m-1-k-3
64f769504b
encoding
2015-03-10 17:47:15 +01:00
m-1-k-3
6657c7d11d
Belkin - CVE-2014-1635
2015-03-10 16:49:51 +01:00
William Vu
ecd7ae9c3b
Land #4857 , symantec_web_gateway_restore module
2015-03-02 15:00:10 -06:00
sinn3r
ad28f9767f
Use include
2015-03-02 14:41:25 -06:00
sinn3r
cb140434f9
Update
2015-03-02 12:59:21 -06:00
OJ
905a539a00
Add exploit for Seagate Business NAS devices
...
This module is an exploit for a pre-authenticated remote code execution
vulnerability in Seagate Business NAS products.
2015-03-01 13:25:28 +10:00
sinn3r
4a1fbbdc3b
Use datastore to find payload name
2015-02-28 19:56:32 -06:00
sinn3r
ef9196ba6c
Correct comment
2015-02-27 13:27:49 -06:00
sinn3r
7b6c39058a
Correct target name
2015-02-27 13:24:57 -06:00
sinn3r
90aff51676
Add CVE-2014-7285, Symantec Web Gateway restore.php Command Injection
2015-02-27 12:31:29 -06:00
jvazquez-r7
0372b08d83
Fix mixin usage on modules
2015-02-13 17:17:59 -06:00
Tod Beardsley
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
jvazquez-r7
b61538e980
Land #4291 , @headlesszeke's module for ARRIS VAP2500 command execution
2015-01-21 20:52:31 -06:00
jvazquez-r7
33195caff2
Mark compatible payloads
2015-01-21 20:52:04 -06:00
jvazquez-r7
500d7159f1
Use PAYLOAD instead of CMD
2015-01-21 20:49:05 -06:00
jvazquez-r7
f37ac39b4c
Split exploit cmd vs exploit session
2015-01-21 20:46:37 -06:00
jvazquez-r7
e1d1ff17fd
Change failure code
2015-01-21 20:38:33 -06:00
jvazquez-r7
169052af5c
Use cookie option
2015-01-21 20:37:38 -06:00
sinn3r
d45cdd61aa
Resolve #4507 - respond_to? + send = evil
...
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.
Resolve #4507
2015-01-02 13:29:17 -06:00
Tod Beardsley
264d3f9faa
Minor grammar fixes on modules
2014-12-31 11:45:14 -06:00
jvazquez-r7
121c0406e9
Beautify restart_command creation
2014-12-24 15:52:15 -06:00
jvazquez-r7
43ec8871bc
Do minor c code cleanup
2014-12-24 15:45:38 -06:00
jvazquez-r7
92113a61ce
Check payload
2014-12-24 15:43:49 -06:00
jvazquez-r7
36ac0e6279
Clean get_restart_commands
2014-12-24 14:55:18 -06:00
jvazquez-r7
92b3505119
Clean exploit method
2014-12-24 14:49:19 -06:00
jvazquez-r7
9c4d892f5e
Use single quotes when possible
2014-12-24 14:37:39 -06:00
jvazquez-r7
bbbb917728
Do style cleaning on metadata
2014-12-24 14:35:35 -06:00
jvazquez-r7
af24e03879
Update from upstream
2014-12-24 14:25:25 -06:00
Tod Beardsley
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Jon Hart
65b316cd8c
Land #4372
2014-12-11 18:48:16 -08:00
Christian Mehlmauer
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
Christian Mehlmauer
de88908493
code style
2014-12-11 23:30:20 +01:00
headlesszeke
8d1ca872d8
Now with logging of command response output
2014-12-05 10:58:40 -06:00
Tod Beardsley
79f2708a6e
Slight fixes to grammar/desc/whitespace
...
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
headlesszeke
564488acb4
Changed and to &&
2014-12-02 00:02:53 -06:00
headlesszeke
280e10db55
Add module for Arris VAP2500 Remote Command Execution
2014-12-01 23:07:56 -06:00
Rasta Mouse
985838e999
Suggestions from OJ
2014-11-27 21:38:50 +00:00
Rasta Mouse
25ecf73d7d
Add configurable directory, rather than relying on the session working
...
directory.
2014-11-27 17:12:37 +00:00
OJ
75e5553cd4
Change to in exploit
2014-11-26 16:53:30 +10:00
jvazquez-r7
9524efa383
Fix banner
2014-11-25 23:14:20 -06:00
jvazquez-r7
16ed90db88
Delete return keyword
2014-11-25 23:11:53 -06:00
jvazquez-r7
85926e1a07
Improve check
2014-11-25 23:11:32 -06:00
jvazquez-r7
5a2d2914a9
Fail on upload errors
2014-11-25 22:48:57 -06:00
jvazquez-r7
b24e641e97
Modify exploit logic
2014-11-25 22:11:43 -06:00
jvazquez-r7
4bbadc44d6
Use Msf::Exploit::FileDropper
2014-11-25 22:00:42 -06:00
jvazquez-r7
7fbd5b63b1
Delete the Rex::MIME::Message gsub
2014-11-25 21:54:50 -06:00
jvazquez-r7
eaa41e9a94
Added reference
2014-11-25 21:37:04 -06:00
jvazquez-r7
2c207597dc
Use single quotes
2014-11-25 18:30:25 -06:00
jvazquez-r7
674ceeed40
Do minor cleanup
2014-11-25 18:26:41 -06:00
jvazquez-r7
6ceb47619a
Change module filename
2014-11-25 18:09:15 -06:00
jvazquez-r7
1305d56901
Update from upstream master
2014-11-25 18:07:13 -06:00
Mark Schloesser
9e9954e831
fix placeholder to show the firmware version I used
2014-11-19 21:23:39 +01:00
Mark Schloesser
a718e6f83e
add exploit for r7-2014-18 / CVE-2014-4880
2014-11-19 21:07:02 +01:00
HD Moore
6b4eb9a8e2
Differentiate failed binds from connects, closes #4169
...
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:
1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.
Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
Joe Vennix
c6bbc5bccf
Merge branch 'landing-4055' into upstream-master
2014-10-28 11:18:20 -05:00
Luke Imhoff
216360d664
Add missing require
...
MSP-11145
2014-10-27 15:19:59 -05:00
sinn3r
7cb4320a76
Land #3561 - unix cmd generic_sh encoder
2014-10-23 15:48:00 -05:00
sinn3r
13fd6a3374
Land #4046 - Centreon SQL and Command Injection
2014-10-23 13:17:00 -05:00
sinn3r
ce841e57e2
Rephrase about centreon.session
2014-10-23 13:15:55 -05:00
sinn3r
889045d1b6
Change failure message
2014-10-23 12:55:27 -05:00
William Vu
d5b698bf2d
Land #3944 , pkexec exploit
2014-10-17 16:30:55 -05:00
jvazquez-r7
7652b580cd
Beautify description
2014-10-17 15:31:37 -05:00
jvazquez-r7
d831a20629
Add references and fix typos
2014-10-17 15:29:28 -05:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
0a2940
e689a0626d
Use Rex.sleep :-)
...
"Right is right even if no one is doing it; wrong is wrong even if everyone is doing it"
user@x:/opt/metasploit$ grep -nr "select(nil, nil, nil" . | wc -l
189
user@x:/opt/metasploit$ grep -nr "Rex.sleep" . | wc -l
25
2014-10-10 10:05:46 +01:00
sinn3r
c5494e037d
Land #3900 - Add F5 iControl Remote Root Command Execution
2014-10-08 00:30:07 -05:00
jvazquez-r7
299d9afa6f
Add module for centreon vulnerabilities
2014-10-07 14:40:51 -05:00
jvazquez-r7
3daa1ed4c5
Avoid changing modules indentation in this pull request
2014-10-07 10:41:25 -05:00
jvazquez-r7
341d8b01cc
Favor echo encoder for back compatibility
2014-10-07 10:24:32 -05:00
jvazquez-r7
0089810026
Merge to update
2014-10-06 19:09:31 -05:00
jvazquez-r7
212762e1d6
Delete RequiredCmd for unix cmd encoders, favor EncoderType
2014-10-06 18:42:21 -05:00
0a2940
f2b9aeed74
typo
2014-10-03 11:02:56 +01:00
0a2940
f60f6d9c92
add exploit for CVE-2011-1485
2014-10-03 10:54:43 +01:00
Brandon Perry
2c9446e6a8
Update f5_icontrol_exec.rb
2014-10-02 17:56:24 -05:00
Tod Beardsley
4fbab43f27
Release fixes, all titles and descs
2014-10-01 14:26:09 -05:00
William Vu
039e544ffa
Land #3925 , rm indeces_enum
...
Deprecated.
2014-09-30 17:45:38 -05:00
Brandon Perry
161a145ec2
Create f5_icontrol_exec.rb
2014-09-27 10:40:13 -05:00
jvazquez-r7
f2cfbebbfb
Add module for ZDI-14-305
2014-09-24 00:22:16 -05:00
Jon Hart
495e1c14a1
Land #3721 , @brandonprry's module for Railo CVE-2014-5468
2014-09-09 19:10:46 -07:00
Jon Hart
26d8432a22
Minor style and usability changes to @brandonprry's #3721
2014-09-09 19:09:45 -07:00
Brandon Perry
db6052ec6a
Update check method
2014-09-09 18:51:42 -05:00
Jakob Lell
3e57ac838c
Converted LD_PRELOAD library from precompiled binary to metasm code.
2014-09-04 21:49:55 +02:00
Brandon Perry
ee3e5c9159
Add check method
2014-09-02 21:35:47 -05:00
Brandon Perry
438f0e6365
typos
2014-08-30 09:22:58 -05:00
Brandon Perry
f72cce9ff2
Update railo_cfml_rfi.rb
2014-08-29 17:33:15 -05:00
Brandon Perry
f4965ec5cf
Create railo_cfml_rfi.rb
2014-08-28 08:42:07 -05:00
Jakob Lell
052327b9c6
Removed redundant string "linux_" from exploit name
2014-08-27 23:33:15 +02:00
Jakob Lell
b967336b3b
Small bugfix (incorrect filename in data directory)
2014-08-25 00:39:00 +02:00
Jakob Lell
fc6f50058b
Add desktop_linux_privilege_escalation module
2014-08-25 00:05:20 +02:00
jvazquez-r7
f6f8d7b993
Delete debug print_status
2014-07-22 15:00:03 -05:00
jvazquez-r7
b086462ed6
More cleanups of modules which REALLY need the 'old' generic encoder
2014-07-22 14:57:53 -05:00
jvazquez-r7
3d7ed10ea0
Second review of modules which shouldn't be affected by changes
2014-07-22 14:33:57 -05:00
jvazquez-r7
5e8da09b2d
Allow some modules to use the old encoder
2014-07-22 14:28:11 -05:00
jvazquez-r7
b0f8d8eaf1
Delete debug print_status
2014-07-22 13:29:00 -05:00
jvazquez-r7
f546eae464
Modify encoders to allow back compatibility
2014-07-22 13:27:12 -05:00
William Vu
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
Tod Beardsley
6c595f28d7
Set up a proper peer method
2014-07-14 13:29:07 -05:00
Michael Messner
1b7008dafa
typo in name
2014-07-13 13:24:54 +02:00
jvazquez-r7
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
jvazquez-r7
eb9d2f130c
Change title
2014-07-11 12:03:09 -05:00
jvazquez-r7
a356a0e818
Code cleanup
2014-07-11 12:00:31 -05:00
jvazquez-r7
6fd1ff6870
Merge master
2014-07-11 11:40:39 -05:00
jvazquez-r7
d637171ac0
Change module filename
2014-07-11 11:39:32 -05:00
jvazquez-r7
c55117d455
Some cleanup
2014-07-11 11:39:01 -05:00
jvazquez-r7
a7a700c70d
Land #3502 , @m-1-k-3's DLink devices HNAP Buffer Overflow CVE-2014-3936
2014-07-11 11:25:03 -05:00
jvazquez-r7
b9cda5110c
Add target info to message
2014-07-11 11:24:33 -05:00
jvazquez-r7
dea68c66f4
Update title and description
2014-07-11 10:38:53 -05:00
jvazquez-r7
f238c2a93f
change module filename
2014-07-11 10:30:50 -05:00
jvazquez-r7
f7d60bebdc
Do clean up
2014-07-11 10:28:31 -05:00
jvazquez-r7
8f3197c192
Land #3496 , @m-1-k-3's switch to CmdStager on dlink_upnp_exec_noauth
2014-07-11 09:50:57 -05:00
jvazquez-r7
4ea2daa96a
Minor cleanup
2014-07-11 09:50:22 -05:00
jvazquez-r7
51cfa168b1
Fix deprecation information
2014-07-11 09:47:30 -05:00
jvazquez-r7
611b8a1b6d
Modify title and ranking
2014-07-11 09:35:21 -05:00
jvazquez-r7
a9b92ee581
Change module filename
2014-07-11 09:17:56 -05:00
jvazquez-r7
36c6e74221
Do minor fixes
2014-07-11 09:17:34 -05:00
Michael Messner
109201a5da
little auto detect fix
2014-07-10 20:45:49 +02:00
Michael Messner
781149f13f
little auto detect fix
2014-07-10 20:40:39 +02:00
Michael Messner
f068006f05
auto target
2014-07-09 21:53:11 +02:00
Michael Messner
6a765ae3b0
small cleanup
2014-07-09 21:16:29 +02:00
Michael Messner
0674314c74
auto target included
2014-07-09 20:56:04 +02:00
Michael Messner
b4812c1b7d
auto target included
2014-07-09 20:53:24 +02:00
Michael Messner
f89f47c4d0
dlink_dspw215_info_cgi_rop
2014-07-08 22:29:57 +02:00
Michael Messner
6fbd6bb4a0
stager
2014-07-08 22:17:02 +02:00
Michael Messner
ac727dae89
dlink_dsp_w215_hnap_exploit
2014-07-08 22:13:13 +02:00
Michael Messner
579ce0a858
cleanup
2014-07-08 21:58:15 +02:00
Michael Messner
51001f9cb3
Merge branch 'master' of git://github.com/rapid7/metasploit-framework into dlink_upnp_msearch_command_injection
2014-07-08 21:39:53 +02:00
Michael Messner
84d6d56e15
cleanup, deprecated
2014-07-08 21:36:07 +02:00
Michael Messner
10bcef0c33
cleanup, deprecated
2014-07-08 21:34:28 +02:00
Michael Messner
e7ade9f84d
migrate from wget to echo mechanism
2014-07-06 21:45:53 +02:00
jvazquez-r7
98a82bd145
Land #3486 , @brandonprry's exploit for CVE-2014-4511 gitlist RCE
2014-07-04 16:41:04 -05:00
jvazquez-r7
59881323b9
Clean code
2014-07-04 16:40:16 -05:00
Brandon Perry
a33a6dc79d
add bash to requiredcmd
2014-07-03 16:52:52 -05:00
Brandon Perry
806f26424c
&& not and
2014-07-03 16:50:21 -05:00
Brandon Perry
6fb2fc85a0
address @jvasquez-r7 review points
2014-07-03 16:43:01 -05:00
Brandon Perry
86a31b1896
Update gitlist_exec.rb
2014-07-03 12:40:37 -05:00
Michael Messner
8f55af5f9d
UPnP check included
2014-07-02 21:28:39 +02:00
Michael Messner
ac2e84bfd6
check included
2014-07-02 21:24:50 +02:00
Brandon Perry
db6524106e
one more typo, last one I swear
2014-06-30 22:33:19 -05:00
Brandon Perry
d7dfa67e94
typo
2014-06-30 20:15:25 -05:00
Brandon Perry
acedf5e847
Update gitlist_exec.rb
...
Fix EDB ref and no twitter handles.
2014-06-30 20:12:08 -05:00
Brandon Perry
ecc1b08994
Create gitlist_exec.rb
...
This adds a metasploit module for CVE-2014-4511
2014-06-30 20:10:24 -05:00
HD Moore
6e8415143c
Fix msftidy and tweak a few modules missing timeouts
2014-06-30 00:46:28 -05:00
Spencer McIntyre
748589f56a
Make cmdstager flavor explicit or from info
...
Every module that uses cmdstager either passes the flavor
as an option to the execute_cmdstager function or relies
on the module / target info now.
2014-06-28 17:40:49 -04:00
HD Moore
5e900a9f49
Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse
2014-06-28 16:06:46 -05:00
HD Moore
3868348045
Fix incorrect use of sock.get that leads to indefinite hang
2014-06-28 15:48:58 -05:00
Spencer McIntyre
bd49d3b17b
Explicitly use the echo stager and deregister options
...
Certain modules will only work with the echo cmd stager so
specify that one as a parameter to execute_cmdstager and
remove the datastore options to change it.
2014-06-28 16:21:08 -04:00
Spencer McIntyre
42ac3a32fe
Multi-fy two new linux/http/dlink exploits
2014-06-27 08:40:27 -04:00
Spencer McIntyre
41d721a861
Update two modules to use the new unified cmdstager
2014-06-27 08:34:57 -04:00
jvazquez-r7
870fa96bd4
Allow quotes in CmdStagerFlavor metadata
2014-06-27 08:34:56 -04:00
jvazquez-r7
91e2e63f42
Add CmdStagerFlavor to metadata
2014-06-27 08:34:55 -04:00