Commit Graph

976 Commits (089a0064080d185d6b1f281ca499818f264fcc0f)

Author SHA1 Message Date
m-1-k-3 64f769504b encoding 2015-03-10 17:47:15 +01:00
m-1-k-3 6657c7d11d Belkin - CVE-2014-1635 2015-03-10 16:49:51 +01:00
William Vu ecd7ae9c3b
Land #4857, symantec_web_gateway_restore module 2015-03-02 15:00:10 -06:00
sinn3r ad28f9767f Use include 2015-03-02 14:41:25 -06:00
sinn3r cb140434f9 Update 2015-03-02 12:59:21 -06:00
OJ 905a539a00 Add exploit for Seagate Business NAS devices
This module is an exploit for a pre-authenticated remote code execution
vulnerability in Seagate Business NAS products.
2015-03-01 13:25:28 +10:00
sinn3r 4a1fbbdc3b Use datastore to find payload name 2015-02-28 19:56:32 -06:00
sinn3r ef9196ba6c Correct comment 2015-02-27 13:27:49 -06:00
sinn3r 7b6c39058a Correct target name 2015-02-27 13:24:57 -06:00
sinn3r 90aff51676 Add CVE-2014-7285, Symantec Web Gateway restore.php Command Injection 2015-02-27 12:31:29 -06:00
jvazquez-r7 0372b08d83 Fix mixin usage on modules 2015-02-13 17:17:59 -06:00
Tod Beardsley bae19405a7
Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
jvazquez-r7 b61538e980
Land #4291, @headlesszeke's module for ARRIS VAP2500 command execution 2015-01-21 20:52:31 -06:00
jvazquez-r7 33195caff2 Mark compatible payloads 2015-01-21 20:52:04 -06:00
jvazquez-r7 500d7159f1 Use PAYLOAD instead of CMD 2015-01-21 20:49:05 -06:00
jvazquez-r7 f37ac39b4c Split exploit cmd vs exploit session 2015-01-21 20:46:37 -06:00
jvazquez-r7 e1d1ff17fd Change failure code 2015-01-21 20:38:33 -06:00
jvazquez-r7 169052af5c Use cookie option 2015-01-21 20:37:38 -06:00
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
2015-01-02 13:29:17 -06:00
Tod Beardsley 264d3f9faa
Minor grammar fixes on modules 2014-12-31 11:45:14 -06:00
jvazquez-r7 121c0406e9 Beautify restart_command creation 2014-12-24 15:52:15 -06:00
jvazquez-r7 43ec8871bc Do minor c code cleanup 2014-12-24 15:45:38 -06:00
jvazquez-r7 92113a61ce Check payload 2014-12-24 15:43:49 -06:00
jvazquez-r7 36ac0e6279 Clean get_restart_commands 2014-12-24 14:55:18 -06:00
jvazquez-r7 92b3505119 Clean exploit method 2014-12-24 14:49:19 -06:00
jvazquez-r7 9c4d892f5e Use single quotes when possible 2014-12-24 14:37:39 -06:00
jvazquez-r7 bbbb917728 Do style cleaning on metadata 2014-12-24 14:35:35 -06:00
jvazquez-r7 af24e03879 Update from upstream 2014-12-24 14:25:25 -06:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Jon Hart 65b316cd8c
Land #4372 2014-12-11 18:48:16 -08:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Christian Mehlmauer de88908493
code style 2014-12-11 23:30:20 +01:00
headlesszeke 8d1ca872d8 Now with logging of command response output 2014-12-05 10:58:40 -06:00
Tod Beardsley 79f2708a6e
Slight fixes to grammar/desc/whitespace
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
headlesszeke 564488acb4 Changed and to && 2014-12-02 00:02:53 -06:00
headlesszeke 280e10db55 Add module for Arris VAP2500 Remote Command Execution 2014-12-01 23:07:56 -06:00
Rasta Mouse 985838e999 Suggestions from OJ 2014-11-27 21:38:50 +00:00
Rasta Mouse 25ecf73d7d Add configurable directory, rather than relying on the session working
directory.
2014-11-27 17:12:37 +00:00
OJ 75e5553cd4 Change to in exploit 2014-11-26 16:53:30 +10:00
jvazquez-r7 9524efa383 Fix banner 2014-11-25 23:14:20 -06:00
jvazquez-r7 16ed90db88 Delete return keyword 2014-11-25 23:11:53 -06:00
jvazquez-r7 85926e1a07 Improve check 2014-11-25 23:11:32 -06:00
jvazquez-r7 5a2d2914a9 Fail on upload errors 2014-11-25 22:48:57 -06:00
jvazquez-r7 b24e641e97 Modify exploit logic 2014-11-25 22:11:43 -06:00
jvazquez-r7 4bbadc44d6 Use Msf::Exploit::FileDropper 2014-11-25 22:00:42 -06:00
jvazquez-r7 7fbd5b63b1 Delete the Rex::MIME::Message gsub 2014-11-25 21:54:50 -06:00
jvazquez-r7 eaa41e9a94 Added reference 2014-11-25 21:37:04 -06:00
jvazquez-r7 2c207597dc Use single quotes 2014-11-25 18:30:25 -06:00
jvazquez-r7 674ceeed40 Do minor cleanup 2014-11-25 18:26:41 -06:00
jvazquez-r7 6ceb47619a Change module filename 2014-11-25 18:09:15 -06:00
jvazquez-r7 1305d56901 Update from upstream master 2014-11-25 18:07:13 -06:00
Mark Schloesser 9e9954e831 fix placeholder to show the firmware version I used 2014-11-19 21:23:39 +01:00
Mark Schloesser a718e6f83e add exploit for r7-2014-18 / CVE-2014-4880 2014-11-19 21:07:02 +01:00
HD Moore 6b4eb9a8e2 Differentiate failed binds from connects, closes #4169
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:

1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.

Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
Joe Vennix c6bbc5bccf
Merge branch 'landing-4055' into upstream-master 2014-10-28 11:18:20 -05:00
Luke Imhoff 216360d664
Add missing require
MSP-11145
2014-10-27 15:19:59 -05:00
sinn3r 7cb4320a76
Land #3561 - unix cmd generic_sh encoder 2014-10-23 15:48:00 -05:00
sinn3r 13fd6a3374
Land #4046 - Centreon SQL and Command Injection 2014-10-23 13:17:00 -05:00
sinn3r ce841e57e2 Rephrase about centreon.session 2014-10-23 13:15:55 -05:00
sinn3r 889045d1b6 Change failure message 2014-10-23 12:55:27 -05:00
William Vu d5b698bf2d
Land #3944, pkexec exploit 2014-10-17 16:30:55 -05:00
jvazquez-r7 7652b580cd Beautify description 2014-10-17 15:31:37 -05:00
jvazquez-r7 d831a20629 Add references and fix typos 2014-10-17 15:29:28 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
0a2940 e689a0626d Use Rex.sleep :-)
"Right is right even if no one is doing it; wrong is wrong even if everyone is doing it"

user@x:/opt/metasploit$ grep -nr "select(nil, nil, nil" . | wc -l
189
user@x:/opt/metasploit$ grep -nr "Rex.sleep" . | wc -l
25
2014-10-10 10:05:46 +01:00
sinn3r c5494e037d
Land #3900 - Add F5 iControl Remote Root Command Execution 2014-10-08 00:30:07 -05:00
jvazquez-r7 299d9afa6f Add module for centreon vulnerabilities 2014-10-07 14:40:51 -05:00
jvazquez-r7 3daa1ed4c5 Avoid changing modules indentation in this pull request 2014-10-07 10:41:25 -05:00
jvazquez-r7 341d8b01cc Favor echo encoder for back compatibility 2014-10-07 10:24:32 -05:00
jvazquez-r7 0089810026 Merge to update 2014-10-06 19:09:31 -05:00
jvazquez-r7 212762e1d6 Delete RequiredCmd for unix cmd encoders, favor EncoderType 2014-10-06 18:42:21 -05:00
0a2940 f2b9aeed74 typo 2014-10-03 11:02:56 +01:00
0a2940 f60f6d9c92 add exploit for CVE-2011-1485 2014-10-03 10:54:43 +01:00
Brandon Perry 2c9446e6a8 Update f5_icontrol_exec.rb 2014-10-02 17:56:24 -05:00
Tod Beardsley 4fbab43f27
Release fixes, all titles and descs 2014-10-01 14:26:09 -05:00
William Vu 039e544ffa
Land #3925, rm indeces_enum
Deprecated.
2014-09-30 17:45:38 -05:00
Brandon Perry 161a145ec2 Create f5_icontrol_exec.rb 2014-09-27 10:40:13 -05:00
jvazquez-r7 f2cfbebbfb Add module for ZDI-14-305 2014-09-24 00:22:16 -05:00
Jon Hart 495e1c14a1
Land #3721, @brandonprry's module for Railo CVE-2014-5468 2014-09-09 19:10:46 -07:00
Jon Hart 26d8432a22
Minor style and usability changes to @brandonprry's #3721 2014-09-09 19:09:45 -07:00
Brandon Perry db6052ec6a Update check method 2014-09-09 18:51:42 -05:00
Jakob Lell 3e57ac838c Converted LD_PRELOAD library from precompiled binary to metasm code. 2014-09-04 21:49:55 +02:00
Brandon Perry ee3e5c9159 Add check method 2014-09-02 21:35:47 -05:00
Brandon Perry 438f0e6365 typos 2014-08-30 09:22:58 -05:00
Brandon Perry f72cce9ff2 Update railo_cfml_rfi.rb 2014-08-29 17:33:15 -05:00
Brandon Perry f4965ec5cf Create railo_cfml_rfi.rb 2014-08-28 08:42:07 -05:00
Jakob Lell 052327b9c6 Removed redundant string "linux_" from exploit name 2014-08-27 23:33:15 +02:00
Jakob Lell b967336b3b Small bugfix (incorrect filename in data directory) 2014-08-25 00:39:00 +02:00
Jakob Lell fc6f50058b Add desktop_linux_privilege_escalation module 2014-08-25 00:05:20 +02:00
jvazquez-r7 f6f8d7b993 Delete debug print_status 2014-07-22 15:00:03 -05:00
jvazquez-r7 b086462ed6 More cleanups of modules which REALLY need the 'old' generic encoder 2014-07-22 14:57:53 -05:00
jvazquez-r7 3d7ed10ea0 Second review of modules which shouldn't be affected by changes 2014-07-22 14:33:57 -05:00
jvazquez-r7 5e8da09b2d Allow some modules to use the old encoder 2014-07-22 14:28:11 -05:00
jvazquez-r7 b0f8d8eaf1 Delete debug print_status 2014-07-22 13:29:00 -05:00
jvazquez-r7 f546eae464 Modify encoders to allow back compatibility 2014-07-22 13:27:12 -05:00
William Vu ff6c8bd5de
Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
Tod Beardsley 6c595f28d7
Set up a proper peer method 2014-07-14 13:29:07 -05:00
Michael Messner 1b7008dafa typo in name 2014-07-13 13:24:54 +02:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
jvazquez-r7 eb9d2f130c Change title 2014-07-11 12:03:09 -05:00
jvazquez-r7 a356a0e818 Code cleanup 2014-07-11 12:00:31 -05:00
jvazquez-r7 6fd1ff6870 Merge master 2014-07-11 11:40:39 -05:00
jvazquez-r7 d637171ac0 Change module filename 2014-07-11 11:39:32 -05:00
jvazquez-r7 c55117d455 Some cleanup 2014-07-11 11:39:01 -05:00
jvazquez-r7 a7a700c70d
Land #3502, @m-1-k-3's DLink devices HNAP Buffer Overflow CVE-2014-3936 2014-07-11 11:25:03 -05:00
jvazquez-r7 b9cda5110c Add target info to message 2014-07-11 11:24:33 -05:00
jvazquez-r7 dea68c66f4 Update title and description 2014-07-11 10:38:53 -05:00
jvazquez-r7 f238c2a93f change module filename 2014-07-11 10:30:50 -05:00
jvazquez-r7 f7d60bebdc Do clean up 2014-07-11 10:28:31 -05:00
jvazquez-r7 8f3197c192
Land #3496, @m-1-k-3's switch to CmdStager on dlink_upnp_exec_noauth 2014-07-11 09:50:57 -05:00
jvazquez-r7 4ea2daa96a Minor cleanup 2014-07-11 09:50:22 -05:00
jvazquez-r7 51cfa168b1 Fix deprecation information 2014-07-11 09:47:30 -05:00
jvazquez-r7 611b8a1b6d Modify title and ranking 2014-07-11 09:35:21 -05:00
jvazquez-r7 a9b92ee581 Change module filename 2014-07-11 09:17:56 -05:00
jvazquez-r7 36c6e74221 Do minor fixes 2014-07-11 09:17:34 -05:00
Michael Messner 109201a5da little auto detect fix 2014-07-10 20:45:49 +02:00
Michael Messner 781149f13f little auto detect fix 2014-07-10 20:40:39 +02:00
Michael Messner f068006f05 auto target 2014-07-09 21:53:11 +02:00
Michael Messner 6a765ae3b0 small cleanup 2014-07-09 21:16:29 +02:00
Michael Messner 0674314c74 auto target included 2014-07-09 20:56:04 +02:00
Michael Messner b4812c1b7d auto target included 2014-07-09 20:53:24 +02:00
Michael Messner f89f47c4d0 dlink_dspw215_info_cgi_rop 2014-07-08 22:29:57 +02:00
Michael Messner 6fbd6bb4a0 stager 2014-07-08 22:17:02 +02:00
Michael Messner ac727dae89 dlink_dsp_w215_hnap_exploit 2014-07-08 22:13:13 +02:00
Michael Messner 579ce0a858 cleanup 2014-07-08 21:58:15 +02:00
Michael Messner 51001f9cb3 Merge branch 'master' of git://github.com/rapid7/metasploit-framework into dlink_upnp_msearch_command_injection 2014-07-08 21:39:53 +02:00
Michael Messner 84d6d56e15 cleanup, deprecated 2014-07-08 21:36:07 +02:00
Michael Messner 10bcef0c33 cleanup, deprecated 2014-07-08 21:34:28 +02:00
Michael Messner e7ade9f84d migrate from wget to echo mechanism 2014-07-06 21:45:53 +02:00
jvazquez-r7 98a82bd145
Land #3486, @brandonprry's exploit for CVE-2014-4511 gitlist RCE 2014-07-04 16:41:04 -05:00
jvazquez-r7 59881323b9 Clean code 2014-07-04 16:40:16 -05:00
Brandon Perry a33a6dc79d add bash to requiredcmd 2014-07-03 16:52:52 -05:00
Brandon Perry 806f26424c && not and 2014-07-03 16:50:21 -05:00
Brandon Perry 6fb2fc85a0 address @jvasquez-r7 review points 2014-07-03 16:43:01 -05:00
Brandon Perry 86a31b1896 Update gitlist_exec.rb 2014-07-03 12:40:37 -05:00
Michael Messner 8f55af5f9d UPnP check included 2014-07-02 21:28:39 +02:00
Michael Messner ac2e84bfd6 check included 2014-07-02 21:24:50 +02:00
Brandon Perry db6524106e one more typo, last one I swear 2014-06-30 22:33:19 -05:00
Brandon Perry d7dfa67e94 typo 2014-06-30 20:15:25 -05:00
Brandon Perry acedf5e847 Update gitlist_exec.rb
Fix EDB ref and no twitter handles.
2014-06-30 20:12:08 -05:00
Brandon Perry ecc1b08994 Create gitlist_exec.rb
This adds a metasploit module for CVE-2014-4511
2014-06-30 20:10:24 -05:00
HD Moore 6e8415143c Fix msftidy and tweak a few modules missing timeouts 2014-06-30 00:46:28 -05:00
Spencer McIntyre 748589f56a Make cmdstager flavor explicit or from info
Every module that uses cmdstager either passes the flavor
as an option to the execute_cmdstager function or relies
on the module / target info now.
2014-06-28 17:40:49 -04:00
HD Moore 5e900a9f49 Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse 2014-06-28 16:06:46 -05:00
HD Moore 3868348045 Fix incorrect use of sock.get that leads to indefinite hang 2014-06-28 15:48:58 -05:00
Spencer McIntyre bd49d3b17b Explicitly use the echo stager and deregister options
Certain modules will only work with the echo cmd stager so
specify that one as a parameter to execute_cmdstager and
remove the datastore options to change it.
2014-06-28 16:21:08 -04:00
Spencer McIntyre 42ac3a32fe Multi-fy two new linux/http/dlink exploits 2014-06-27 08:40:27 -04:00
Spencer McIntyre 41d721a861 Update two modules to use the new unified cmdstager 2014-06-27 08:34:57 -04:00
jvazquez-r7 870fa96bd4 Allow quotes in CmdStagerFlavor metadata 2014-06-27 08:34:56 -04:00
jvazquez-r7 91e2e63f42 Add CmdStagerFlavor to metadata 2014-06-27 08:34:55 -04:00