aba69d8438
fix indentation
2012-10-05 20:18:40 +02:00
4c646762a5
Added target debian squeeze
2012-10-05 20:12:09 +02:00
6679ff765a
remove extra commas
2012-09-28 12:21:59 +02:00
4087790cf7
Oops, forgot to update the check() function
2012-09-27 18:22:57 -05:00
9d3a1871a6
Added module for Samba CVE-2012-1182
2012-09-28 01:18:52 +02:00
25e6990dc7
added osvdb reference
2012-09-24 21:49:32 +02:00
ed24154915
minor fixes
2012-09-21 11:36:58 +02:00
6ee2c32f08
add ZEN Load Balancer module
2012-09-21 17:25:20 +09:30
11f82de098
Update author information
2012-09-19 14:00:51 -03:00
8b251b053e
initializing msghdr a little better
2012-09-18 12:12:27 +02:00
16c5df46fc
fix while testing ubuntu intrepid
2012-09-18 11:52:50 +02:00
0708ec72fc
module moved to a more correct location
2012-09-15 15:31:21 +02:00
0f67f8d08a
target modified
2012-09-15 15:14:33 +02:00
0061d23b37
Added module for CVE-2012-2982
2012-09-15 15:09:19 +02:00
1f58458073
Merge branch 'udev_netlink' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-udev_netlink
2012-09-13 10:37:52 -05:00
12f3ef9c7c
added osvdb numbers
2012-09-13 14:00:12 +02:00
fba219532c
Updating BID for openfiler
2012-09-12 14:13:21 -05:00
f5a0f74d27
Merge branch 'wanem_exec_improve' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-wanem_exec_improve
2012-09-10 13:35:48 -05:00
bbeb6cc97a
Add a privilege escalation exploit for udev < 1.4.1
...
Also includes a new ```rm_f``` method for Post::File for deleting remote
files in a platform-independent way.
2012-09-10 12:32:14 -05:00
64b8696e3c
Extra condition that's not actually needed
...
Don't actually need to check nil res, because no code will
actually try to access res when it's nil anyway. And the 'return'
at the of the function will catch it when the response times out.
2012-09-09 04:06:48 -05:00
cb95a7b520
Add openfiler_networkcard_exec exploit
2012-09-09 17:28:09 +09:30
37c7f366f2
check function test vulnerability + minor improvements
2012-09-09 00:42:02 +02:00
f02659184a
Add WANem v2.3 command execution
2012-09-08 16:01:45 +09:30
bbab206eac
Add CVE-2012-3579 - Symantec Messaging Gateway 9 Default SSH Pass
...
This module exploits a default misconfig flaw on Symantec Messaging
Gateway 9.5 (or older). The "support" user has a known default
password, which can be used to login to the SSH service, and then
gain privileged access from remote.
2012-09-05 13:21:10 -05:00
9d97dc8327
Add Metasploit blogs as references, because they're useful.
2012-09-03 15:57:27 -05:00
ea7d7b847a
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-08-24 11:17:14 -05:00
8f748d833a
Added BID reference
2012-08-24 17:30:52 +02:00
261a17d28a
Added module for CVE-2009-4498
2012-08-23 18:29:39 +02:00
3106f87687
badchars fixed
2012-08-21 13:30:15 +02:00
e21ea6999c
added module for ESVA Command Injection Vulnerability
2012-08-21 13:25:03 +02:00
a228e42630
Add new target thanks for cabetux
2012-08-15 16:06:09 -05:00
f72f334124
Fix an odd issue with search due to use of the builtin Proxies option
2012-08-12 23:22:38 -05:00
3711297719
dd Opt::Proxies and opthash[:proxies] to exploits
2012-08-12 16:29:39 -04:00
955a5af8cf
Adding OSVDB ref
2012-08-07 12:56:29 -05:00
54ed27c1b3
add osvdb ref
2012-08-05 09:02:54 -05:00
2bf0899d09
minor improvements to Zenoss showdaemonxmlconfig exploit
2012-08-01 20:15:45 +09:30
bdf8f1a543
Clean up Zenoss exploit + minor improvements
...
Changed send_request_raw() to send_request_cgi()
- Removed redundant request headers 'Content-Length'
Added rescue error message for connection failures
Changed username to the default 'admin' account
2012-07-30 18:04:14 +09:30
8d3700cc3c
Add Zenoss <= 3.2.1 exploit and Python payload
...
- modules/exploits/linux/http/zenoss_3.2.1_showdaemonxmlconfig_exec.rb
- modules/payloads/singles/cmd/unix/reverse_python.rb
2012-07-30 01:24:27 +09:30
e483af64e4
Random text
2012-07-26 15:14:02 -05:00
6c3b05f1c4
Add CVE-2012-2953 Symantec Web Gateway proxy_file() cmd exec bug
2012-07-26 13:11:05 -05:00
3cb60fb42a
Fix 1.8-specific regexp syntax bug
...
The bug was:
line 343: warning: regexp has invalid interval
line 343: warning: regexp has '}' without escape
2012-07-26 02:19:13 -05:00
b662881613
Enforce a check before firing the exploit
2012-07-19 16:43:52 -05:00
d238debb2f
Add disclo date, discoverers, and better description
2012-07-18 16:14:32 -06:00
ebe48ecf16
Add Rank for schelevator, update sock_sendpage's
2012-07-18 11:16:29 -06:00
7091d1c65b
Add an exploit for sock_sendpage
...
Unfortunately, adds a dep on bionic for runtime compilation.
Gets ring0, sets the (res)uid to 0 and jumps to the payload. Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into. Single payloads work fine, though.
Also cleans up and improves local exploits' ability to compile C.
[SEERM #3038 ]
2012-07-15 20:29:48 -06:00
6d6b4bfa92
Merge remote branch 'rapid7/master' into omg-post-exploits
2012-07-08 17:32:39 -06:00
e5dd6fc672
Update milw0rm references.
...
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links. Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
6913440d67
More progress on syscall wrappers
...
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
2012-06-22 17:45:49 -06:00
fd8b1636b9
Add the first bits of a sock_sendpage exploit
...
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.
Baby steps.
2012-06-22 00:03:29 -06:00
d40e39b71b
Additional exploit fail_with() changes to remove raise calls
2012-06-19 19:43:41 -05:00
jvazquez-r7
sinn3r
bcoles
Ramon de C Valle
Tod Beardsley
James Lee
HD Moore
RageLtMan
Steve Tornio