infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,172 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

647 Commits (176204d62d77838234c12a23de03bf5294bd6e7a)

Author SHA1 Message Date
sinn3r ea78e8309d Fix undefined method error 
[FixRM #8350]
 2013-08-21 00:35:36 -05:00
jvazquez-r7 586ae8ded3 Land #2249, @wchen-r7's patch for [SeeRM #8314] 2013-08-20 10:32:47 -05:00
jvazquez-r7 4790d8de50 Land #2256, @wchen-r7's patch for [FixRM #8316] 2013-08-19 23:23:57 -05:00
sinn3r 5366453031 [FixRM #8316] - Escape characters correctly 
dots need to be escaped
 2013-08-19 16:51:19 -05:00
sinn3r 7fc37231e0 Fix email format 
Correct email format
 2013-08-19 16:34:14 -05:00
sinn3r 17b5e57280 Typo 2013-08-19 15:32:19 -05:00
sinn3r fb5ded1472 [FixRM #8314] - Use OptPath instead of OptString 
These modules need to use OptPath to make sure the path is validated.
 2013-08-19 15:30:33 -05:00
jvazquez-r7 f42797fc5c Fix indentation 2013-08-16 14:19:37 -05:00
Tod Beardsley f7339f4f77 Cleanup various style issues 
* Unset default username and password
  * Register SSL as a DefaultOption instead of redefining it
  * Use the HttpClient mixin `ssl` instead of datastore.
  * Unless is better than if !
  * Try to store loot even if you can't cleanup the site ID.
 2013-08-16 14:03:59 -05:00
jvazquez-r7 dfa1310304 Commas in the author array 2013-08-16 13:54:46 -05:00
Tod Beardsley 24b8fb0d7b Whitespace retab, add rport 3780 as default 2013-08-16 13:31:05 -05:00
Tod Beardsley e436d31d23 Use SSL by defailt 2013-08-16 11:32:10 -05:00
Tod Beardsley 60a229c71a Use rhost and rport, not local host and port 2013-08-16 11:12:39 -05:00
Tod Beardsley 646d55b638 Description should be present tense 2013-08-16 11:06:34 -05:00
Tod Beardsley f0237f07d6 Correct author and references 2013-08-16 11:04:51 -05:00
Brandon Perry 46d6fb3b42 Add module for xxe 2013-08-16 10:51:05 -05:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff 
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
 2013-07-29 21:47:52 -05:00
jvazquez-r7 47c21dfe85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 11:42:11 -05:00
Tod Beardsley 147d432b1d Move from DLink to D-Link 2013-07-23 14:11:16 -05:00
jvazquez-r7 4367a9ae49 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-22 15:09:35 -05:00
jvazquez-r7 70900cfe5e Final cleanup for foreman_openstack_satellite_priv_esc 2013-07-22 14:59:23 -05:00
Ramon de C Valle b6c9fd4723 Add foreman_openstack_satellite_priv_esc.rb 
This module exploits a mass assignment vulnerability in the 'create'
action of 'users' controller of Foreman and Red Hat OpenStack/Satellite
(Foreman 1.2.0-RC1 and earlier) by creating an arbitrary administrator
account.
 2013-07-22 15:24:25 -03:00
jvazquez-r7 52079c960f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 12:52:42 -05:00
Tod Beardsley 3ac2ae6098 Disambiguate the module title from existing psexec 2013-07-17 17:11:56 -05:00
jvazquez-r7 7ab4d4dcc4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 17:34:29 -05:00
jvazquez-r7 5c265c99d2 Clean jboss_seam_exec @cmaruti's collab 2013-06-25 14:09:30 -05:00
Cristiano Maruti f78b4d8874 modified according to jvazquez-r7 feedback 2013-06-20 16:29:42 +02:00
Cristiano Maruti 4846a680db modified according to jvazquez-r7 feedback 2013-06-20 16:19:43 +02:00
Cristiano Maruti 8e64bf3d16 modified according to jvazquez-r7 feedback 2013-06-20 16:15:28 +02:00
Cristiano Maruti a5332e5ed2 Module was updated to support WebSphere AS running seam-2. 
msf auxiliary(jboss_seam_exec) > run

[*] Found right index at [0] - getRuntime
[*] Index [1]
[*] Index [2]
[*] Index [3]
[*] Index [4]
[*] Index [5]
[*] Found right index at [6] - exec
[*] Index [7]
[*] Index [8]
[*] Index [9]
[*] Index [10]
[*] Index [11]
[*] Index [12]
[*] Index [13]
[*] Index [14]
[*] Index [15]
[*] Index [16]
[*] Index [17]
[*] Index [18]
[*] Index [19]
[*] Index [20]
[*] Index [21]
[*] Index [22]
[*] Index [23]
[*] Index [24]
[*] Target appears VULNERABLE!
[*] Sending remote command:pwd
[*] Exploited successfully
[*] Auxiliary module execution completed
 2013-06-20 12:17:07 +02:00
jvazquez-r7 66ea59b03f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-28 15:22:46 -05:00
darknight007 6f2ddb3704 Update mssql_findandsampledata.rb 2013-05-25 11:33:57 +05:00
jvazquez-r7 011b0bb741 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-15 09:07:47 -05:00
jvazquez-r7 649a8829d3 Add modules for Mutiny vulnerabilities 2013-05-15 09:02:25 -05:00
jvazquez-r7 51a532e8b4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-12 17:39:58 -05:00
jvazquez-r7 feac292d85 Clean up for dlink_dsl320b_password_extractor 2013-05-12 17:35:59 -05:00
jvazquez-r7 ee46771de5 Land #1799, @m-1-k-3's auth bypass module for Dlink DSL320 2013-05-12 17:34:08 -05:00
m-1-k-3 e3582887cf OSVDB, Base64 2013-05-07 08:28:48 +02:00
m-1-k-3 0f2a3fc2d4 dsl320b authentication bypass - password extract 2013-05-06 14:31:47 +02:00
jvazquez-r7 7bf4aa317f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-25 10:31:51 -05:00
jvazquez-r7 b67fcd3219 Add OSVDB ref to sap_configservlet_exec_noauth 2013-04-25 08:13:32 -05:00
jvazquez-r7 96b66d3856 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-22 21:49:59 -05:00
jvazquez-r7 1529dff3f3 Do final cleanup for sap_configservlet_exec_noauth 2013-04-22 21:43:41 -05:00
jvazquez-r7 8c9715c2ed Land #1751, @andrewkabai's SAP Portal remote OS command exec 2013-04-22 21:41:53 -05:00
jvazquez-r7 5f5e772f7c Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-22 21:31:16 -05:00
Andras Kabai 79eb2ff62d add EDB ID to references 2013-04-22 18:37:28 +02:00
Andras Kabai 15b06c43aa sap_configservlet_exec_noauth auxiliary module 
the final module was moved from my master branch to here because of the
pull request needs
 2013-04-22 17:40:27 +02:00
Andras Kabai b4f1f3efbb remove aux module from master branch 2013-04-22 17:34:01 +02:00
Antoine 0115833724 SyntaxError fixes 2013-04-21 20:22:41 +00:00
Andras Kabai 49b055e5fd make msftidy happy 2013-04-20 00:26:04 +02:00
Andras Kabai e4d9c45ce9 remove unnecessary rank rating 2013-04-20 00:23:55 +02:00
Andras Kabai 763d1ac2f1 remove unnecessary option declaration 2013-04-19 21:42:28 +02:00
Andras Kabai 85932a2445 improve URI path and parameter handling 
switch from PATH to TARGETURI datastore;
use normalize_uri to build uri;
use query in send_request_cgi to to prepare query string (instead of
vars_get that escapes the necessary semicolons)
 2013-04-19 21:37:39 +02:00
Andras Kabai c52588f579 remove Scanner mixin 
remove Scanner mixin because this module is not a scanner modul
 2013-04-19 20:28:44 +02:00
Andras Kabai 8f76c436d6 SAP ConfigServlet OS Command Execution module 
This module allows execution of operating system commands throug the
SAP ConfigServlet without any authentication.
 2013-04-18 20:26:48 +02:00
jvazquez-r7 070fd399f2 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-31 20:23:08 +02:00
m-1-k-3 587170ae52 fixed author details - next try 2013-03-30 12:43:55 +01:00
m-1-k-3 1d6184cd63 fixed author details 2013-03-30 12:41:31 +01:00
jvazquez-r7 393d5d8bf5 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-25 19:09:42 +01:00
jvazquez-r7 fdd06c923a cleanup for dlink_dir_645_password_extractor 2013-03-25 18:04:12 +01:00
jvazquez-r7 a9a5a3f64f Merge branch 'dlink-dir645-password-extractor' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink-dir645-password-extractor 2013-03-25 18:02:51 +01:00
sinn3r 0d56da0511 Merge branch 'netgear-sph200d' of github.com:m-1-k-3/metasploit-framework into m-1-k-3-netgear-sph200d 2013-03-25 11:45:40 -05:00
jvazquez-r7 2d5a0d6916 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-25 17:08:23 +01:00
m-1-k-3 98ac6e8090 feedback included 2013-03-24 21:01:30 +01:00
m-1-k-3 d90de54891 reporting and feedback 2013-03-24 15:00:18 +01:00
m-1-k-3 9f8ec37060 store loot 2013-03-24 11:48:49 +01:00
m-1-k-3 71708c4bc3 dir 645 password extractor - initial commit 2013-03-24 11:44:24 +01:00
jvazquez-r7 49ac3ac1a3 cleanup for linksys_e1500_e2500_exec 2013-03-23 23:30:49 +01:00
jvazquez-r7 98be5d97b8 Merge branch 'linksys-e1500-e2500-exec' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys-e1500-e2500-exec 2013-03-23 23:30:14 +01:00
m-1-k-3 b2bf1df098 fixed encoding and set telnetd as default cmd 2013-03-23 22:56:15 +01:00
m-1-k-3 47d458a294 replacement of the netgear-sph200d module 2013-03-23 22:40:32 +01:00
jvazquez-r7 cb56b2de4b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-23 20:06:05 +01:00
m-1-k-3 270f64acc2 feedback included 2013-03-23 15:54:34 +01:00
sinn3r f22c18e026 Merge branch 'module-psexec_command-file_prefix' of github.com:kn0/metasploit-framework into kn0-module-psexec_command-file_prefix 2013-03-22 13:08:13 -05:00
m-1-k-3 dcd2aebdcd feedback included 2013-03-20 21:34:30 +01:00
jvazquez-r7 44f07cef19 Merge branch 'linksys-e1500-e2500-exec' of https://github.com/m-1-k-3/metasploit-framework 2013-03-20 00:47:31 +01:00
jvazquez-r7 80d218b284 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-19 19:55:51 +01:00
m-1-k-3 9fc0f9a927 initial commit 2013-03-19 17:31:01 +01:00
sinn3r 116f5b87f0 Merge branch 'axigen_file_access' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-axigen_file_access 2013-03-19 08:33:58 -05:00
jvazquez-r7 d3a78db77a Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-14 14:12:11 +01:00
jvazquez-r7 7403239de7 cleanup for psexec_ntdsgrab 2013-03-14 13:40:45 +01:00
Trenton Ivey 97023413cb Added advanced option for temp filenames prefix 2013-03-14 01:50:52 -05:00
Royce Davis abbb3b248d methods that use @ip now reference it directly instead of being passed in as paramaters 2013-03-13 19:35:53 -05:00
Royce Davis 462ffb78c1 Simplified copy_ntds & copy_sys check on line 91 2013-03-13 19:31:36 -05:00
Royce Davis 4e9af74763 All print statements now use #{peer} 2013-03-13 19:28:09 -05:00
Royce Davis edf2804bb5 Added simple.disconnect to end of cleanup_after method 2013-03-13 19:23:22 -05:00
Royce Davis 8eba71ebe2 Added simple.disconnect to end of download_sys_hive method 2013-03-13 19:20:58 -05:00
jvazquez-r7 e5f7c08d6f Added module for CVE-2012-4940 2013-03-13 11:52:54 +01:00
jvazquez-r7 91fbeda062 up to date 2013-03-12 17:04:27 +01:00
jvazquez-r7 6055438476 up to date 2013-03-12 17:04:27 +01:00
Royce Davis 9a970415bc Module uses store_loot now instead of logdir which has been removed 2013-03-11 20:05:23 -05:00
Royce Davis aa4cc11640 Removed Scanner class running as stand-alone single target module now 2013-03-11 13:39:47 -05:00
Royce Davis a96753e9df Added licensing stuff at the top 2013-03-10 20:07:04 -05:00
Royce Davis bf9a2e4f52 Fixed module to use psexec mixin 2013-03-10 15:15:50 -05:00
Royce Davis 907983db4a updating with r7-msf 2013-03-10 14:19:20 -05:00
James Lee 2160718250 Fix file header comment 
[See #1555]
 2013-03-07 17:53:19 -06:00
J.Townsend db1f4d7e1d added license info 2013-03-07 00:20:02 +00:00
J.Townsend e8c1899dc2 added license info 2013-03-07 00:18:32 +00:00
J.Townsend 3946cdf91e added license info 2013-03-07 00:17:55 +00:00
J.Townsend 1b493d0e4c added license info 2013-03-07 00:16:26 +00:00
J.Townsend 9e89d9608f added license info 2013-03-07 00:11:45 +00:00
J.Townsend 56639e7f15 added license info 2013-03-07 00:10:46 +00:00
Royce Davis 1d8c759a34 yeah 2013-03-06 16:01:36 -06:00
James Lee ca43900a7c Merge remote-tracking branch 'R3dy/psexec-mixin2' into rapid7 2013-03-05 16:34:11 -06:00
James Lee 27727df415 Merge branch 'R3dy-psexec-mixin2' into rapid7 2013-03-05 14:36:55 -06:00
David Maloney 4212c36566 Fix up basic auth madness 2013-03-01 11:59:02 -06:00
Royce Davis ac50c32d51 Tested, works on server 2k8 2013-02-20 10:02:50 -06:00
James Lee 4703278183 Move SMB mixins into their own directory 2013-02-19 12:55:06 -06:00
James Lee ede804e6af Make psexec mixin a bit better 
* Removes copy-pasted code from psexec_command module and uses the mixin
  instead

* Uses the SMB protocol to delete files rather than psexec'ing to call
  cmd.exe and del

* Replaces several instances of "rescue StandardError" with better
  exception handling so we don't accidentally swallow things like
  NoMethodError

* Moves file reading and existence checking into the Exploit::SMB mixin
 2013-02-19 12:33:19 -06:00
jvazquez-r7 ec5c8e3a88 Merge branch 'dlink-dir300-600-execution' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink-dir300-600-execution 2013-02-16 19:12:42 +01:00
Jeff Jarmoc c2f8e4adbd Minor - Note Rails 3.1.11 patch in Description. 2013-02-13 22:30:54 -06:00
jvazquez-r7 d1784babea little cleanup plus msftidy compliant 2013-02-13 20:24:49 +01:00
jvazquez-r7 0ae473b010 info updated with rails information 2013-02-13 09:52:17 +01:00
jvazquez-r7 f46eda2fa9 Merge branch 'rails_devise_pw_reset' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-rails_devise_pw_reset 2013-02-13 09:51:37 +01:00
jvazquez-r7 799beb5adc minor cleanup 2013-02-13 01:00:25 +01:00
Jeff Jarmoc 1d5d33f306 use normalize_uri() 2013-02-12 14:58:07 -06:00
Jeff Jarmoc c6a7a4e68d /URIPATH/TARGETURI/g 2013-02-12 14:50:10 -06:00
Jeff Jarmoc c7719bf4cb Verify response is non-nil. 2013-02-12 13:41:21 -06:00
Jeff Jarmoc 9e1f106a87 msftidy cleanup 2013-02-12 13:38:58 -06:00
jvazquez-r7 766257d26a pointed by @m-1-k-3 while working on #1472 2013-02-11 21:21:43 +01:00
Jeff Jarmoc 5f0a3c6b9e Removes pry, oops. 2013-02-11 14:02:46 -06:00
Jeff Jarmoc 753fa2c853 Handles error when TARGETEMAIL is invalid. 2013-02-11 13:58:56 -06:00
Jeff Jarmoc 61ffcedbfd Address HD's other comments, fixes mismatched var name in last commit. 2013-02-11 11:17:26 -06:00
Jeff Jarmoc e72dc47448 Uses REXML for encoding of password. 2013-02-11 11:12:29 -06:00
Jeff Jarmoc 43a1fbb6f2 Make msftiday happy. 2013-02-10 21:13:18 -06:00
Jeff Jarmoc 55cba56591 Aux module for joernchen's devise vuln - CVE-2013-0233 2013-02-10 21:10:00 -06:00
m-1-k-3 63c6791473 return 2013-02-09 11:17:02 +01:00
m-1-k-3 6cccf86a00 Merge branch 'master' of git://github.com/rapid7/metasploit-framework into dlink-dir300-600-execution 2013-02-09 11:09:56 +01:00
Tod Beardsley 5357e23675 Fixups to the Linksys module 
Professionalizes the description a little, but more importantly, handles
LANIP better, I think. Instead of faking a 1.1.1.1 address, just detect
if it's set or not in a method and return the right thing accordingly.

Please test this before landing, obviously. I think it's what's
intended.
 2013-02-06 12:46:50 -06:00
Tod Beardsley faeaa74a49 Msftidy whitespace 2013-02-06 11:06:13 -06:00
m-1-k-3 43f3bb4fe6 small updates 2013-02-05 13:54:10 +01:00
m-1-k-3 5ca0e45388 initial commit 2013-02-04 08:44:12 +01:00
jvazquez-r7 2bf2d4d8a4 Merge branch 'netgear_sph200d_traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-netgear_sph200d_traversal 2013-02-03 23:35:29 +01:00
jvazquez-r7 c24c926ffa add aditional check to detect valid device 2013-02-01 20:55:06 +01:00
jvazquez-r7 996ee06b0f fix another print_ call 2013-02-01 20:43:54 +01:00
jvazquez-r7 152f397a1f first module cleanup 2013-02-01 20:38:11 +01:00
m-1-k-3 988761a6de more updates, BID, Exploit-DB 2013-02-01 20:18:53 +01:00
m-1-k-3 fdd5fe77c1 more updates ... 2013-02-01 19:59:19 +01:00
m-1-k-3 0e22ee73b5 updates ... 2013-02-01 19:26:34 +01:00
sinn3r c174e6a208 Correctly use normalize_uri() 
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
 2013-01-30 23:23:41 -06:00
m-1-k-3 ea5e993bf3 initial 2013-01-29 22:02:29 +01:00
sinn3r 690ef85ac1 Fix trailing slash problem 
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.

Related to: [SeeRM: #7727]
 2013-01-28 13:19:31 -06:00
Brandon McCann 15253f23bf added RHOSTS funct 2013-01-24 15:29:35 -06:00
jvazquez-r7 1fc747994e cleanup for linksys_wrt54gl_exec 2013-01-24 17:50:14 +01:00
m-1-k-3 3a5e92ba6f hopefully all fixex included 2013-01-23 12:15:34 +01:00
Royce Davis c601ceba3c Fixed error deleting ntds and sys files 2013-01-22 09:42:49 -06:00
Royce Davis ed3b886b61 working with psexec mixin 2013-01-22 09:36:43 -06:00
m-1-k-3 11c13500be small fix 2013-01-21 13:41:42 +01:00
m-1-k-3 62ff52280a initial linksys OS command injection 2013-01-21 13:19:29 +01:00
lmercer a89db93891 psexec_command - Unable to execute specified command: can't convert nil into Integer 
Patched as described in Redmine bug #7680
 2013-01-14 15:54:40 -05:00