Commit Graph

24302 Commits (04f2632972932e4ed92980b96988daae75763586)

Author SHA1 Message Date
Tod Beardsley e5375c9f1a
Add heartbleed module for release 2014-04-09 09:53:37 -05:00
Tod Beardsley 3849d1517f
Restore author credit 2014-04-09 09:42:39 -05:00
jvazquez-r7 e154d175e8 Add @hmoore-r7's heartbeat client side module 2014-04-09 09:38:11 -05:00
jvazquez-r7 1aa8e35551
Land #3211, @Firefart's heartbleed comment reference 2014-04-09 09:13:25 -05:00
jvazquez-r7 8d38087a10 Fix case / when indention 2014-04-09 09:12:55 -05:00
Christian Mehlmauer 0e0fd20f88
Added RFC link 2014-04-09 15:19:29 +02:00
Christian Mehlmauer a0a5b9faa1
Fix heartbleed module
-) incorrect length read
-) Parse TLS errors
2014-04-09 15:08:24 +02:00
Brandon Perry 8428b37e59 move file to .rb ext 2014-04-09 05:17:14 -07:00
jvazquez-r7 a93e22b5c0
Land #3209, @Firefart's heartbleed's module fix 2014-04-09 06:38:06 -05:00
Christian Mehlmauer 9c159f0aa3
Land #3210, typo in openssl_heartbleed 2014-04-09 09:53:06 +02:00
Meatballs ae3ead6ef9
Land #2107 Post Enum Domain Users 2014-04-09 11:32:12 +01:00
julianvilas 4e7c675f3c Fix typo, extraquote in message 2014-04-09 10:22:15 +02:00
Christian Mehlmauer cdfe333572
updated heartbleed module
-) Heartbeat length was added twice
-) Use the current date for the TLS client_hello
2014-04-09 09:19:05 +02:00
joev b4f5784ba2
Land #3147, @m-1-k-3's mipsbe exec payload. 2014-04-08 22:32:21 -05:00
Brandon Perry 82c9b539ac Fix disclosure date, earlier than I thought 2014-04-08 21:43:49 -05:00
Brandon Perry 3013704c75 Create sophos_wpa_iface_exec
This module exploits both bugs in http://www.zerodayinitiative.com/advisories/ZDI-14-069/
2014-04-08 21:21:43 -05:00
William Vu dd69a9e5dd
Land #3206, OpenSSL Heartbleed infoleak 2014-04-08 20:12:00 -05:00
William Vu 5e314f2a7c
Fix outstanding issues 2014-04-08 20:11:28 -05:00
sinn3r f3086085b6
Land #3204 - MS14-017 Microsoft Word RTF Object Confusion 2014-04-08 18:47:53 -05:00
jvazquez-r7 a4e1d866e1 Favor nil? 2014-04-08 18:21:49 -05:00
jvazquez-r7 153e003e23 Do small fixes 2014-04-08 18:21:09 -05:00
jvazquez-r7 39aecb140a Use the datastore option 2014-04-08 16:55:08 -05:00
jvazquez-r7 496dd944e6 Add support for datastore TLSVERSION 2014-04-08 16:51:50 -05:00
jvazquez-r7 d51aa34437 Use Random generation Time as pointed by @Firefart 2014-04-08 16:46:15 -05:00
jvazquez-r7 d964243cc4 Move heartbeat length to a variable 2014-04-08 16:33:05 -05:00
jvazquez-r7 3d6c553efd Fix endianess 2014-04-08 16:29:31 -05:00
jvazquez-r7 373b05c5aa Minimize extensions in the Hello 2014-04-08 16:21:38 -05:00
jvazquez-r7 3254cce832 Align comment 2014-04-08 16:04:38 -05:00
jvazquez-r7 c20b71e7b6 Switch to vprint unless success 2014-04-08 16:03:38 -05:00
jvazquez-r7 7dbd690c99 Add new references 2014-04-08 16:01:06 -05:00
jvazquez-r7 a55579dd4a Fix references 2014-04-08 15:56:56 -05:00
jvazquez-r7 4004cd8f9a Allow hello data to grow dinamically 2014-04-08 15:52:39 -05:00
jvazquez-r7 b8e2c9fe42 Clean and fix @Firefart's code 2014-04-08 15:32:13 -05:00
jvazquez-r7 80bdbbed92 Solve conflict 2014-04-08 15:18:38 -05:00
Christian Mehlmauer 8c7debb81d
Added some comments and modified JABBER 2014-04-08 22:13:02 +02:00
jvazquez-r7 021da84459 Add authors and switch and's format 2014-04-08 15:10:27 -05:00
sinn3r a2b709b20e
Land #3189 - Vtiger Install Unauthenticated Remote Command Execution 2014-04-08 14:58:34 -05:00
sinn3r 4012dd0acc Fix everything that needs to be fixed 2014-04-08 14:57:42 -05:00
Christian Mehlmauer 9c053a5b91
Added additional protocols 2014-04-08 21:56:05 +02:00
Fabian Bräunlein 8dce80fd30 Added Big Endianess, improved check()-Function
Some Fritz!Box devices also run in Big Endianess mode. However, since
"uname -a" always returns "mips" and the "file"-command is not
available, autodetection is not an easy task.

The check()-function now checks, whether the device is really
vulnerable.

Furthemore, it's possible to send 92 bytes.
2014-04-08 21:32:36 +02:00
William Vu 69ab46e8cd
Land #3205, prevent Travis autofails on msftidy 2014-04-08 14:15:59 -05:00
jvazquez-r7 5f29026cb2 Complete @Firefart's module 2014-04-08 14:13:56 -05:00
Tod Beardsley 2d0ff4b9fb
Travis shouldn't autofail msftidy fails... yet
[SeeRM #8498]
2014-04-08 14:05:42 -05:00
Spencer McIntyre 3f6c8afbe3 Fix typo of MSCOMCTL not MCCOMCTL 2014-04-08 14:52:18 -04:00
Spencer McIntyre 85197dffe6 MS14-017 Word RTF listoverridecount memory corruption 2014-04-08 14:44:20 -04:00
William Vu 66e292a85a
Land #3201, typo fix for exim4_dovecot_exec 2014-04-07 18:10:37 -05:00
Jeff Jarmoc 21b220321f Fix typo.
This isn't a Linksys exploit.  Left over wording from a previous exploit?
2014-04-07 18:06:59 -05:00
Tod Beardsley eab938c7b4
Get rid of requires, too 2014-04-07 16:39:19 -05:00
Tod Beardsley 17ddbccc34
Remove the broken lorcon module set
None of the lorcon / lorcon2 modules have been functional for a long
time, due to the lack of a "Lorcon" gem. It's unclear where it went.

I'm happy to include it and get these working again, but until someone
comes up with some functional code (hint: 'gem install' doesn't work) I
don't see any reason to keep shipping these.

Is there some trick people are doing to make these work? As far as I can
see, they are broken by default.

````
msf auxiliary(wifun) > show options

Module options (auxiliary/dos/wifi/wifun):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   CHANNEL    11               yes       The initial channel
   DRIVER     autodetect       yes       The name of the wireless driver
for lorcon
   INTERFACE  wlan0            yes       The name of the wireless
interface

msf auxiliary(wifun) > run

[*] The Lorcon2 module is not available: cannot load such file --
Lorcon2
[-] Auxiliary failed: RuntimeError Lorcon2 not available
[-] Call stack:
[-]
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/lorcon2.rb:67:in
`open_wifi'
[-]
/home/todb/git/rapid7/metasploit-framework/modules/auxiliary/dos/wifi/wifun.rb:29:in
`run'
[*] Auxiliary module execution completed
````
2014-04-07 16:37:10 -05:00
jvazquez-r7 fb1318b91c
Land #3193, @m-1-k-3's exploit for the Fritzbox RCE vuln 2014-04-07 16:13:31 -05:00