Commit Graph

451 Commits (15906b76dbbda253068ff248b230a0c35b72a4ed)

Author SHA1 Message Date
Chris John Riley f88ec5cbc8 Add normalize_uri to modules that may have
been missed by PULL 1045.

Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)

ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
sinn3r 2c4273e478 Correct some modules with res nil 2012-10-29 04:41:30 -05:00
sinn3r 799c22554e Warn user if a file/permission is being modified during new session 2012-10-24 00:54:17 -05:00
sinn3r f1423bf0b4 If a message is clearly a warning, then use print_warning 2012-10-24 00:44:53 -05:00
Tod Beardsley be9a954405 Merge remote branch 'jlee-r7/cleanup/post-requires' 2012-10-23 15:08:25 -05:00
Michael Schierl 910644400d References EDB cleanup
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
James Lee 9c95c7992b Require's for all the include's 2012-10-23 13:24:05 -05:00
James Lee 13a5892e95 Add a mixin for uploading/executing bins with PHP
And use it in three modules that had copy-paste versions of the same
idea.
2012-10-12 02:57:41 -05:00
sinn3r 9ea208d129 Oops, overwrote egypt's changes by accident 2012-10-11 16:40:52 -05:00
sinn3r 82eaa322fe Make cleanup work better 2012-10-11 16:39:54 -05:00
James Lee 3a66a07844 Proposed re-wording of description
[See #889]
2012-10-11 15:48:04 -05:00
sinn3r 24980e735b I found an OSVDB ID 2012-10-11 15:28:07 -05:00
sinn3r 55128f5bb3 Make sure res has value before passing it on to exec_php 2012-10-11 14:43:38 -05:00
sinn3r 033a11eff5 Add Project Pier File Upload Vulnerability 2012-10-11 13:47:40 -05:00
jvazquez-r7 4fa3631e34 avoiding the python support on the barracuda one if cannot be tested 2012-10-09 18:01:23 +02:00
jvazquez-r7 f33411abd1 Merge branch 'python_payload_support' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-python_payload_support 2012-10-09 18:00:44 +02:00
sinn3r a12aed7ffc Don't really need these keywords 2012-10-09 00:49:05 -05:00
sinn3r c094508119 Support Python payload
Pretty sure if the app is run on Unix/Apache, or supports perl and
ruby, chances are python works too.
2012-10-08 22:17:11 -05:00
ethicalhack3r f4e442bcbd Added headers support to php_include module 2012-10-05 23:00:38 +02:00
sinn3r d515b3274d Apply wfsdelay and apply egypt's suggestions 2012-10-04 00:40:52 -05:00
bcoles e2276bfedb Add QNX QCOMM command execution module 2012-09-30 17:21:08 +09:30
Tod Beardsley c83b49ad58 Unix linefeeds, not windows
That's what I get for just committing willy-nilly with a fresh install
of Gvim for Windows.

Also, this is an experiment to see if linefeeds are being respected in
this editor Window. I doubt it will be, given GitHub's resistence to
50/72 as a sensible default.
2012-09-16 18:10:35 -05:00
Tod Beardsley 2fc34e0073 Auth successful, not successfully
Just fixing up some adverb versus adjective grammar.
2012-09-16 17:51:00 -05:00
jvazquez-r7 cbc778cb47 add changes proposed by sinn3r 2012-09-15 23:53:09 +02:00
jvazquez-r7 0708ec72fc module moved to a more correct location 2012-09-15 15:31:21 +02:00
jvazquez-r7 e27f736e95 BID reference added 2012-08-24 17:29:12 +02:00
jvazquez-r7 0e535e6485 added module for XODA file upload RCE 2012-08-22 00:54:13 +02:00
jvazquez-r7 c2cc4b3b15 juan author name updated 2012-08-06 18:59:16 +02:00
Tod Beardsley d5b165abbb Msftidy.rb cleanup on recent modules.
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
Daniel Miller 31510167e6 Make setuid_nmap more robust
Squashed commit of the following:

commit e1a1f84f9b1ce6466e82c72e39070c34607d6769
Author: James Lee <egypt@metasploit.com>
Date:   Fri Aug 3 14:13:33 2012 -0600

    Fix 1.8 compat

commit 26533219896b6e874b2f2113e7cbc6d5d7d1ac79
Author: Daniel Miller <bonsaiviking@gmail.com>
Date:   Thu Aug 2 09:50:38 2012 -0500

    Handle early Nmap versions that don't take absolute paths

commit 00db80131deba1f4a3bcc289b394feb5057fbbe9
Author: Daniel Miller <bonsaiviking@gmail.com>
Date:   Fri Jul 27 11:58:36 2012 -0500

    Add compatibility args to setuid_nmap command

    Nmap before 4.75 would not run a script without a port scan being
    performed. Example: 4.53 installed on Metasploitable would not work.
    Added "-p80 localhost" to the command to ensure it works with these
    older versions.

[Closes #649]
2012-08-03 14:15:09 -06:00
jvazquez-r7 2f66aa7c4f Added module for OSVDB 83891 2012-07-21 12:14:29 +02:00
James Lee efe478f847 Merge branch 'master' into omg-post-exploits 2012-07-16 09:20:23 -06:00
HD Moore a57e712630 Be less verbose 2012-07-15 22:19:12 -05:00
HD Moore b133428bc1 Better error handling in two web app modules 2012-07-15 21:56:00 -05:00
jvazquez-r7 4af75ff7ed Added module for CVE-2011-4542 2012-07-10 18:40:18 +02:00
James Lee 6d6b4bfa92 Merge remote branch 'rapid7/master' into omg-post-exploits 2012-07-08 17:32:39 -06:00
Steve Tornio 44290c2c89 add osvdb ref 2012-07-07 08:40:25 -05:00
sinn3r 1e6c4301b6 We worked on it, so we got credit 2012-07-06 02:12:10 -05:00
sinn3r f8123ef316 Add a "#" in the end after the payload 2012-07-06 02:09:31 -05:00
sinn3r 187731f2cb Add a check function to detect the vuln 2012-07-06 01:58:01 -05:00
sinn3r dcddc712d2 Missing a "&" 2012-07-06 01:50:18 -05:00
sinn3r 3c8a836091 Add lcashdol's module from #568
Initial version being worked on by sinn3r & juan
2012-07-06 01:41:34 -05:00
sinn3r 850242e733 Remove the extra comma and a tab char 2012-07-05 14:05:23 -05:00
jvazquez-r7 aee7d1a966 Added module for CVE-2012-0911 2012-07-05 20:58:27 +02:00
sinn3r e5dd6fc672 Update milw0rm references.
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links.  Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
sinn3r f63a3959e0 Update web app module references 2012-06-28 00:37:37 -05:00
sinn3r 8927c8ae57 Make it more verbose, and do some exception handling for cleanup 2012-06-25 17:27:33 -05:00
jvazquez-r7 7b0f3383d2 delete default credentials 2012-06-25 23:53:56 +02:00
jvazquez-r7 7dc1a572e5 trying to fix serialization issues 2012-06-25 23:25:38 +02:00
jvazquez-r7 4c453f9b87 Added module for CVE-2012-0694 2012-06-25 17:21:03 +02:00
James Lee 815d80a2cc Merge branch 'rapid7' into omg-post-exploits 2012-06-21 17:02:55 -06:00
HD Moore d40e39b71b Additional exploit fail_with() changes to remove raise calls 2012-06-19 19:43:41 -05:00
HD Moore fb7f6b49f0 This mega-diff adds better error classification to existing modules 2012-06-19 12:59:15 -05:00
James Lee 96c16a498a Add a check for distcc_exec
Just executes the exploit with an "echo <random>" payload to see if it
works.
2012-06-18 14:34:02 -06:00
James Lee c39a42da3d No need to alter time out 2012-06-12 23:58:20 -06:00
James Lee 0e8fb0fe98 Add a post-exploitation exploit for suid nmap
Tested on Ubuntu with nmap 6.00 and nmap 5.00
2012-06-12 23:58:20 -06:00
jvazquez-r7 4ae786590a php_wordpress_foxypress from patrick updated. Related to Pull Request #475 2012-06-12 17:39:05 +02:00
Christian Mehlmauer 3752c10ccf Adding FireFart's RPORT(80) cleanup
This was tested by creating a resource script to load every changed
module and displaying the options, like so:

````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````

...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.

Thanks FireFart!

Squashed commit of the following:

commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Fri May 25 22:09:42 2012 +0200

    Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
2012-06-02 09:53:19 -05:00
David Maloney 54fb6d2f7a Fixes unreal ircd race condition
Handler would exit before finishing staging
2012-05-29 17:16:07 -05:00
jvazquez-r7 e774df5c32 target info plus relocation 2012-05-25 20:16:13 +02:00
jvazquez-r7 c4fad0dea5 module added for OSVDB-73609 2012-05-25 17:18:09 +02:00
HD Moore d668e2321d Rename this to a more suitable location 2012-05-04 09:59:40 -05:00
HD Moore 6cf6a9548d Fix up the PHP CGI exploit, remove debug lines 2012-05-04 09:58:10 -05:00
sinn3r 9a36017271 no unicode 2012-05-04 00:01:03 -05:00
James Lee 2d1f4d4f3e Add hdm's better check method 2012-05-03 19:00:40 -06:00
James Lee 40ec3d9d40 Add an exploit module for the recent php cgi bug (CVE-2012-1823) 2012-05-03 18:51:54 -06:00
sinn3r a8eada6016 This module should be able to support more payloads 2012-04-16 14:43:36 -05:00
sinn3r edadc19757 This module should be able to support more payloads than it should be 2012-04-16 14:41:11 -05:00
Tod Beardsley 56404f5edd Fixing EDB reference 2012-03-28 14:33:25 -06:00
Tod Beardsley 2bcf259301 Setting correct LFs on freepbx_callmenum.rb 2012-03-23 16:29:42 -05:00
wchen-r7 71462bc73d Merging in freepbx_callmenum.rb and ricoh_dl_bof.rb
[Closes #266]
2012-03-23 16:23:36 -05:00
Tod Beardsley 47493af103 Merge pull request #259 from todb-r7/edb-2
Convert Exploit-DB references to first-tier "EDB-12345" references
2012-03-23 12:09:07 -07:00
James Lee 17a044db89 Print the full URI
Makes everything obvious from output alone, don't need to show options
to see what RHOST is.
2012-03-22 18:44:55 -06:00
Tod Beardsley 7d12a3ad3a Manual fixup on remaining exploit-db references 2012-03-21 16:43:21 -05:00
Tod Beardsley 2f3bbdc00c Sed replacement of exploit-db links with EDB refs
This is the result of:

find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/\([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
James Lee 70162fde73 A few more author typos 2012-03-05 13:28:46 -07:00
James Lee 5e6c40edfd Remove unnecessary space restrictions.
This allows using the full range of PHP payloads
2012-02-21 23:21:07 -07:00
James Lee 7ca573a1b4 Give these two old modules a chance to work by setting a proper arch
These must have been broken for quite some time.  =/  They should
probably both be ARCH_PHP but I'm reluctant to make that big of a change
without having the target software to test.
2012-02-21 22:59:20 -07:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
HD Moore af56807668 Cleanup the titles of many exploit modules 2012-02-20 19:25:55 -06:00
Tod Beardsley 7e25f9a6cc Death to unicode
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.

Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
sinn3r e7ab48693c Repair dead milw0rm link to exploit-db 2011-12-13 16:12:57 -06:00
sinn3r 94b736c76c Repair dead milw0rm link to exploit-db 2011-12-13 16:12:38 -06:00
sinn3r 97b74101fb Repair dead milw0rm link to exploit-db 2011-12-13 16:12:11 -06:00
sinn3r 6f5d64f6de Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-29 03:31:15 -06:00
sinn3r 34a933d499 Feature #5610 2011-11-29 03:30:49 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
Wei Chen e767214411 Fix: whitespaces, svn propset, author e-mail format
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 22:02:26 +00:00
Steve Tornio 7a07e069da add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@14156 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 14:15:00 +00:00
Wei Chen 3722a5c3c1 Add LifeSize room command injection (feature #5333)
git-svn-id: file:///home/svn/framework3/trunk@14143 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-02 19:40:05 +00:00
Joshua Drake 62c8c6ea9f big msftidy pass, ping me if there are issues
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
HD Moore 5916a4afe3 Cosmetic
git-svn-id: file:///home/svn/framework3/trunk@13991 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:56:33 +00:00
HD Moore f2469fc23f Drop phpi to normal ranking, it eats too much time
git-svn-id: file:///home/svn/framework3/trunk@13990 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:10:45 +00:00
Wei Chen 975cc52bac Fix spelling errors
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 00:54:05 +00:00
Wei Chen d204f4027b Catch nil first before do .empty?
git-svn-id: file:///home/svn/framework3/trunk@13978 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 15:59:57 +00:00
Tod Beardsley 30ac88694f More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster.
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:58:53 +00:00
HD Moore cf8524b1b4 Fixes #5414 by applying Joshua Taylor's patch that corrects bad reference types
git-svn-id: file:///home/svn/framework3/trunk@13949 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:53:53 +00:00
Wei Chen 14d7db1641 Add disclosure dates to all the exploit modules that didn't have one
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 21:09:17 +00:00
Wei Chen 1a02a2199b These are considered as cmd exec and do not cause crashes, therefore received an ExcellentRanking
git-svn-id: file:///home/svn/framework3/trunk@13937 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:42:20 +00:00
Chao Mu 4b9346e40e Switching my BSD modules to MSF_LICENSE to make life easier. Resistance is Futile! Assimilate!
git-svn-id: file:///home/svn/framework3/trunk@13925 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 23:29:52 +00:00
HD Moore 0ff7f17cba Cosmetic module and service name fixes
git-svn-id: file:///home/svn/framework3/trunk@13917 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 00:52:15 +00:00
HD Moore 643223ff11 Fixes #5651 by applying patch
git-svn-id: file:///home/svn/framework3/trunk@13850 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 15:40:59 +00:00
Wei Chen 9ddfc122af Fix indentation, white spaces, add patch URL to reference
git-svn-id: file:///home/svn/framework3/trunk@13847 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 20:39:02 +00:00
Tod Beardsley 921549fc3d Adding OSVDB ref that just popped up for me.
git-svn-id: file:///home/svn/framework3/trunk@13844 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 15:49:02 +00:00
Tod Beardsley 3d9c94633d Adding MyBB backdoor exploit submitted by tdz. Thanks!
git-svn-id: file:///home/svn/framework3/trunk@13838 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 03:22:07 +00:00
Wei Chen 37069a252c Support POST. Feature #5571
git-svn-id: file:///home/svn/framework3/trunk@13814 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-04 16:02:52 +00:00
HD Moore 81cb99c7ab A better fix
git-svn-id: file:///home/svn/framework3/trunk@13605 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-21 19:26:41 +00:00
David Rude b39ed220ca remove the .strip call in banner check causes stack traces in some cases
git-svn-id: file:///home/svn/framework3/trunk@13604 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-21 06:50:51 +00:00
HD Moore 1fb64f099d Typo
git-svn-id: file:///home/svn/framework3/trunk@13427 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-30 18:23:52 +00:00
Wei Chen f47a2c7565 Format dictatorship round 2: Fix author e-mail format for all exploit modules
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 20:17:58 +00:00
Steve Tornio 94640b6bc4 add osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@13115 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-07 11:54:54 +00:00
HD Moore ab4961bfa9 Timeline
git-svn-id: file:///home/svn/framework3/trunk@13099 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-05 05:20:47 +00:00
HD Moore e678bb0a8e Update the description to match the latest information
git-svn-id: file:///home/svn/framework3/trunk@13098 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-05 05:11:00 +00:00
HD Moore c82063d708 Update based on feedback from mc, indicating this backdoor was in place since February 15th 2011 and likely even earlier
git-svn-id: file:///home/svn/framework3/trunk@13097 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-05 01:49:05 +00:00
HD Moore 5482a59910 Exit cleanly if the shell as not valid
git-svn-id: file:///home/svn/framework3/trunk@13095 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 21:18:44 +00:00
HD Moore bd12c8c6a9 Fix a couple small typos
git-svn-id: file:///home/svn/framework3/trunk@13094 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 21:10:30 +00:00
HD Moore e6968c202a A couple bug fixes to enable cmd_interact and a new module for the VSFTPD backdoor
git-svn-id: file:///home/svn/framework3/trunk@13093 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 20:09:32 +00:00
Joshua Drake bf20ace73e totally noobd out on that one, thx
git-svn-id: file:///home/svn/framework3/trunk@13035 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 18:09:21 +00:00
Joshua Drake a29002ee2e handle a few corner cases
git-svn-id: file:///home/svn/framework3/trunk@13032 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 06:03:23 +00:00
Patrick Webster 5617d23635 Removed erroneous awstatstotals_multisort print_status.
git-svn-id: file:///home/svn/framework3/trunk@12715 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-25 10:45:36 +00:00
Patrick Webster 51ce0dba58 Added awstatstotals_multisort exploit module.
git-svn-id: file:///home/svn/framework3/trunk@12714 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-25 10:42:37 +00:00
James Lee 486c0556d0 don't leave unnecessary evil-looking logs
git-svn-id: file:///home/svn/framework3/trunk@12604 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-12 22:46:43 +00:00
David Rude a8b6c43636 reverting the disclosure dates for now need to clean up the patch
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 20:43:19 +00:00
David Rude 3b7ea08f6a Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:17:31 +00:00
Patrick Webster cacac970e1 Added privilege escalation to contentkeeperweb_mimencode exploit module.
git-svn-id: file:///home/svn/framework3/trunk@12265 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-07 11:02:48 +00:00
Joshua Drake d682069aec add cve-2010-4566 exploit from Erwin Paternotte
git-svn-id: file:///home/svn/framework3/trunk@11873 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-03 20:51:12 +00:00
HD Moore 2dbbdc18dd Explicitly yield to other threads after each request, reducing the chance that this module will eat all cycles.
git-svn-id: file:///home/svn/framework3/trunk@11857 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-02 05:03:20 +00:00
Joshua Drake b6b9b83dd7 add CVE reference
git-svn-id: file:///home/svn/framework3/trunk@11579 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-14 16:25:37 +00:00
Joshua Drake 287f4c87fe style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@11516 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 01:13:26 +00:00
Steve Tornio 860e29228b add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@11414 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-25 14:43:13 +00:00
HD Moore e7f3c63e1c Exploit for a recent Redmine command injection vulnerability, provided as a holiday gift by Joernchen of Phenoelit.
git-svn-id: file:///home/svn/framework3/trunk@11406 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-25 05:46:29 +00:00
Steve Tornio 3662fb4bc6 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@11389 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-21 19:16:18 +00:00
HD Moore 4708d5b159 Add coverage for the mitel audio web conferencing web interface command injection.
git-svn-id: file:///home/svn/framework3/trunk@11388 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-21 19:02:13 +00:00
Joshua Drake c46be9d387 better error for non-exim servers
git-svn-id: file:///home/svn/framework3/trunk@11352 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-16 17:30:24 +00:00
Joshua Drake 843b121ea1 fix typo
git-svn-id: file:///home/svn/framework3/trunk@11350 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-16 16:38:31 +00:00
Joshua Drake d69cff2b34 add bid reference
git-svn-id: file:///home/svn/framework3/trunk@11318 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-13 16:16:29 +00:00
Joshua Drake 573c639c85 remove debug prints
git-svn-id: file:///home/svn/framework3/trunk@11299 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 22:00:34 +00:00
Joshua Drake 7c6eadc24b check more responses, account for corner case in initial headers
git-svn-id: file:///home/svn/framework3/trunk@11298 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 21:58:25 +00:00
Joshua Drake ea4e8c29d3 add hdm to authors, minor cleanups
git-svn-id: file:///home/svn/framework3/trunk@11289 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 10:55:24 +00:00
HD Moore c1a3364ea9 Update the privileged flag
git-svn-id: file:///home/svn/framework3/trunk@11285 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 03:31:45 +00:00
HD Moore 8ad08ec535 Update the description/refs
git-svn-id: file:///home/svn/framework3/trunk@11284 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 03:31:04 +00:00
HD Moore 61e8ab1432 This module will now automatically gain root if Perl is installed
git-svn-id: file:///home/svn/framework3/trunk@11283 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 03:21:52 +00:00
Joshua Drake c1f37b3c8a minor adjustment to output printing
git-svn-id: file:///home/svn/framework3/trunk@11281 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 23:29:26 +00:00
Joshua Drake 5624c55599 add EHLO_NAME advanced option, remove debug print, fix version regex
git-svn-id: file:///home/svn/framework3/trunk@11280 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 22:51:05 +00:00
Joshua Drake b5d44d1684 handle hosts that reverse properly, whitespace
git-svn-id: file:///home/svn/framework3/trunk@11279 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 22:32:39 +00:00
HD Moore cc81d3bbc0 Automagic updates to jduck's exim module
git-svn-id: file:///home/svn/framework3/trunk@11278 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 22:17:47 +00:00
HD Moore a683f7b7d4 Automagic updates to jduck's exim module
git-svn-id: file:///home/svn/framework3/trunk@11277 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 22:16:34 +00:00
Steve Tornio d5fc9df054 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@11276 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 21:43:12 +00:00
Joshua Drake 5cc8407748 style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@11275 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 19:50:16 +00:00
Joshua Drake 9f5df90e60 add exploit for cve-2010-4344
git-svn-id: file:///home/svn/framework3/trunk@11274 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 19:34:23 +00:00
Joshua Drake add6955501 add disclosure date, fix parse error on 1.8.7
git-svn-id: file:///home/svn/framework3/trunk@11253 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-08 16:17:16 +00:00
Joshua Drake 9c1576b20e update the title
git-svn-id: file:///home/svn/framework3/trunk@11246 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 17:46:24 +00:00
Joshua Drake bbab0e3fd9 add cve-2008-6825 exploit from Larry Wert, fixes #3145
git-svn-id: file:///home/svn/framework3/trunk@11245 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 17:44:47 +00:00
Mario Ceballos 5dad5e2ee5 consistency
git-svn-id: file:///home/svn/framework3/trunk@11227 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-05 15:08:22 +00:00
Steve Tornio e93c196363 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@11214 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-03 12:34:38 +00:00
Mario Ceballos 50d6c9659a added coverage for the proftpd backdoor.
git-svn-id: file:///home/svn/framework3/trunk@11210 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-02 22:33:37 +00:00
Joshua Drake 26a9fe6fc7 add some missing CVE references
git-svn-id: file:///home/svn/framework3/trunk@11180 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 20:19:18 +00:00
Joshua Drake e9faf75503 fix some more titles with periods
git-svn-id: file:///home/svn/framework3/trunk@11127 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-24 19:35:38 +00:00
Steve Tornio eab8c24b8b add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@11074 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 20:43:56 +00:00
Joshua Drake b42a04a7aa add cakephp exploit from tdz
git-svn-id: file:///home/svn/framework3/trunk@11070 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 18:30:07 +00:00
Joshua Drake 3992eb7ef8 Mass RE-update: fix all framework URL references
git-svn-id: file:///home/svn/framework3/trunk@10998 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:43:22 +00:00
Joshua Drake 9fc6f2f3a3 Mass update: fix all framework URL references
git-svn-id: file:///home/svn/framework3/trunk@10996 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:25:13 +00:00
Joshua Drake e78aa83021 style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@10821 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-25 20:58:49 +00:00
Joshua Drake 672fc87055 fixed typo, thx rmkml
git-svn-id: file:///home/svn/framework3/trunk@10803 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-23 23:35:44 +00:00
Steve Tornio ddf8294beb add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@10783 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 12:09:10 +00:00
Joshua Drake 7a9fe2c4d7 add exploit module for cve-2010-3585
git-svn-id: file:///home/svn/framework3/trunk@10780 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 06:16:31 +00:00
Tod Beardsley 865b711b5c Fixes #2974. Adds an "Unknown" level to Exploit::CheckCode, fixes the URI check for exploit/unix/webapp/php_include (which was relying on Unknown).
git-svn-id: file:///home/svn/framework3/trunk@10694 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-15 12:24:17 +00:00
Joshua Drake 7e4f4b3791 silly whitespace tweak
git-svn-id: file:///home/svn/framework3/trunk@10642 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-11 19:30:57 +00:00
Joshua Drake 8230bb6edf update disclosure date
git-svn-id: file:///home/svn/framework3/trunk@10637 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-11 03:59:19 +00:00
HD Moore a3ad8f5061 Add a quick module for exploiting basic web cmd injection
git-svn-id: file:///home/svn/framework3/trunk@10624 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-09 21:32:19 +00:00
Joshua Drake ae04e34cf7 fix some non-full-namespace includes
git-svn-id: file:///home/svn/framework3/trunk@10617 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-09 06:55:52 +00:00
HD Moore c1f934dbb4 jduck the grammar checker strikes again (thanks!)
git-svn-id: file:///home/svn/framework3/trunk@10476 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-25 04:54:10 +00:00
HD Moore 25d18f1f1b Quit when we get an SSL exception
git-svn-id: file:///home/svn/framework3/trunk@10470 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-25 03:14:21 +00:00
HD Moore 048b21e3b9 Ensure that errors in the PHPInclude mixin lead to the service being stopped. Handle unreachable services in the php_include module better. Fix database-enabled tab completion to be workspace friendly
git-svn-id: file:///home/svn/framework3/trunk@10410 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 02:52:49 +00:00
Joshua Drake 4590844871 tons of indentation fixes, some other style tweaks
git-svn-id: file:///home/svn/framework3/trunk@10394 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 08:06:27 +00:00
Joshua Drake 330281eadd see #684, adds checksum support, updates modules to use it, fixes some wfs_delay/WfsDelay issues
git-svn-id: file:///home/svn/framework3/trunk@10150 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-25 20:55:37 +00:00
James Lee 34eb75af73 overhaul smtp to add support for authentication and STARTTLS. can now send email through a gmail account
git-svn-id: file:///home/svn/framework3/trunk@10148 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-25 20:31:46 +00:00
Joshua Drake f6033b9bd6 change some print_status to print_error, rename a few msft modules using msb convention
git-svn-id: file:///home/svn/framework3/trunk@9929 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-25 21:37:54 +00:00
HD Moore fb57dde60c Do not spew HTML to the screen
git-svn-id: file:///home/svn/framework3/trunk@9829 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-14 18:23:47 +00:00
Joshua Drake 663b863b6d http fingerprint checking update
git-svn-id: file:///home/svn/framework3/trunk@9719 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-07 17:38:59 +00:00
Joshua Drake a3d901a6b9 various minor fixes, some added fingerprinting
git-svn-id: file:///home/svn/framework3/trunk@9671 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 06:21:31 +00:00
Joshua Drake 7d945ed9dc add lots of disclosure dates from OSVDB
git-svn-id: file:///home/svn/framework3/trunk@9669 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 03:13:45 +00:00
Joshua Drake f6f954a18c add missing CVE/OSVDB references, plenty still missing *wink wink*
git-svn-id: file:///home/svn/framework3/trunk@9659 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-02 00:10:51 +00:00
Joshua Drake 0882838491 ensure binary mode when opening files, whitespace fixes
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 23:33:07 +00:00
James Lee 571aeb119c make this much less verbose.
git-svn-id: file:///home/svn/framework3/trunk@9634 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-28 23:42:50 +00:00
Joshua Drake 12fbdcd878 add http_fingerprint calls to modules that use various headers
git-svn-id: file:///home/svn/framework3/trunk@9627 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-25 20:53:12 +00:00
James Lee 73c680eeff reduce the timeout. it's annoying to have to wait 25 seconds for my shell
git-svn-id: file:///home/svn/framework3/trunk@9621 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-25 05:45:15 +00:00
James Lee e47f38365d make the description a little more descriptive.
git-svn-id: file:///home/svn/framework3/trunk@9611 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-24 18:34:37 +00:00
James Lee 43799f505b not a command execution anymore.
git-svn-id: file:///home/svn/framework3/trunk@9601 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-23 23:12:59 +00:00
James Lee 1f957891fb ARCH_CMD -> ARCH_PHP. tested with php/reverse_php and php/meterpreter[/_]reverse_tcp. see #2105
git-svn-id: file:///home/svn/framework3/trunk@9598 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-23 22:51:50 +00:00
Tod Beardsley 9d46383040 Fixes #2134. Subs select for sleep in exploit modules.
git-svn-id: file:///home/svn/framework3/trunk@9583 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-22 19:11:05 +00:00
Joshua Drake fa505a4069 various fixes, mostly consistency changes to disclosure dates
git-svn-id: file:///home/svn/framework3/trunk@9525 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-15 07:18:08 +00:00
Steve Tornio fcb05df3d8 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@9510 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-13 12:41:48 +00:00
HD Moore 843d632d55 Change the advisory link
git-svn-id: file:///home/svn/framework3/trunk@9504 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-12 19:33:42 +00:00
HD Moore cb9a3211ee Exploit for the UnrealIRCD backdoor
git-svn-id: file:///home/svn/framework3/trunk@9503 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-12 19:25:48 +00:00
James Lee ce8a9e9318 update space requirements
git-svn-id: file:///home/svn/framework3/trunk@9392 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-02 05:04:24 +00:00
Steve Tornio 365f13551b added refs. I think all the auxiliary and exploit modules should now be covered.
git-svn-id: file:///home/svn/framework3/trunk@9298 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-13 16:53:50 +00:00
Joshua Drake 7a32c8add2 add exploit for cve-2009-4098
git-svn-id: file:///home/svn/framework3/trunk@9247 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-08 03:07:51 +00:00
Joshua Drake 0e72894e58 more cleanups
git-svn-id: file:///home/svn/framework3/trunk@9212 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-03 17:13:09 +00:00