Commit Graph

371 Commits (10fd5304cedbf8104e7d372b46e4b91da668dae7)

Author SHA1 Message Date
jvazquez-r7 bce321c628 Do response handling a little better, fake test 2014-01-17 11:02:35 -06:00
jvazquez-r7 11d613f1a7 Clean ibm_sametime_webplayer_dos 2014-01-17 10:52:42 -06:00
jvazquez-r7 51b3d164f7 Move the DoS module to the correct location 2014-01-17 09:30:51 -06:00
Tod Beardsley e737b136cc
Minor grammar/caps fixup for release 2013-12-09 14:01:27 -06:00
jvazquez-r7 fdebfe3d2f Add references 2013-12-07 14:25:58 -06:00
sinn3r adc241faf8 Last one, I say 2013-12-06 15:52:42 -06:00
sinn3r 17193e06a9 Last commit, I swear 2013-12-06 15:49:44 -06:00
sinn3r 58a70779ac Final update 2013-12-06 15:48:59 -06:00
sinn3r 9f5768ae37 Another update 2013-12-06 14:53:35 -06:00
sinn3r af16f11784 Another update 2013-12-06 14:39:26 -06:00
sinn3r 87e77b358e Use the correct URI 2013-12-06 12:08:19 -06:00
sinn3r 5d4acfa274 Plenty of changes 2013-12-06 11:57:02 -06:00
sinn3r c07686988c random uri 2013-12-05 18:07:24 -06:00
sinn3r 8e9723788d Correct description 2013-12-04 17:25:58 -06:00
sinn3r fb2fcf429f This one actually works 2013-12-04 17:22:42 -06:00
sinn3r d0071d7baa Add CVE-2013-6414 Rails Action View DoS 2013-12-04 14:57:30 -06:00
Tod Beardsley 23448b58e7
Remove timeout checkers that are rescued anyway 2013-11-25 12:37:23 -06:00
Tod Beardsley f311b0cd1e
Add user-controlled verbs.
GET, HEAD, POST, and PROPFIND were tested on WebRick, all successful.
2013-11-25 12:29:05 -06:00
Tod Beardsley 6a28aa298e
Module for CVE-2013-4164
So far, just a DoS. So far, just tested on recent Rails with Webrick and
Thin front ends -- would love to see some testing on ngix/apache with
passenger/mod_rails but I don't have it set up at the moment.
2013-11-22 16:51:02 -06:00
jvazquez-r7 f963f960cb Update title 2013-11-18 15:07:59 -06:00
jvazquez-r7 274247bfcd
Land #2647, @jvennix-r7's module for Gzip Memory Bomb DoS 2013-11-18 15:06:46 -06:00
joev 589660872e Kill FILEPATH datastore option. 2013-11-18 14:13:25 -06:00
joev 8e889c61f7 Update description. 2013-11-17 15:48:27 -06:00
joev f7820139dc Add a content_type datastore option. 2013-11-17 15:38:55 -06:00
joev 43d2711b98 Default to 1 round compression. 2013-11-17 15:35:35 -06:00
joev 1e3860d648 Add gzip bomb dos aux module. 2013-11-17 14:44:33 -06:00
William Vu 2c485c509e Fix caps on module titles (first pass) 2013-11-15 00:03:42 -06:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
Tod Beardsley 9045eb06b0
Various title and description updates 2013-10-28 14:00:19 -05:00
jvazquez-r7 6989f16661
Land #2548, @titanous's aux module for CVE-2013-4450 2013-10-22 15:02:54 -05:00
jvazquez-r7 bdf07456ba Last cleanup for nodejs_pipelining 2013-10-22 15:00:58 -05:00
Jonathan Rudenberg db447b65f9 Add exploit for Node.js HTTP Pipelining DoS 2013-10-22 15:12:14 -04:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Tod Beardsley ba2c52c5de
Fixed up some more weird splat formatting. 2013-10-16 16:25:48 -05:00
Tod Beardsley ed0b84b7f7
Another round of re-splatting. 2013-10-15 14:14:15 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat
[SeeRM #8496]
2013-10-15 13:51:57 -05:00
darknight007 7b82c64983 ms12-020 stack print resolve 2013-10-12 16:49:03 +05:00
darknight007 e1b9f1a3c4 modified ms12-020 module to resolve stack print 2013-10-12 16:36:37 +05:00
darknight007 291b90405d Merge branch 'master' of https://github.com/darknight007/metasploit-framework
Conflicts:
	modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids.rb
2013-10-12 16:23:09 +05:00
darknight007 602fd276bc using theirs 2013-10-12 16:20:26 +05:00
darknight007 4e50c574c5 Update ms12_020_maxchannelids.rb
ms12_020_maxchannelids.rb produces a call stack when the connection is timed out. 

To reproduct, just run the module against a system having no RDP enabled.
2013-10-12 15:39:13 +05:00
Meatballs c460f943f7
Merge branch 'master' into data_dir
Conflicts:
	modules/exploits/windows/local/always_install_elevated.rb
	plugins/sounds.rb
	scripts/meterpreter/powerdump.rb
	scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
darknight007 f1ab7b51b1 Update ms12_020_maxchannelids.rb
ms12_020_maxchannelids.rb produces a call stack when the connection is timed out. 

To reproduct, just run the module against a system having no RDP enabled.
2013-09-30 13:43:26 +05:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
FireFart 09fa7b7692 remove rport methods since it is already defined in Msf::Exploit::Remote::HttpClient 2013-09-25 23:50:34 +02:00
FireFart 84ec2cbf11 remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient 2013-09-25 23:42:44 +02:00
Tod Beardsley b4b7cecaf4 Various minor desc fixes, also killed some tabs. 2013-09-16 15:50:00 -05:00
jvazquez-r7 a40e0ba704 Clean up read_nttrans_ea_list 2013-09-07 16:11:00 -05:00
Tab Assassin 597f337d1b Retab changes for PR #2298 2013-09-05 13:52:10 -05:00