jvazquez-r7
afb8a95f0a
Land #2179 , @m-1-k-3's exploit for OSVDB-92698
2013-08-07 09:00:41 -05:00
m-1-k-3
885417c9d9
removing config file from target
2013-08-06 15:11:54 +02:00
m-1-k-3
dd35495fb8
dir 300 and 600 auxiliary module replacement
2013-08-05 22:28:59 +02:00
m-1-k-3
786f16fc91
feedback included
2013-08-05 21:55:30 +02:00
m-1-k-3
2efc2a79bf
fail with
2013-08-05 21:41:28 +02:00
Tod Beardsley
e7206af5b5
OSVDB and comment doc fixes
2013-08-05 09:08:17 -05:00
m-1-k-3
34134b2e11
feedback included
2013-08-04 14:45:55 +02:00
m-1-k-3
b8ed364cb8
telnet user working
2013-08-03 15:07:10 +02:00
m-1-k-3
62e3c01190
raidsonic nas - command execution
2013-08-02 21:04:19 +02:00
m-1-k-3
a19afd163a
feedback included
2013-08-02 17:30:39 +02:00
m-1-k-3
15906b76db
dir300 and 615 command injection
2013-07-31 14:36:51 +02:00
m-1-k-3
6b514bb44a
dir300 and 615 command injection telnet session
2013-07-31 14:34:03 +02:00
sinn3r
5efcbbd474
Land #2167 - PineApp Mail-SeCure livelog.html Exec
2013-07-29 13:18:18 -05:00
sinn3r
7967426db1
Land #2166 - PineApp Mail-SeCure ldapsyncnow.php EXEC
2013-07-29 13:16:42 -05:00
jvazquez-r7
a1d9ed300e
Add module for ZDI-13-184
2013-07-28 09:57:41 -05:00
jvazquez-r7
f4e35b62ac
Add module for ZDI-13-185
2013-07-27 12:12:06 -05:00
jvazquez-r7
fab9d33092
Fix disclosure date
2013-07-27 12:10:21 -05:00
jvazquez-r7
ac7bb1b07f
Add module for ZDI-13-188
2013-07-27 03:25:39 -05:00
Tod Beardsley
147d432b1d
Move from DLink to D-Link
2013-07-23 14:11:16 -05:00
jvazquez-r7
af1bd01b62
Change datastore options names for consistency
2013-07-22 16:57:32 -05:00
Tod Beardsley
5e55c506cd
Land #2140 , add CWS as a first-class reference.
2013-07-22 13:50:38 -05:00
Tod Beardsley
164153f1e6
Minor updates to titles and descriptions
2013-07-22 13:04:54 -05:00
jvazquez-r7
77e8250349
Add support for CWE
2013-07-22 12:13:56 -05:00
jvazquez-r7
6158415bd3
Clean CWE reference, will ad in new pr
2013-07-22 12:03:55 -05:00
jvazquez-r7
da4fda6cb1
Land #2110 , @rcvalle's exploit for Foreman Ruby Injection
2013-07-22 12:02:43 -05:00
Ramon de C Valle
04e9398ddd
Fix CSRF regular expressions as per review
2013-07-22 13:10:56 -03:00
jvazquez-r7
de6e2ef6f4
Final cleanup for dlink_upnp_exec_noauth
2013-07-22 10:53:09 -05:00
jvazquez-r7
c1c72dea38
Land @2127, @m-1-k-3's exploit for DLink UPNP SOAP Injection
2013-07-22 10:52:13 -05:00
Ramon de C Valle
11ef4263a4
Remove call to handler as per review
2013-07-22 12:49:42 -03:00
jvazquez-r7
4beea52449
Use instance variables
2013-07-19 14:46:17 -05:00
Ramon de C Valle
6761f95892
Change print_error/ret to fail_with as per review
2013-07-19 12:19:29 -03:00
m-1-k-3
e93eef4534
fixing server header check
2013-07-19 08:00:02 +02:00
m-1-k-3
f26b60a082
functions and some tweaking
2013-07-19 07:57:27 +02:00
jvazquez-r7
a1a6aac229
Delete debug code from mutiny_frontend_upload
2013-07-18 14:03:19 -05:00
Ramon de C Valle
8fd6dd50de
Check session and CSRF variables as per review
2013-07-16 14:30:55 -03:00
Ramon de C Valle
dc51c8a3a6
Change URIPATH option to TARGETURI as per review
2013-07-16 14:27:47 -03:00
Ramon de C Valle
3dbe8fab2c
Add foreman_openstack_satellite_code_exec.rb
...
This module exploits a code injection vulnerability in the 'create'
action of 'bookmarks' controller of Foreman and Red Hat
OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
2013-07-16 12:07:31 -03:00
m-1-k-3
f594c4b128
small cleanup
2013-07-15 08:48:18 +02:00
m-1-k-3
393c1b2a99
session stuff
2013-07-15 07:57:30 +02:00
m-1-k-3
a6b48f3082
HTTP GET
2013-07-14 19:02:53 +02:00
m-1-k-3
9f65264af4
make msftidy happy
2013-07-14 15:45:14 +02:00
m-1-k-3
47ca4fd48f
session now working
2013-07-14 15:42:41 +02:00
m-1-k-3
9133dbac4a
some feedback included and some playing
2013-07-14 14:14:06 +02:00
m-1-k-3
49c70911be
dlink upnp command injection
2013-07-09 13:24:12 +02:00
sinn3r
4df943d1a2
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
jvazquez-r7
b86b4d955a
Make random strings also length random
2013-06-24 12:01:30 -05:00
jvazquez-r7
6672679530
Add local privilege escalation for ZPanel zsudo abuse
2013-06-23 11:00:39 -05:00
James Lee
81b4efcdb8
Fix requires for PhpEXE
...
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
Tod Beardsley
f58e279066
Cleanup on module names, descriptions.
2013-06-10 10:52:22 -05:00
sinn3r
f55edac0ca
Title and description update
2013-06-07 22:38:53 -05:00
sinn3r
a510084f1c
Description change.
2013-06-07 22:35:46 -05:00
jvazquez-r7
600494817d
Fix typo and target name
2013-06-07 21:08:38 -05:00
jvazquez-r7
9025b52951
make the payload build more clear
2013-06-07 18:05:11 -05:00
jvazquez-r7
d76e14fc9c
Add module for OSVDB 93004 - Exim Dovect exec
2013-06-07 17:59:04 -05:00
Steve Tornio
4d26299de3
add osvdb ref 93881 and edb ref 21191
2013-06-05 18:57:33 -05:00
jvazquez-r7
3111013991
Minor cleanup for miniupnpd_soap_bof
2013-06-04 08:53:52 -05:00
jvazquez-r7
6497e5c7a1
Move exploit under the linux tree
2013-06-04 08:53:18 -05:00
sinn3r
c705928052
Landing #1899 - Add OSVDB ref 85462 for esva_exec.rb
2013-06-03 10:40:31 -05:00
Steve Tornio
76faba60b7
add osvdb ref 85462
2013-06-03 06:16:43 -05:00
Steve Tornio
e612a3d017
add osvdb ref 77183
2013-06-03 05:42:56 -05:00
sinn3r
e74c1d957f
Landing #1897 - Add OSVDB ref 93444 for mutiny_frontend_upload.rb
2013-06-03 02:15:35 -05:00
sinn3r
093830d725
Landing #1896 - Add OSVDB ref 82925 for symantec_web_gateway_exec.rb
2013-06-03 02:13:34 -05:00
Steve Tornio
c2c630c338
add osvdb ref 93444
2013-06-02 21:03:44 -05:00
Steve Tornio
bc993b76fc
add osvdb ref 82925
2013-06-02 20:43:16 -05:00
Steve Tornio
ae17e9f7b5
add osvdb ref 56992
2013-06-02 18:32:46 -05:00
Steve Tornio
61c8861fcf
add osvdb ref
2013-06-02 08:33:42 -05:00
sinn3r
90117c322c
Landing #1874 - Post API cleanup
2013-05-31 16:15:23 -05:00
Tod Beardsley
e7a1f06fbc
Modules shouldn't be +x
2013-05-29 15:11:35 -05:00
James Lee
f3ff5b5205
Factorize and remove includes
...
Speeds up compilation and removes dependency on bionic source
2013-05-28 15:46:06 -05:00
Tod Beardsley
75d6c8079a
Spelling, whitespace
...
Please be sure to run msftidy.rb on new modules. Thanks!
2013-05-28 10:03:37 -05:00
jvazquez-r7
bfcd86022d
Add code cleanup for nginx_chunked_size.
2013-05-22 14:37:42 -05:00
LinuxGeek247
81b690ae4b
Initial check in of nginx module
2013-05-22 13:52:00 -04:00
James Lee
f4498c3916
Remove $Id tags
...
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
jvazquez-r7
94bc3bf8eb
Fix msftidy warning
2013-05-20 10:35:59 -05:00
jvazquez-r7
395aac90c2
Do minor cleanup for linksys_wrt160nv2_apply_exec
2013-05-20 10:34:39 -05:00
jvazquez-r7
08b2c9db1e
Land #1801 , @m-1-k-3's linksys wrt160n exploit
2013-05-20 10:33:44 -05:00
m-1-k-3
1a904ccf7d
tftp download
2013-05-19 20:37:46 +02:00
jvazquez-r7
dfa19cb46d
Do minor cleanup for dlink_dir615_up_exec
2013-05-19 12:43:01 -05:00
jvazquez-r7
348705ad46
Land #1800 , @m-1-k-3's exploit for DLINK DIR615
2013-05-19 12:42:02 -05:00
m-1-k-3
f3a2859bed
removed user,pass in request
2013-05-19 18:50:12 +02:00
m-1-k-3
aee5b02f65
tftp download check
2013-05-19 18:45:01 +02:00
m-1-k-3
4816925f83
feeback included
2013-05-19 16:19:45 +02:00
James Lee
3009bdb57e
Add a few more references for those without
2013-05-16 14:32:02 -05:00
jvazquez-r7
649a8829d3
Add modules for Mutiny vulnerabilities
2013-05-15 09:02:25 -05:00
sinn3r
5e925f6629
Description update
2013-05-14 14:20:27 -05:00
jvazquez-r7
42cfa72f81
Update data after test kloxo 6.1.12
2013-05-13 19:09:06 -05:00
jvazquez-r7
58f2373171
Added module for EDB 25406
2013-05-13 18:08:23 -05:00
m-1-k-3
981cc891bc
description
2013-05-12 20:07:32 +02:00
m-1-k-3
09bf23f4d6
linksys wrt160n tftp download module
2013-05-06 16:18:15 +02:00
m-1-k-3
22d850533a
dir615 down and exec exploit
2013-05-06 15:33:45 +02:00
Tod Beardsley
60e0cfb17b
Trivial description cleanup
2013-04-29 14:11:20 -05:00
jvazquez-r7
2b4144f20f
Add module for US-CERT-VU 345260
2013-04-24 10:47:16 -05:00
Antoine
0115833724
SyntaxError fixes
2013-04-21 20:22:41 +00:00
jvazquez-r7
19a158dce9
Do final cleanup for netgear_dgn2200b_pppoe_exec
2013-04-19 15:50:23 -05:00
jvazquez-r7
c1819e6ecc
Land #1700 , @m-1-k-3's exploit for Netgear DGN2200B
2013-04-19 15:49:30 -05:00
m-1-k-3
2713991c64
timeout and HTTP_Delay
2013-04-17 20:25:59 +02:00
m-1-k-3
59045f97fb
more testing, reworking of config restore, rework of execution
2013-04-17 18:10:27 +02:00
Tod Beardsley
513b3b1455
Minor cleanup on DLink module
2013-04-15 13:27:47 -05:00
jvazquez-r7
7e5d4bc893
Landing #1614 , @jwpari nagios nrpe exploit
2013-04-11 17:53:52 +02:00
jvazquez-r7
a1605184ed
Landing #1719 , @m-1-k-3 dlink_diagnostic_exec_noauth exploit module
2013-04-10 11:17:29 +02:00
jvazquez-r7
4f2e3f0339
final cleanup for dlink_diagnostic_exec_noauth
2013-04-10 11:15:32 +02:00
m-1-k-3
8fbade4cbd
OSVDB
2013-04-10 10:45:30 +02:00
jvazquez-r7
157f25788b
final cleanup for linksys_wrt54gl_apply_exec
2013-04-09 12:39:57 +02:00
jvazquez-r7
b090495ffb
Landing pr #1703 , m-1-k-3's linksys_wrt54gl_apply_exec exploit
2013-04-09 12:38:49 +02:00
m-1-k-3
b93ba58d79
EDB, BID
2013-04-09 11:56:53 +02:00
m-1-k-3
cbefc44a45
correct waiting
2013-04-08 21:40:50 +02:00
m-1-k-3
955efc7009
final cleanup
2013-04-07 17:59:57 +02:00
m-1-k-3
9f89a996b2
final regex, dhcp check and feedback from juan
2013-04-07 17:57:18 +02:00
jvazquez-r7
0e69edc89e
fixing use of regex
2013-04-07 11:39:29 +02:00
jvazquez-r7
6a410d984d
adding get_config where I forgot
2013-04-06 19:13:42 +02:00
jvazquez-r7
0c25ffb4de
Landing #1695 , agix's smhstart local root exploit
2013-04-06 17:32:12 +02:00
jvazquez-r7
55302ee07f
Merge remote-tracking branch 'origin/pr/1695' into landing-pr1695
2013-04-06 17:30:02 +02:00
jvazquez-r7
9a2f409974
first cleanup for linksys_wrt54gl_apply_exec
2013-04-06 01:05:09 +02:00
m-1-k-3
ecaaaa34bf
dlink diagnostic - initial commit
2013-04-05 19:56:15 +02:00
m-1-k-3
96b444c79e
ManualRanking
2013-04-04 17:40:53 +02:00
m-1-k-3
67f0b1b6ee
little cleanump
2013-04-04 17:33:46 +02:00
m-1-k-3
f07117fe7d
replacement of wrt54gl auxiliary module - initial commit
2013-04-04 17:30:36 +02:00
agix
b947dc71e9
english :) "must be"
2013-04-03 13:47:57 +02:00
agix
60dfece55c
add opcode description
2013-04-03 13:46:56 +02:00
jvazquez-r7
ce88d8473a
cleanup for netgear_dgn1000b_setup_exec
2013-04-03 12:44:04 +02:00
jvazquez-r7
3c27678168
Merge branch 'netgear-dgn1000b-exec-exploit' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-netgear-dgn1000b-exec-exploit
2013-04-03 12:43:42 +02:00
m-1-k-3
a93ec3aea3
fix name
2013-04-03 10:40:52 +02:00
m-1-k-3
2ceecabede
make msftidy happy
2013-04-03 10:34:28 +02:00
m-1-k-3
91b0e5f800
netgear dgn2200b pppoe exec exploit - initial commit
2013-04-03 10:32:52 +02:00
m-1-k-3
642d8b846f
netgear_dgn1000b_setup_exec - initial commit
2013-04-02 14:41:50 +02:00
m-1-k-3
7f3c6f7629
netgear_dgn1000b_setup_exec - initial commit
2013-04-02 14:39:04 +02:00
m-1-k-3
1b27d39591
netgear dgn1000b mipsbe exploit
2013-04-02 14:34:09 +02:00
agix
7359151c14
decrement esp to fix crash in the middle of shellcode
2013-04-02 13:25:31 +02:00
jvazquez-r7
6a6fa5b39e
module filename changed
2013-04-02 10:50:50 +02:00
jvazquez-r7
b3feb51c49
cleanup for linksys_e1500_up_exec
2013-04-02 10:49:09 +02:00
jvazquez-r7
5e42b8472b
Merge branch 'linksys_e1500_exploit' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys_e1500_exploit
2013-04-02 10:48:28 +02:00
m-1-k-3
579c499f43
Juans SRVHOST check included
2013-04-02 07:50:51 +02:00
jvazquez-r7
08ba2c70d3
update title and descr for mongod_native_helper
2013-04-01 21:44:08 +02:00
jvazquez-r7
81bca2c45a
cleanup for mongod_native_helper
2013-04-01 21:35:34 +02:00
m-1-k-3
c386d54445
check SRVHOST
2013-04-01 18:12:13 +02:00
agix
cc598bf977
Resolv a problem with mmap64 libc function and its unknown last argument
2013-04-01 17:38:09 +02:00
agix
6b639ad2ee
add memcpy to the ropchain due to the zeroed mmap function under ubuntu
2013-04-01 14:13:19 +02:00
agix
baf1ce22b3
increase mmap RWX size
2013-03-31 21:04:39 +02:00
jvazquez-r7
0f965ddaa3
waiting for payload download on linksys_e1500_more_work
2013-03-31 16:07:14 +02:00
agix
30111e3d8b
hpsmh smhstart local exploit BOF
2013-03-31 13:04:34 +02:00
m-1-k-3
1d6184cd63
fixed author details
2013-03-30 12:41:31 +01:00
m-1-k-3
cd8bc2f87d
description, blind exploitation info on cmd payload
2013-03-30 12:03:14 +01:00
m-1-k-3
b0a61adc23
juans feedback included
2013-03-30 11:43:10 +01:00
jvazquez-r7
5fd996f775
added osvdb reference
2013-03-30 10:42:58 +01:00
jvazquez-r7
3bf0046e3e
Merge branch 'hp_system_management' of https://github.com/agix/metasploit-framework into agix-hp_system_management
2013-03-30 10:42:06 +01:00
m-1-k-3
7965f54890
juans feedback included
2013-03-30 08:40:42 +01:00
jvazquez-r7
607b1c5c14
little cleanup for e1500_up_exec
2013-03-29 23:16:13 +01:00
m-1-k-3
1b563ad915
stop_service
2013-03-29 22:38:06 +01:00
m-1-k-3
813ff1e61e
removed payload stuff
2013-03-29 22:32:57 +01:00
m-1-k-3
c5e358c9c3
compatible payloads
2013-03-29 20:54:35 +01:00
m-1-k-3
0164cc34be
msftidy, generate exe, register_file_for_cleanup
2013-03-29 19:00:04 +01:00
jvazquez-r7
c55a3870a8
cleanup for hp_system_management
2013-03-29 18:02:23 +01:00
m-1-k-3
cfeddf3f34
cmd payload working, most feedback included
2013-03-29 14:43:48 +01:00
agix
4a683ec9a4
Fix msftidy WARNING
2013-03-28 13:36:35 +01:00
agix
139926a25b
Fix msftidy Warning
2013-03-28 13:22:26 +01:00
agix
eec386de60
fail in git usage... sorry
2013-03-28 12:05:49 +01:00
agix
4bcadaabc1
hp system management homepage DataValidation?iprange buffer overflow
2013-03-28 12:00:17 +01:00
agix
69fb465293
Put gadgets in Target
2013-03-28 11:15:13 +01:00
agix
dee5835eab
Create mongod_native_helper.rb
...
metasploit exploit module for CVE-2013-1892
2013-03-28 03:10:38 +01:00
m-1-k-3
dfd451f875
make msftidy happy
2013-03-27 17:46:02 +01:00
jvazquez-r7
cd58a6e1a1
cleanup for nagios_nrpe_arguments
2013-03-20 19:22:48 +01:00
Joel Parish
21e9f7dbd2
Added module for CVE-2013-1362
...
Module exploits a shell code metacharacter escaping vulnerability in
poorly configured Nagios Remote Plugin Executor installations.
2013-03-19 01:43:46 -07:00
jvazquez-r7
6ccfa0ec18
cleanup for dreambox_openpli_shell
2013-03-14 15:02:21 +01:00
m-1-k-3
9366e3fcc5
last adjustment
2013-03-14 11:18:52 +01:00
m-1-k-3
0140caf1f0
Merge branch 'master' of git://github.com/rapid7/metasploit-framework into openpli-shell
2013-03-14 10:55:52 +01:00
jvazquez-r7
4852f1b9f7
modify exploits to be compatible with the new netcat payloads
2013-03-11 18:35:44 +01:00
James Lee
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
David Maloney
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
m-1-k-3
3ab5585107
make msftidy happy
2013-02-16 20:49:32 +01:00
m-1-k-3
121a736e28
initial commit
2013-02-16 20:42:02 +01:00
Tod Beardsley
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
David Maloney
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
sinn3r
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
sinn3r
690ef85ac1
Fix trailing slash problem
...
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.
Related to: [SeeRM: #7727 ]
2013-01-28 13:19:31 -06:00
sinn3r
f50c7ea551
A version number helps deciding which exploit to use
2013-01-23 11:43:39 -06:00
sinn3r
ca144b9e84
msftidy fix
2013-01-23 11:40:12 -06:00
jvazquez-r7
dd0fdac73c
fix indent
2013-01-23 18:19:14 +01:00
jvazquez-r7
9c9a0d1664
Added module for cve-2012-0432
2013-01-23 10:51:29 +01:00
Tod Beardsley
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Christian Mehlmauer
6654faf55e
Msftidy fixes
2013-01-04 09:29:34 +01:00
Christian Mehlmauer
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
Christian Mehlmauer
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
James Lee
20cc2fa38d
Make Windows postgres_payload more generic
...
* Adds Exploit::EXE to windows/postgres/postgres_payload. This gives us
the ability to use generate_payload_dll() which generates a generic dll
that spawns rundll32 and runs the shellcode in that process. This is
basically what the linux version accomplishes by compiling the .so on
the fly. On major advantage of this is that the resulting DLL will
work on pretty much any version of postgres
* Adds Exploit::FileDropper to windows version as well. This gives us
the ability to delete the dll via the resulting session, which works
because the template dll contains code to shove the shellcode into a
new rundll32 process and exit, thus leaving the file closed after
Postgres calls FreeLibrary.
* Adds pre-auth fingerprints for 9.1.5 and 9.1.6 on Ubuntu and 9.2.1 on
Windows
* Adds a check method to both Windows and Linux versions that simply
makes sure that the given credentials work against the target service.
* Replaces the version-specific lo_create method with a generic
technique that works on both 9.x and 8.x
* Fixes a bug when targeting 9.x; "language C" in the UDF creation query
gets downcased and subsequently causes postgres to error out before
opening the DLL
* Cleans up lots of rdoc in Exploit::Postgres
2012-12-22 00:30:09 -06:00
Tod Beardsley
e762ca0d9b
Merge remote branch 'jlee-r7/midnitesnake-postgres_payload'
2012-12-12 15:30:56 -06:00
sinn3r
f5193b595c
Update references
2012-12-10 11:42:21 -06:00
James Lee
17d8d3692b
Merge branch 'rapid7' into midnitesnake-postgres_payload
2012-11-27 11:14:54 -06:00
jvazquez-r7
35b3bf4aa5
back to the original Brute mixin
2012-11-19 14:13:49 +01:00
jvazquez-r7
24fe043960
Merge branch 'samba' of https://github.com/mephos/metasploit-framework into mephos-samba
2012-11-19 14:13:15 +01:00
Chris John Riley
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
James Lee
ac1b60e6db
Remove debug load
2012-11-07 20:00:41 -06:00
m m
e170c1e3e3
typo in centos5 range
2012-10-31 18:28:26 +01:00
m m
f7481b160c
add centos5 target
2012-10-31 18:21:41 +01:00
m m
3e3c518753
remove SessionTypes as per egypt
2012-10-30 17:13:57 +01:00
m m
3855ba88b1
add meterpreter/command support to samba exploit using ROP
2012-10-29 17:33:00 +01:00
sinn3r
799c22554e
Warn user if a file/permission is being modified during new session
2012-10-24 00:54:17 -05:00
Tod Beardsley
be9a954405
Merge remote branch 'jlee-r7/cleanup/post-requires'
2012-10-23 15:08:25 -05:00
Michael Schierl
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
James Lee
9c95c7992b
Require's for all the include's
2012-10-23 13:24:05 -05:00
Michael Schierl
f9ac55c221
Infohash key cleanups
...
Replace obvious typos in infohash keys. Note that this *does*
affect the behaviour as those keys have been ignored before.
2012-10-22 21:24:36 +02:00
Michael Schierl
e9f7873afc
Version cleanup
...
Remove all values that are neither 0 nor $Revision$.
2012-10-22 20:57:02 +02:00
James Lee
768d2c5921
Go back to old behavior for unknown versions
...
May not be correct, but it's what we used to do, so probably better than
just raising.
Also documents things a bit better.
2012-10-18 16:57:40 -05:00
James Lee
1eccb24bf8
Raise if the version isn't what we expect
...
Also adds some clarifying commentation and adds todb to the list of
authors since he wrote the original module for windows upon which this
one is based.
2012-10-18 15:55:55 -05:00
James Lee
3c5c1cd86e
Remove unnecessary version restrictions
...
Since the payload is now run in the .so constructor, there's no need to
be compatible with a particular Postgres API.
Also:
- report the service
- delete the payload in the payload itself to reduce forensics
footprint
- randomize the created function name instead of abusing
postgres_create_sys_exec
2012-10-18 15:40:27 -05:00
James Lee
0221f75f39
Merge branch 'rapid7' into midnitesnake-postgres_payload
2012-10-18 13:57:25 -05:00
James Lee
52feae2dcd
Add missing require
...
[FixRM #7345 ]
2012-10-15 17:18:04 -05:00
sinn3r
529f88c66d
Some msftidy fixes
2012-10-14 19:16:54 -05:00
James Lee
9c6fdbe9d7
Compile a .so instead of being version-specific
...
This makes it possible to use payloads for the appropriate architecture
NOTE: need to test windows and make sure I didn't break it
2012-10-13 15:18:25 -05:00
James Lee
ad1870d819
Merge branch 'rapid7' into midnitesnake-postgres_payload
2012-10-12 14:18:34 -05:00
James Lee
db12413b09
Convert vcms_upload to use PhpEXE
...
Incidentally adds a Linux x86 target
2012-10-12 04:29:57 -05:00
jvazquez-r7
aba69d8438
fix indentation
2012-10-05 20:18:40 +02:00
jvazquez-r7
4c646762a5
Added target debian squeeze
2012-10-05 20:12:09 +02:00
jvazquez-r7
6679ff765a
remove extra commas
2012-09-28 12:21:59 +02:00
sinn3r
4087790cf7
Oops, forgot to update the check() function
2012-09-27 18:22:57 -05:00
jvazquez-r7
9d3a1871a6
Added module for Samba CVE-2012-1182
2012-09-28 01:18:52 +02:00
jvazquez-r7
25e6990dc7
added osvdb reference
2012-09-24 21:49:32 +02:00
jvazquez-r7
ed24154915
minor fixes
2012-09-21 11:36:58 +02:00
bcoles
6ee2c32f08
add ZEN Load Balancer module
2012-09-21 17:25:20 +09:30
Ramon de C Valle
11f82de098
Update author information
2012-09-19 14:00:51 -03:00
jvazquez-r7
8b251b053e
initializing msghdr a little better
2012-09-18 12:12:27 +02:00
jvazquez-r7
16c5df46fc
fix while testing ubuntu intrepid
2012-09-18 11:52:50 +02:00
jvazquez-r7
0708ec72fc
module moved to a more correct location
2012-09-15 15:31:21 +02:00
jvazquez-r7
0f67f8d08a
target modified
2012-09-15 15:14:33 +02:00
jvazquez-r7
0061d23b37
Added module for CVE-2012-2982
2012-09-15 15:09:19 +02:00
sinn3r
1f58458073
Merge branch 'udev_netlink' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-udev_netlink
2012-09-13 10:37:52 -05:00
jvazquez-r7
12f3ef9c7c
added osvdb numbers
2012-09-13 14:00:12 +02:00
Tod Beardsley
fba219532c
Updating BID for openfiler
2012-09-12 14:13:21 -05:00
sinn3r
f5a0f74d27
Merge branch 'wanem_exec_improve' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-wanem_exec_improve
2012-09-10 13:35:48 -05:00
James Lee
bbeb6cc97a
Add a privilege escalation exploit for udev < 1.4.1
...
Also includes a new ```rm_f``` method for Post::File for deleting remote
files in a platform-independent way.
2012-09-10 12:32:14 -05:00
sinn3r
64b8696e3c
Extra condition that's not actually needed
...
Don't actually need to check nil res, because no code will
actually try to access res when it's nil anyway. And the 'return'
at the of the function will catch it when the response times out.
2012-09-09 04:06:48 -05:00
bcoles
cb95a7b520
Add openfiler_networkcard_exec exploit
2012-09-09 17:28:09 +09:30
jvazquez-r7
37c7f366f2
check function test vulnerability + minor improvements
2012-09-09 00:42:02 +02:00
bcoles
f02659184a
Add WANem v2.3 command execution
2012-09-08 16:01:45 +09:30
sinn3r
bbab206eac
Add CVE-2012-3579 - Symantec Messaging Gateway 9 Default SSH Pass
...
This module exploits a default misconfig flaw on Symantec Messaging
Gateway 9.5 (or older). The "support" user has a known default
password, which can be used to login to the SSH service, and then
gain privileged access from remote.
2012-09-05 13:21:10 -05:00
sinn3r
9d97dc8327
Add Metasploit blogs as references, because they're useful.
2012-09-03 15:57:27 -05:00
midnitesnake
25ee8fd357
Run postgres.rb & postgres_payload through msftidy, and cleaned up the files
2012-08-25 01:44:49 +01:00
sinn3r
ea7d7b847a
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-08-24 11:17:14 -05:00
jvazquez-r7
8f748d833a
Added BID reference
2012-08-24 17:30:52 +02:00
jvazquez-r7
261a17d28a
Added module for CVE-2009-4498
2012-08-23 18:29:39 +02:00
midnitesnake
d0b1fa33af
swapped out OptString for OptEnum
2012-08-22 02:20:13 +01:00
midnitesnake
8218a60b32
other corrections
2012-08-22 00:08:59 +01:00
midnitesnake
5cf7f22a13
corrections following on from jlee-r7 comments
2012-08-21 23:57:07 +01:00
jvazquez-r7
3106f87687
badchars fixed
2012-08-21 13:30:15 +02:00
jvazquez-r7
e21ea6999c
added module for ESVA Command Injection Vulnerability
2012-08-21 13:25:03 +02:00
sinn3r
a228e42630
Add new target thanks for cabetux
2012-08-15 16:06:09 -05:00
midnitesnake
ad2b457fda
Added linux port for postgres payload
2012-08-14 17:46:35 +01:00
HD Moore
f72f334124
Fix an odd issue with search due to use of the builtin Proxies option
2012-08-12 23:22:38 -05:00
RageLtMan
3711297719
dd Opt::Proxies and opthash[:proxies] to exploits
2012-08-12 16:29:39 -04:00
Tod Beardsley
955a5af8cf
Adding OSVDB ref
2012-08-07 12:56:29 -05:00
Steve Tornio
54ed27c1b3
add osvdb ref
2012-08-05 09:02:54 -05:00
bcoles
2bf0899d09
minor improvements to Zenoss showdaemonxmlconfig exploit
2012-08-01 20:15:45 +09:30