HD Moore
ffd91793b9
Make RMI easier to correlate, add a vulnerability check to the scanner module
2012-04-29 18:11:28 -05:00
David Maloney
f1cd488f19
Overrirdes the autofilter results from the HTTPServer mixin for the rmi
...
exploit
2012-04-27 15:22:40 -05:00
HD Moore
67fe5b775a
Bump this up
2012-04-27 01:23:40 -05:00
HD Moore
ec831a1658
Smarter RMI class loader logic
2012-04-27 01:02:18 -05:00
HD Moore
4c2e1c2859
Small updates to the rmi modules
2012-04-27 00:07:00 -05:00
sinn3r
cc76438a75
Merge branch 'jlee-r7-http-print-standardization'
2012-04-25 15:38:46 -05:00
sinn3r
711fb73048
Fix more print_*
2012-04-25 15:01:50 -05:00
sinn3r
5bebd01eb0
Tabs vs spaces war round 2
2012-04-24 16:06:08 -05:00
sinn3r
bc42375565
Fix spaces to proper hard tabs. Not very fun to do.
2012-04-24 16:03:41 -05:00
sinn3r
0671fc9ea1
Merge branch 'axis2_mods' of https://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-axis2_mods
2012-04-24 15:49:34 -05:00
James Lee
9cdd8912c5
Remove spurious cli.peerhost in output
2012-04-20 13:31:42 -06:00
sinn3r
81b6e76619
Correct CVE/OSVDB/BID references, thanks Chad.
2012-04-19 00:24:56 -05:00
James Lee
3e0747f5d2
Randomize guid and payload filename
2012-04-16 12:09:25 -06:00
Chris John Riley
f4f1ec70bc
Altered regex to detect Jetty hosts
...
Added in detection for 401 Authentication responses
Added alternative REST based run method (seen in Axis2 1.1.1)
Added check to prevent // from appearing at the start of the URI (causes issues on Jetty hosts)
There should be a default method for URI to prevent double / from appearing at the start of the path (can cause unknown issues).
2012-04-15 15:13:21 +02:00
James Lee
810d496ade
Chmod the payload executable
...
Makes native payloads work on non-windows, thanks mihi!
2012-04-11 12:48:14 -06:00
Tod Beardsley
cbc12560a5
Leading tabs, not spaces
...
There's a coding style in here that will make msftidy.rb cry, and
that's:
```
varfoo = %q|
stuff
thats
html
|
```
Usually, you want something like
varfoo = ""
varfoo << %q| stuff|
varfoo << %q| thats|
varfoo << %q| html|
That said, the Description field is usually written as tab-intended
multiline %q{} enclosures, so that's what I'll do here to make
msftidy.rb happy.
2012-04-10 14:25:00 -05:00
Tod Beardsley
cdc020ba9f
Trailing space on xpi bootstrap module
2012-04-10 14:24:08 -05:00
Tod Beardsley
3cb7cbe994
Adding another ref and a disclosuredate to mihi's XPI module
...
Calling the disclosure date 2007 since TippingPoint published a blog
post back then about this XPI confirm-and-install vector.
2012-04-10 13:59:21 -05:00
sinn3r
0e1fff2c4b
Change the output style to comply with egyp7's expectations.
2012-04-10 13:42:52 -05:00
sinn3r
76c12fe7e6
Whitespace cleanup
2012-04-10 13:22:10 -05:00
Michael Schierl
705cf41858
Add firefox_xpi_bootstrapped_addon exploit
...
This is similar to java_signed_applet as it does not exploit a vulnerability, but
hope that the user will trust the addon.
2012-04-10 13:39:54 +02:00
andurin
4e955e5870
replace spaces with tabs
2012-04-06 10:45:10 -05:00
andurin
67e6c7b850
tomcat_mgr_deploy may report successful creds
...
Using following code for 'check' as 'exploit':
report_auth_info(
:host => rhost,
:port => rport,
:sname => (ssl ? "https" : "http"),
:user => datastore['BasicAuthUser'],
:pass => datastore['BasicAuthPass'],
:proof => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
:active => true
)
Resulting in:
Credentials
===========
host port user pass type active?
---- ---- ---- ---- ---- -------
192.168.x.xxx 8080 tomcat s3cret password true
2012-04-06 10:45:10 -05:00
Tod Beardsley
14e3cd75dc
Revert "tomcat_mgr_deploy may report successful creds"
...
This reverts commit 937f8f035a
.
2012-04-05 16:17:06 -05:00
sinn3r
8628991b1d
Merge pull request #305 from jlee-r7/bap-refactor
...
Bap refactor
2012-04-05 08:02:43 -07:00
andurin
937f8f035a
tomcat_mgr_deploy may report successful creds
2012-04-05 11:09:56 +02:00
James Lee
974d95b175
Both of these are obsoleted by java_atomicreferencearray
2012-04-03 18:23:42 -06:00
sinn3r
bd5f43c918
Add another good reference by @mihi42
2012-04-01 01:30:50 -05:00
sinn3r
bab4cddd83
Add Jeroen Frijters for finding/reporting the bug
2012-03-31 03:01:09 -05:00
James Lee
cc54a260f5
Merge remote branch 'upstream/master'
2012-03-30 14:31:12 -06:00
James Lee
0547369966
Add bap support for flash mp4 and new java bug
...
Also fixes a silly issue where adobe_flash_mp4_cprt was adding the
/test.mp4 resource after every request instead of just once at startup.
2012-03-30 12:59:07 -06:00
Steve Tornio
ae21c05e69
add osvdb ref
2012-03-30 07:26:07 -05:00
sinn3r
e018c6604f
Modify CVE-2012-0507
2012-03-30 02:06:56 -05:00
Tod Beardsley
f069a32223
Merge pull request #288 from wchen-r7/cve_2012_0507
...
Adding sinn3r and juan's exploit for CVE-2012-0507. Blog post coming soon.
2012-03-29 08:46:49 -07:00
sinn3r
791ebdb679
Add CVE-2012-0507 (Java)
2012-03-29 10:31:14 -05:00
Tod Beardsley
2f3bbdc00c
Sed replacement of exploit-db links with EDB refs
...
This is the result of:
find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/ \([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
Tod Beardsley
23c9c51014
Fixing CVE format on sit_file_upload.
2012-03-21 09:59:20 -05:00
sinn3r
aeb691bbee
Massive whitespace cleanup
2012-03-18 00:07:27 -05:00
sinn3r
7c77fe20cc
Some variables don't need to be in a double-quote.
2012-03-17 20:37:42 -05:00
Tod Beardsley
e3f2610985
Msftidy run through on the easy stuff.
...
Still have some hits, but that requires a little more code contortion to
fix.
2012-03-15 17:06:20 -05:00
Tod Beardsley
9144c33345
MSFTidy check for capitalization in modules
...
And also fixes up a dozen or so failing modules.
2012-03-15 16:38:12 -05:00
sinn3r
5250b179c8
Add CVE and OSVDB ref
2012-03-15 04:40:27 -05:00
James Lee
8d93e3ad44
Actually use the password we were given...
2012-03-08 10:17:39 -07:00
James Lee
02ea38516f
Add a check method for tomcat_mgr_deploy
2012-03-06 23:22:44 -07:00
sinn3r
22a12a6dfc
Add Lotus CMS exploit (OSVDB-75095)
2012-03-06 11:36:28 -06:00
James Lee
464cf7f65f
Normalize service names
...
Downcases lots and standardizes a few. Notably, modules that reported a
service name of "TNS" are now "oracle". Modules that report http
now check for SSL and report https instead.
[Fixes #6437 ]
2012-02-21 22:59:20 -07:00
HD Moore
4932a9ca25
Dont dump an HTML document to the console
2012-02-21 23:45:25 -06:00
Tod Beardsley
4a631e463c
Module title normalization
...
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/
The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
2012-02-21 11:07:44 -06:00
HD Moore
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
HD Moore
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00