Michael Messner
10baf1ebb6
echo stager
2015-05-23 15:50:35 +02:00
Tod Beardsley
f423306b6f
Various post-commit fixups
...
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150 , @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys
Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192 , @joevennix's module for Safari CVE-2015-1126
Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in
Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016 ,
add SSL Labs scanner
Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101 , Add Directory Traversal for GoAhead Web Server
Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158 , OWA internal IP disclosure scanner
Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159 , WordPress Mobile Edition Plugin File Read Vuln
Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924 , @m-1-k-3's DLink CVE-2015-1187 exploit
Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131 , WordPress Slideshow Upload
Edited modules/exploits/windows/local/run_as.rb first landed in #4649 ,
improve post/windows/manage/run_as and as an exploit
(These results courtesy of a delightful git alias, here:
```
cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"
```
So that's kind of fun.
2015-05-06 11:39:15 -05:00
m-1-k-3
c7e05448e7
various MIPS vs MIPSBE fixes
2015-05-04 12:55:21 +02:00
m-1-k-3
53043dcbbc
make msftidy happy
2015-05-03 18:14:51 +02:00
m-1-k-3
6fbce56a52
realtek upnp command injection
2015-05-03 18:09:22 +02:00
jvazquez-r7
1bc6822811
Delete Airties module
2015-05-22 11:57:45 -05:00
jvazquez-r7
70d0bb1b1a
Merge Airties target inside miniupnpd_soap_bof
2015-05-22 11:57:19 -05:00
m-1-k-3
d8b8017e0b
remove debugging
2015-04-27 06:36:34 +02:00
m-1-k-3
8db88994ac
fingerprint, title
2015-04-27 06:34:46 +02:00
m-1-k-3
285d767e20
initial commit of UPnP exploit for Airties devices
2015-04-27 05:34:30 +02:00
m-1-k-3
f5b0a7e082
include rop gadget description
2015-04-23 00:11:02 +02:00
m-1-k-3
1ec0e09a43
msftidy
2015-04-22 10:32:47 +02:00
m-1-k-3
58099d0469
airties login bof module
2015-04-22 10:21:58 +02:00
jvazquez-r7
3f40342ac5
Fix sock_sendpage
2015-04-21 14:17:19 -05:00
jvazquez-r7
ab94f15a60
Take care of modules using the 'DEBUG' option
2015-04-21 12:13:40 -05:00
jvazquez-r7
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
Michael Messner
b991dec0f9
Dlink UPnP SOAP-Header Injection
2015-04-17 22:54:32 +02:00
wchen-r7
4f903a604c
Fix #5103 , Revert unwanted URI encoding
...
Fix #5103 . By default, Httpclient will encode the URI but
we don't necessarily want that. These modules originally
didn't use URI encoding when they were written so we should
just keep them that way.
2015-04-17 13:59:49 -05:00
Christian Mehlmauer
153344a1dd
fix Unkown typo
2015-04-16 23:59:28 +02:00
Christian Mehlmauer
352e170624
more failure reasons
2015-04-16 22:04:11 +02:00
Christian Mehlmauer
ba6548db75
be consistent about naming
2015-04-16 21:44:56 +02:00
Christian Mehlmauer
a193ae42b0
moar fail_with's
2015-04-16 21:25:05 +02:00
Christian Mehlmauer
4dc402fd3c
moar fail_with's
2015-04-16 21:16:52 +02:00
Christian Mehlmauer
0e186fa617
first fail_with fixes
2015-04-16 21:08:33 +02:00
jvazquez-r7
ef6bf54e2f
Fix metadata
2015-04-15 09:22:59 -05:00
jvazquez-r7
1da6b32df7
Land #4924 , @m-1-k-3's DLink CVE-2015-1187 exploit
...
* ncc service ping.cpp command injection
2015-04-15 09:17:10 -05:00
jvazquez-r7
6019bbe0d2
Add ranking comment
2015-04-15 09:12:03 -05:00
jvazquez-r7
ad465c4d5b
Do code cleanup
2015-04-15 09:10:18 -05:00
Tod Beardsley
11057e5b3b
Fix up the last couple from Tenable, missed last
...
[See #5012 ]
2015-04-02 15:27:46 -05:00
Tod Beardsley
4bbec88882
Various other one-off nonhuman author credits
...
[See #5012 ]
2015-04-02 15:25:47 -05:00
Tod Beardsley
b17727d244
Switching to privileged => false
2015-04-01 14:35:45 -05:00
Tod Beardsley
0825534d2c
Fix reference
2015-04-01 14:16:45 -05:00
Tod Beardsley
8ec71e9daf
Add a module for R7-2015-05
2015-04-01 14:05:41 -05:00
m-1-k-3
d81a246660
target_uri
2015-03-26 12:16:20 +01:00
m-1-k-3
b7f469b747
feedback
2015-03-26 07:39:36 +01:00
Tod Beardsley
49a6057f74
Grammaring harder
2015-03-24 11:10:36 -05:00
jvazquez-r7
2d1adf6ef4
Land #4923 , @m-1-k-3's exploit for overflow on belkin routers
2015-03-22 02:05:35 -05:00
jvazquez-r7
ee74bb3c5b
The default concat operator should be ok
2015-03-22 02:05:02 -05:00
jvazquez-r7
5499b68e02
Do code cleanup
2015-03-22 01:58:32 -05:00
sinn3r
1b67a06d35
No banner var
2015-03-20 02:26:59 -05:00
sinn3r
b55ffc9ff1
Change option to FORCE_EXPLOIT
2015-03-20 01:44:10 -05:00
sinn3r
d8539ef91a
Change datastore option's description
2015-03-19 12:22:42 -05:00
sinn3r
a2ba81f84f
This should be true (required)
2015-03-19 11:54:03 -05:00
sinn3r
d8c8bd1669
Move the details to a wiki
2015-03-19 11:52:17 -05:00
sinn3r
968a8758ad
Add CVE-2015-0235 Exim GHOST (glibc gethostbyname) Buffer Overflow
...
This was originally written by Qualys
2015-03-18 18:51:16 -05:00
Sven Vetsch
4d3a1a2f71
fix all duplicated keys in modules
2015-03-14 13:10:42 +01:00
m-1-k-3
819a49b28a
msftidy again
2015-03-12 19:09:52 +01:00
m-1-k-3
2eab258a76
msftidy
2015-03-12 19:07:56 +01:00
m-1-k-3
ccf7314c8f
msftidy
2015-03-12 19:05:21 +01:00
m-1-k-3
6fcab31997
ncc exploit CVE-2015-1187 - dir626l
2015-03-12 18:55:50 +01:00
m-1-k-3
64f769504b
encoding
2015-03-10 17:47:15 +01:00
m-1-k-3
6657c7d11d
Belkin - CVE-2014-1635
2015-03-10 16:49:51 +01:00
William Vu
ecd7ae9c3b
Land #4857 , symantec_web_gateway_restore module
2015-03-02 15:00:10 -06:00
sinn3r
ad28f9767f
Use include
2015-03-02 14:41:25 -06:00
sinn3r
cb140434f9
Update
2015-03-02 12:59:21 -06:00
OJ
905a539a00
Add exploit for Seagate Business NAS devices
...
This module is an exploit for a pre-authenticated remote code execution
vulnerability in Seagate Business NAS products.
2015-03-01 13:25:28 +10:00
sinn3r
4a1fbbdc3b
Use datastore to find payload name
2015-02-28 19:56:32 -06:00
sinn3r
ef9196ba6c
Correct comment
2015-02-27 13:27:49 -06:00
sinn3r
7b6c39058a
Correct target name
2015-02-27 13:24:57 -06:00
sinn3r
90aff51676
Add CVE-2014-7285, Symantec Web Gateway restore.php Command Injection
2015-02-27 12:31:29 -06:00
jvazquez-r7
0372b08d83
Fix mixin usage on modules
2015-02-13 17:17:59 -06:00
Tod Beardsley
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
jvazquez-r7
b61538e980
Land #4291 , @headlesszeke's module for ARRIS VAP2500 command execution
2015-01-21 20:52:31 -06:00
jvazquez-r7
33195caff2
Mark compatible payloads
2015-01-21 20:52:04 -06:00
jvazquez-r7
500d7159f1
Use PAYLOAD instead of CMD
2015-01-21 20:49:05 -06:00
jvazquez-r7
f37ac39b4c
Split exploit cmd vs exploit session
2015-01-21 20:46:37 -06:00
jvazquez-r7
e1d1ff17fd
Change failure code
2015-01-21 20:38:33 -06:00
jvazquez-r7
169052af5c
Use cookie option
2015-01-21 20:37:38 -06:00
sinn3r
d45cdd61aa
Resolve #4507 - respond_to? + send = evil
...
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.
Resolve #4507
2015-01-02 13:29:17 -06:00
Tod Beardsley
264d3f9faa
Minor grammar fixes on modules
2014-12-31 11:45:14 -06:00
jvazquez-r7
121c0406e9
Beautify restart_command creation
2014-12-24 15:52:15 -06:00
jvazquez-r7
43ec8871bc
Do minor c code cleanup
2014-12-24 15:45:38 -06:00
jvazquez-r7
92113a61ce
Check payload
2014-12-24 15:43:49 -06:00
jvazquez-r7
36ac0e6279
Clean get_restart_commands
2014-12-24 14:55:18 -06:00
jvazquez-r7
92b3505119
Clean exploit method
2014-12-24 14:49:19 -06:00
jvazquez-r7
9c4d892f5e
Use single quotes when possible
2014-12-24 14:37:39 -06:00
jvazquez-r7
bbbb917728
Do style cleaning on metadata
2014-12-24 14:35:35 -06:00
jvazquez-r7
af24e03879
Update from upstream
2014-12-24 14:25:25 -06:00
Tod Beardsley
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Jon Hart
65b316cd8c
Land #4372
2014-12-11 18:48:16 -08:00
Christian Mehlmauer
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
Christian Mehlmauer
de88908493
code style
2014-12-11 23:30:20 +01:00
headlesszeke
8d1ca872d8
Now with logging of command response output
2014-12-05 10:58:40 -06:00
Tod Beardsley
79f2708a6e
Slight fixes to grammar/desc/whitespace
...
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
headlesszeke
564488acb4
Changed and to &&
2014-12-02 00:02:53 -06:00
headlesszeke
280e10db55
Add module for Arris VAP2500 Remote Command Execution
2014-12-01 23:07:56 -06:00
Rasta Mouse
985838e999
Suggestions from OJ
2014-11-27 21:38:50 +00:00
Rasta Mouse
25ecf73d7d
Add configurable directory, rather than relying on the session working
...
directory.
2014-11-27 17:12:37 +00:00
OJ
75e5553cd4
Change to in exploit
2014-11-26 16:53:30 +10:00
jvazquez-r7
9524efa383
Fix banner
2014-11-25 23:14:20 -06:00
jvazquez-r7
16ed90db88
Delete return keyword
2014-11-25 23:11:53 -06:00
jvazquez-r7
85926e1a07
Improve check
2014-11-25 23:11:32 -06:00
jvazquez-r7
5a2d2914a9
Fail on upload errors
2014-11-25 22:48:57 -06:00
jvazquez-r7
b24e641e97
Modify exploit logic
2014-11-25 22:11:43 -06:00
jvazquez-r7
4bbadc44d6
Use Msf::Exploit::FileDropper
2014-11-25 22:00:42 -06:00
jvazquez-r7
7fbd5b63b1
Delete the Rex::MIME::Message gsub
2014-11-25 21:54:50 -06:00
jvazquez-r7
eaa41e9a94
Added reference
2014-11-25 21:37:04 -06:00
jvazquez-r7
2c207597dc
Use single quotes
2014-11-25 18:30:25 -06:00
jvazquez-r7
674ceeed40
Do minor cleanup
2014-11-25 18:26:41 -06:00
jvazquez-r7
6ceb47619a
Change module filename
2014-11-25 18:09:15 -06:00