Commit Graph

1259 Commits (1927e8b95c28e8caaaf2ff72e47d0f182040d4bd)

Author SHA1 Message Date
jvazquez-r7 1916c92e3a Clean metadata 2015-01-30 15:21:17 -06:00
jvazquez-r7 c9ac56442d No modify datastore option 2015-01-30 15:05:46 -06:00
jvazquez-r7 bb640b90ef Refactor login_it360 2015-01-30 15:02:23 -06:00
jvazquez-r7 d4359c4f1c Rework login_it360 code 2015-01-30 15:00:34 -06:00
jvazquez-r7 c5db13fba9 Do minor style fixes 2015-01-30 14:13:11 -06:00
jvazquez-r7 89f760c94e Clean metadata 2015-01-30 14:08:55 -06:00
Pedro Ribeiro a806cb401a Create manageengine_dir_listing.rb 2015-01-28 19:44:48 +00:00
Pedro Ribeiro 62ac536b7d Create manageengine_file_download.rb 2015-01-28 19:42:17 +00:00
jvazquez-r7 bedbffa377
Land #3700, @ringt fix for oracle_login
* Avoid retrying logins when connection cannot be stablished
2015-01-09 22:59:32 -06:00
jvazquez-r7 38c36b49fb Report when nothing is rescued 2015-01-09 22:58:19 -06:00
jvazquez-r7 e7affb9048
Land #4493, @pedrib's module for ManageEngine Central Desktop create admin 2015-01-04 23:46:31 -06:00
jvazquez-r7 c5e72fb324 Change module filename 2015-01-04 23:14:12 -06:00
jvazquez-r7 4798f2328d Change module filename 2015-01-04 23:13:17 -06:00
jvazquez-r7 6bb3171328 Do minor cleanup 2015-01-04 23:12:42 -06:00
jvazquez-r7 711b97ecc5 Beautify metadata 2015-01-04 23:08:46 -06:00
Pedro Ribeiro 32d4bf03c3 Add OSVDB id and full disclosure URL 2015-01-04 12:36:51 +00:00
Tod Beardsley 264d3f9faa
Minor grammar fixes on modules 2014-12-31 11:45:14 -06:00
Pedro Ribeiro e81e68bdaf Create me_dc9_admin.rb 2014-12-31 02:02:52 +00:00
Jon Hart 6634fb3583
More consistent print_ 2014-12-30 09:38:53 -08:00
Jon Hart f8d432dfc1
Support reading a list of local/remote files for smb admin modules (#3994) 2014-12-30 09:21:29 -08:00
Jon Hart 6a61afcfad
Update smb upload/download/delete file modules to support RHOSTS
via Scanner
2014-12-29 18:02:40 -08:00
sinn3r 555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support) 2014-12-29 16:09:28 -06:00
sinn3r f2130311fa Add the MSF blog reference 2014-12-29 16:08:35 -06:00
jvazquez-r7 85ab11cf52 Use print_warning consistently 2014-12-26 09:54:38 -06:00
jvazquez-r7 f31a2e070e Use print_warning to print the Kerberos error 2014-12-26 09:22:09 -06:00
jvazquez-r7 d148848d31 Support Kerberos error codes 2014-12-24 18:05:48 -06:00
jvazquez-r7 89d0a0de8d Delete unnecessary connect 2014-12-23 19:35:59 -06:00
jvazquez-r7 265e0a7744 Upper case domain 2014-12-23 19:16:50 -06:00
jvazquez-r7 ed2d0cd07b Use USER_SID instead of DOMAIN_SID and USER_RID 2014-12-23 19:11:05 -06:00
jvazquez-r7 708cbd7b65 Allow to provide USER SID 2014-12-22 18:24:50 -06:00
jvazquez-r7 56eadc0d55 Delete default values from options 2014-12-22 18:11:43 -06:00
jvazquez-r7 787dab998d Fix description 2014-12-22 17:51:44 -06:00
jvazquez-r7 a7faf798bf Use explicit encryption algorithms 2014-12-22 15:51:17 -06:00
jvazquez-r7 f37cf555bb Use random subkey 2014-12-22 15:39:08 -06:00
jvazquez-r7 b0a178e0a3 Delete blank line 2014-12-22 14:40:32 -06:00
jvazquez-r7 5a6c915123 Clean options 2014-12-22 14:37:37 -06:00
jvazquez-r7 20ab14d7a3 Clean module code 2014-12-22 14:29:02 -06:00
jvazquez-r7 dabc890b2f Change module filename again 2014-12-22 12:35:15 -06:00
jvazquez-r7 2b46bdd929 Add references and authors 2014-12-22 12:34:31 -06:00
jvazquez-r7 4319dbaaef Change module filename 2014-12-22 12:29:28 -06:00
jvazquez-r7 60d4525632 Add specs for Msf::Kerberos::Client::Pac 2014-12-21 17:49:36 -06:00
jvazquez-r7 9f1403a63e Add initial specs for Msf::Kerberos::Client::TgsResponse 2014-12-20 20:29:00 -06:00
jvazquez-r7 b0ac68fbc3 Create build_subkey method 2014-12-19 19:46:57 -06:00
jvazquez-r7 4a106089b9 Move options to build_tgs_request_body 2014-12-19 19:12:17 -06:00
jvazquez-r7 e6781fcbea Build AuthorizationData from the module 2014-12-19 18:59:39 -06:00
jvazquez-r7 9bd454d288 Build PAC extensions from the module 2014-12-19 18:47:41 -06:00
jvazquez-r7 def1695e80 Use options by call 2014-12-19 18:23:11 -06:00
jvazquez-r7 f332860c19 Clean creation of client and server principal names 2014-12-19 18:16:22 -06:00
jvazquez-r7 bd85723a9d Build pre auth array out of the mixin 2014-12-19 18:10:14 -06:00
jvazquez-r7 d058bd5259 Refact extraction of kerberos cache credentials 2014-12-19 15:53:24 -06:00
jvazquez-r7 fad08d7fca Add specs for Rex Kerberos client 2014-12-19 12:14:33 -06:00
jvazquez-r7 f325d2f60e Add support for cache credentials in the mixin 2014-12-18 16:31:46 -06:00
Tod Beardsley c15bad44a6
Be clearer on backslash usage.
See #4282
2014-12-18 16:16:02 -06:00
jvazquez-r7 9a58617387 Add dummy test module 2014-12-17 19:57:10 -06:00
jvazquez-r7 c683e7bc67
Fix banner 2014-12-12 13:01:51 -06:00
jvazquez-r7 047bc3d752 Make msftidi happy 2014-12-12 12:49:12 -06:00
jvazquez-r7 a1876ce6fc
Land #4282, @pedrib's module for CVE-2014-5445, NetFlow Analyzer arbitrary download 2014-12-12 12:47:50 -06:00
jvazquez-r7 a0b181b698
Land #4335, @us3r777 JBoss DeploymentFileRepository aux module 2014-12-12 10:40:03 -06:00
jvazquez-r7 3059cafbcb Do minor cleanup 2014-12-12 10:37:50 -06:00
Christian Mehlmauer 0f27c63720
fix msftidy warnings 2014-12-12 13:16:21 +01:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Spencer McIntyre 86ae104580
Land #4325, consistent mssql module names 2014-12-09 21:52:05 -05:00
sinn3r 87c83cbb1d Another round of name corrections 2014-12-09 20:16:24 -06:00
sinn3r bb8dfdb15f Ensure consistency for mssql modules 2014-12-09 10:28:45 -06:00
us3r777 4abfb84cfc Upload WAR through Jboss DeploymentFileRepository 2014-12-08 19:02:51 +01:00
Pedro Ribeiro 98e416f6ec Correct OSVDB id 2014-12-07 17:54:31 +00:00
Pedro Ribeiro e474ecc9cf Add OSVDB id 2014-12-07 17:41:35 +00:00
jvazquez-r7 54705eee48 Fix option parsing 2014-12-06 21:50:54 -06:00
sinn3r 4b06334455 Minor title change for mssql_enum_domain_accounts_sqli
We don't really do "-" for naming

Kind of stands up on a list
2014-12-05 11:42:08 -06:00
Pedro Ribeiro e5bdf225a9 Update netflow_file_download.rb 2014-12-04 21:32:19 +00:00
Tod Beardsley 79f2708a6e
Slight fixes to grammar/desc/whitespace
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
jvazquez-r7 ff30a272f3 Windows paths need 2 backslashes 2014-11-30 18:54:41 -06:00
jvazquez-r7 223bc340e4 Prepend peer 2014-11-30 18:46:15 -06:00
jvazquez-r7 5ad3cc6296 Make FILEPATH mandatory 2014-11-30 18:45:23 -06:00
jvazquez-r7 b1b10cf4e5 Use Rex::ConnectionError 2014-11-30 18:44:25 -06:00
jvazquez-r7 a549cbbef8 Beautify metadata 2014-11-30 18:44:03 -06:00
Pedro Ribeiro 26d9ef4edd Explain about Windows back slashes on option 2014-11-30 00:15:44 +00:00
Pedro Ribeiro 2fb38ec7bb Create exploit for CVE-2014-5445 2014-11-30 00:12:37 +00:00
jvazquez-r7 5f4760c58e Print final results in a table 2014-11-25 14:01:29 -06:00
jvazquez-r7 d998d97aaa Refactor build_user_sid 2014-11-25 13:58:47 -06:00
jvazquez-r7 aad860a310 Make conditional easier 2014-11-25 13:54:08 -06:00
jvazquez-r7 ba57bc55b0 Don't report service 2014-11-25 13:52:22 -06:00
jvazquez-r7 059b0e91da Don't report service
* The mssql could be in a third host, not rhost
2014-11-25 13:50:42 -06:00
jvazquez-r7 b467bda2d6 Reuse local variable 2014-11-25 13:49:24 -06:00
jvazquez-r7 31a84ef6ff Make ternary operator more readable 2014-11-25 13:44:50 -06:00
jvazquez-r7 be566e5ad3 Use a lower fuzz number by default 2014-11-25 13:42:47 -06:00
jvazquez-r7 cd43f83cd7 Delete unnecessary comments
* No need to comment every step, just relevant
comments to undrestad code.
2014-11-25 13:40:57 -06:00
jvazquez-r7 f93dbc6deb Use the target domain name 2014-11-25 13:36:48 -06:00
jvazquez-r7 7c87603b0e Add progress information 2014-11-25 13:23:36 -06:00
jvazquez-r7 8e5b37ea6e Fix reporting 2014-11-25 13:20:31 -06:00
jvazquez-r7 93539ae4c6 Use shorter variable name 2014-11-25 13:04:31 -06:00
jvazquez-r7 271f982f34 Use peer 2014-11-25 13:03:48 -06:00
jvazquez-r7 c549508abb Use vprint 2014-11-25 13:03:18 -06:00
jvazquez-r7 249fb79a21 Fix print_* calls 2014-11-25 13:02:53 -06:00
jvazquez-r7 87cfd7c321 Dont use disconnect 2014-11-25 13:00:53 -06:00
jvazquez-r7 fb8372f505 Fix metadata 2014-11-25 12:59:11 -06:00
jvazquez-r7 71f35f5cd6 Update from upstream master 2014-11-25 12:46:44 -06:00
nullbind 4bd579bc1c added mssql_enum_domain_accounts_sqli 2014-11-25 09:57:20 -06:00
jvazquez-r7 343a0d78bc Delete admin check 2014-11-24 12:28:19 -06:00
jvazquez-r7 7164c4e038 Use shorter filename 2014-11-24 12:10:08 -06:00
jvazquez-r7 021b27dd83 Clean reporting 2014-11-24 12:01:09 -06:00
jvazquez-r7 f74ab34881 Delente unnecessary check 2014-11-24 11:50:41 -06:00
jvazquez-r7 3c858c793a Use vprint 2014-11-24 11:49:36 -06:00
jvazquez-r7 4a169210ab Use vprint 2014-11-24 11:48:16 -06:00
jvazquez-r7 ecb74c543a Beautify description 2014-11-24 11:27:32 -06:00
jvazquez-r7 c52104e91d Beautify metadata 2014-11-24 11:24:41 -06:00
jvazquez-r7 fcb4bea3c1 Fix code comments 2014-11-24 11:23:27 -06:00
jvazquez-r7 10d0305cb2 Update from upstream master 2014-11-24 09:48:43 -06:00
jvazquez-r7 fb4b6543e2 Handle other rex exceptions 2014-11-18 15:57:41 -06:00
nullbind 8c34f35ca9 added mssql_enum_windows_domain_accounts.rb 2014-11-17 13:03:43 -06:00
Jon Hart 9e2513d4de Update solaris_kcms_readfile to gracefully handle RPC errors 2014-11-17 10:41:17 -08:00
Tod Beardsley e2dc862121
Fix newly introduced typo. 2014-11-13 14:53:57 -06:00
Tod Beardsley dd1920edd6
Minor typos and grammar fixes 2014-11-13 14:48:23 -06:00
jvazquez-r7 f081ede2aa Land #4155, @pedrib's module for CVE-2014-8499
* Password Manager Pro privesc + password disclosure
2014-11-12 23:56:26 -06:00
Pedro Ribeiro 9df31e950f Add OSVDB id 2014-11-12 21:32:33 +00:00
jvazquez-r7 70589668c2 Really land the #4130 module 2014-11-12 09:39:01 -06:00
jvazquez-r7 ece8013d7a Use #empty? 2014-11-12 09:35:06 -06:00
jvazquez-r7 f048463ed6 Do minor fixupts
* Delete peer method
* Make verifications more strict
2014-11-12 09:33:49 -06:00
jvazquez-r7 a5c87db65e Do minor cleanup
* Beautify description
* Use double quotes for interpolation
2014-11-12 09:29:53 -06:00
jvazquez-r7 e1164d3e14 Use snake_case on filename 2014-11-12 09:26:47 -06:00
jvazquez-r7 01fda27264 Fix title 2014-11-11 11:15:53 -06:00
jvazquez-r7 a588bfd31a Use single quotes 2014-11-11 09:56:46 -06:00
jvazquez-r7 77c8dc2b64 Dont return nil from 'run' 2014-11-11 09:39:08 -06:00
jvazquez-r7 fb309aae11 Use a Fixnum as FuzzInt default value 2014-11-11 09:36:53 -06:00
jvazquez-r7 f6762b41b6 Use random fake db name 2014-11-11 09:35:51 -06:00
jvazquez-r7 94c353222d Do small cosmetic changes 2014-11-11 09:31:57 -06:00
jvazquez-r7 e9e5869951 update from master 2014-11-11 09:24:33 -06:00
jvazquez-r7 091da05a86 update from master 2014-11-10 22:59:44 -06:00
jvazquez-r7 cac6494427 Use snake_case in filename 2014-11-10 16:58:46 -06:00
jvazquez-r7 2c33642de8 Do minor cleanup 2014-11-10 16:57:57 -06:00
jvazquez-r7 12ae8b3ec6 update from master 2014-11-10 16:19:26 -06:00
nullbind 493b81d874 cleanup 2014-11-10 15:22:21 -06:00
nullbind 31fa57fcb2 mssql_enum_sql_logins 2014-11-10 15:19:55 -06:00
Scott Sutherland d543b16cc1 Added mssql_enum_sql_logins.rb 2014-11-10 15:02:46 -06:00
Scott Sutherland ea226f7482 Update mssql_enum_sql_logins.rb 2014-11-10 15:02:14 -06:00
nullbind 74344e9295 added mssql_enum_sql_logins 2014-11-10 13:42:52 -06:00
jvazquez-r7 4b701700c1 Fix banner 2014-11-10 12:40:53 -06:00
jvazquez-r7 65dbb1a83f Do print_status 2014-11-10 11:26:53 -06:00
jvazquez-r7 7aed1e9581 Create loot_passwords method 2014-11-10 11:21:44 -06:00
jvazquez-r7 92df11baa7 Create report_super_admin_creds method 2014-11-10 11:16:25 -06:00
jvazquez-r7 8f17011909 do run clean up
* Reduce code complexity
* Don't report not valid administrator credentials
2014-11-10 11:12:04 -06:00
jvazquez-r7 635df2f233 Fail with NoAccess 2014-11-10 09:50:26 -06:00
jvazquez-r7 9c033492d2 Fix indentation 2014-11-10 09:48:22 -06:00
jvazquez-r7 2236518694 Check res.body before accessing #to_s 2014-11-10 09:47:05 -06:00
jvazquez-r7 8b8ab61e3d Favor && over and 2014-11-10 09:45:12 -06:00
jvazquez-r7 ee4924582a Use target_uri 2014-11-10 09:43:44 -06:00
jvazquez-r7 8ddd6a4655 Redefine RPORT having into account it is builtin 2014-11-10 09:42:30 -06:00
jvazquez-r7 eb36a36272 Change title 2014-11-10 09:40:22 -06:00
Pedro Ribeiro b3c27452cd Add full disclosure URL 2014-11-09 10:40:41 +00:00
Pedro Ribeiro f680b666c7 Add github adv URL 2014-11-08 11:29:36 +00:00
Pedro Ribeiro 143033f657 Rename manageengine_pmp_sadmin.rb to manageengine_pmp_privesc.rb 2014-11-08 11:28:04 +00:00
Pedro Ribeiro 2843437ca9 Create exploit for CVE-2014-8499 2014-11-08 11:24:50 +00:00
nullbind 56a02fdb4a added mssql_escalate_executeas_sqli.rb 2014-11-04 13:38:13 -06:00
nullbind 15119d2a0f comment fix-sorry 2014-11-04 09:07:08 -06:00
nullbind f108d7b20a fixed code comment 2014-11-04 08:51:27 -06:00
nullbind fbe3adcb4c added mssql_escalate_executeas module 2014-11-03 11:29:15 -06:00
jvazquez-r7 b990b14a65
Land #3771, @us3r777's deletion of jboss_bshdeployer STAGERNAME option 2014-10-27 18:09:35 -05:00
scriptjunkie 4dfbce425a use vprintf... 2014-10-26 09:20:32 -05:00
scriptjunkie c31fb0633d Merge branch 'wp-psexeccmd' of github.com:webstersprodigy/metasploit-framework into webstersprodigy-wp-psexeccmd 2014-10-26 09:05:25 -05:00
jvazquez-r7 00f137cdcf
Land #4040, @nullbind's MS SQL privilege escalation through SQLi 2014-10-20 16:23:50 -05:00
jvazquez-r7 acc590b59c Modify metadata 2014-10-20 16:22:10 -05:00
jvazquez-r7 1381c7fb37 Modify title 2014-10-20 16:17:47 -05:00
jvazquez-r7 323680c31a Clean code 2014-10-20 16:17:06 -05:00
HD Moore 935a23296d
Updates to NAT-PMP, lands #4041 2014-10-20 11:26:26 -05:00
nullbind 036d43ba37 fixed logic bug 2014-10-19 20:56:29 -05:00
nullbind 1e2f1eaee0 cleaning up 2014-10-18 12:00:11 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
nullbind bf92769ba2 added mssql_escalate_dbowner_sqli 2014-10-17 10:25:20 -05:00
Jon Hart 8fdae8fbfb Move protocol and lifetime to mixin, use correct map_target if CHOST 2014-10-16 13:24:17 -07:00
Jon Hart 07f2d4dafe
Further improvements to NAT-PMP. Faster, more useful, less not useful 2014-10-15 06:39:38 -07:00
Jon Hart ea6824c46f WIP of NAT-PMP rework 2014-10-14 14:20:24 -07:00
jvazquez-r7 3305b1e9c3
Land #3984, @nullbind's MSSQL privilege escalation module 2014-10-09 11:39:15 -05:00
jvazquez-r7 10b160bedd Do final cleanup 2014-10-09 11:38:45 -05:00
jvazquez-r7 bbe435f5c9 Don't rescue everything 2014-10-09 11:25:13 -05:00
jvazquez-r7 0cd7454a64 Use default value for doprint 2014-10-09 11:04:42 -05:00
jvazquez-r7 db6f6d4559 Reduce code complexity 2014-10-09 10:59:14 -05:00
jvazquez-r7 615b8e5f4a Make easy method comments 2014-10-09 10:48:00 -05:00
jvazquez-r7 dd03e5fd7d Make just one connection 2014-10-09 10:46:51 -05:00
nullbind 168f1e559c fixed status 2014-10-08 21:19:50 -05:00
nullbind 3ebcaa16a1 removed scanner 2014-10-08 21:18:56 -05:00
nullbind 031fb19153 requested updates 2014-10-06 23:52:30 -05:00
Christian Mehlmauer f45b89503d change WPVULNDBID to WPVDB 2014-10-03 17:13:18 +02:00
Christian Mehlmauer 33b37727c7 Added wpvulndb links 2014-10-02 23:03:31 +02:00
Tod Beardsley 4fbab43f27
Release fixes, all titles and descs 2014-10-01 14:26:09 -05:00
Christian Mehlmauer b266233e95 fix bug 2014-09-30 00:21:52 +02:00
Christian Mehlmauer c51c19ca88 bugfix 2014-09-27 14:56:34 +02:00
Christian Mehlmauer 9a424a81bc fixed bug 2014-09-27 13:46:55 +02:00
Christian Mehlmauer 1c30c35717 Added WordPress custom_contact_forms module 2014-09-27 13:42:49 +02:00
nullbind ebf4e5452e Added mssql_escalate_dbowner module 2014-09-26 10:29:35 -05:00
Thomas Ring 81406defed hopefully what you are looking for this time 2014-09-23 11:36:13 -05:00
sinn3r 2a714a7c4d Fix a typo
Downloading and deleting are two very different things. Thanks Dan.
2014-09-21 18:35:26 -05:00
us3r777 2ae23bbe99 Remove STAGERNAME option
This option wasn't really required, the stager can be removed as
soon as the WAR is deployed. This commit does the modifications needed
to remove the stager right after the WAR deployment.
2014-09-09 21:44:08 +02:00
Tod Beardsley 4abee39ab2
Fixup for release
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
2014-09-08 14:00:34 -05:00
jvazquez-r7 c86d01a667 Fix win.ini signature 2014-09-07 01:46:38 -05:00
sinn3r 44b9dc9b28 Update tmlisten_traversal 2014-09-06 01:18:11 -05:00
sinn3r cb490fc00e [SeeRM #8836] Change boot.ini to win.ini 2014-09-04 17:03:21 -05:00
jvazquez-r7 185ce36859
Land #3701, @wchen-ru's AppleTV modules 2014-09-03 12:30:50 -05:00
jvazquez-r7 10dee28fbd Add http socket to the module sockets and allow the framework to cleanup 2014-09-03 12:01:48 -05:00
sinn3r 5acbcc80e2 no threading 2014-09-03 11:37:30 -05:00
Thomas Ring fbae68870c cleanup one stray comment 2014-08-29 10:57:51 -05:00
Thomas Ring 4c93cbc62c changes based on feedback, added timeout error message 2014-08-29 10:57:20 -05:00
sinn3r f7091d854e Add a timeout 2014-08-28 22:26:38 -05:00
Thomas Ring 67efa76fc4 changes based on feedback 2014-08-27 09:08:18 -05:00
Jon Hart 5c57f9b4eb Don't overload RPORT/LPORT for mapping external -> internal ports 2014-08-26 10:49:53 -07:00
Jon Hart 162508f532 Update NAT-PMP modules to use new/updated mixins 2014-08-26 10:49:53 -07:00
Jon Hart 816404bb88 Move common NAT-PMP functionality into a central place 2014-08-26 10:49:53 -07:00
sinn3r 463815d240 Add AppleTV modules (imge, video and login) 2014-08-25 15:24:41 -05:00
Thomas Ring e23acf8d82 fix for oracle_login not checking connection status and stopping on timeout 2014-08-25 14:57:45 -05:00
Tod Beardsley 6d9833e32b
Minor pre-release updates with descriptions 2014-08-25 13:34:45 -05:00
Tod Beardsley 03a1f4455d
No need to escape single quotes in %q{} strigns 2014-08-25 13:03:33 -05:00
jvazquez-r7 0737d0dbd5 Refactor auxiliary module 2014-08-22 17:05:45 -05:00
jvazquez-r7 9ef09a7725 Pass msftidy 2014-08-22 13:24:59 -05:00
jvazquez-r7 38e6576990 Update 2014-08-22 13:22:57 -05:00
Tod Beardsley 08bb815bd8
Add Yokogawa unauth admin module 2014-08-09 13:30:10 -05:00
jvazquez-r7 ed97751ead
Land #2999, @j0hnf's modifiction to check_dir_file to handle file: 2014-08-04 11:55:18 -05:00
jvazquez-r7 cd45ed0e0a Handle exceptions when connecting the SMBHSARE 2014-08-04 11:54:30 -05:00
jvazquez-r7 85b5c5a691 Refactor check_path 2014-08-04 11:48:13 -05:00
jvazquez-r7 1e29bef51b Fix msftidy warnings 2014-08-04 11:46:27 -05:00
jvazquez-r7 04bf0b4ab6 Fix forgotten comma 2014-08-04 11:34:12 -05:00
us3r777 cd2e225359 Refactored auxilliary jboss_bshdeployer
Switch modules/auxiliary/admin/http/jboss_bshdeployer.rb to use the
changes.
2014-08-02 11:10:49 +02:00
us3r777 9e9244830a Added spec for lib/msf/http/jboss
Also renamed get_undeploy_bsh and get_undeploy_stager to
gen_undeploy_bsh and gen_undeploy_stager to be consistent
with the other functions
2014-07-29 01:57:04 +02:00
us3r777 cd2ec0a863 Refactored jboss mixin and modules
Moved fail_with() from mixin to modules. Added PACKAGE datastore to
lib/msf/http/jboss/bsh.rb.
2014-07-24 22:58:58 +02:00
us3r777 b526fc50f8 Refactored jboss mixin and modules
Moved VERB option to the mixin. Replaced "if datastore['VERBOSE']"
by vprint_status().
2014-07-22 23:08:42 +02:00
us3r777 ae2cd63391 Refactored Jboss mixin
Moved TARGETURI option to the JBoss mixin. The mixin now includes
Msf::Exploit::Remote::HttpClient which provides USERNAME and PASSWORD
2014-07-21 23:41:58 +02:00
us3r777 088f208c7c Added auxiliary module jboss_bshdeployer
The module allows to deploy a WAR (a webshell for instance) using the
BSHDeployer.
Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to
use the new Mixin (lib/msf/http/jboss).
2014-07-18 11:51:46 +02:00
William Vu ff6c8bd5de
Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
William Vu b6ded9813a
Remove EOL whitespace 2014-07-16 14:56:34 -05:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
HD Moore 90eccefcc8 Fix sock.get use and some minor bugs 2014-06-28 16:17:15 -05:00
HD Moore 5e900a9f49 Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse 2014-06-28 16:06:46 -05:00
HD Moore 3868348045 Fix incorrect use of sock.get that leads to indefinite hang 2014-06-28 15:48:58 -05:00
Tod Beardsley 0219c4974a
Release fixups, word choice, refs, etc. 2014-06-23 11:17:00 -05:00
Spencer McIntyre 61f4c769eb
Land #3461, Chromecast factory reset module 2014-06-21 17:43:31 -04:00
William Vu 79bf80e6bf
Add generic error handling
Just in case a factory reset happens to fail.
2014-06-21 15:35:03 -05:00
William Vu 075eec39e1
Add Chromecast factory reset module 2014-06-18 10:04:17 -05:00
j0hnf 1a82a20c09 re-added incorrectly removed SMBSHARE option 2014-06-16 20:10:11 +01:00
William Vu cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key) 2014-06-12 13:41:44 -05:00
Tod Beardsley 1aa029dbed
Avoid double quotes in the initialize/elewhere
There is no need to have double quotes there for uninterpolated strings,
and every other module uses single quotes.
2014-06-12 13:20:59 -05:00
William Vu 6ca5cf6c26
Add Chromecast YouTube remote control 2014-06-11 00:08:08 -05:00
jvazquez-r7 8a9c005f13 Add URL 2014-05-20 17:43:07 -05:00
Tod Beardsley 0ef2e07012
Minor desc and status updates, cosmetic 2014-05-19 08:59:54 -05:00
jvazquez-r7 2012d41b3d Add origin of the user, and mark web users 2014-05-16 13:51:42 -05:00
jvazquez-r7 4143474da9 Add support for web databases 2014-05-16 11:47:01 -05:00
jvazquez-r7 883d2f14b5 delete debug print_status 2014-05-16 11:13:03 -05:00
jvazquez-r7 ea38a2c6e5 Handle ISO-8859-1 special chars 2014-05-16 11:11:58 -05:00
jvazquez-r7 c9465a8922 Rescue when the recovered info is in a format we can't understand 2014-05-16 08:57:59 -05:00
jvazquez-r7 7ec85c9d3a Delete blank lines 2014-05-16 01:03:04 -05:00
jvazquez-r7 9091ce443a Add suport to decode passwords 2014-05-16 00:59:27 -05:00
jvazquez-r7 5b3bb8fb3b Fix @FireFart's review 2014-05-14 09:00:52 -05:00
jvazquez-r7 a7075c7e08 Add module for ZDI-14-077 2014-05-13 14:17:59 -05:00
Christian Mehlmauer 3f3283ba06
Resolved some msftidy warnings (Set-Cookie) 2014-05-12 21:23:30 +02:00
nodeofgithub b80d366bb7 Add filter to output WPA-PSK password on Netgear DG834GT 2014-04-26 15:52:31 +02:00
Tod Beardsley 9035d1523d
Update wol.rb to specify rhost/rport directly
- [ ] Fire up tcpdump on the listening interface
 - [ ] Run the module and see the pcap:

listening on vmnet8, link-type EN10MB (Ethernet), capture size 65535
bytes
20:56:02.592331 IP 192.168.145.1.41547 > 255.255.255.255.9: UDP, length
102
2014-04-14 20:57:20 -05:00
jvazquez-r7 d83f665466 Delete commas 2014-03-25 13:34:02 -05:00
Ramon de C Valle e27adf6366 Fix msftidy warnings 2014-03-25 10:39:40 -03:00
Ramon de C Valle 473f745c3c Add katello_satellite_priv_esc.rb
This module exploits a missing authorization vulnerability in the
"update_roles" action of "users" controller of Katello and Red Hat
Satellite (Katello 1.5.0-14 and earlier) by changing the specified
account to an administrator account.
2014-03-24 23:44:44 -03:00
David Maloney da0c37cee2
Land #2684, Meatballs PSExec refactor 2014-03-14 13:01:20 -05:00
William Vu 170608e97b Fix first chunk of msftidy "bad char" errors
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
Tod Beardsley de6be50d64
Minor cleanup and finger-wagging about a for loop 2014-03-03 14:12:22 -06:00
jvazquez-r7 bfdefdb338
Land #3023, @m-1-k-3's module for Linksys WRT120N bof reset password 2014-02-26 09:36:14 -06:00
jvazquez-r7 6ba26bf743 Use normalize_uri 2014-02-26 09:35:42 -06:00
jvazquez-r7 582372ec3e Do minor cleanup 2014-02-26 09:32:11 -06:00
Michael Messner b79197b8ab feedback included, cleanup, login check 2014-02-26 13:44:36 +01:00
James Lee d2945b55c1
Fix typo
inside_workspace_boundary() -> inside_workspace_boundary?()
2014-02-24 14:46:08 -06:00
Michael Messner ec8e1e3d6f small fixes 2014-02-21 21:59:45 +01:00
Michael Messner 1384150b7a make msftidy happy 2014-02-21 21:56:46 +01:00
Michael Messner c77fc034da linksys wrt120 admin reset exploit 2014-02-21 21:53:56 +01:00
j0hnf c62fa83a70 msf recommended changes + tweaked exception handling 2014-02-19 22:20:24 +00:00
j0hnf 4b247e2b9f altered check_dir_file.rb so that it can check for the presence of a list of files/directories supplied using file:/ format rather than being limited to just the one file, handy for checking for indicators of compromise 2014-02-16 03:22:11 +00:00
sinn3r 89e1bcc0ca Deprecate modules with date 2013-something
These modules had an expiration date of 2013.
2014-02-04 14:49:18 -06:00
sinn3r 7faa41dac0 Change Unknown to Safe because it's just a banner check 2014-01-23 15:36:19 -06:00
sinn3r 81a3b2934e Fix prints 2014-01-23 15:33:24 -06:00
sinn3r 5025736d87 Fix check for modicon_password_recovery 2014-01-19 17:20:20 -06:00
jvazquez-r7 0b1671f1b8 Undo debugging comment 2014-01-14 17:02:30 -06:00
jvazquez-r7 6372ae6121 Save some parsing 2014-01-14 17:00:00 -06:00
Matt Andreko 2d40f936e3 Added some additional creds that were useful 2014-01-13 23:15:51 -05:00
Matt Andreko 42fb8c48d1 Fixed the credential parsing and made output consistent
So in the previous refactor, we made the dedicated method to parse
usernames and passwords from the split up config values. However, that
didn't work, because on a single iteration of the loop, you only have
access to a possible username OR password. The other matching key will
be another iteration of the loop. Because of this, no credential pairs
were being reported.

The only way I can see around this (maybe because I'm a ruby newb) would
be to iterate over configs, and if the user or password regex matches,
add the matching value to a hash, which is identified by a key for both
user & pass. Then upon completion of the loop, it'd iterate over the
hash, finding keys that had both user & pass values.
2014-01-13 22:57:25 -05:00
Tod Beardsley 207e9c413d
Add the test info for sercomm_dump_config 2014-01-13 14:27:03 -06:00
Tod Beardsley 671027a126
Pre-release title/desc fixes 2014-01-13 13:57:34 -06:00
jvazquez-r7 95a5d12345 Merge #2835, #2836, #2837, #2838, #2839, #2840, #2841, #2842 into one branch 2014-01-13 10:57:09 -06:00
jvazquez-r7 410302d6d1 Fix indentation 2014-01-09 15:14:52 -06:00
Matt Andreko b1073b3dbb Code Review Feedback
Removed the parameters from get() since it works without them
2014-01-09 15:54:23 -05:00
Matt Andreko 2a0f2acea4 Made fixes from the PR from jvazquez-r7
The get_once would *only* return "MMcS", and stop. I
modified it to be a get(3, 3). Additionally, the command
length was set to 0x01 when it needed to be 0x00.
2014-01-09 15:33:04 -05:00
jvazquez-r7 be6958c965 Clean sercomm_dump_config 2014-01-09 13:42:11 -06:00
Matt Andreko 01c5585d44 Moved auxiliary module to a more appropriate folder 2014-01-09 10:17:26 -05:00
Matt Andreko d9e737c3ab Code Review Feedback
Refactored the configuration settings so that creds could be reported to
the database more easily, while still being able to print general
configuration settings separately.
2014-01-09 10:14:34 -05:00
Matt Andreko 81adff2bff Code Review Feedback
Changed datastore['rhost'] to rhost
Made the array storing configuration values into a class const
Moved superfluous array look-over to not be executed unless in verbose
mode
2014-01-09 09:19:13 -05:00
Niel Nielsen 1479ef3903 Update typo3_winstaller_default_enc_keys.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:08:10 +01:00
Matt Andreko c5a3a0b5b7 Cleanup 2014-01-02 20:44:18 -05:00
Matt Andreko 6effdd42fa Added module to enumerate certain Sercomm devices through backdoor
See more: https://github.com/elvanderb/TCP-32764
2014-01-02 20:42:42 -05:00
jvazquez-r7 7f9f4ba4db Make gsubs compliant with the new indentation standard 2013-12-31 11:06:53 -06:00
jvazquez-r7 0eac17083a Clean cfme_manageiq_evm_pass_reset 2013-12-18 16:16:32 -06:00
Ramon de C Valle b9a9b90088 Update module to use added bcrypt gem 2013-12-18 16:15:35 -02:00
Ramon de C Valle e20569181b Remove EzCrypto-related code as per review 2013-12-18 16:15:22 -02:00
Ramon de C Valle ef081cec49 Add missing disclosure date as per review 2013-12-18 15:47:23 -02:00
Ramon de C Valle 37826688ce Add cfme_manageiq_evm_pass_reset.rb
This module exploits a SQL injection vulnerability in the "explorer"
action of "miq_policy" controller of the Red Hat CloudForms Management
Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier)
by changing the password of the target account to the specified
password.
2013-12-09 16:49:07 -02:00
sinn3r 230db6451b Remove @peer for modules that use HttpClient
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
Tod Beardsley 55847ce074
Fixup for release
Notably, adds a description for the module landed in #2709.
2013-12-02 16:19:05 -06:00
sinn3r 20e0a7dcfb
Land #2709 - ZyXEL GS1510-16 Password Extractor 2013-12-02 13:13:01 -06:00
Sven Vetsch / Disenchant 39fbb59ba9 re-added the reference I accidentally deleted 2013-12-02 19:06:19 +01:00
Sven Vetsch / Disenchant cb98d68e47 added @wchen-r7's code to store the password into the database 2013-12-02 18:35:59 +01:00
Sven Vetsch / Disenchant 8e73023baa and now in the correct data structure 2013-12-01 17:38:35 +01:00
Sven Vetsch / Disenchant ef77b7fbbf added reference as requested at https://github.com/rapid7/metasploit-framework/pull/2709 2013-12-01 17:36:15 +01:00
Sven Vetsch / Disenchant aa62800184 added ZyXEL GS1510-16 Password Extractor 2013-11-29 10:42:17 +01:00
Jeff Jarmoc 03838aaa79 Update rails_devise_pass_reset.rb
Fixed erroneous status if FLUSHTOKENS is false.
2013-11-27 22:27:45 -06:00
Jeff Jarmoc 7f8baf979d Adds the ability to configure object name in URI and XML. This allows exploiting other platforms that include devise.
For example, activeadmin is exploitable if running a vulnerable devise and rails version with the following settings;
msf > use auxiliary/admin/http/rails_devise_pass_reset
msf auxiliary(rails_devise_pass_reset) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf auxiliary(rails_devise_pass_reset) > set RPORT 3000
RPORT => 3000
msf auxiliary(rails_devise_pass_reset) > set TARGETEMAIL admin@example.com
TARGETEMAIL => admin@example.com
msf auxiliary(rails_devise_pass_reset) > set TARGETURI /admin/password
TARGETURI => /admin/password
msf auxiliary(rails_devise_pass_reset) > set PASSWORD msf_pwnd
PASSWORD => msf_pwnd
msf auxiliary(rails_devise_pass_reset) > set OBJECTNAME admin_user
OBJECTNAME => admin_user
msf auxiliary(rails_devise_pass_reset) > exploit

[*] Clearing existing tokens...
[*] Generating reset token for admin@example.com...
[+] Reset token generated successfully
[*] Resetting password to "msf_pwnd"...
[+] Password reset worked successfully
[*] Auxiliary module execution completed
msf auxiliary(rails_devise_pass_reset) >
2013-11-27 15:35:43 -06:00
Meatballs dd9bb459bf
PSEXEC Refactor
Move peer into mixin
PSEXEC should use the psexec mixin
2013-11-24 16:24:05 +00:00
Tod Beardsley 84572c58a8
Minor fixup for release
* Adds some new refs.
  * Fixes a typo in a module desc.
  * Fixes a weird slash continuation for string building (See #2589)
2013-11-04 12:10:38 -06:00
Rich Lundeen c3113f796e Incorporating a few more cleanup items from jvazquez 2013-10-31 21:32:58 -07:00
Rich Lundeen cbfef6ec7a incoporating jvazquez feedback 2013-10-31 00:17:50 -07:00
Tod Beardsley 344413b74d
Reorder refs for some reason. 2013-10-30 12:25:55 -05:00
Tod Beardsley 32794f9d37
Move OpenBravo to aux module land 2013-10-30 12:20:04 -05:00
Tod Beardsley 9bb9f8b27b
Update descriptions on SMB file utils. 2013-10-28 13:48:25 -05:00
Tod Beardsley 0f63420e9f
Be specific about the type of hash
See #2583. Since there are several types of hashes, we need to be more
specific about this -- see modules/exploits/windows/smb/psexec.rb which
uses an "smb_hash" as a password type.

Also, the fixes in #2583 do not appear to address anything else reported
on the Redmine issue, namely, operating system and architecture
identification discovered with this module (assuming good credentials).
Therefore, the Redmine issue should not be considered resolved.

[SeeRM #4398]
2013-10-28 13:40:07 -05:00
jvazquez-r7 9276a839d4 [FixRM #4398] Report credentials to database 2013-10-25 16:19:47 -05:00
sinn3r 7ee615223d
Land #2570 - HP Intelligent Management SOM Account Creation 2013-10-24 14:14:06 -05:00
jvazquez-r7 69da39ad52 Add module for ZDI-13-240 2013-10-23 16:01:01 -05:00
sinn3r d1e1968cb9
Land #2566 - Download and delete a file via SMB 2013-10-23 12:28:57 -05:00
sinn3r 9a51dd5fc4 Do exception handling and stuff 2013-10-23 12:28:25 -05:00
sinn3r 0500842625 Do some exception handling 2013-10-23 12:22:49 -05:00
sinn3r 83a4ac17e8 Make sure fd is closed to avoid a possible resource leak 2013-10-23 12:16:18 -05:00
sinn3r af02fd0355 Use store_loot, sorry mubix 2013-10-23 12:13:05 -05:00
Rob Fuller 8f3228d191 chage author but basic copied from hdms upload_file 2013-10-22 21:13:30 -04:00
Rob Fuller b2b8824e2e add delete and download modules for smb 2013-10-22 16:31:56 -04:00
William Vu 2aed8a3aea Update modules to use new ZDI reference 2013-10-21 15:13:46 -05:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
sinn3r 6430fa3354
Land #2539 - Support Windows CMD generic payload
This also upgrades auxiliary/admin/scada/igss_exec_17 to an exploit
2013-10-21 11:26:13 -05:00
jvazquez-r7 be1d6ee0d3 Support Windows CMD generic payload 2013-10-17 14:07:27 -05:00
Tod Beardsley 07ab53ab39
Merge from master to clear conflict
Conflicts:
	modules/exploits/windows/brightstor/tape_engine_8A.rb
	modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
2013-10-17 13:29:24 -05:00
Tod Beardsley 2833d58387
Add OSVDB for vbulletin exploit 2013-10-16 15:01:28 -05:00
Tod Beardsley 3c2dddd7aa
Update reference with a non-plagarised source 2013-10-16 14:44:18 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat
[SeeRM #8496]
2013-10-15 13:51:57 -05:00
Tod Beardsley cad7329f2d
Minor updates to vbulletin admin exploit 2013-10-10 22:09:38 -05:00
jvazquez-r7 4f3bbaffd1 Clean module and add reporting 2013-10-09 13:54:28 -05:00
jvazquez-r7 5c36533742 Add module for the vbulletin exploit in the wild 2013-10-09 13:12:57 -05:00
Meatballs c460f943f7
Merge branch 'master' into data_dir
Conflicts:
	modules/exploits/windows/local/always_install_elevated.rb
	plugins/sounds.rb
	scripts/meterpreter/powerdump.rb
	scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
FireFart 09fa7b7692 remove rport methods since it is already defined in Msf::Exploit::Remote::HttpClient 2013-09-25 23:50:34 +02:00
sinn3r d006ee52b1 Land #2344 - Sophos Web Protection Appliance patience.cgi Directory Traversal 2013-09-12 14:13:32 -05:00
jvazquez-r7 02a073a8fe Change module filename 2013-09-09 23:30:37 -05:00
jvazquez-r7 64348dc020 Update information 2013-09-09 23:29:48 -05:00
jvazquez-r7 2252aee398 Fix ltype on store_loot 2013-09-09 14:02:28 -05:00
jvazquez-r7 ce769b0c78 Add module for CVE-2013-2641 2013-09-09 13:56:45 -05:00
jvazquez-r7 3d48ba5cda Escape dot on regex 2013-09-08 20:26:20 -05:00
jvazquez-r7 be9b0da595 Update print message 2013-09-06 16:09:38 -05:00
jvazquez-r7 830bc2ae64 Update OSVDB reference 2013-09-06 13:01:39 -05:00
jvazquez-r7 4e3d4994c3 Update description 2013-09-06 12:58:54 -05:00
jvazquez-r7 45821a505b Add module for CVE-2013-0653 2013-09-06 12:42:34 -05:00
Tab Assassin 6b330ad39f Retab changes for PR #2134 2013-09-05 14:24:37 -05:00
Tab Assassin 52ce6afd99 Merge for retab 2013-09-05 14:24:31 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
jvazquez-r7 b9360b9de6 Land #2286, @wchen-r7's patch for undefined method errors 2013-08-26 20:46:05 -05:00
sinn3r 7fad26968c More fix to jboss_seam_exec 2013-08-26 17:16:15 -05:00
Tod Beardsley 5b4890f5b9 Fix caps on typo3_winstaller module 2013-08-26 14:47:42 -05:00
sinn3r 37eaa62096 Fix undefined method error
[FixRM #8346]
2013-08-21 00:42:33 -05:00
sinn3r 9ca7a727e1 Fix undefined method error
[FixRM #8347]
2013-08-21 00:41:49 -05:00
sinn3r 5993cbe3a8 Fix undefined method error
[FixRM #8348]
2013-08-21 00:40:38 -05:00
sinn3r 9f98d4afe6 Fix undefined method error
[FixRM #8349]
2013-08-21 00:38:35 -05:00
sinn3r ea78e8309d Fix undefined method error
[FixRM #8350]
2013-08-21 00:35:36 -05:00
jvazquez-r7 586ae8ded3 Land #2249, @wchen-r7's patch for [SeeRM #8314] 2013-08-20 10:32:47 -05:00
jvazquez-r7 4790d8de50 Land #2256, @wchen-r7's patch for [FixRM #8316] 2013-08-19 23:23:57 -05:00
sinn3r 5366453031 [FixRM #8316] - Escape characters correctly
dots need to be escaped
2013-08-19 16:51:19 -05:00
sinn3r 7fc37231e0 Fix email format
Correct email format
2013-08-19 16:34:14 -05:00
sinn3r 17b5e57280 Typo 2013-08-19 15:32:19 -05:00
sinn3r fb5ded1472 [FixRM #8314] - Use OptPath instead of OptString
These modules need to use OptPath to make sure the path is validated.
2013-08-19 15:30:33 -05:00
jvazquez-r7 f42797fc5c Fix indentation 2013-08-16 14:19:37 -05:00
Tod Beardsley f7339f4f77 Cleanup various style issues
* Unset default username and password
  * Register SSL as a DefaultOption instead of redefining it
  * Use the HttpClient mixin `ssl` instead of datastore.
  * Unless is better than if !
  * Try to store loot even if you can't cleanup the site ID.
2013-08-16 14:03:59 -05:00
jvazquez-r7 dfa1310304 Commas in the author array 2013-08-16 13:54:46 -05:00
Tod Beardsley 24b8fb0d7b Whitespace retab, add rport 3780 as default 2013-08-16 13:31:05 -05:00
Tod Beardsley e436d31d23 Use SSL by defailt 2013-08-16 11:32:10 -05:00
Tod Beardsley 60a229c71a Use rhost and rport, not local host and port 2013-08-16 11:12:39 -05:00
Tod Beardsley 646d55b638 Description should be present tense 2013-08-16 11:06:34 -05:00
Tod Beardsley f0237f07d6 Correct author and references 2013-08-16 11:04:51 -05:00
Brandon Perry 46d6fb3b42 Add module for xxe 2013-08-16 10:51:05 -05:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
jvazquez-r7 47c21dfe85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 11:42:11 -05:00
Tod Beardsley 147d432b1d Move from DLink to D-Link 2013-07-23 14:11:16 -05:00
jvazquez-r7 4367a9ae49 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-22 15:09:35 -05:00
jvazquez-r7 70900cfe5e Final cleanup for foreman_openstack_satellite_priv_esc 2013-07-22 14:59:23 -05:00
Ramon de C Valle b6c9fd4723 Add foreman_openstack_satellite_priv_esc.rb
This module exploits a mass assignment vulnerability in the 'create'
action of 'users' controller of Foreman and Red Hat OpenStack/Satellite
(Foreman 1.2.0-RC1 and earlier) by creating an arbitrary administrator
account.
2013-07-22 15:24:25 -03:00
Rich Lundeen 12e48e252f one more logdir fix, tested 2013-07-20 10:40:06 -07:00
Rich Lundeen 5fd8d53378 fixed bug with default logdir 2013-07-20 10:35:25 -07:00
Rich Lundeen 183cd7337d added ability to execute larger scripts 2013-07-19 15:24:51 -07:00
jvazquez-r7 52079c960f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 12:52:42 -05:00
Tod Beardsley 3ac2ae6098 Disambiguate the module title from existing psexec 2013-07-17 17:11:56 -05:00
jvazquez-r7 7ab4d4dcc4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 17:34:29 -05:00
jvazquez-r7 5c265c99d2 Clean jboss_seam_exec @cmaruti's collab 2013-06-25 14:09:30 -05:00
Cristiano Maruti f78b4d8874 modified according to jvazquez-r7 feedback 2013-06-20 16:29:42 +02:00
Cristiano Maruti 4846a680db modified according to jvazquez-r7 feedback 2013-06-20 16:19:43 +02:00
Cristiano Maruti 8e64bf3d16 modified according to jvazquez-r7 feedback 2013-06-20 16:15:28 +02:00
Cristiano Maruti a5332e5ed2 Module was updated to support WebSphere AS running seam-2.
msf auxiliary(jboss_seam_exec) > run

[*] Found right index at [0] - getRuntime
[*] Index [1]
[*] Index [2]
[*] Index [3]
[*] Index [4]
[*] Index [5]
[*] Found right index at [6] - exec
[*] Index [7]
[*] Index [8]
[*] Index [9]
[*] Index [10]
[*] Index [11]
[*] Index [12]
[*] Index [13]
[*] Index [14]
[*] Index [15]
[*] Index [16]
[*] Index [17]
[*] Index [18]
[*] Index [19]
[*] Index [20]
[*] Index [21]
[*] Index [22]
[*] Index [23]
[*] Index [24]
[*] Target appears VULNERABLE!
[*] Sending remote command:pwd
[*] Exploited successfully
[*] Auxiliary module execution completed
2013-06-20 12:17:07 +02:00
jvazquez-r7 66ea59b03f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-28 15:22:46 -05:00
darknight007 6f2ddb3704 Update mssql_findandsampledata.rb 2013-05-25 11:33:57 +05:00
jvazquez-r7 011b0bb741 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-15 09:07:47 -05:00
jvazquez-r7 649a8829d3 Add modules for Mutiny vulnerabilities 2013-05-15 09:02:25 -05:00
jvazquez-r7 51a532e8b4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-12 17:39:58 -05:00
jvazquez-r7 feac292d85 Clean up for dlink_dsl320b_password_extractor 2013-05-12 17:35:59 -05:00
jvazquez-r7 ee46771de5 Land #1799, @m-1-k-3's auth bypass module for Dlink DSL320 2013-05-12 17:34:08 -05:00
m-1-k-3 e3582887cf OSVDB, Base64 2013-05-07 08:28:48 +02:00