11-050, and correct autopwninfo
2012-10-06 01:45:40 -05:00
55474dd8bf
add simple UAC checks to bypassuac
2012-10-06 00:59:54 -04:00
b984d33996
add RunAs ask module
2012-10-06 00:51:44 -04:00
769fa3743e
Explain why the user cannot modify the URIPATH
2012-10-05 17:24:06 -05:00
2aa59623d1
Merge branch 'ropdb_for_browsers' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ropdb_for_browsers
2012-10-05 15:43:18 -05:00
21ea77ff8b
Fix spaces
2012-10-05 15:40:37 -05:00
6342c270f4
Merge branch 'bypassuac_localport' of https://github.com/mubix/metasploit-framework into mubix-bypassuac_localport
2012-10-05 14:16:16 -05:00
33db3d9610
RopDb for ntr_activex_check_bof.rb
2012-10-05 14:09:59 -05:00
f92843c96e
RopDb for ie_execcommand_uaf.rb
2012-10-05 13:49:17 -05:00
9a53a49625
RopDb for vlc_amv.rb
2012-10-05 12:54:16 -05:00
d9278d82f8
Adopt RopDb for msxml_get_definition_code_exec.rb
2012-10-05 12:20:41 -05:00
6fc8790dd7
Adopt RopDb for ms12_037_same_id.rb
2012-10-05 12:17:19 -05:00
1268614d54
Adopt RopDb for adobe_flash_mp4_cprt.rb
2012-10-05 11:15:53 -05:00
98931e339a
Adopt RopDb for adobe_flash_rtmp.rb
2012-10-05 11:05:19 -05:00
631a06f3bb
Adopt RopDb for adobe_flashplayer_flash10o.rb
2012-10-05 10:55:55 -05:00
0ae7756d26
fixed missing > on author
2012-10-05 11:13:40 -04:00
bcc56cb7cc
Merge branch 'bypassuac_localport' of https://github.com/mubix/metasploit-framework into mubix-bypassuac_localport
2012-10-05 01:05:30 -05:00
77438d2fc7
Make URI modification more obvious, and let the user know why
2012-10-04 17:52:04 -05:00
8520cbf218
fixes spotted by @jlee-r7
2012-10-04 17:34:35 -04:00
4400cb94b5
Removing trailing spaces
2012-10-04 14:58:53 -05:00
6ef87d1695
update info to reflect use of webdav
...
ms10_042_helpctr_xss_cmd_exec.rb doesn't tell you that it's going to
use webdav, and it's options dont' have the (Don't change) warning for
SRVPORT and URIPATH. This update fixes all that
2012-10-04 14:09:53 -05:00
3f2fe8d5b4
port bypassuac from post module to local exploit
2012-10-04 14:31:23 -04:00
fbc3709774
Change the title and regex a bit
2012-10-03 12:16:25 -05:00
30846f4190
fix typo in comment
2012-10-03 16:06:00 +02:00
24037ac79a
Added module for CVE-2011-4051
2012-10-03 16:03:36 +02:00
e36507fc05
Code cleanup and make msftidy happy
2012-10-02 12:00:23 -05:00
21e832ac1c
add call to memory protect to fix DEP environments
2012-10-01 18:49:18 -04:00
c93692b06d
add a check to verify session is not already system for MS11-080
2012-09-27 08:36:13 -04:00
8648953747
added MS11-080 AFD JoinLeaf Windows Local Exploit
2012-09-26 11:01:30 -04:00
2db2c780d6
Additional changes
...
Updated get_target function, comment for original author, possible
bug in handling page redirection.
2012-09-24 17:38:19 -05:00
2784a5ea2d
added js obfuscation for heap spray
2012-09-24 21:28:34 +02:00
57b3aae9c0
Only JRE ROP is used
2012-09-24 10:21:02 -05:00
d476ab75cc
fix comment
2012-09-24 10:03:31 +02:00
f3a64432e9
Added module for ZDI-12-170
2012-09-24 10:00:38 +02:00
d3611c3f99
Correct the tab
2012-09-21 12:29:24 -05:00
25f4e3ee1f
Update patch information for MS12-063
2012-09-21 12:28:41 -05:00
54b98b4175
Merge branch 'ntr_activex_check_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_check_bof
2012-09-20 16:43:20 -05:00
4ead0643a0
Correct target parameters
2012-09-20 16:41:54 -05:00
41449d8379
Merge branch 'ntr_activex_stopmodule' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_stopmodule
2012-09-20 16:33:12 -05:00
a5ffe7297f
Touching up Kernelsmith's wording.
...
It is merely the ROP chain, not the vuln, that requires Java.
2012-09-20 14:52:52 -05:00
883dc26d73
Merge remote branch 'kernelsmith/ie_execcommand_uaf_info'
2012-09-20 14:48:36 -05:00
e98e3a1a28
added module for cve-2012-0266
2012-09-20 19:03:46 +02:00
b61c8b85b8
Added module for CVE-2012-02672
2012-09-20 19:02:20 +02:00
f75ff8987c
updated all my authour refs to use an alias
2012-09-19 21:46:14 -05:00
f1a39c76ed
update to ie_execcommand_uaf's info to add ROP info
...
This module requires the following dependencies on the target for the
ROP chain to function. For WinXP SP3 with IE8, msvcrt must be present
(which it is on default installs). For Vista/Win7 with IE8 or Win7
with IE9, ire 1.6.x or below must be installed.
2012-09-19 14:10:02 -05:00
11f82de098
Update author information
2012-09-19 14:00:51 -03:00
cc8102434a
CVE assigned for the IE '0day'
2012-09-18 16:13:27 -05:00
25475ffc93
Msftidy fixes.
...
Whitespace on ie_execcommand_uaf, and skipping a known-weird caps check
on a particular software name.
2012-09-18 11:25:00 -05:00
5fbc4b836a
Add Microsoft advisory
2012-09-17 22:13:57 -05:00
75bbd1c48d
Being slightly more clear on Browser Not Supported
...
With this and the rest of sinn3r's fixes, it looks like we can close the
Redmine bug.
[FixRM #7242 ]
2012-09-17 11:16:19 -05:00
d77ab9d8bd
Fix URIPATH and nil target
...
Allow random and '/' as URIPATh, also refuse serving the exploit
when the browser is unknown.
2012-09-17 10:54:12 -05:00
48a46f3b94
Pack / Unpack should be V not L
...
Packing or unpacking to/from L, I, or S as pack types will cause
problems on big-endian builds of Metasloit, and are best avoided.
2012-09-17 09:52:43 -05:00
d77efd587a
Merge remote branch 'wchen-r7/ie_0day_execcommand'
2012-09-17 08:48:22 -05:00
5eaefcf4c7
This is the right one, I promise
2012-09-17 08:41:25 -05:00
8f50a167bd
This is the right module
2012-09-17 08:36:04 -05:00
e43cae70a7
Add IE 0day exploiting the execcommand uaf
2012-09-17 08:28:33 -05:00
9a83c7c338
changes according to egypt review
2012-09-14 18:47:50 +02:00
eae571592c
Added rgod email
2012-09-14 17:45:16 +02:00
a2649dc8d1
fix typo
2012-09-14 17:10:41 +02:00
e27d5e2eb7
Description improved
2012-09-14 17:08:59 +02:00
9c77c15cf5
Added module for osvdb 85087
2012-09-14 16:54:28 +02:00
39f2cbfc3c
Older targets confirmed for CoolType SING
2012-09-12 16:51:51 -05:00
61bf15114a
deregistering FILENAME option
2012-09-10 23:14:14 +02:00
199fbaf33d
use a static filename
2012-09-10 23:08:21 +02:00
cb975ce0a2
cleanup plus documentation for the maki template
2012-09-10 22:48:04 +02:00
607c0f023a
added edb references
2012-09-10 17:30:31 +02:00
b813e4e650
Added module for CVE-2009-1831
2012-09-10 16:46:16 +02:00
caae54a7ca
added osvdb reference
2012-09-07 16:56:37 +02:00
c572c20831
Description updated to explain conditions
2012-09-07 11:18:54 +02:00
86036737ca
Apparently this app has two different names
...
People may either call the app "ActiveFax", or "ActFax". Include
both names in there to allow the module to be more searchable.
2012-09-06 18:38:03 -05:00
4985cb0982
Added module for ActFac SYSTEM Local bof
2012-09-07 00:45:08 +02:00
b4113a2a38
hp_site_scope_uploadfileshandler is now multiplatform
2012-09-06 12:54:51 +02:00
2f87af1c3a
add some checks while parsing the java serialization config file
2012-09-05 20:58:55 +02:00
b2116e2394
cleanup, test, add on_new_session handler and osvdb references
2012-09-05 20:54:25 +02:00
406202fc81
Added module for ZDI-12-174
2012-09-05 12:56:09 +02:00
783ffb13c2
Add Adobe security bulletin references
2012-09-04 00:07:53 -05:00
9d97dc8327
Add Metasploit blogs as references, because they're useful.
2012-09-03 15:57:27 -05:00
9ab62de637
Fix a spelling error
2012-09-03 01:44:02 -05:00
943121dd61
Added module for CVE-2012-2611
2012-09-03 00:15:56 +02:00
d106a1150e
Be more clear that we dislike certain PDF templates
2012-08-31 14:07:58 -05:00
f439f256b5
Debug line deleted on
2012-08-30 00:18:07 +02:00
c3159e369a
A lot gotcha
...
When res is nil, that condition can fall into the 'else' clause.
If that happens, we can trigger a bug when we try to read res.code.
2012-08-29 14:46:35 -05:00
6a24e042f9
fixing indentation
2012-08-29 16:17:56 +02:00
2ed712949e
Added check function
2012-08-29 16:12:11 +02:00
72cb39925a
Added exploit for OSVDB 84821
2012-08-29 12:17:44 +02:00
8e56d4f2eb
This reference is too damn useful, must add
2012-08-25 16:05:58 -05:00
d51f8cad25
Change title and description
2012-08-24 15:39:56 -05:00
e461d542ac
added Windows 2003 SP1 Spanish targets
2012-08-24 12:50:30 +02:00
54ce7268ad
modules/exploits/windows/smb/ms08_067_netapi.rb
2012-08-24 11:30:23 +02:00
1a60abc7a7
Added W2003 SP2 Spanish targets
2012-08-24 11:16:08 +02:00
57c6385279
heap spray from flash works pretty well on ie9 too
2012-08-22 20:47:11 +02:00
730c0e9368
added windows vista and w7 targets
2012-08-22 20:13:10 +02:00
22051c9c2c
Merge branch 'flash_exploit_r2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-flash_exploit_r2
2012-08-22 10:00:34 -05:00
1b6fe22359
Give proper credit to Craig plus additional references
...
Craig first found the buffer overflow. But Matt found a more
reliable way to exploit the flaw.
2012-08-21 22:48:15 -05:00
f715527423
Improve CVE-2012-1535
2012-08-21 19:58:21 -05:00
3da8a59cf0
a little cleanup plus complete metadata
2012-08-20 22:42:54 +02:00
d226135986
Code Review Feedback
...
Removed trailing spaces and fixed indenting.
2012-08-20 10:41:42 -04:00
d82493a658
Code Review Feedback
...
Added 'Space' payload option, which in turn also required 'DisableNops'
Added/Corrected documentation for return addresses
2012-08-19 22:09:08 -04:00
bd249d1f28
Fixed exploit and made code review changes
...
The exploit was not working due to the user's root path causing
the EIP offset to change. To correct this, I was able to get
the server to disclose the root path in an error message (fixed in
5.67). I also radically refactored the exploit due to the feedback
I received from Juan Vazquez.
2012-08-19 10:01:03 -04:00
6dfe706860
Merge remote-tracking branch 'upstream/master' into sysax_create_folder
2012-08-19 09:58:04 -04:00
d1370c0f33
Alexander Gavrun gets a cookie
2012-08-17 12:23:49 -05:00
53a835dc85
Imply that we only garantee 11.3
2012-08-17 12:18:45 -05:00
13df1480c8
Add exploit for CVE-2012-1535
2012-08-17 12:16:54 -05:00
ac2e3dd44e
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-08-15 14:47:22 -05:00
54146b8e99
Add another ref about the technique
2012-08-15 14:46:51 -05:00
f325d47659
Fix up description a little
2012-08-15 13:57:24 -05:00
586d937161
Msftidy fix and adding OSVDB
2012-08-15 13:43:50 -05:00
d56ac81a57
Recapitalizing GlobalSCAPE
...
According to
http://kb.globalscape.com/Search.aspx?Keywords=globalscape
this seems to be the preferred capitalization.
2012-08-15 13:25:35 -05:00
dc5f8b874d
Found a bug with retrying.
2012-08-14 17:04:17 -05:00
bfe2ed0737
Minor title update
2012-08-14 12:14:13 -05:00
1ec7f03352
Changes proposed by todb: description, author email, zip data random
2012-08-14 18:45:05 +02:00
3c79509780
Added module for BID 46375
2012-08-14 18:15:29 +02:00
3e0e5a1a75
No manual stuff, probably prones to failure anyway.
2012-08-14 10:58:57 -05:00
612848df6f
Add priv escalation mod for exploiting trusted service path
2012-08-14 01:55:03 -05:00
bd408fc27e
Updating msft links to psexec
...
Thanks for the spot @shuckins-r7 !
2012-08-13 15:28:04 -05:00
6059bb5710
Merge branch 'cyclope' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-cyclope
2012-08-13 11:40:46 -05:00
dfa00ac499
Merge branch 'zenworks_assetmgmt_uploadservlet' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_assetmgmt_uploadservlet
2012-08-13 11:39:15 -05:00
f9b5f321cb
ADD OSVDB-84517
2012-08-12 17:56:18 -05:00
3711297719
dd Opt::Proxies and opthash[:proxies] to exploits
2012-08-12 16:29:39 -04:00
bf04e2dded
Added module for CVE-2011-2653
2012-08-12 18:27:56 +02:00
67cdea1788
Fix load order issues (again)
...
This is getting annoying. Some day we'll have autoload and never have
to deal with this.
2012-08-10 13:52:54 -06:00
b4b860f356
Correct MC's name
2012-08-08 14:16:02 -05:00
8587ff535a
Added exploit module for CVE-2009-1730
2012-08-08 16:28:03 +02:00
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
7221420267
When it hangs, it's actually the correct behavior, not a failure.
2012-08-07 15:00:08 -05:00
57c32c9c7b
Slip Plixer's name in there, because it's their product.
2012-08-07 12:20:44 -05:00
0f37c1704d
Add vendor's name in there fore better searching
2012-08-07 12:17:41 -05:00
5f4297a68a
I tested it 9.5.2 too
2012-08-07 11:01:08 -05:00
3ba73c4f7f
Fix check() function
2012-08-07 11:00:12 -05:00
6b4ae94dce
Add CVE-2012-3951 Scrutinizer NetFlow and sFlow Analyzer exploit
...
This uses a default MySQL admin credential to write a php file to
the web directory, extracts our malicious executable, and then
finally execute it. We get SYSTEM.
2012-08-07 03:19:44 -05:00
44dd8b0cc5
Merge branch 'update_juan_author' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-update_juan_author
2012-08-06 19:04:26 +02:00
c2cc4b3b15
juan author name updated
2012-08-06 18:59:16 +02:00
349c841f6b
Blah, OSVDB ref shouldn't be a link
2012-08-06 11:57:59 -05:00
647b587f75
Merge branch 'Meatballs1-uplay'
2012-08-06 11:54:51 -05:00
69ff9e7c1c
Lots of changes before commit.
2012-08-06 11:54:08 -05:00
25b2b2de68
Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay
2012-08-06 11:33:27 -05:00
13aca3fe4c
Merge branch 'oracle_autovue_setmarkupmode' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_autovue_setmarkupmode
2012-08-06 03:13:27 -05:00
79e04bb793
add osvdb ref
2012-08-05 09:02:11 -05:00
eb963ae52a
add osvdb ref
2012-08-05 09:01:46 -05:00
4e8a6f6508
Added module for CVE-2012-0549
2012-08-05 12:13:23 +02:00
d5b165abbb
Msftidy.rb cleanup on recent modules.
...
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
1aacea951d
Serve files as hidden
2012-08-04 18:03:12 +01:00
833999b2c3
Changed blacklist to 404 all files that are not our share and executable - this allows windows/exec payload to work
2012-08-04 17:59:45 +01:00
227d0dbc47
Add jabra to authors. I'm a jerk
2012-08-02 11:13:53 -06:00
1a2a1e70f7
Replace load with require, *facepalm*
2012-08-01 22:51:36 -06:00
2f1022a5a3
Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay
2012-08-01 16:24:23 -05:00
f6a2ba094d
Merge branch 'sonicwall_scrutinizer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sonicwall_scrutinizer
2012-08-01 15:14:34 -05:00
74a6c724a6
Merge branch 'cisco_playerpt_setsource_surl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cisco_playerpt_setsource_surl
2012-08-01 15:13:15 -05:00
6ae863cdff
Forgot two extra spaces, how dare me!
2012-08-01 15:11:33 -05:00
48533dc392
Merge branch 'current-user-psexec' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-current-user-psexec
2012-08-01 15:02:10 -05:00
92d1d26288
Add CVE-2012-2962 : Dell SonicWall Scrutinizer exploit
2012-08-01 15:00:24 -05:00
4c28b2a310
modified autopwn_info to add ie9
2012-08-01 19:36:20 +02:00
d3c10d5d39
Added module for CVE-2012-0284
2012-08-01 19:34:37 +02:00
0707730fe0
Remove superfluous method
...
Obsoleted by session.session_host, which does the same thing
2012-08-01 01:07:21 -06:00
47eb387886
Add current_user_psexec module
...
Tested against a 2k8 domain controller.
2012-08-01 01:05:10 -06:00
d66678e7ee
Forgot to randomize element ID
2012-07-31 17:25:50 -05:00
7a0b5a6169
Added module for CVE-2012-1876
2012-07-31 23:14:29 +02:00
75a9283fbf
Removed auto migrate as exploit loads in a seperate process to browser anyway
2012-07-31 20:44:14 +01:00
6f697ce519
Working with WebDAV
2012-07-31 20:26:47 +01:00
e7db0ebcef
Blah, removed the wrong ref.
2012-07-30 12:47:32 -05:00
edfe43e7e0
When I say to remove BID ref, I mean it...
2012-07-30 12:46:27 -05:00
e84214d1e1
Remove some references to avoid confusion.
...
rgod's poc and Mikado aren't actually the same thing, despite the
fact they both use the same method. To avoid confusion, refs to
Secunia and CVE are removed, but OSVDB/EDB are kept unless OSVDB
decides rgod's and Mikado's are separate issues.
2012-07-30 12:42:27 -05:00
f298dbbd04
Fixed to work with browser_autopwn
2012-07-30 16:43:21 +01:00
066020e572
Msftidy
2012-07-30 15:51:56 +01:00
404909cb95
Check as IE crashes if length > 693
2012-07-30 15:41:58 +01:00
690c381abd
Initial commit
2012-07-30 14:49:34 +01:00
2fa88366be
Added module for MS10-104
2012-07-30 09:01:38 +02:00
2f7b5f35af
Added Sysax 5.64 Create Folder exploit
2012-07-29 10:40:02 -04:00
0bbcac96ea
cleanup: delete revision metadata plus fix disc date
2012-07-26 15:04:15 +02:00
e885b84347
Added module for CVE-2012-0284
2012-07-26 13:08:24 +02:00
d2e1f4b448
Added module for OSVDB 83745
2012-07-25 19:24:09 +02:00
b527356e00
This check can be handy
2012-07-22 03:34:16 -05:00
beb1fbb55d
Added module for Simple Web Server Connection header bof
2012-07-21 12:07:36 +02:00
f4e4675dc5
Avoid unpack with native endian types
2012-07-20 22:07:12 +02:00
37f14f76b7
Descriptions updated
2012-07-19 17:38:01 +02:00
2bb36f5ef9
Remove repeating words
2012-07-19 10:17:05 -05:00
898530dd54
Fix description
2012-07-19 10:15:26 -05:00
2c648b1c5b
Merge branch 'zenworks_preboot_op6c_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6c_bof
2012-07-19 10:14:10 -05:00
8f867b5b0d
100 columns or each line in the description
2012-07-19 10:12:22 -05:00
d51209a3cf
Beautify
2012-07-19 15:53:47 +02:00
d69a46a9f0
Beautify
2012-07-19 15:53:09 +02:00
83b7b90c61
Added module for CVE-2011-3175
2012-07-19 15:30:51 +02:00
48f8145d97
Added module for CVE-2011-3176
2012-07-19 15:29:10 +02:00
ebe48ecf16
Add Rank for schelevator, update sock_sendpage's
2012-07-18 11:16:29 -06:00
f4547527a8
Merge branch 'omg-post-exploits' of https://github.com/jlee-r7/metasploit-framework
2012-07-17 17:43:40 -05:00
b3e11f2e6b
Merge branch 'zenworks_preboot_op6_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6_bof
2012-07-17 17:42:58 -05:00
80bfd48535
Added module for ZDI-010-090 Opcode 0x6
2012-07-17 23:25:55 +02:00
0514756e92
Added module for ZDI-010-090 Opcode 0x21
2012-07-17 23:25:04 +02:00
efe478f847
Merge branch 'master' into omg-post-exploits
2012-07-16 09:20:23 -06:00
7f3aeca501
Put lipstick on this pig for the time being
2012-07-15 21:35:29 -05:00
44e56c87f1
Make super sure that blank creds are not reported
2012-07-15 20:56:31 -05:00
8cf08c6ca3
Target W7 updated
2012-07-15 17:45:58 +02:00
e1ff6b0cef
Nicer cleanup
2012-07-14 17:57:32 -05:00
bdf009d7a8
Review of pull request #606
2012-07-15 00:20:12 +02:00
06974cbc43
This bug is now patched
2012-07-10 12:28:46 -05:00
c532d4307a
Use the right failure reason
2012-07-10 00:26:14 -05:00
73fcf73419
Added module for CVE-2011-2657
2012-07-09 18:03:16 +02:00
6d6b4bfa92
Merge remote branch 'rapid7/master' into omg-post-exploits
2012-07-08 17:32:39 -06:00
70c718a5ed
Fix indent level
2012-07-06 12:44:03 -05:00
24c57b61a8
Add juan as an author too for improving the module a lot
2012-07-06 10:41:06 -05:00
9fecc80459
User of TARGETURI plus improve of description
2012-07-06 15:47:25 +02:00
7751c54a52
references updates
2012-07-06 11:56:03 +02:00
f8ca5b4234
Revision of pull request #562
2012-07-06 11:52:43 +02:00
260cea934d
Add more reference
2012-07-05 16:48:43 -05:00
ff4a0bc3aa
poisonivy_bof description updated
2012-07-05 00:18:13 +02:00
8bdf3b56f5
tries updated
2012-07-04 15:48:32 +02:00
d8a5af7084
last changes done by gal, added RANDHEADER to single_exploit
2012-07-04 15:25:12 +02:00
644d5029d5
add bruteforce target as optional
2012-07-04 13:02:47 +02:00
7214a6c969
check function updated
2012-07-04 12:16:30 +02:00
c531bd264b
brute force version of the exploit
2012-07-04 11:37:36 +02:00
da2105787d
no rop versio of the exploit, metadata used, check and description fixed
2012-07-04 10:54:35 +02:00
8bcc0ba440
Review of pull request #559
2012-07-03 23:49:47 +02:00
600ca5b1dd
Added module for CVE-2012-0708
2012-07-03 19:03:58 +02:00
e06ca8e654
Winlog-CVE-resource
2012-07-02 20:33:15 +02:00
9d49052c52
hp_dataprotector_new_folder: added support for hpdp 6
2012-07-02 18:32:19 +02:00
3bb7405b09
Only report auth if the username is not blank
2012-07-02 04:11:29 -05:00
a3d74f5b10
Correct dead milw0rm references
2012-06-30 16:50:04 -05:00
2874768539
Also add juan as author. And links to the vulnerable setup.
2012-06-30 13:12:13 -05:00
5dbfb7b9aa
last cleanup
2012-06-30 14:18:25 +02:00
19d476122b
versions affected corrected
2012-06-29 20:23:17 +02:00
533111c6da
irfanview_jpeg2000_bof: review of pull req #543
2012-06-29 20:13:02 +02:00
196e1b7f70
Update title & description to match what ZDI has.
...
ZDI publishes a new advisory that's closer to what we actually
see in a debugger. So we update the reference, as well as the
description + title to better match up theirs.
2012-06-29 11:10:28 -05:00
19b6ebbfbf
Merge branch 'apple_quicktime_texml_zdi' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-apple_quicktime_texml_zdi
2012-06-29 10:59:11 -05:00
0e87238e58
Space space
2012-06-29 10:56:12 -05:00
c79312547a
Added module for CVE-2012-0124
2012-06-29 17:50:21 +02:00
5efb459616
updated zdi reference
2012-06-29 16:36:11 +02:00
e5dd6fc672
Update milw0rm references.
...
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links. Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
7c9a8ba699
Add OSVDB reference
2012-06-28 02:09:12 -05:00
869aec5e3e
Update CVE/OSVDB/Milw0rm references for browser modules
2012-06-28 00:26:20 -05:00
7dcdd205bb
Update CVEs for fileformat exploits
2012-06-28 00:21:03 -05:00
b83c02d8e3
Update CVE reference
2012-06-28 00:06:41 -05:00
d85ce8db5c
Update CVEs for HTTP exploits
2012-06-28 00:00:53 -05:00
e8102284ff
Add missing CVEs for misc exploit modules
2012-06-27 22:17:34 -05:00
f5faccfa07
Add missing CVEs for SCADA modules
2012-06-27 22:10:24 -05:00
2f733ff8b9
Add CVE-2012-0663 Apple QuickTime TeXML Exploit
2012-06-27 14:41:45 -05:00
94e28933c8
Whitespace fixes. msftidy.rb yall
2012-06-27 10:06:15 -05:00
9ea6d84a7a
Make it clear the exploit doesn't like certain PDF formats
...
If the exploit cannot fetch certain xref fields, we warn the user
we don't like their PDF, and recommend them to try a different
one.
2012-06-26 16:32:10 -05:00
b966dda980
Update missing CVE reference
2012-06-26 01:26:09 -05:00
8f355554c8
Update missing CVE reference
2012-06-26 01:21:24 -05:00
0d7b6d4053
Update missing CVE reference
2012-06-26 01:20:28 -05:00
c7935e0e99
Update OSVDB reference
2012-06-26 01:18:25 -05:00
9980c8f416
Add rh0's analysis
2012-06-25 21:32:45 -05:00
7698b2994d
Correct OSVDB typo
2012-06-25 18:32:35 -05:00
807f7729f0
Merge branch 'master' into feature/vuln-info
2012-06-25 10:10:20 -05:00
5d2655b0ce
add osvdb ref
2012-06-25 09:00:03 -05:00
348a0b8f6e
Merge branch 'master' into feature/vuln-info
2012-06-24 23:00:13 -05:00
c28d47dc70
Take into account an integer-normalized datastore
2012-06-24 23:00:02 -05:00
e31a09203d
Take into account an integer-normalized datastore
2012-06-24 22:59:14 -05:00
e805675c1f
Add Apple iTunes 10 Extended M3U Stack Buffer Overflow
...
New exploit against Apple iTunes. Note that this appears to be
different than liquidworm's CVE-2012-0677, because this one is
a stack-based buffer overflow, while CVE-2012-0677 is heap-based,
and a different crash/backtrace. However, according to Rh0, this
bug is patched anyway in the same update... possibly a silent
patch.
As of now, there seems to be no CVE or OSVDB addressing this
particular bug.
2012-06-24 02:01:34 -05:00
d708f2526c
Adding ref for APSB12-09 to new Flash sploit
2012-06-22 17:30:52 -05:00
72ef8c91f0
module for CVE-2012-0779 added
2012-06-23 00:21:18 +02:00
315a1707e7
also new version v2.07.16 is vulnerable
2012-06-22 13:18:45 +02:00
815d80a2cc
Merge branch 'rapid7' into omg-post-exploits
2012-06-21 17:02:55 -06:00
9d52ecfbb6
Fix a few mistakes (typos & reference)
2012-06-21 02:32:04 -05:00
6be7ba98aa
ezserver_http: added bid reference
2012-06-20 22:08:58 +02:00
f7ecc98923
Merge branch 'master' into feature/vuln-info
2012-06-20 13:34:53 -05:00
beb8e33fc4
Fix a typo
2012-06-20 09:53:09 -05:00
efaf5cf193
Oops, I found a typo.
2012-06-19 22:57:45 -05:00
9a9dd53e86
Use get_resource() instead of the hard-coded path
2012-06-19 22:56:25 -05:00
79fc053a2e
Merge branch 'module-CVE-2011-2110' of https://github.com/mrmee/metasploit-framework into mrmee-module-CVE-2011-2110
2012-06-19 22:05:07 -05:00
fcf42d3e7b
added adobe flashplayer array indexing exploit (CVE-2011-2110)
2012-06-20 12:52:37 +10:00
d40e39b71b
Additional exploit fail_with() changes to remove raise calls
2012-06-19 19:43:41 -05:00
a93eeca68d
msxml_get_definition_code_exec: added support for ie9
2012-06-20 00:17:50 +02:00
3b1c434252
Remove trailing space
2012-06-19 16:44:07 -05:00
fb7f6b49f0
This mega-diff adds better error classification to existing modules
2012-06-19 12:59:15 -05:00
f7a85f3f9d
Make it clear that this works on Vista SP2
2012-06-18 20:13:37 -05:00
4739affd54
Fix the comment as well
2012-06-18 19:57:56 -05:00
bd0fd8195d
Add compatibility for Vista SP2 from troulouliou
2012-06-18 19:55:52 -05:00
4987acc703
Correct e-mail format, description, and some commas.
2012-06-18 18:52:26 -05:00
29887272a9
Correct the description to mention IE8 on Windows 7
2012-06-18 18:14:59 -05:00
2df237b066
minor fixes
2012-06-18 22:44:17 +02:00
10bd72f3a1
Merge pull request #500 from modpr0be/module-ezserver
...
added ezserver <=6.4.017 bof for winxp sp3
2012-06-18 13:42:35 -07:00
d706199a83
fix all changes suggested by jvazquez-r7
2012-06-19 02:05:25 +07:00
256290c206
Additional changes
2012-06-18 10:49:16 -05:00
50269c910a
Add IE 8 targets
2012-06-18 10:44:52 -05:00
931f24b380
Merge branch 'php_apache_request_headers_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-php_apache_request_headers_bof
2012-06-16 14:56:45 -05:00
a8a4594cd4
Documenting esi alignment plus using target_uri.to_s
2012-06-16 09:26:22 +02:00
424948a358
Fix title
2012-06-16 01:48:00 -05:00
38926fb97c
Description and name change
2012-06-15 20:11:34 -05:00
c676708564
BrowserAutopwn info completed
2012-06-16 02:26:33 +02:00
ce241b7e80
BrowserAutopwn info completed
2012-06-16 02:18:01 +02:00
495ed2e434
BrowserAutopwn info added
2012-06-16 02:14:24 +02:00
8a89968a1d
Added module for CVE-2012-1889
2012-06-16 01:50:25 +02:00
David Maloney
jvazquez-r7
sinn3r
sagishahar
nullbind
corelanc0d3r
Tod Beardsley
Michael Schierl
James Lee
Rob Fuller
lincoln@corelan.be
sput-nick
Spencer McIntyre
kernelsmith
Ramon de C Valle
Matt Andreko
RageLtMan
Steve Tornio
Meatballs1
HD Moore
m-1-k-3
Steven Seeley
Juan Vazquez
modpr0be