Commit Graph

654 Commits (1911d0cd1795ff500d61f918722f2863d0f8138c)

Author SHA1 Message Date
Michael Messner 8eb21ded97 clean up 2014-06-14 17:02:55 +02:00
Michael Messner a3ae177347 echo stager, arch_cmd, echo module 2014-06-13 11:42:47 +02:00
Michael Messner 894af92b22 echo stager, arch_cmd 2014-06-13 11:40:50 +02:00
Michael Messner 76ed9bcf86 hedwig.cgi - cookie bof - return to system 2014-05-30 17:49:37 +02:00
Michael Messner 1ddc2d4e87 hedwig.cgi - cookie bof - return to system 2014-05-30 17:32:49 +02:00
Christian Mehlmauer da0a9f66ea
Resolved all msftidy vars_get warnings 2014-05-25 19:29:39 +02:00
Michael Messner b85c0b7543 rop to system with telnetd 2014-05-23 20:51:25 +02:00
Christian Mehlmauer df4b832019
Resolved some more Set-Cookie warnings 2014-05-13 22:56:12 +02:00
jvazquez-r7 1483f02f83
Land #3306, @xistence's alienvault's exploit 2014-05-01 09:25:07 -05:00
jvazquez-r7 1b39712b73 Redo response check 2014-05-01 09:10:16 -05:00
jvazquez-r7 78cefae607 Use WfsDelay 2014-05-01 09:07:26 -05:00
xistence 5db24b8351 Fixes/Stability AlienVault module 2014-05-01 14:53:55 +07:00
xistence c12d72b58c Changes to alienvault module 2014-05-01 10:39:11 +07:00
xistence 9bcf5eadb7 Changes to alienvault module 2014-05-01 10:10:15 +07:00
jvazquez-r7 9a1b216fdb Move module to new location 2014-04-28 11:55:26 -05:00
jvazquez-r7 fe066ae944
Land #3207, @7a69 MIPS BE support for Fritz Box's exploit 2014-04-09 23:20:45 -05:00
jvazquez-r7 fdda69d434 Align things 2014-04-09 23:19:41 -05:00
jvazquez-r7 386e2e3d29 Do final / minor cleanup 2014-04-09 23:19:12 -05:00
sinn3r eb9d3520be
Land #3208 - Sophos Web Protection Appliance Interface Authenticated Exec 2014-04-09 11:30:59 -05:00
Brandon Perry 8428b37e59 move file to .rb ext 2014-04-09 05:17:14 -07:00
Brandon Perry 82c9b539ac Fix disclosure date, earlier than I thought 2014-04-08 21:43:49 -05:00
Brandon Perry 3013704c75 Create sophos_wpa_iface_exec
This module exploits both bugs in http://www.zerodayinitiative.com/advisories/ZDI-14-069/
2014-04-08 21:21:43 -05:00
Fabian Bräunlein 8dce80fd30 Added Big Endianess, improved check()-Function
Some Fritz!Box devices also run in Big Endianess mode. However, since
"uname -a" always returns "mips" and the "file"-command is not
available, autodetection is not an easy task.

The check()-function now checks, whether the device is really
vulnerable.

Furthemore, it's possible to send 92 bytes.
2014-04-08 21:32:36 +02:00
jvazquez-r7 fb1318b91c
Land #3193, @m-1-k-3's exploit for the Fritzbox RCE vuln 2014-04-07 16:13:31 -05:00
jvazquez-r7 ceaa99e64e Minor final cleanup 2014-04-07 16:12:54 -05:00
Michael Messner b1a6b28af9 fixed disclosure date 2014-04-07 19:29:37 +02:00
Michael Messner 003310f18a feedback included 2014-04-07 19:25:26 +02:00
Tod Beardsley 7572d6612e
Spelling and grammar on new release modules 2014-04-07 12:18:13 -05:00
Michael Messner 85de6ed0c9 feedback included 2014-04-07 18:20:15 +02:00
Michael Messner 11bbb7f429 fritzbox echo exploit 2014-04-07 09:12:22 +02:00
jvazquez-r7 6d72860d58
Land #3004, @m-1-k-3's linksys moon exploit 2014-04-04 14:04:48 -05:00
jvazquez-r7 0ae75860ea Code clean up 2014-04-04 14:02:12 -05:00
Tod Beardsley ffdca3bf42
Fixup on some modules for release
There may be more coming, but if not, this should cover
this week's minor style changes.
2014-03-31 12:42:19 -05:00
Michael Messner 4319885420 we do not need pieces ... 2014-03-26 20:45:30 +01:00
sinn3r 0c3a535434
Land #3133 - LifeSize UVC Authenticated RCE via Ping 2014-03-24 21:16:10 -05:00
sinn3r 53b25c8c93 Fix header & author e-mail format 2014-03-24 21:15:27 -05:00
Brandon Perry d2a9a26bc8 real fix for sinn3r bug 2014-03-24 18:40:48 -05:00
Brandon Perry ec35f4b13f some bugs for sinn3r 2014-03-24 18:17:50 -05:00
Brandon Perry d6f397ab6d whoops that isn't how you EDB 2014-03-22 11:48:41 -05:00
Brandon Perry 291692d6e0 Update lifesize_uvc_ping_rce.rb 2014-03-22 11:30:00 -05:00
Brandon Perry 67a3a7227b Create lifesize_uvc_ping_rce.rb 2014-03-21 21:33:12 -05:00
William Vu 170608e97b Fix first chunk of msftidy "bad char" errors
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
James Lee d1ea74c5fa
Make the password hash stand out as more important 2014-03-04 15:08:47 -06:00
James Lee 9a403bf630 Also extract admin hash if password auth failed 2014-03-04 14:55:47 -06:00
James Lee 423477bc52 auth_succeeded? is a better name for this method 2014-03-04 14:55:47 -06:00
James Lee 917b09086b Pull the copy-pasted verification into a method 2014-03-04 14:55:47 -06:00
James Lee 4cfda88bad Pull the copy-pasted sqli into a method 2014-03-04 14:55:47 -06:00
Michael Messner 15345da9d8 remove the wget module, remove the cmd stuff, testing bind stuff ahead 2014-02-28 22:44:26 +01:00
Michael Messner 2935f4f562 CMD target 2014-02-24 18:12:23 +01:00
Michael Messner 0126e3fcc8 cleanup 2014-02-23 21:17:32 +01:00
Michael Messner dbbd080fc1 a first try of the cmd stager, wget in a seperated module included 2014-02-23 20:59:17 +01:00
Michael Messner 3a8de6e124 replaced rhost by peer 2014-02-18 21:01:50 +01:00
Michael Messner 66e2148197 linksys themoon command execution exploit 2014-02-18 19:43:47 +01:00
Michael Messner 4dda7e6bad linksys themoon command execution exploit 2014-02-18 19:42:50 +01:00
pyoor faae51f39e Implemented @jlee-r7 requested changes 2014-02-17 10:13:18 -05:00
pyoor ca15d2d8e7 Added Pandora FMS RCE and SQLi module 2014-02-12 12:02:33 -05:00
jvazquez-r7 79d559a0c9 Fix MIME message to_s 2014-02-10 22:23:23 -06:00
Tod Beardsley 1236a4eb07
Fixup on description and some option descrips 2014-02-10 14:41:59 -06:00
sinn3r c96116b193
Land #2949 - Add module Kloxo SQLi 2014-02-08 13:45:11 -06:00
jvazquez-r7 c679b1001b Make pring_warning verbose 2014-02-07 10:23:07 -06:00
James Lee 4236abe282
Better SIGHUP handling 2014-02-06 15:21:54 -06:00
jvazquez-r7 fdb954fdfb Report credentials 2014-02-05 14:37:33 -06:00
jvazquez-r7 631559a2e8 Add module for Kloco SQLi 2014-02-05 14:18:56 -06:00
xistence 50f860757b Changes made to pandora_fms_exec module as requested 2014-02-03 14:10:27 +07:00
xistence 9a929e75e4 Added Pandora FMS RCE 2014-01-29 12:46:23 +07:00
sinn3r a7fa4e312b This module fails to load due to the missing end 2014-01-24 17:56:47 -06:00
sinn3r cdc425e4eb Update some checks 2014-01-24 12:08:23 -06:00
sinn3r 0a10c1297c Address nil 2014-01-23 11:00:28 -06:00
sinn3r 333229ea7e Throw Unknown if connection times out 2014-01-23 10:54:45 -06:00
sinn3r c83053ba9b Progress 2014-01-22 11:20:10 -06:00
sinn3r 646f7835a3 Saving progress 2014-01-21 17:14:55 -06:00
jvazquez-r7 590547ebc7 Modify title to avoid versions 2014-01-07 13:01:10 -06:00
Joe Vennix c34af35230 Add wrt100 to the description and title.
* The wrt110 and wrt100 share the same firmware, and are both vulnerable to this
bug.
2014-01-07 10:26:15 -06:00
jvazquez-r7 7f9f4ba4db Make gsubs compliant with the new indentation standard 2013-12-31 11:06:53 -06:00
Tod Beardsley 5ce862a5b5
Add OSVDB 2013-12-26 10:33:46 -06:00
jvazquez-r7 163a54f8b1 Do send_request_cgi final clean up 2013-12-20 17:00:57 -06:00
jvazquez-r7 af13334c84 Revert gsub! 2013-12-20 11:39:49 -06:00
jvazquez-r7 1da961343a Do final (minor) cleanup 2013-12-20 11:20:29 -06:00
Markus Wulftange 929f3ea35c Turn Auxiliary module into Exploit module 2013-12-20 16:45:38 +01:00
jvazquez-r7 ec64382efc Fix cfme_manageiq_evm_upload_exec according to chat with @rcvalle 2013-12-18 11:53:30 -06:00
jvazquez-r7 a28ea18798 Clean pull request 2013-12-18 11:32:34 -06:00
Ramon de C Valle 21661b168b Add cfme_manageiq_evm_upload_exec.rb
This module exploits a path traversal vulnerability in the "linuxpkgs"
action of "agent" controller of the Red Hat CloudForms Management Engine
5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier).
2013-12-09 16:18:12 -02:00
sinn3r bf3489203a I missed this one 2013-12-03 13:13:14 -06:00
sinn3r 230db6451b Remove @peer for modules that use HttpClient
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
Tod Beardsley 55847ce074
Fixup for release
Notably, adds a description for the module landed in #2709.
2013-12-02 16:19:05 -06:00
sinn3r fc14a6c149
Land #2576 - NETGEAR ReadyNAS Perl Code Evaluation Vulnerability 2013-11-24 00:47:14 -06:00
Tod Beardsley 36db6a4d59
Land #2616, SuperMicro close_window BOF 2013-11-15 11:34:53 -06:00
Tod Beardsley 2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints

[SeeRM #8498]
2013-11-11 21:23:35 -06:00
jvazquez-r7 40f8e80775 Fix jlee-r7's feedback 2013-11-08 14:28:19 -06:00
jvazquez-r7 b7e360922d Update ranking 2013-11-07 15:10:26 -06:00
jvazquez-r7 decf6ff6a0 Add module for CVE-2013-3623 2013-11-07 14:59:40 -06:00
jvazquez-r7 c92e8ff98d Delete extra space 2013-10-30 19:34:54 -05:00
Tod Beardsley 9045eb06b0
Various title and description updates 2013-10-28 14:00:19 -05:00
jvazquez-r7 dd094eee04 Use 443 by default with SSL 2013-10-24 16:30:26 -05:00
jvazquez-r7 72f686d99a Add module for CVE-2013-2751 2013-10-24 16:10:32 -05:00
William Vu 2aed8a3aea Update modules to use new ZDI reference 2013-10-21 15:13:46 -05:00
sinn3r cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow 2013-10-21 12:03:07 -05:00
sinn3r 9bfd98b001 Change plate 2013-10-21 11:54:42 -05:00
jvazquez-r7 7dd39ae5e6 Update ranking 2013-10-17 22:43:47 -05:00
jvazquez-r7 a00a813649 Add real device libraries base addresses 2013-10-17 22:34:54 -05:00
jvazquez-r7 3d3a7b3818 Add support for OSVDB 86824 2013-10-17 01:08:01 -05:00
Tod Beardsley ba2c52c5de
Fixed up some more weird splat formatting. 2013-10-16 16:25:48 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat
[SeeRM #8496]
2013-10-15 13:51:57 -05:00
Tod Beardsley 63e40f9fba
Release time fixes to modules
* Period at the end of a description.
  * Methods shouldn't be meth_name! unless the method is destructive.
  * "Setup" is a noun, "set up" is a verb.
  * Use the clunky post module naming convention.
2013-10-14 15:17:39 -05:00
jvazquez-r7 a6f17c3ba0 Clean zabbix_sqli 2013-10-14 14:01:58 -05:00
pyoor 171b70fa7c Zabbix v2.0.8 SQLi and RCE Module
Conflicts:
	modules/exploits/linux/http/zabbix_sqli.rb

Commit completed version of zabbix_sqli.rb
2013-10-10 22:50:02 -04:00
joev 4ba001d6dd Put my short name to prevent conflicts. 2013-10-07 14:10:47 -05:00
joev ec6516d87c Deprecate misnamed module.
* Renames to a linux linksys module.
2013-10-07 14:06:13 -05:00
Tod Beardsley fcba424308
Kill off EOL spaces on astium_sqli_upload. 2013-10-03 11:01:27 -05:00
jvazquez-r7 813bd2c9a5
Land #2379, @xistence's exploit for OSVDB 88860 2013-09-26 13:52:15 -05:00
xistence c2ff5accee stability fixes to astium_sqli_upload 2013-09-26 10:23:33 +07:00
Tod Beardsley c547e84fa7 Prefer Ruby style for single word collections
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.

This change converts all Payloads to this format if there is more than
one payload to choose from.

It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.

See:
  https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
Tod Beardsley 4bff8f2cdc Update descriptions for clarity. 2013-09-23 13:48:23 -05:00
jvazquez-r7 1fc849bdd5 Land #2188, @m-1-k-3's module for OSVDB 90221 2013-09-23 11:44:43 -05:00
jvazquez-r7 71d74655f9 Modify description 2013-09-23 11:44:04 -05:00
sinn3r 0eb838156b Land #2390 - Use payload.encoded because BadChars are defined 2013-09-19 22:10:55 -05:00
jvazquez-r7 1a00cce8a9 Clean up 2013-09-19 11:51:07 -05:00
jvazquez-r7 926ddf35bc Fix possible collisions on binding port and handle rex socket 2013-09-19 08:23:25 -05:00
jvazquez-r7 accad24f31 Use payload.encoded because BadChars are defined 2013-09-18 13:03:35 -05:00
jvazquez-r7 61ab0e245c Add Context to rex sockets plus track them with add_socket 2013-09-18 12:39:08 -05:00
jvazquez-r7 1988085a94 Fix possible port conflict 2013-09-18 12:24:36 -05:00
xistence adc1bd9c65 changes made to astium_sqli_upload based on suggestions 2013-09-18 16:52:31 +07:00
xistence 82aa3f97b0 added Astium confweb 25399 RCE 2013-09-17 12:32:10 +07:00
Tod Beardsley b4b7cecaf4 Various minor desc fixes, also killed some tabs. 2013-09-16 15:50:00 -05:00
Tod Beardsley f89af79223 Correct OSVDB for sophos sblistpack exploit 2013-09-16 15:41:50 -05:00
jvazquez-r7 c18c41d8ea Don't hidde exceptions 2013-09-16 09:26:13 -05:00
jvazquez-r7 86e5163cad Fix Indentation and cleanup 2013-09-16 09:19:26 -05:00
jvazquez-r7 62cf9cb07c Retab changes for PR #2188 2013-09-16 09:09:16 -05:00
jvazquez-r7 842dba20b9 Merge for retab 2013-09-16 09:08:36 -05:00
sinn3r ac90cd1263 Land #2248 - Fix dlink upnp exec noauth 2013-09-12 15:10:20 -05:00
jvazquez-r7 c3ff9a03d8 Add module for CVE-2013-4983 2013-09-09 23:26:10 -05:00
Tab Assassin f780a41f87 Retab changes for PR #2248 2013-09-05 14:12:24 -05:00
Tab Assassin 554d1868ce Merge for retab 2013-09-05 14:12:18 -05:00
Tab Assassin 84aaf2334a Retab new material 2013-09-03 11:47:26 -05:00
Tab Assassin 0c1e6546af Update from master 2013-09-03 11:45:39 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
jvazquez-r7 0bfc12ada1 Fix the way to get a session over a telnet connection 2013-08-27 11:38:49 -05:00
jvazquez-r7 7b555679e6 Really delete the telnet target 2013-08-19 15:06:47 -05:00
jvazquez-r7 d64c8748e8 Fix descriptions and names 2013-08-19 15:05:27 -05:00
jvazquez-r7 232289d500 Add new module to exploit to through telnet dlink_upnp_exec_noauth 2013-08-19 15:01:29 -05:00
jvazquez-r7 846925e3ba Delete telnet target from dlink_upnp_exec_noauth 2013-08-19 14:56:12 -05:00
m-1-k-3 c902b0ea4b removed user and pass option 2013-08-19 18:07:11 +02:00
m-1-k-3 5fc806e3e0 little fixes 2013-08-18 16:18:27 +02:00
m-1-k-3 9ae977ec80 Merge branch 'raidsonic_telnet' of https://github.com/jvazquez-r7/metasploit-framework into raidsonic-ib5220-exec
Conflicts:
	modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb
2013-08-18 15:56:39 +02:00
sinn3r 462ccc3d36 Missed these little devils 2013-08-15 16:50:13 -05:00
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
jvazquez-r7 7a8bafd82c Beautify 2013-08-14 13:50:08 -05:00
jvazquez-r7 90aec6cff5 Fix telnet negotiation for the raidsonic case 2013-08-14 13:38:51 -05:00
jvazquez-r7 178a7b0dbb Fix author's email format 2013-08-14 11:56:47 -05:00
jvazquez-r7 2a4b8e4a64 Add useful comment 2013-08-14 11:49:32 -05:00
jvazquez-r7 e6c36864c4 Fix telnet related stuff 2013-08-14 11:47:57 -05:00
m-1-k-3 6b87240323 thx to juan ... session stuff looks better 2013-08-14 16:51:09 +02:00
sinn3r 5436ec7dd3 Title change for dlink_dir300_exec_telnet
Title change for dlink_dir300_exec_telnet. Also correct the email
format.
2013-08-09 15:41:50 -05:00
jvazquez-r7 74eeacf9f2 Fix regex 2013-08-08 08:40:45 -05:00
jvazquez-r7 821673c4d2 Try to fix a little description 2013-08-07 10:26:39 -05:00
jvazquez-r7 33ac0c5c3f Make exploit more print friendly 2013-08-07 10:21:14 -05:00
jvazquez-r7 32436973e4 Land #2192, @m-1-k-3's exploit for OSVDB-89861 2013-08-07 10:16:49 -05:00
jvazquez-r7 ae685ac41d Beautify description 2013-08-07 09:52:29 -05:00
jvazquez-r7 afb8a95f0a Land #2179, @m-1-k-3's exploit for OSVDB-92698 2013-08-07 09:00:41 -05:00
m-1-k-3 885417c9d9 removing config file from target 2013-08-06 15:11:54 +02:00
m-1-k-3 dd35495fb8 dir 300 and 600 auxiliary module replacement 2013-08-05 22:28:59 +02:00
m-1-k-3 786f16fc91 feedback included 2013-08-05 21:55:30 +02:00
m-1-k-3 2efc2a79bf fail with 2013-08-05 21:41:28 +02:00
Tod Beardsley e7206af5b5 OSVDB and comment doc fixes 2013-08-05 09:08:17 -05:00
m-1-k-3 34134b2e11 feedback included 2013-08-04 14:45:55 +02:00
m-1-k-3 b8ed364cb8 telnet user working 2013-08-03 15:07:10 +02:00
m-1-k-3 62e3c01190 raidsonic nas - command execution 2013-08-02 21:04:19 +02:00
m-1-k-3 a19afd163a feedback included 2013-08-02 17:30:39 +02:00
m-1-k-3 15906b76db dir300 and 615 command injection 2013-07-31 14:36:51 +02:00
m-1-k-3 6b514bb44a dir300 and 615 command injection telnet session 2013-07-31 14:34:03 +02:00
sinn3r 5efcbbd474 Land #2167 - PineApp Mail-SeCure livelog.html Exec 2013-07-29 13:18:18 -05:00
sinn3r 7967426db1 Land #2166 - PineApp Mail-SeCure ldapsyncnow.php EXEC 2013-07-29 13:16:42 -05:00
jvazquez-r7 a1d9ed300e Add module for ZDI-13-184 2013-07-28 09:57:41 -05:00
jvazquez-r7 f4e35b62ac Add module for ZDI-13-185 2013-07-27 12:12:06 -05:00
jvazquez-r7 fab9d33092 Fix disclosure date 2013-07-27 12:10:21 -05:00
jvazquez-r7 ac7bb1b07f Add module for ZDI-13-188 2013-07-27 03:25:39 -05:00
Tod Beardsley 147d432b1d Move from DLink to D-Link 2013-07-23 14:11:16 -05:00
jvazquez-r7 af1bd01b62 Change datastore options names for consistency 2013-07-22 16:57:32 -05:00
Tod Beardsley 5e55c506cd Land #2140, add CWS as a first-class reference. 2013-07-22 13:50:38 -05:00
Tod Beardsley 164153f1e6 Minor updates to titles and descriptions 2013-07-22 13:04:54 -05:00
jvazquez-r7 77e8250349 Add support for CWE 2013-07-22 12:13:56 -05:00
jvazquez-r7 6158415bd3 Clean CWE reference, will ad in new pr 2013-07-22 12:03:55 -05:00
jvazquez-r7 da4fda6cb1 Land #2110, @rcvalle's exploit for Foreman Ruby Injection 2013-07-22 12:02:43 -05:00
Ramon de C Valle 04e9398ddd Fix CSRF regular expressions as per review 2013-07-22 13:10:56 -03:00
jvazquez-r7 de6e2ef6f4 Final cleanup for dlink_upnp_exec_noauth 2013-07-22 10:53:09 -05:00
jvazquez-r7 c1c72dea38 Land @2127, @m-1-k-3's exploit for DLink UPNP SOAP Injection 2013-07-22 10:52:13 -05:00
Ramon de C Valle 11ef4263a4 Remove call to handler as per review 2013-07-22 12:49:42 -03:00
jvazquez-r7 4beea52449 Use instance variables 2013-07-19 14:46:17 -05:00
Ramon de C Valle 6761f95892 Change print_error/ret to fail_with as per review 2013-07-19 12:19:29 -03:00
m-1-k-3 e93eef4534 fixing server header check 2013-07-19 08:00:02 +02:00
m-1-k-3 f26b60a082 functions and some tweaking 2013-07-19 07:57:27 +02:00
jvazquez-r7 a1a6aac229 Delete debug code from mutiny_frontend_upload 2013-07-18 14:03:19 -05:00
Ramon de C Valle 8fd6dd50de Check session and CSRF variables as per review 2013-07-16 14:30:55 -03:00
Ramon de C Valle dc51c8a3a6 Change URIPATH option to TARGETURI as per review 2013-07-16 14:27:47 -03:00
Ramon de C Valle 3dbe8fab2c Add foreman_openstack_satellite_code_exec.rb
This module exploits a code injection vulnerability in the 'create'
action of 'bookmarks' controller of Foreman and Red Hat
OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
2013-07-16 12:07:31 -03:00
m-1-k-3 f594c4b128 small cleanup 2013-07-15 08:48:18 +02:00
m-1-k-3 393c1b2a99 session stuff 2013-07-15 07:57:30 +02:00
m-1-k-3 a6b48f3082 HTTP GET 2013-07-14 19:02:53 +02:00
m-1-k-3 9f65264af4 make msftidy happy 2013-07-14 15:45:14 +02:00
m-1-k-3 47ca4fd48f session now working 2013-07-14 15:42:41 +02:00
m-1-k-3 9133dbac4a some feedback included and some playing 2013-07-14 14:14:06 +02:00
m-1-k-3 49c70911be dlink upnp command injection 2013-07-09 13:24:12 +02:00
sinn3r 4df943d1a2 CVE and OSVDB update 2013-06-25 02:06:20 -05:00
James Lee 81b4efcdb8 Fix requires for PhpEXE
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
Steve Tornio 4d26299de3 add osvdb ref 93881 and edb ref 21191 2013-06-05 18:57:33 -05:00
sinn3r c705928052 Landing #1899 - Add OSVDB ref 85462 for esva_exec.rb 2013-06-03 10:40:31 -05:00
Steve Tornio 76faba60b7 add osvdb ref 85462 2013-06-03 06:16:43 -05:00
Steve Tornio e612a3d017 add osvdb ref 77183 2013-06-03 05:42:56 -05:00
sinn3r e74c1d957f Landing #1897 - Add OSVDB ref 93444 for mutiny_frontend_upload.rb 2013-06-03 02:15:35 -05:00
Steve Tornio c2c630c338 add osvdb ref 93444 2013-06-02 21:03:44 -05:00
Steve Tornio bc993b76fc add osvdb ref 82925 2013-06-02 20:43:16 -05:00
Tod Beardsley e7a1f06fbc Modules shouldn't be +x 2013-05-29 15:11:35 -05:00
Tod Beardsley 75d6c8079a Spelling, whitespace
Please be sure to run msftidy.rb on new modules. Thanks!
2013-05-28 10:03:37 -05:00
jvazquez-r7 bfcd86022d Add code cleanup for nginx_chunked_size. 2013-05-22 14:37:42 -05:00
LinuxGeek247 81b690ae4b Initial check in of nginx module 2013-05-22 13:52:00 -04:00
jvazquez-r7 94bc3bf8eb Fix msftidy warning 2013-05-20 10:35:59 -05:00
jvazquez-r7 395aac90c2 Do minor cleanup for linksys_wrt160nv2_apply_exec 2013-05-20 10:34:39 -05:00
jvazquez-r7 08b2c9db1e Land #1801, @m-1-k-3's linksys wrt160n exploit 2013-05-20 10:33:44 -05:00
m-1-k-3 1a904ccf7d tftp download 2013-05-19 20:37:46 +02:00
jvazquez-r7 dfa19cb46d Do minor cleanup for dlink_dir615_up_exec 2013-05-19 12:43:01 -05:00
jvazquez-r7 348705ad46 Land #1800, @m-1-k-3's exploit for DLINK DIR615 2013-05-19 12:42:02 -05:00
m-1-k-3 f3a2859bed removed user,pass in request 2013-05-19 18:50:12 +02:00
m-1-k-3 aee5b02f65 tftp download check 2013-05-19 18:45:01 +02:00
m-1-k-3 4816925f83 feeback included 2013-05-19 16:19:45 +02:00
jvazquez-r7 649a8829d3 Add modules for Mutiny vulnerabilities 2013-05-15 09:02:25 -05:00
m-1-k-3 981cc891bc description 2013-05-12 20:07:32 +02:00
m-1-k-3 09bf23f4d6 linksys wrt160n tftp download module 2013-05-06 16:18:15 +02:00
m-1-k-3 22d850533a dir615 down and exec exploit 2013-05-06 15:33:45 +02:00
Tod Beardsley 60e0cfb17b Trivial description cleanup 2013-04-29 14:11:20 -05:00
jvazquez-r7 2b4144f20f Add module for US-CERT-VU 345260 2013-04-24 10:47:16 -05:00
Antoine 0115833724 SyntaxError fixes 2013-04-21 20:22:41 +00:00
jvazquez-r7 19a158dce9 Do final cleanup for netgear_dgn2200b_pppoe_exec 2013-04-19 15:50:23 -05:00
jvazquez-r7 c1819e6ecc Land #1700, @m-1-k-3's exploit for Netgear DGN2200B 2013-04-19 15:49:30 -05:00
m-1-k-3 2713991c64 timeout and HTTP_Delay 2013-04-17 20:25:59 +02:00
m-1-k-3 59045f97fb more testing, reworking of config restore, rework of execution 2013-04-17 18:10:27 +02:00
Tod Beardsley 513b3b1455 Minor cleanup on DLink module 2013-04-15 13:27:47 -05:00
jvazquez-r7 a1605184ed Landing #1719, @m-1-k-3 dlink_diagnostic_exec_noauth exploit module 2013-04-10 11:17:29 +02:00
jvazquez-r7 4f2e3f0339 final cleanup for dlink_diagnostic_exec_noauth 2013-04-10 11:15:32 +02:00
m-1-k-3 8fbade4cbd OSVDB 2013-04-10 10:45:30 +02:00
jvazquez-r7 157f25788b final cleanup for linksys_wrt54gl_apply_exec 2013-04-09 12:39:57 +02:00
jvazquez-r7 b090495ffb Landing pr #1703, m-1-k-3's linksys_wrt54gl_apply_exec exploit 2013-04-09 12:38:49 +02:00
m-1-k-3 b93ba58d79 EDB, BID 2013-04-09 11:56:53 +02:00
m-1-k-3 cbefc44a45 correct waiting 2013-04-08 21:40:50 +02:00
m-1-k-3 955efc7009 final cleanup 2013-04-07 17:59:57 +02:00
m-1-k-3 9f89a996b2 final regex, dhcp check and feedback from juan 2013-04-07 17:57:18 +02:00
jvazquez-r7 0e69edc89e fixing use of regex 2013-04-07 11:39:29 +02:00
jvazquez-r7 6a410d984d adding get_config where I forgot 2013-04-06 19:13:42 +02:00
jvazquez-r7 9a2f409974 first cleanup for linksys_wrt54gl_apply_exec 2013-04-06 01:05:09 +02:00
m-1-k-3 ecaaaa34bf dlink diagnostic - initial commit 2013-04-05 19:56:15 +02:00
m-1-k-3 96b444c79e ManualRanking 2013-04-04 17:40:53 +02:00
m-1-k-3 67f0b1b6ee little cleanump 2013-04-04 17:33:46 +02:00
m-1-k-3 f07117fe7d replacement of wrt54gl auxiliary module - initial commit 2013-04-04 17:30:36 +02:00
jvazquez-r7 ce88d8473a cleanup for netgear_dgn1000b_setup_exec 2013-04-03 12:44:04 +02:00
jvazquez-r7 3c27678168 Merge branch 'netgear-dgn1000b-exec-exploit' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-netgear-dgn1000b-exec-exploit 2013-04-03 12:43:42 +02:00
m-1-k-3 a93ec3aea3 fix name 2013-04-03 10:40:52 +02:00
m-1-k-3 2ceecabede make msftidy happy 2013-04-03 10:34:28 +02:00
m-1-k-3 91b0e5f800 netgear dgn2200b pppoe exec exploit - initial commit 2013-04-03 10:32:52 +02:00
m-1-k-3 642d8b846f netgear_dgn1000b_setup_exec - initial commit 2013-04-02 14:41:50 +02:00
m-1-k-3 7f3c6f7629 netgear_dgn1000b_setup_exec - initial commit 2013-04-02 14:39:04 +02:00
m-1-k-3 1b27d39591 netgear dgn1000b mipsbe exploit 2013-04-02 14:34:09 +02:00
jvazquez-r7 6a6fa5b39e module filename changed 2013-04-02 10:50:50 +02:00
jvazquez-r7 b3feb51c49 cleanup for linksys_e1500_up_exec 2013-04-02 10:49:09 +02:00
jvazquez-r7 5e42b8472b Merge branch 'linksys_e1500_exploit' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys_e1500_exploit 2013-04-02 10:48:28 +02:00
m-1-k-3 579c499f43 Juans SRVHOST check included 2013-04-02 07:50:51 +02:00
m-1-k-3 c386d54445 check SRVHOST 2013-04-01 18:12:13 +02:00
jvazquez-r7 0f965ddaa3 waiting for payload download on linksys_e1500_more_work 2013-03-31 16:07:14 +02:00
m-1-k-3 1d6184cd63 fixed author details 2013-03-30 12:41:31 +01:00
m-1-k-3 cd8bc2f87d description, blind exploitation info on cmd payload 2013-03-30 12:03:14 +01:00
m-1-k-3 b0a61adc23 juans feedback included 2013-03-30 11:43:10 +01:00
jvazquez-r7 5fd996f775 added osvdb reference 2013-03-30 10:42:58 +01:00
jvazquez-r7 3bf0046e3e Merge branch 'hp_system_management' of https://github.com/agix/metasploit-framework into agix-hp_system_management 2013-03-30 10:42:06 +01:00
m-1-k-3 7965f54890 juans feedback included 2013-03-30 08:40:42 +01:00
jvazquez-r7 607b1c5c14 little cleanup for e1500_up_exec 2013-03-29 23:16:13 +01:00
m-1-k-3 1b563ad915 stop_service 2013-03-29 22:38:06 +01:00
m-1-k-3 813ff1e61e removed payload stuff 2013-03-29 22:32:57 +01:00
m-1-k-3 c5e358c9c3 compatible payloads 2013-03-29 20:54:35 +01:00
m-1-k-3 0164cc34be msftidy, generate exe, register_file_for_cleanup 2013-03-29 19:00:04 +01:00
jvazquez-r7 c55a3870a8 cleanup for hp_system_management 2013-03-29 18:02:23 +01:00
m-1-k-3 cfeddf3f34 cmd payload working, most feedback included 2013-03-29 14:43:48 +01:00
agix 139926a25b Fix msftidy Warning 2013-03-28 13:22:26 +01:00
agix 4bcadaabc1 hp system management homepage DataValidation?iprange buffer overflow 2013-03-28 12:00:17 +01:00
m-1-k-3 dfd451f875 make msftidy happy 2013-03-27 17:46:02 +01:00
jvazquez-r7 6ccfa0ec18 cleanup for dreambox_openpli_shell 2013-03-14 15:02:21 +01:00
m-1-k-3 9366e3fcc5 last adjustment 2013-03-14 11:18:52 +01:00
m-1-k-3 0140caf1f0 Merge branch 'master' of git://github.com/rapid7/metasploit-framework into openpli-shell 2013-03-14 10:55:52 +01:00
jvazquez-r7 4852f1b9f7 modify exploits to be compatible with the new netcat payloads 2013-03-11 18:35:44 +01:00
James Lee 2160718250 Fix file header comment
[See #1555]
2013-03-07 17:53:19 -06:00
David Maloney 0ae489b37b last of revert-merge snaffu 2013-02-19 23:16:46 -06:00
m-1-k-3 3ab5585107 make msftidy happy 2013-02-16 20:49:32 +01:00
m-1-k-3 121a736e28 initial commit 2013-02-16 20:42:02 +01:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
2013-02-11 20:49:55 -06:00
David Maloney 4c1e630bf3 BasicAuth datastore cleanup
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
sinn3r c174e6a208 Correctly use normalize_uri()
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
sinn3r 690ef85ac1 Fix trailing slash problem
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.

Related to: [SeeRM: #7727]
2013-01-28 13:19:31 -06:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Christian Mehlmauer 8f2dd8e2ce msftidy: Remove $Revision$ 2013-01-04 00:48:10 +01:00
Christian Mehlmauer 25aaf7a676 msftidy: Remove $Id$ 2013-01-04 00:41:44 +01:00
sinn3r f5193b595c Update references 2012-12-10 11:42:21 -06:00
Chris John Riley f88ec5cbc8 Add normalize_uri to modules that may have
been missed by PULL 1045.

Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)

ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00