Commit Graph

2792 Commits (16d065adfcd6e2cce761a7d6d4d56b64cc167644)

Author SHA1 Message Date
sinn3r e989142d9d Merge branch 'freefloat' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-freefloat 2012-12-07 14:48:01 -06:00
sinn3r 78b4233b56 Final changes 2012-12-07 14:44:41 -06:00
jvazquez-r7 bae5442ca6 working... 2012-12-07 21:38:17 +01:00
sinn3r 3f1cfcc184 More changes 2012-12-07 13:47:07 -06:00
jvazquez-r7 1aaecbcf0c cleanup and user agent check 2012-12-07 20:38:08 +01:00
sinn3r a1336c7b5a Some more changes 2012-12-07 13:32:44 -06:00
sinn3r 403ac1dc37 I would do anything for a cake. 2012-12-07 13:15:27 -06:00
sinn3r 9838a2c75f This never works for us. Gonna ditch it. 2012-12-07 13:02:26 -06:00
jvazquez-r7 b0be8dc4df history exploit cleanup 2012-12-07 19:23:00 +01:00
sinn3r 38f2348c33 First changes 2012-12-07 11:27:09 -06:00
sinn3r a872362a65 Merge branch 'maxthon3' of git://github.com/malerisch/metasploit-framework into maxthon 2012-12-07 11:17:15 -06:00
James Lee 8812285678 Move print of my_target.name to after nil check
Avoids
  "Exception handling request: undefined method `name' for nil:NilClass"
when we don't have a target for the connecting browser.

[FixRM #7593]
2012-12-07 11:00:24 -06:00
sinn3r fafdcbaae1 Vuln discovered by Rich.
See: https://twitter.com/webstersprodigy/status/277087755073380353
2012-12-07 10:42:45 -06:00
sinn3r cddda9eab7 Merge branch 'master' into nullbind-mssql_linkcrawler 2012-12-06 23:51:06 -06:00
sinn3r 88c97cd2b5 Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler 2012-12-06 18:08:13 -06:00
sinn3r bf47eaaa41 Remove code that's commented out. Clearly not needed anymore. 2012-12-06 12:57:41 -06:00
sinn3r 0ea5c781c1 Tabs and spaces don't mix 2012-12-06 12:53:22 -06:00
jvazquez-r7 fd20998f40 using the primer callback as pointed by egypt 2012-12-06 18:59:46 +01:00
jvazquez-r7 8e21d9e235 fix source_address param 2012-12-06 18:34:22 +01:00
jvazquez-r7 fc8b08f10f trailing comma 2012-12-06 17:32:58 +01:00
jvazquez-r7 532afc2919 Added module for CVE-2009-0880 2012-12-06 16:43:07 +01:00
jvazquez-r7 6d3d4c1d84 Added support for FileDropper 2012-12-06 12:03:17 +01:00
sinn3r 18f4df0a38 Fix weird indent prob 2012-12-06 03:58:16 -06:00
sinn3r a90ed82413 Correct CVE format 2012-12-06 03:57:46 -06:00
sinn3r 2b96c4e2a5 Add Kingcope's MySQL 'Stuxnet' technique exploit
Because why not.  One more trick to a pentest + coverage = better.
2012-12-06 03:56:23 -06:00
malerisch 5e28563e4e Advisories URLs changed 2012-12-05 14:33:25 -08:00
jvazquez-r7 5548bebb16 embeding payload on the c# script 2012-12-04 17:44:55 +01:00
jvazquez-r7 3f3bdb8473 my editor... 2012-12-03 21:45:26 +01:00
jvazquez-r7 8a9ad4253a comment about the original discoverer updated 2012-12-03 21:44:35 +01:00
jvazquez-r7 2cb824d62d Added module for CVE-2012-5357 2012-12-03 20:12:02 +01:00
James Lee bc63ee9c46 Merge branch 'jvazquez-r7-file_dropper_support_local' into rapid7 2012-11-30 13:43:02 -06:00
sinn3r 9d52048d7f Forgot to remove this after badchar analysis 2012-11-30 02:17:08 -06:00
sinn3r 37f731fe7d Add OSVDB-80896 BlazeVideo HDTV Player Pro 6.6 Buffer Overflow 2012-11-30 02:14:22 -06:00
HD Moore 93a69ea62e Fix instances of invalid lower-case datastore use 2012-11-29 00:05:36 -06:00
Alexandre Maloteaux c0c3dff4e6 Several fixes for smb, mainly win 8 compatibility 2012-11-28 22:49:40 +01:00
jvazquez-r7 17518f035c support for local exploits on file_dropper 2012-11-28 22:17:27 +01:00
jvazquez-r7 85ed074674 Final cleanup on always_install_elevated 2012-11-28 21:50:08 +01:00
jvazquez-r7 fd1557b6d2 Merge branch 'msi_elevated' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-msi_elevated 2012-11-28 21:49:36 +01:00
Meatballs1 7fea0d4af6 Add initial auto run script 2012-11-28 16:38:31 +00:00
Meatballs1 a3fbf276f9 Reinstated cleanup 2012-11-28 11:23:08 +00:00
Meatballs1 b5b47152fc Changed to static msi filename 2012-11-28 11:21:02 +00:00
Meatballs1 76f7abe5b6 Little tidy up 2012-11-27 23:58:58 +00:00
Meatballs1 81c2182424 Msftidy 2012-11-27 23:33:07 +00:00
Meatballs1 9741d55724 Moved to agnostic post module commands 2012-11-27 23:26:19 +00:00
Meatballs1 6fe378b594 Minor changes to description 2012-11-27 20:56:52 +00:00
Meatballs1 d067b040a0 Minor changes to description 2012-11-27 20:55:36 +00:00
Meatballs1 7727f3d6e8 Msftidy 2012-11-27 18:31:54 +00:00
Meatballs1 889c8ac12d Add build instructions and removed binary 2012-11-27 18:18:20 +00:00
Meatballs1 bc9065ad42 Move MSI source and binary location 2012-11-27 18:12:49 +00:00
sinn3r b395f8f96d Only XP for target coverage 2012-11-27 10:48:20 -06:00
sinn3r 2e71fc740e No badchars, then no need to have the key 2012-11-27 10:46:20 -06:00
jvazquez-r7 8c53b275c6 Added module for cve-2012-3753 2012-11-27 12:10:00 +01:00
Tod Beardsley f1fedee63b EOL space, deleted 2012-11-26 14:19:40 -06:00
malerisch 6dfda6da37 Added Maxthon3 Cross Context Scripting (XCS) exploits for Win 2012-11-24 15:53:58 -08:00
sinn3r 89ddedf773 If no badchars, no need to specify. 2012-11-23 18:46:50 -06:00
jvazquez-r7 4c9b8d4567 targets updated 2012-11-23 18:48:59 +01:00
jvazquez-r7 52ff38ad8a add module for cve-2012-3752 2012-11-22 19:56:12 +01:00
Meatballs1 579126c777 Remove redundant sleep 2012-11-22 10:44:41 +00:00
Meatballs1 021e0f37e9 Cleanup s 2012-11-22 10:34:05 +00:00
Meatballs1 7936fce7cf Remove auto migrate - we probably dont want to migrate away from a SYSTEM process. 2012-11-22 10:29:58 +00:00
Meatballs1 128eafe22c Changed to Local Exploit 2012-11-22 10:26:23 +00:00
sinn3r 007dcd2dcb Module is good, except with a little grammar error 2012-11-21 10:30:28 -06:00
jvazquez-r7 04aae008ca fix to use pseudorandom exe name 2012-11-21 09:56:20 +01:00
jvazquez-r7 14cba22e64 changes requested by egypt 2012-11-21 09:46:22 +01:00
jvazquez-r7 99d32191c5 Added module for OSVDB 87334 2012-11-20 23:15:21 +01:00
Tod Beardsley 6b4c131cf5 Avoiding a future conflict with release 2012-11-20 13:24:19 -06:00
nullbind dc93bd7215 removed redundant file 2012-11-19 14:27:08 -06:00
sinn3r f784ea65af Merge branch 'master' into ms12-005_mod 2012-11-16 11:59:41 -06:00
sinn3r 8375bb8390 Merge branch 'bypassuac_admincheck' of git://github.com/mubix/metasploit-framework into mubix-bypassuac_admincheck 2012-11-16 11:29:09 -06:00
jvazquez-r7 e8fe6031e9 Let default timeout for send_request_cgi 2012-11-16 18:09:47 +01:00
jvazquez-r7 51f238ec38 up to date 2012-11-16 16:03:09 +01:00
David Maloney de016780b8 Rename the PAYLOAD_TYPE datastore option
This datastore option conflicts with a reserved option in Pro causing
this module to fail in Pro.
2012-11-15 14:42:31 -06:00
Rob Fuller e18acf2103 remove debugging code 2012-11-14 23:56:32 -05:00
Rob Fuller 7d41f1f9a0 add admin already and admin group checks 2012-11-14 23:54:01 -05:00
sinn3r 1546aa6a10 No need to repeat the default values 2012-11-13 18:38:17 -06:00
sinn3r 9054fafb15 Not sure why paths were repeated, but no more. 2012-11-13 18:32:32 -06:00
Chris John Riley f88ec5cbc8 Add normalize_uri to modules that may have
been missed by PULL 1045.

Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)

ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
jvazquez-r7 21693831ae Added module for ZDI-11-018 2012-11-08 17:32:42 +01:00
HD Moore 36066f8c78 Catch a few stragglers for double slash 2012-11-08 07:21:37 -06:00
HD Moore 4d2147f392 Adds normalize_uri() and fixes double-slash typos 2012-11-08 07:16:51 -06:00
David Maloney 208e706307 Module title fixes 2012-11-07 10:33:14 -06:00
James Lee 34bc92584b Refactor WindowsServices
* Pulls common code up from several methods into #open_sc_manager
* Deprecates the name Windows::WindowsServices in favor of
  Windows::Services. The platform is already clear from the namespace.
* Makes the post/test/services test module actually work

[See #1007]
[See #1012]
2012-11-06 17:30:04 -06:00
jvazquez-r7 9166d12179 Merge branch 'WinRM_piecemeal' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal 2012-11-05 23:08:59 +01:00
Tod Beardsley 70d53b4e2d Merge remote branch 'jvazquez-r7/emc_networker_format_string' 2012-11-05 16:03:56 -06:00
jvazquez-r7 77b1e9e648 added comment about ropdb 2012-11-05 23:02:23 +01:00
Tod Beardsley e385aad9e5 Merge remote branch 'jvazquez-r7/emc_networker_format_string' 2012-11-05 16:02:18 -06:00
David Maloney 9d5ab5a66f Stupid typing error 2012-11-05 15:41:47 -06:00
David Maloney 314026ed0e Some error checking and fixups 2012-11-05 13:29:57 -06:00
nullbind 0246e921c5 style, ref, desc, and author updates 2012-11-05 12:45:54 -06:00
David Maloney 7c141e11c4 Hopefully final touches
Some smftidy cleanup, and added a method to check that the payload is
the correct arch when using the powershell method
2012-11-05 10:06:57 -06:00
jvazquez-r7 04668c7d61 fix response codes check to avoid second tries to fail 2012-11-05 09:26:26 +01:00
David Maloney 25a6e983a1 Remove the older modules 2012-11-04 14:48:34 -06:00
David Maloney fca8208171 Some minor code cleanup 2012-11-04 14:45:15 -06:00
David Maloney f69ccc779f Unified smarter module 2012-11-04 13:14:02 -06:00
David Maloney c30ada5eac Adds temp vbs mod and tweaked decoder stub 2012-11-04 12:49:15 -06:00
jvazquez-r7 88c99161b4 added universal target 2012-11-03 18:52:07 +01:00
jvazquez-r7 b8eea1007f Added module for CVE-2012-2288 EMC Networker Format String 2012-11-03 18:17:12 +01:00
sinn3r d4fc99e40c Merge branch 'ms10_104_100_continue_support' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ms10_104_100_continue_support 2012-11-02 15:16:35 -05:00
David Maloney ffca972075 Opps mispalced line 2012-11-02 09:34:32 -05:00
David Maloney 355bdbfa39 Add check for propper powershell version 2012-11-02 09:33:28 -05:00
nullbind 9158497fb4 msftidy updates 2012-11-01 20:59:37 -05:00
nullbind 8bb95e9f17 msftidy updates 2012-11-01 20:56:52 -05:00
David Maloney f843740fcb more fixes 2012-11-01 11:59:18 -05:00
jvazquez-r7 22fbfb3601 cleanup 2012-11-01 17:38:04 +01:00
jvazquez-r7 e720769747 Added module for ZDI-12-171 2012-11-01 17:17:45 +01:00
David Maloney aeb837838f typo 2012-11-01 11:03:50 -05:00
David Maloney 84c8660c96 Fix targets to be more specific 2012-11-01 11:00:45 -05:00
David Maloney 0eccfaf1bb Add a disclosure date 2012-11-01 10:24:28 -05:00
David Maloney 59f5d9bc5d Man i'm rusty at writing for framework
Fixes up all sinn3r's findings so far
2012-11-01 08:37:21 -05:00
David Maloney 00b9fb3c90 Switc smart mgirate to post mod as it should be 2012-10-31 17:03:49 -05:00
David Maloney dd7ab11e38 Minor cleanup 2012-10-31 16:14:34 -05:00
David Maloney 86f6d59d2e Adding the winrm powershell exploit
also adds the smart_migrate meterp script for autorun purposes
2012-10-31 15:46:11 -05:00
jvazquez-r7 ef0f415c51 related to #980 adds support for HttpClient 2012-10-31 17:46:57 +01:00
jvazquez-r7 91e6b7cd28 added ie8 target 2012-10-31 11:57:38 +01:00
jvazquez-r7 a3358a471f Merge branch 'aladdin_bof' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-aladdin_bof 2012-10-31 11:57:20 +01:00
sinn3r ec8a2955e1 Add OSVDB-86723 Aladdin Knowledge System ChooseFilePath Bof 2012-10-31 03:32:43 -05:00
sagishahar 53c7479d70 Add Windows 8 support
Verified with Windows 8 Enterprise Evaluation
2012-10-29 20:12:47 +02:00
jvazquez-r7 0e3bc7d060 hp operations agent mods: fix use of pattern_create, use ropdb 2012-10-29 15:45:40 +01:00
sinn3r e9b9c96221 Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler 2012-10-28 18:10:17 -05:00
nullbind 5ce6526125 first official release 2012-10-28 13:49:32 -05:00
jvazquez-r7 19920b3275 update module titles for hp operation agent vulns 2012-10-28 02:38:39 +01:00
sinn3r 320a23286a Merge branch 'warnings' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-warnings 2012-10-27 18:52:34 -05:00
sinn3r 7db7f1bfdf Merge branch 'turboftp_update' of git://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-turboftp_update 2012-10-27 18:51:41 -05:00
sinn3r c015372ce0 Merge branch 'hp_operations_agent_coda_8c' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_operations_agent_coda_8c 2012-10-27 18:45:36 -05:00
jvazquez-r7 73deeacd7e deleted unnecessary http headers according to my tests 2012-10-28 00:52:52 +02:00
jvazquez-r7 b4b1b77a77 deleted unnecessary http headers according to my tests 2012-10-28 00:51:18 +02:00
jvazquez-r7 51bc806014 Added module for CVE-2012-2019 2012-10-27 22:45:37 +02:00
jvazquez-r7 bcb80431d6 Added module for CVE-2012-2020 2012-10-27 22:43:16 +02:00
corelanc0d3r b48e355a6d fixed typo and defined badchars 2012-10-24 20:04:54 +02:00
sinn3r ede5d0f46b This is meant to be a warning, so we use print_warning 2012-10-24 00:55:54 -05:00
sinn3r 799c22554e Warn user if a file/permission is being modified during new session 2012-10-24 00:54:17 -05:00
sinn3r f1423bf0b4 If a message is clearly a warning, then use print_warning 2012-10-24 00:44:53 -05:00
Tod Beardsley be9a954405 Merge remote branch 'jlee-r7/cleanup/post-requires' 2012-10-23 15:08:25 -05:00
Michael Schierl 910644400d References EDB cleanup
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
Michael Schierl 21f6127e29 Platform windows cleanup
Change all Platform 'windows' to 'win', as it internally is an alias
anyway and only causes unnecessary confusion to have two platform names
that mean the same.
2012-10-23 20:33:01 +02:00
James Lee 9c95c7992b Require's for all the include's 2012-10-23 13:24:05 -05:00
sinn3r 33ce74fe8c Merge branch 'msftidy-1' of git://github.com/schierlm/metasploit-framework into schierlm-msftidy-1 2012-10-23 02:10:56 -05:00
James Lee b2db3e133d Rescue when the service is crashed
Failed exploit attempts leave the service in a state where the port is
still open but login attmempts reset the connection. Rescue that and
give the user an indication of what's going on.
2012-10-22 17:57:30 -05:00
Rob Fuller 7437d9844b standardizing author info 2012-10-22 17:01:58 -04:00
Michael Schierl 5b18a34ad4 References cleanup
Uppercase MSB, spaces in URLs.
2012-10-22 22:37:01 +02:00
Michael Schierl f9ac55c221 Infohash key cleanups
Replace obvious typos in infohash keys. Note that this *does*
affect the behaviour as those keys have been ignored before.
2012-10-22 21:24:36 +02:00
Michael Schierl e9f7873afc Version cleanup
Remove all values that are neither 0 nor $Revision$.
2012-10-22 20:57:02 +02:00
Michael Schierl 657d527f8d DisclosureDate cleanup: Try parsing all dates
Fix all dates unparsable by `Date.strptime(value, '%b %d %Y')`
2012-10-22 20:04:21 +02:00
Michael Schierl 70ac7c8345 Author cleanup: fix unmatched angle brackets 2012-10-22 19:45:27 +02:00
sinn3r ad9946689e Update description 2012-10-21 16:40:01 -05:00
sinn3r 1821c11369 Code cleanup 2012-10-21 16:40:01 -05:00
sinn3r c404b72d08 Doesn't make a lot of sense setting DefaultTarget to an older one 2012-10-21 16:40:01 -05:00
lincoln@corelan.be c7d12d94b7 turboftp exploit 2012-10-21 16:40:00 -05:00
sput-nick 60dc83748c Update modules/exploits/windows/browser/mozilla_mchannel.rb 2012-10-17 12:25:44 -03:00
Tod Beardsley 9192a01803 All exploits need a disclosure date. 2012-10-15 16:29:12 -05:00