Commit Graph

1084 Commits (12ed3dad20ecdd17f6740824f3f6979e1e0218ad)

Author SHA1 Message Date
HD Moore 95b9208a63 Change recv to get_once to avoid indefinite hangs, cosmetic tweaks. 2015-09-02 10:30:19 -05:00
xistence a81a9e0ef8 Added TIME_WAIT for GUI windows 2015-09-02 16:55:20 +07:00
HD Moore cd65478d29
Land #5826, swap ExitFunction -> EXITFUNC 2015-09-01 13:58:12 -05:00
Christian Mehlmauer 115f409fef
change exitfunc to thread 2015-09-01 10:48:07 +02:00
Christian Mehlmauer 3e613dc333
change exitfunc to thread 2015-09-01 10:43:45 +02:00
Christian Mehlmauer 648c034d17
change exitfunc to thread 2015-09-01 10:42:15 +02:00
Brent Cook d670a62000
Land #5822, migrate obsolete payload compatibility options 2015-08-31 15:20:20 -05:00
Christian Mehlmauer 80a22412d9 use EXITFUNC instead of ExitFunction 2015-08-13 21:22:32 +02:00
jvazquez-r7 203c231b74
Fix #5659: Update CMD exploits payload compatibility options 2015-08-10 17:12:59 -05:00
wchen-r7 54c5c6ea38 Another update 2015-07-29 14:31:35 -05:00
William Vu 405261df4f
Land #5710, php_wordpress_total_cache removal
Deprecated.
2015-07-13 18:33:12 +00:00
William Vu 3feef639b9
Land #5711, php_wordpress_optimizepress removal
Deprecated.
2015-07-13 18:32:37 +00:00
William Vu 6e12cbf98f
Land #5712, php_wordpress_lastpost removal
Deprecated.
2015-07-13 18:31:31 +00:00
William Vu dd188b1943
Land #5713, php_wordpress_infusionsoft removal
Deprecated.
2015-07-13 18:31:01 +00:00
wchen-r7 4960e64597 Remove php_wordpress_foxypress, use wp_foxypress_upload
Please use exploit/unix/webapp/wp_foxypress_upload instead.
2015-07-13 12:53:34 -05:00
wchen-r7 dfbeb24a8f Remove php_wordpress_infusionsoft, use wp_infusionsoft_upload
Please use exploit/unix/webapp/wp_infusionsoft_upload instead.
2015-07-13 12:51:48 -05:00
wchen-r7 b80427aed2 Remove php_wordpress_lastpost, use wp_lastpost_exec instead.
Please use exploit/unix/webapp/wp_lastpost_exec instead
2015-07-13 12:49:27 -05:00
wchen-r7 90cc3f7891 Remove php_wordpress_optimizepress, use wp_optimizepress_upload
Please use exploit/unix/webapp/wp_optimizepress_upload instead.
2015-07-13 12:45:39 -05:00
wchen-r7 4177cdacd6 Remove php_wordpress_total_cache, please use wp_total_cache_exec
The time is up for exploit/unix/webapp/php_wordpress_total_cache,
please use exploit/unix/webapp/wp_total_cache_exec instead.
2015-07-13 12:41:29 -05:00
xistence 13a69e4011 X11 Keyboard Exec 2015-07-10 13:57:54 +07:00
Tod Beardsley afcb016814
Minor description fixups.
Edited modules/exploits/multi/browser/adobe_flash_pixel_bender_bof.rb
first landed in #5524, adobe_flash_pixel_bender_bof in flash renderer .
Removed ASCII bullets since those rarely render correctly.

Edited modules/exploits/unix/webapp/wp_frontend_editor_file_upload.rb
first landed in #5252, @espreto's module for WordPress Front-end Editor
File Upload Vuln . Fixed up some language usage, camel-cased "WordPress."
2015-06-18 13:25:39 -05:00
jvazquez-r7 f279c6ca3f
Land #5252, @espreto's module for WordPress Front-end Editor File Upload Vuln 2015-06-12 15:11:10 -05:00
William Vu 9fa423464c
Fix #5224, comma fixes
My fault for missing these.
2015-06-09 14:28:01 -05:00
William Vu 8a69704d3e Fix up commas 2015-06-09 14:27:35 -05:00
William Vu d31a59cd22
Fix #5224, altered option description 2015-06-09 14:15:58 -05:00
William Vu cc8650f98a Fix TMPPATH description 2015-06-09 14:15:18 -05:00
William Vu 9c97da3b7c
Land #5224, ProFTPD mod_copy exploit 2015-06-09 14:11:27 -05:00
William Vu 5ab882a8d4 Clean up module 2015-06-09 14:10:46 -05:00
Tod Beardsley 95b5ff6bea
Minor fixups on recent modules.
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301, @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces

Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in

Edited modules/auxiliary/scanner/http/title.rb first landed in #5333,
HTML Title Grabber

Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401, multi-platform CVE-2015-0311 - Flash uncompress()
UAF

Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290, Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
William Vu eeb87a3489 Polish up module 2015-05-09 14:33:41 -05:00
HD Moore fe907dfe98 Fix the disclosure date 2015-05-09 10:44:28 -05:00
jvazquez-r7 cb51bcc776
Land #5147, @lightsey's exploit for CVE-2015-1592 MovableType deserialization 2015-05-09 01:56:38 -05:00
jvazquez-r7 89bc405c54
Do minor code cleanup 2015-05-09 01:54:05 -05:00
William Vu 134a674ef3
Land #5312, @todb-r7's release fixes 2015-05-07 15:34:31 -05:00
Tod Beardsley f423306b6f
Various post-commit fixups
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150, @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys

Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192, @joevennix's module for Safari CVE-2015-1126

Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in

Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016,
add SSL Labs scanner

Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101, Add Directory Traversal for GoAhead Web Server

Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158, OWA internal IP disclosure scanner

Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159, WordPress Mobile Edition Plugin File Read Vuln

Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924, @m-1-k-3's DLink CVE-2015-1187 exploit

Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131, WordPress Slideshow Upload

Edited modules/exploits/windows/local/run_as.rb first landed in #4649,
improve post/windows/manage/run_as and as an exploit

(These results courtesy of a delightful git alias, here:

```
  cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"

```

So that's kind of fun.
2015-05-06 11:39:15 -05:00
Tom Sellers 94d1905fd6 Added WPVDB reference
Added a link to the new WPVDB article 7540 that @FireFart provided.
2015-05-06 05:41:02 -05:00
Tom Sellers c293066198 Leverage check_version_from_custom_file in PR #5292
Change the 'check' code to leverage check_version_from_custom_file added to wordpress/version.rb by @FireFart in PR #5292
2015-05-06 05:41:02 -05:00
Tom Sellers 18697d8d02 Fixed the following based on feedback from @FireFart ( Thanks! )
- Adjusted references section
- Corrected call to normalize_uri
- Removed unnecessary require for rex/zip
2015-05-06 05:41:02 -05:00
Tom Sellers 8cb18f8afe Initial commit of code 2015-05-06 05:41:02 -05:00
John Lightsey 4bfb9262e6 Add exploit module for MovableType CVE-2015-1592
This module targets the deserialization of untrusted Storable data in
MovableType before 5.2.12 and 6.0.7. The destructive attack will
function on most installations, but will leave the webapp corrupted.
The non-destructive attack will only function on servers that have the
Object::MultiType (uncommon) and DateTime (common) Perl modules
installed in addition to MovableType.
2015-05-03 14:18:01 -05:00
Roberto Soares b537c8ae2c Changed fail_with output. 2015-04-26 01:28:55 -03:00
Roberto Soares a4b4d7cf6a Add WordPress Front-end Editor File Upload Vuln 2015-04-25 22:00:05 -03:00
Brent Cook ff96101dba
Land #5218, fix #3816, remove print_debug / DEBUG 2015-04-24 13:41:07 -05:00
jvazquez-r7 7167dc1147
Land #5243, @espreto's WordPress WPshop eCommerce File Upload exploit 2015-04-24 11:30:28 -05:00
jvazquez-r7 558103b25d
Do code cleanup 2015-04-24 11:30:08 -05:00
jvazquez-r7 8a8d9a26f4
Do code cleanup 2015-04-24 10:47:46 -05:00
jvazquez-r7 b5223912cb
Fix check method 2015-04-24 10:41:41 -05:00
Roberto Soares c9b4a272e3 Changed fail_with output. 2015-04-24 12:16:23 -03:00
Roberto Soares e14c6af194 Removed double 'Calling payload'. 2015-04-24 06:26:04 -03:00
Roberto Soares 01efc97c4a Add WordPress WPshop eCommerce File Upload. 2015-04-24 06:21:49 -03:00
Roberto Soares 5bf4c9187a Removed double "Calling payload..." 2015-04-23 03:41:34 -03:00
Roberto Soares 844f768eee Add WordPress InBoundio Marketing File Upload 2015-04-23 03:32:17 -03:00
xistence 92c91c76f7 Proftpd 1.3.5 Mod_Copy Command Execution 2015-04-22 01:41:16 -04:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
Christian Mehlmauer a60fe4af8e
Land #5201, Change module wording to conform with other WP modules 2015-04-20 10:07:05 +02:00
aushack 1a32cf7fc0 Change module wording to conform with other WP modules. 2015-04-20 16:48:35 +10:00
Christian Mehlmauer a5583debdc
Land #5131, WordPress Slideshow Upload 2015-04-19 23:12:26 +02:00
Roberto Soares c1a1143377 Remove line in description and output line in fail_with 2015-04-18 15:38:42 -03:00
Christian Mehlmauer bba0927c7e
Land #5163, WordPress Reflex Gallery Plugin File Upload 2015-04-17 11:26:34 +02:00
Christian Mehlmauer 153344a1dd
fix Unkown typo 2015-04-16 23:59:28 +02:00
Roberto Soares 33cf2f1578 Added Faliure:: symbol to fail_with 2015-04-16 17:40:25 -03:00
Roberto Soares 2138325129 Add Failure:: symbol to fail_with 2015-04-16 17:15:24 -03:00
Christian Mehlmauer 352e170624
more failure reasons 2015-04-16 22:04:11 +02:00
Christian Mehlmauer 8c5890d506
more fixes 2015-04-16 21:56:42 +02:00
Christian Mehlmauer 4dc402fd3c
moar fail_with's 2015-04-16 21:16:52 +02:00
Christian Mehlmauer 0e186fa617
first fail_with fixes 2015-04-16 21:08:33 +02:00
William Vu f0d6735332
Land #5165, version number correction 2015-04-16 12:10:12 -05:00
William Vu 26f2b350d2
Land #5168, more fail_with fixes 2015-04-16 12:04:55 -05:00
sinn3r 904339f0d7 Fix #5130, Correct use of fail_with in wp_worktheflow_upload.rb 2015-04-16 10:32:50 -05:00
sinn3r 5c98270f4d Fix #5137 - Correct use of fail_with 2015-04-16 09:57:02 -05:00
Christian Mehlmauer 418d8586a5
Land #5137 (again), WordPress N-Media Website File Upload 2015-04-16 16:24:41 +02:00
Christian Mehlmauer 7f79acb996
Land #5137, WordPress N-Media Website File Upload 2015-04-16 16:17:20 +02:00
Roberto Soares 517ad54617 Fix the correct version in check. 2015-04-16 10:56:43 -03:00
Roberto Soares 95310dbe4f Fix 'if' condition. 2015-04-16 10:51:36 -03:00
Roberto Soares 626a9f0508 Fix the correct version in check. 2015-04-16 10:46:08 -03:00
Roberto Soares 6ef074cd28 Fix the correct version in check 2015-04-16 10:34:34 -03:00
Christian Mehlmauer d9f4c7548f
Land #5136, WordPress Creative Contact Form upload 2015-04-16 15:17:14 +02:00
Christian Mehlmauer 84c74b8d42
use correct version number 2015-04-16 15:01:54 +02:00
Roberto Soares ee8dc49a25 Fix wrong version in check. 2015-04-16 09:45:18 -03:00
Roberto Soares e16cc6fa82 Fix the correct version in check. 2015-04-16 09:38:42 -03:00
Roberto Soares dc7f161339 Add author, EDB, OSVDB and WPVDB. 2015-04-16 08:56:33 -03:00
Roberto Soares 1112a3b0ae Add WordPress Reflex Gallery Plugin File Upload 2015-04-16 08:40:51 -03:00
Roberto Soares 4aa4f83372 Removed timeout 2. 2015-04-16 05:37:11 -03:00
Roberto Soares 39556c10c7 Rewrote check method. 2015-04-16 05:36:20 -03:00
Roberto Soares ace316a54f Added WPVDB and EDB references. 2015-04-16 05:29:21 -03:00
Roberto Soares 10c218319a Rewrote response condition. 2015-04-16 05:26:48 -03:00
Roberto Soares 5cb9b1a44c Removed timeout 2. 2015-04-16 05:21:59 -03:00
Roberto Soares 0e1b173d15 Renamed USER/PASSWORD to WP_USER/WP_PASSWORD. 2015-04-16 05:11:56 -03:00
Roberto Soares 13ded8abe7 Added WPVDB. 2015-04-16 05:08:45 -03:00
Roberto Soares 64923ffdc2 Fixed plugin name in check method 2015-04-16 05:06:36 -03:00
Roberto Soares e9212c4d6b wordpress_url_admin_ajax intead of wordpress_url_backend 2015-04-16 04:53:05 -03:00
Roberto Soares 81d898fd7e Rewrote check code. 2015-04-16 04:51:40 -03:00
Roberto Soares aeb0484889 Removed timeout 2. 2015-04-16 04:48:00 -03:00
Roberto Soares e6e9c173e3 Rewrote res conditions. 2015-04-16 04:43:34 -03:00
Roberto Soares d11db4edc7 Rewrote check code. 2015-04-16 04:37:30 -03:00
Roberto Soares f13d31c7c2 Added WPVDB. 2015-04-16 04:31:23 -03:00
Roberto Soares cccda4e851 Removed unnecessary line. 2015-04-16 04:27:15 -03:00
Roberto Soares d3a6de761d Removed timeout 2. 2015-04-16 04:09:02 -03:00
Roberto Soares 1249f29ee8 Add JSON::ParserError exception handler. 2015-04-16 04:03:54 -03:00
Roberto Soares a09e643a71 Add author, URL, WPVDB and disclosure date. 2015-04-13 22:54:05 -03:00
Roberto Soares 271a81778e Add Module WP N-Media Website Contact Form Upload 2015-04-13 22:48:34 -03:00
Roberto Soares 7f10fb5bf0 Fix disclosure date 2015-04-13 18:53:20 -03:00
Roberto Soares e94ca0bdd1 Add EDB, OSVDB and author. 2015-04-13 18:42:17 -03:00
Roberto Soares d5d975c450 Add Module WordPress Creative Contact Form Upload 2015-04-13 18:38:43 -03:00
Roberto Soares 7b57496501 Fix typo and add email addr. 2015-04-13 04:12:32 -03:00
Roberto Soares abee3f17c4 Add author, CVE and EDB references 2015-04-13 04:08:34 -03:00
Roberto Soares 58c4042321 Add Module WP Slideshow Gallery Shell Upload 2015-04-13 03:56:59 -03:00
Roberto Soares 2d1f8c510e Add author and references 2015-04-12 21:21:49 -03:00
Roberto Soares 9f06cee53d Add Module WordPress WorkTheFlow Shell Upload 2015-04-12 21:09:44 -03:00
Tod Beardsley 49a6057f74
Grammaring harder 2015-03-24 11:10:36 -05:00
William Vu fadac30f00 Fix deprecated year 2015-03-24 00:34:38 -05:00
William Vu e338b77389 Readd and deprecate renamed WordPress modules 2015-03-23 23:48:56 -05:00
aushack b191f92713 Renamed WordPress files to fit majority naming convention. 2015-03-23 18:15:04 +11:00
Hans-Martin Münch (h0ng10) 5dd718e4fa Better description 2015-03-18 09:51:51 +01:00
Hans-Martin Münch (h0ng10) 00de437918 Initial commit 2015-03-18 09:45:08 +01:00
Christian Mehlmauer 7d42dcee9c
Land #4769, Wordpress holding-pattern theme file upload 2015-02-21 23:13:06 +01:00
rastating 708340ec5a Tidy up various bits of code 2015-02-21 12:53:33 +00:00
rastating 76a64b31d7 Resolve msftidy issues 2015-02-21 01:41:29 +00:00
rastating 7d30b214ee Add WordPress admin shell upload module 2015-02-21 01:31:33 +00:00
Tod Beardsley 6370c99755
Avoid version numbers in titles 2015-02-17 10:28:56 -06:00
Tod Beardsley 62a679ebb8
Avoid version numbers in titles
Usually, the versions are more of a range, and nearly always, the module
author never truly knows where the ranges are bounded. It's okay to
clarify in the description.
2015-02-17 10:26:40 -06:00
rastating 40c92f5fe3 Add URL reference 2015-02-14 13:09:37 +00:00
rastating 4dce589bbe Add WordPress Holding Pattern file upload module 2015-02-14 12:54:03 +00:00
Christian Mehlmauer 55f57e0b9b
Land #4746, WordPress photo-gallery exploit 2015-02-12 22:24:12 +01:00
Christian Mehlmauer bce7211f86
added url and randomize upload directory 2015-02-12 22:16:37 +01:00
jvazquez-r7 155651e187 Make filename shorter 2015-02-12 11:45:51 -06:00
jvazquez-r7 95bfe7a7de Do minor cleanup 2015-02-12 11:45:51 -06:00
rastating 30f310321d Added CVE reference 2015-02-12 11:45:51 -06:00
rastating 38ad960640 Add Maarch LetterBox file upload module 2015-02-12 11:45:51 -06:00
rastating cb1efa3edd Improved error handling, tidied up some code 2015-02-11 10:16:18 +00:00
rastating 80a086d5f6 Add WordPress Photo Gallery upload module 2015-02-11 01:03:51 +00:00
Christian Mehlmauer 6d46182c2f
Land #4570, @rastating 's module for wp-easycart 2015-02-07 23:42:23 +01:00
Christian Mehlmauer f2b834cebe
remove check because the vuln is unpatched 2015-02-07 23:38:44 +01:00
Christian Mehlmauer d2421a2d75
wrong version 2015-02-07 23:34:19 +01:00
Christian Mehlmauer 56d2bc5adb
correct version number 2015-02-07 23:22:43 +01:00
rastating 345d5c5c08 Update version numbers to reflect latest release 2015-02-07 19:09:16 +00:00
jvazquez-r7 1ea4a326c1
Land #4656, @nanomebia's fixes for sugarcrm_unserialize_exec 2015-02-06 16:42:01 -06:00
jvazquez-r7 e511f72ab4 Delete final check
* A session is the best proof of success
2015-02-06 16:34:34 -06:00
Tod Beardsley c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM 2015-02-05 12:36:47 -06:00
jvazquez-r7 c0e1440572
Land #4685, @FireFart's module for Wordpress Platform Theme RCE 2015-02-03 17:35:59 -06:00
jvazquez-r7 28f303d431 Decrease timeout 2015-02-03 17:33:29 -06:00
jvazquez-r7 a1c157a4db
Land #4609, @h0ng10's module for Wordpress Pixabay Images PHP Code Upload 2015-02-03 17:01:32 -06:00
jvazquez-r7 eebee7c066 Do better session creation handling 2015-02-03 17:00:37 -06:00
jvazquez-r7 4ca4fd1be2 Allow to provide the traversal depth 2015-02-03 16:38:40 -06:00
jvazquez-r7 e62a5a4fff Make the calling payload code easier 2015-02-03 16:23:04 -06:00
jvazquez-r7 61cdb5dfc9 Change filename 2015-02-03 16:13:10 -06:00
jvazquez-r7 82be43ea58 Do minor cleanup 2015-02-03 16:07:27 -06:00
Christian Mehlmauer 2c956c0a0f
add wordpress platform theme rce 2015-01-31 22:02:44 +01:00
Nanomebia d04fd3b978 Fixing Indentation
Small indentation fix
2015-01-29 13:03:19 +08:00
Nanomebia af90c6482b Sanity Changes
Reverted failure behaviour on line 70
Removed a space that prevented line 98 from working as intended
2015-01-28 18:40:43 +08:00
Nanomebia 27c412341f Syntax Changes
Cleaned up this statement a tiny bit
2015-01-28 18:34:19 +08:00
Nanomebia fc3094ec9b Syntax changes
Fixed some more syntax - failures
2015-01-28 18:30:21 +08:00
Nanomebia 321eb452c5 Syntax Fixes
Fixed some or's to || - and's to &&.
Fixed failure if statement (fails using fail_with())
Fixed nested else (now and elsif)
Changed final execute logic - checks for success rather than failure.
2015-01-28 18:08:15 +08:00
Nanomebia fefc3d088c Cookie fix and success display
Added handling for if the server doesn't correctly assign a cookie using
Set-Cookie by changing the regex and doing an additional check.  Also
fixed the success display -  changed the if statement to match others in
this module and fixed the text output based on server response.
2015-01-28 17:11:05 +08:00
Tod Beardsley bae19405a7
Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
Hans-Martin Münch (h0ng10) 419fa93897 Add OSVDB and WPScan references 2015-01-23 09:27:42 +01:00
Hans-Martin Münch (h0ng10) dfbbc79e0d make retries a datastore option 2015-01-23 09:23:09 +01:00
Hans-Martin Münch (h0ng10) 11bf58e548 Use metasploit methods 2015-01-23 08:48:52 +01:00
rastating 9d3397901b Correct version numbers and code tidy up 2015-01-19 20:59:46 +00:00
Hans-Martin Münch (h0ng10) 5813c639d1 Initial commit 2015-01-19 17:23:48 +01:00
rastating 8a89b3be28 Cleanup of various bits of code 2015-01-13 22:20:40 +00:00
rastating 8246f4e0bb Add ability to use both WP and EC attack vectors 2015-01-12 23:30:59 +00:00
rastating e6f6acece9 Add a date hash to the post data 2015-01-12 21:21:50 +00:00
rastating ea37e2e198 Add WP EasyCart file upload exploit module 2015-01-10 21:05:02 +00:00
Christian Mehlmauer d4d1a53533
fix invalid url 2015-01-09 21:57:52 +01:00
rastating 82e6183136 Add Msf::Exploit::FileDropper mixin 2015-01-08 21:07:00 +00:00
rastating 93dc90d9d3 Tidied up some code with existing mixins 2015-01-08 20:53:56 +00:00
rastating 7b92c6c2df Add WP Symposium Shell Upload module 2015-01-07 22:02:39 +00:00
sinn3r 44dfa746eb Resolve #4513 - Change #inspect to #to_s
Resolve #4513
2015-01-05 11:50:51 -06:00
jvazquez-r7 b5b0be9001 Do minor cleanup 2014-12-26 11:24:02 -06:00
Brendan Coles 5c82b8a827 Add ProjectSend Arbitrary File Upload module 2014-12-23 10:53:03 +00:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Jon Hart 025c0771f8
Have exploit call check. Have check report_vuln 2014-12-15 09:53:11 -08:00
Jon Hart f521e7d234
Use newer Ruby hash syntax 2014-12-15 09:17:32 -08:00
Jon Hart c93dc04a52
Resolve address before storing the working cred 2014-12-15 09:11:12 -08:00
Jon Hart 5ca8f187b3 Merge remote-tracking branch 'upstream/pr/4328' into temp 2014-12-15 08:15:51 -08:00
Brendan Coles 4530066187 return nil 2014-12-15 01:04:39 +11:00
Brendan Coles 55d9e9cff6 Use list of potential analytics hosts 2014-12-14 23:15:41 +11:00
jvazquez-r7 008c33ff51 Fix description 2014-12-12 13:36:28 -06:00
Tod Beardsley 81460198b0 Add openssl payload to distcc exploit
This is required to test #4274
2014-12-12 13:25:55 -06:00
jvazquez-r7 b334e7e0c6
Land #4322, @FireFart's wordpress exploit for download-manager plugin 2014-12-12 12:41:59 -06:00
jvazquez-r7 aaed7fe957 Make the timeout for the calling payload request lower 2014-12-12 12:41:06 -06:00
Jon Hart 00f66b6050
Correct named captures 2014-12-12 10:22:14 -08:00
jvazquez-r7 98dca6161c Delete unused variable 2014-12-12 12:03:32 -06:00
jvazquez-r7 810bf598b1 Use fail_with 2014-12-12 12:03:12 -06:00
Jon Hart 1e6bbc5be8
Use blank? 2014-12-12 09:51:08 -08:00
jvazquez-r7 4f3ac430aa
Land #4341, @EgiX's module for tuleap PHP Unserialize CVE-2014-8791 2014-12-12 11:48:25 -06:00
jvazquez-r7 64f529dcb0 Modify default timeout for the exploiting request 2014-12-12 11:47:49 -06:00
Jon Hart 24f1b916e0 Minor ruby style cleanup 2014-12-12 09:47:35 -08:00
Jon Hart 1d1aa5838f Use Gem::Version to compare versions in check 2014-12-12 09:47:01 -08:00
jvazquez-r7 d01a07b1c7 Add requirement to description 2014-12-12 11:42:45 -06:00
jvazquez-r7 fd09b5c2f6 Fix title 2014-12-12 10:52:18 -06:00
jvazquez-r7 4871228816 Do minor cleanup 2014-12-12 10:52:06 -06:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Marc Wickenden 245b76477e Fix issue with execution of perl due to gsub not matching across newlines 2014-12-10 21:38:04 +00:00
EgiX 700ccc71e7 Create tuleap_unserialize_exec.rb 2014-12-09 10:15:46 +01:00
Brendan Coles 42744e5650 Add actualanalyzer_ant_cookie_exec exploit 2014-12-06 19:09:20 +00:00
Christian Mehlmauer 5ea062bb9c
fix bug 2014-12-05 11:30:45 +01:00
Christian Mehlmauer 55b8d6720d
add wordpress download-manager exploit 2014-12-05 11:17:54 +01:00
HD Moore 6b4eb9a8e2 Differentiate failed binds from connects, closes #4169
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:

1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.

Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00