9f98fd4d87
Info leak webapp ROOT so we can cleanup
2014-12-27 08:47:51 -06:00
5afd2d7f4b
Add module for ZDI-14-410
2014-12-26 20:40:28 -06:00
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
d1523c59a9
Land #3965 - BMC Track-It! Arbitrary File Upload
2014-10-17 19:47:42 -05:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
b1223165d4
Trivial grammar fixes
2014-10-14 12:00:50 -05:00
4b7a446547
... and restore use of the complicated socket
2014-10-09 18:30:45 +01:00
c78651fccc
Use numbers for version tracking
2014-10-09 18:29:27 +01:00
411f6c8b2d
Land #3793 , @mfadzilr's exploit for CVE-2014-6287, HFS remote code execution
2014-10-08 12:16:09 -05:00
98b69e095c
Use %TEMP% and update ranking
2014-10-08 12:12:00 -05:00
d90fe4f724
Improve check method
2014-10-08 12:03:16 -05:00
25344aeb6a
Change filename
2014-10-08 11:55:33 -05:00
909f88680b
Make exploit aggressive
2014-10-08 11:08:01 -05:00
d02f0dc4b9
Make minor cleanup
2014-10-08 10:36:56 -05:00
d913bf1c35
Fix metadata
2014-10-08 10:29:59 -05:00
0a9795216a
Add OSVDB id and full disclosure URL
2014-10-08 08:25:41 +01:00
d328b2c29d
Add exploit for Track-It! file upload vuln
2014-10-07 23:50:10 +01:00
a2a2ca550e
add test result on different windows version
2014-09-20 20:06:30 +08:00
dd71c666dc
added osvdb reference and software download url, use FileDropper method
...
for cleanup
2014-09-20 15:31:28 +08:00
19ed594e98
using FileDropper method for cleanup
2014-09-20 10:52:21 +08:00
677d035ce8
added proper regex for check function
...
add comment for changed code
2014-09-19 11:30:51 +08:00
978803e9d8
add proper regex
2014-09-16 21:49:02 +08:00
783b03efb6
change line 84 as mubix advice, update disclosure date according to
...
bugtraq security list.
2014-09-15 17:21:05 +08:00
9860ed340e
run msftidy, make correction for CVE format and space at EOL (line 77)
2014-09-15 13:13:25 +08:00
f1d3c44f4f
exploit module for HTTP File Server version 2.3b, exploiting HFS scripting commands 'save' and 'exec'.
2014-09-15 12:59:27 +08:00
74ef83812a
update module vulnerability information
2014-09-15 01:43:18 +08:00
8b4b66fcaa
initial test
2014-09-14 12:26:02 +08:00
0a6ce1f305
Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP
2014-09-09 17:21:03 -05:00
f063dcf0f4
Land #3741 , @pedrib's module for CVE-2014-5005 Desktop Central file upload
2014-09-04 15:44:21 -05:00
f466b112df
Minor cleaning on check
2014-09-04 15:43:59 -05:00
74b8e8eb40
Change module filename
2014-09-04 15:39:34 -05:00
7563c0bd0e
Use Gem::Version
2014-09-04 14:40:13 -05:00
2615a7a3be
Favor \&\& and || operands
2014-09-04 14:35:37 -05:00
f0e3fa18a3
Restore the original filename
2014-09-03 21:32:05 +01:00
d69049008c
Refactor and rename desktopcentra_file_upload
...
- Rewrite check method
- Declare that v7 is also exploitable (tested and it works)
- Rename to dc_agentlogupload_file_upload to match the other DC module's naming convention
- Add CVE / OSVDB / Full disclosure references
2014-09-02 23:12:33 +01:00
05856016c9
Add exploit for CVE-2014-5005
2014-09-02 23:09:10 +01:00
8b1791da22
Modify modules to keep old behavior
2014-08-31 01:18:53 -05:00
474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-20 21:01:54 +01:00
8733dcb2f8
Land #3531 - Windows 2008 Update for HP AutoPass License
2014-07-16 15:13:05 -05:00
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
b6ded9813a
Remove EOL whitespace
2014-07-16 14:56:34 -05:00
7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-16 20:34:34 +01:00
6d05a24653
Add target information
2014-07-15 17:45:45 -05:00
604a612393
Have into account differences between windows default installs
2014-07-15 15:03:07 -05:00
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
9fef2ca0f3
Description/whitespace changes (minor)
...
Four modules updated for the weekly release with minor cosmetic fixes.
- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
2014-07-07 12:39:05 -05:00
79c433e7ea
Land #3480 - Oracle Event Processing FileUploadServlet Arbitrary File Upload
2014-07-03 14:09:12 -05:00
c207d14d1f
Update description
2014-07-03 14:08:31 -05:00
5e0211016d
Merge to solve conflicts
2014-07-03 09:16:04 -05:00
449fde5e7c
Description update
2014-07-01 10:26:52 -05:00
c43006f820
Update cogent module description, fix msftidy warnings
2014-07-01 10:06:33 -05:00
1acd5e76cb
Add check code for event processing 12
2014-06-29 15:47:57 -05:00
a94396867c
Add module for ZDI-14-106, Oracle Event Processing
2014-06-29 15:44:20 -05:00
748589f56a
Make cmdstager flavor explicit or from info
...
Every module that uses cmdstager either passes the flavor
as an option to the execute_cmdstager function or relies
on the module / target info now.
2014-06-28 17:40:49 -04:00
c8e44c341c
Fix use of sock.get vs sock.get_once
2014-06-28 16:10:18 -05:00
6e80481384
Fix bad use of sock.get() and check() implementations
...
Many of these modules uses sock.get() when they meant get_once()
and their HTTP-based checks were broken in some form. The response
to the sock.get() was not being checked against nil, which would
lead to stack traces when the service did not reply (a likely
case given how malformed the HTTP requests were).
2014-06-28 16:05:05 -05:00
45248dcdec
Add YARD documentation for methods
2014-06-27 08:34:56 -04:00
870fa96bd4
Allow quotes in CmdStagerFlavor metadata
2014-06-27 08:34:56 -04:00
91e2e63f42
Add CmdStagerFlavor to metadata
2014-06-27 08:34:55 -04:00
7ced5927d8
Use One CMDStagermixin
2014-06-27 08:34:55 -04:00
ae25c300e5
Initial attempt to unify the command stagers.
2014-06-27 08:34:55 -04:00
a60dfdaacb
Land #3471 - HP AutoPass License Server File Upload
2014-06-26 14:34:32 -05:00
3ed7050b67
Lands 3420 after wrapping most lines at 80
2014-06-24 17:37:43 -05:00
3fe162a8b1
wraps most lines at 80
2014-06-24 17:36:10 -05:00
267642aa4b
Fix description
2014-06-23 09:20:47 -05:00
cc3c06440f
Add module for ZDI-14-195, HP AutoPass License Traversal
2014-06-23 09:19:56 -05:00
9af9d2f5c2
slight cleanup
2014-06-17 19:08:31 -05:00
1133332702
Finish module
2014-06-17 15:01:35 -05:00
8f8af0e93a
Add draft version
2014-06-17 14:21:49 -05:00
2fe7593559
Land #3433 , @TecR0c's exploit for Easy File Management Web Server
2014-06-13 09:54:12 -05:00
34f98ddc50
Do minor cleanup
2014-06-11 09:20:22 -05:00
b27b00afbb
Added target 4.0 and cleaned up exploit
2014-06-11 06:22:47 -07:00
f1382af018
Added target 4.0 and cleaned up exploit
2014-06-11 06:20:49 -07:00
a554b25855
Use EXITFUNC
2014-06-10 09:51:06 -05:00
3d33a82c1c
Changed to unless
2014-06-09 09:31:14 -07:00
1252eea4b9
Changed to unless
2014-06-09 09:26:03 -07:00
52d26f290f
Added check in exploit func
2014-06-09 03:23:14 -07:00
8ecafbc49e
Easy File Management Web Server v5.3 Stack Buffer Overflow
2014-06-08 04:21:14 -07:00
6bef6edb81
Update efs_easychatserver_username.rb
...
Add targets for versions 2.0 to 3.1.
Add install path detection for junk size calculation.
Add version detection for auto targeting.
2014-06-08 06:36:18 +10:00
079fe8622a
Add module for ZDI-14-136
2014-06-04 10:29:33 -05:00
352e14c21a
Land #3391 , all vars_get msftidy warning fixes
2014-05-26 23:41:46 -05:00
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
8d4d40b8ba
Resolved some Set-Cookie warnings
2014-05-24 00:34:46 +02:00
38d8df4040
Merge remote-tracking branch 'upstream/master' into pr2075
...
Conflicts:
modules/exploits/windows/local/wmi.rb
2014-04-15 22:06:45 +01:00
a85d451904
Add module for CVE-2014-2314
2014-04-02 14:49:31 -05:00
d27264b402
Land #2782 , fix expand_path abuse
2014-03-19 08:41:28 -05:00
517f264000
Add last chunk of fixes
2014-03-11 12:46:44 -05:00
25ebb05093
Add next chunk of fixes
...
Going roughly a third at a time.
2014-03-11 12:23:59 -05:00
3ea3968d88
Merge branch 'upstream/master' into stop_abusing_expand_path
...
Conflicts:
lib/msf/core/post/windows/shadowcopy.rb
modules/exploits/windows/local/bypassuac.rb
modules/post/windows/gather/wmic_command.rb
modules/post/windows/manage/persistence.rb
2014-03-11 23:13:39 +10:00
2885ebcb40
Merge remote-tracking branch 'upstream/master' into pr2075
2014-03-02 20:57:02 +00:00
c9f0885c54
Apply @jlee-r7's feedback
2014-02-24 10:49:13 -06:00
fdd0d91817
Updated the Ultra Minit HTTP bof exploit
...
After exploiting this application manually I decided to make this
an MSF exploit, only to find that other people had beaten me to it.
However, the existing exploit was broken in a few ways, and this
commit makes those problems go away. They include:
* Correct use of alpha chars in the buffer leading up to the payload
which results in bad chars being avoided. Bad chars muck with the
offsets because they get expanded.
* Adjustment of the payload so that it runs in another thread instead
of in the thread of the request handler. This prevents the session
from being killed after the hard-coded 60-second timeout that is
baked into the application.
* The handler thread terminates itself so that the process doesn't
crash.
* Extra targets were added based on the machines I had access to.
2014-02-23 21:23:41 +10:00
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
c37cb5075c
Merge remote-tracking branch 'upstream/master' into pr2075
2014-02-08 22:11:31 +00:00
89e1bcc0ca
Deprecate modules with date 2013-something
...
These modules had an expiration date of 2013.
2014-02-04 14:49:18 -06:00
cdc425e4eb
Update some checks
2014-01-24 12:08:23 -06:00
fe767f3f64
Saving progress
...
Progress group 2: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 11:07:03 -06:00
e5dc6a9911
Update exploit checks
...
Progress group 1: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-20 14:26:10 -06:00
1cb671b02e
Merge branch 'adjust_getenv_api' into stop_abusing_expand_path
2014-01-03 08:14:02 +10:00
7f9f4ba4db
Make gsubs compliant with the new indentation standard
2013-12-31 11:06:53 -06:00
9fb081cb2d
Add getenvs, update getenv, change extract_path use
...
Stacks of modules were using `extract_path` where it wasn't really semantically correct
because this was the only way to expand environment variables. This commit fixes that
up a bit.
Also, I changed the existing `getenv` function in `stdapi` to `getenvs`, and had it
support the splat operator. I added a `getenv` function which is used just for a
single variable and uses `getenvs` behind the scenes.
The meterpreter console `getenv` command now uses `getenvs`
2013-12-19 11:54:34 +10:00
040619c373
Minor description changes
...
No code changes (one comment made on play_youtube to suggest xdg-open
rather than firefox for linux targets).
2013-12-16 14:57:33 -06:00
b252e7873b
Merge remote-tracking branch 'upstream/master' into pr2075
2013-12-16 14:29:05 +00:00
3a9ac303f0
Use rexml for XML data generation
2013-12-10 15:37:44 -06:00
230fcd87a5
Add module for zdi-13-259
2013-12-10 08:45:08 -06:00
230db6451b
Remove @peer for modules that use HttpClient
...
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
2d77ed58d5
Land #2648 , @pnegry's exploit for Kaseya File Upload
2013-12-03 09:35:05 -06:00
2606a6ff0e
Do minor clean up for kaseya_uploadimage_file_upload
2013-12-03 09:34:25 -06:00
21bb8fd25a
Update based on jvazquez's suggestions.
2013-12-03 13:49:31 +13:00
d1e4975f76
Use res.get_cookies instead of homebrew parse. Use _cgi
2013-11-28 16:35:36 +13:00
bb0753fcdd
Updated module to comply with indentation standard and to use suggestions from reviewers
2013-11-27 16:00:00 +13:00
ec36cebeb4
Update cmd_psh_payloads to send the architecture.
2013-11-22 23:31:33 +00:00
885fedcc3b
Fix target name
2013-11-21 17:42:31 -06:00
77aa665385
Add Privileged flag
2013-11-21 09:28:28 -06:00
2ab3ab8b66
Delete empty Payload metadata section
2013-11-21 09:27:25 -06:00
6bd3c4c887
Fix target name
2013-11-21 09:07:25 -06:00
4c2ad4ca9a
Fix metadata
2013-11-21 09:06:47 -06:00
8e4c5dbb5e
improve upload_file response check
2013-11-21 09:02:11 -06:00
8fdfeb73db
Fix use of FileDropper and improve check method
2013-11-21 09:01:41 -06:00
4abf01c64c
Clean indentation
2013-11-21 08:32:54 -06:00
4cc20f163b
Update References field to be compliant.
2013-11-20 13:01:21 +13:00
c76fa32345
Fixed reference format
2013-11-20 12:53:21 +13:00
26a5e37266
Use MSF::Exploit:FileDropper to register the uploaded file for cleanup.
2013-11-20 12:27:22 +13:00
07c76fd3e6
Module cleaned for msftidy compliance.
2013-11-20 11:33:14 +13:00
960f7c9bbb
Add DesktopCentral arbitrary file upload exploit.
2013-11-18 16:11:28 +13:00
60a245b0c3
Fix the arch declaration in uploaded module.
2013-11-18 14:49:03 +13:00
636fdfe2d2
Added Kaseya uploadImage exploit.
2013-11-18 14:23:34 +13:00
2aed8a3aea
Update modules to use new ZDI reference
2013-10-21 15:13:46 -05:00
4c14595525
Land #2535 - Use %PATH% for notepad
2013-10-21 13:14:44 -05:00
d22e4ac2f1
Check timeout condition
2013-10-21 11:13:48 -05:00
27078eb5a6
Add support for HP imc /BIMS 5.1
2013-10-20 18:18:34 -05:00
b0d32a308a
Update version information
2013-10-19 00:52:22 -05:00
7d8a0fc06c
Add BID reference
2013-10-19 00:29:43 -05:00
cf239c2234
Add module for ZDI-13-238
2013-10-19 00:05:09 -05:00
563bf4e639
Fix bug #8502 , used %PATH% for notepad invocation
...
We use system %PATH% for notepad executable instead of the absolute
path, because it caused a problem with the migrate script in a 64-bit
meterpreter session. By default the wordpad binary is not in the
%PATH%, so the condition in hp_nnm_ovbuildpath_textfile.rb was not
changed.
2013-10-17 15:41:12 +02:00
ed0b84b7f7
Another round of re-splatting.
2013-10-15 14:14:15 -05:00
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
84ec2cbf11
remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:42:44 +02:00
93486a627d
Whoops on trailing commas
2013-09-24 15:14:11 -05:00
3906d4a2ca
Fix caps that throw msftidy warnings
2013-09-24 13:03:16 -05:00
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
b4b7cecaf4
Various minor desc fixes, also killed some tabs.
2013-09-16 15:50:00 -05:00
67cd62f306
Land #2366 - HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
2013-09-16 01:44:23 -05:00
54e9cd81f3
Add module for ZDI-13-226
2013-09-13 17:31:51 -05:00
10303a8c2a
Delete debug print_status
2013-09-13 17:05:23 -05:00
dca4351303
Add check function
2013-09-13 16:51:14 -05:00
f7c4e081bb
Add module for ZDI-13-225
2013-09-13 16:40:28 -05:00
aff35a615b
Grammar fixes in descriptions
2013-09-09 15:09:53 -05:00
7d4bf0c739
Retab changes for PR #2327
2013-09-05 23:25:41 -05:00
34b499588b
Merge for retab
2013-09-05 23:24:22 -05:00
5c06a471f9
Get the call result
2013-09-05 08:33:35 -05:00
3681955f68
Use Msf::Config.data_directory
2013-09-05 08:28:50 -05:00
6b1d7545d6
Refactor, avoid duplicate code
2013-09-05 08:26:49 -05:00
b6245eea72
Update target info
2013-09-04 16:43:26 -05:00
34b3ee5e17
Update ranking and description
2013-09-04 16:10:15 -05:00
94125a434b
Add module for ZDI-13-205
2013-09-04 15:57:22 -05:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
15b741bb5f
Require the powershell mixin explicitly
2013-08-27 10:36:51 -05:00
6b15a079ea
Update for grammar in descriptions on new modules.
2013-08-26 14:52:51 -05:00
7b5e98d57e
Land #2269 - Oracle Endeca Server Remote Command Execution
2013-08-23 15:40:31 -05:00
ad214da3de
Switch to powershell to exec payload
2013-08-23 14:39:29 -05:00
a45f49e3b7
Use a new Ranking
2013-08-23 08:49:58 -05:00
965e2d88fe
Use normalize_uri
2013-08-21 16:49:24 -05:00
b72566b8aa
Add module for ZDI-13-190
2013-08-21 12:47:47 -05:00
ca313806ae
Trivial grammar and word choice fixes for modules
2013-08-19 13:24:42 -05:00
a75a4906f2
Description update
2013-08-16 23:28:24 -05:00
a8cc15db20
Add module for ZDI-13-178
2013-08-16 18:13:18 -05:00
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
98e0053dc6
Fix indent level
2013-08-14 13:07:01 -05:00
7145a85fb4
Add MiniWeb (Build 300) Arbitrary File Upload
2013-08-15 01:01:46 +09:30
568181de84
Add sthetic spaces
2013-08-12 22:33:34 -05:00
6d70d4924e
Land #2206 , @PsychoSpy module for OSVDB 94097
2013-08-12 22:27:03 -05:00
7981601eb8
Do final cleanup on intrasrv_bof
2013-08-12 22:24:53 -05:00
2d3c2c1c87
Set default target to 0 because there's only one
2013-08-12 20:01:23 -05:00
51d9c59dcd
Extra tabs, bye
2013-08-12 19:13:20 -05:00
db78ffcc46
...
2013-08-12 18:21:10 -04:00
49bcec5c92
Additional cleanup
2013-08-12 18:20:03 -04:00
7014322dfd
Code cleanup
2013-08-12 18:16:00 -04:00
264fe32705
Added new badchars
2013-08-12 18:08:49 -04:00
bbc93b2a58
msftidy
2013-08-12 15:14:01 -04:00
28f030494e
Use tcp mixin/clean corrupt bytes
2013-08-12 15:12:15 -04:00
7854c452d2
Added more payload padding
2013-08-12 11:10:10 -04:00
9f33a59dc2
Fix target ret
2013-08-12 11:04:55 -04:00
6f96445b42
Change target ret/cleanup
2013-08-12 10:13:48 -04:00
a35d548979
Use HttpClient
2013-08-12 10:01:01 -04:00
896320ed42
fix typo
2013-08-11 16:48:43 -04:00
4b14fa53e0
tidy debugs
2013-08-11 16:39:41 -04:00
90ef224c46
Implement CVE-2012-5019
2013-08-11 16:33:40 -04:00
185ef2ecae
msftidy
2013-08-10 16:01:44 -04:00
6fe4e3dd0e
Added Intrasrv 1.0 BOF
2013-08-10 15:56:07 -04:00
8cc07cc571
Merge Linux and Windows exploit in multi platform exploit
2013-08-02 18:49:03 +02:00
f927d1d7d3
Increase exploit reliability
...
From some limited testing, it appears that this exploit is
missing \x0d\x0a in the bad chars. If the generated payload / hunter
or egg contain that combination, it seems to cause reliability issues
and exploitation fails.
The home page for this software can be found at
http://www.leighb.com/intrasrv.htm
2013-08-02 09:06:20 +10:00
4a127c2ed2
Add hp_sys_mgmt_exec module for Linux and enhance module for Windows
...
The hp_sys_mgmt_exec module for Linux is a port of the Windows module with minor changes due to the requirement of quotes. It also uses Perl instead of PHP as PHP may not always be in the environment PATH. Although the Windows module works perfectly, it now uses the same technique to encode the command (thankfully, PHP adopted major syntax characteristics and functions from Perl).
2013-07-31 22:05:25 +02:00
7e539332db
Reverting disaster merge to 593363c5f with diff
...
There was a disaster of a merge at 6f37cf22eb593363c5f9
2013-07-29 21:47:52 -05:00
99a345f8d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 13:54:26 -05:00
164153f1e6
Minor updates to titles and descriptions
2013-07-22 13:04:54 -05:00
15b0e39617
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-21 13:47:40 -05:00
cb108a8253
Add module for ZDI-13-147
2013-07-18 15:37:11 -05:00
1a5e0e10a5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 13:53:57 -05:00
b90e1d54e2
Land #2117 - HP Managed Printing Administration jobAcct Command Exec
2013-07-18 13:21:11 -05:00
280529f885
Make some changes to the description
2013-07-18 13:20:36 -05:00
52079c960f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 12:52:42 -05:00
b94cde1d65
Name change for pyoor
2013-07-18 10:50:25 -05:00
3780b1b59f
Add module for ZDI-11-352
2013-07-18 09:39:55 -05:00
90b30dc317
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-26 14:31:52 -05:00
6ea622c45e
reference updates
2013-06-26 09:44:56 -05:00
7ab4d4dcc4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 17:34:29 -05:00
5b71013dde
reference updates
2013-06-25 13:41:22 -05:00
0c306260be
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:13:01 -05:00
4df943d1a2
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
2150d9efb0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-22 12:06:18 -05:00
5de7fff685
Credit
2013-06-21 21:38:40 -05:00
afa0e6c42a
Use CmdStagerVBS instead of CmdStagerTFTP
...
By using `php.exe` as stager, the bad characters can be completely
bypassed. This allows the use of the CmdStagerVBS, which should be
working on all supported Windows systems.
2013-06-22 01:13:03 +02:00
785639148c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-20 17:18:42 -05:00
8dfe9b5318
Add login feature
2013-06-20 04:16:23 -05:00
ebde05b783
Improve check
2013-06-20 03:18:33 -05:00
20621d17de
Add CVE-2013-3576 - HP System Management Homepage exploit
2013-06-20 03:08:42 -05:00
b20a38add4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-10 12:22:52 -05:00
f58e279066
Cleanup on module names, descriptions.
2013-06-10 10:52:22 -05:00
e5a17ba227
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-05 09:41:23 -05:00
0c1d46c465
Add more references
2013-06-05 02:43:43 -05:00
46aa6d38f8
Add a check for it
2013-06-05 02:41:03 -05:00
a270d37306
Take apart the version detection code
2013-06-05 02:34:35 -05:00
25fe03b981
People like this format better: IP:PORT - Message
2013-06-05 02:26:18 -05:00
02e29fff66
Make msftidy happy
2013-06-05 02:25:08 -05:00
35459f2657
Small name change, don't mind me
2013-06-05 02:18:11 -05:00
227fa4d779
Homie needs a default target
2013-06-05 02:16:59 -05:00
ed4766dc46
initial commit of novell mdm modules
2013-06-04 09:20:10 -07:00
0f3b13e21d
up to date
2013-05-16 15:02:41 -05:00
3009bdb57e
Add a few more references for those without
2013-05-16 14:32:02 -05:00
352a7afcd6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-14 22:29:24 -05:00
ce594a3ba2
Deprecate modules/exploits/windows/http/sap_mgmt_con_osexec_payload
2013-05-12 08:46:40 -05:00
a4632b773a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-28 12:59:16 -05:00
99b46202b9
Do final cleanup for sap_configservlet_exec_noauth
2013-04-26 08:45:34 -05:00
308b880d79
Land #1759 , @andrewkabai's exploit for SAP Portal Command Execution
2013-04-26 08:44:11 -05:00
5839e7bb16
simplify code
2013-04-26 12:14:42 +02:00
4aadd9363d
improve description
2013-04-26 12:13:45 +02:00
f3f60f3e02
Fixes P/P/R for target 0 (BadBlue 2.72b)
...
Target 1, which covers 2.72b, uses an invalid P/P/R from some unknown
DLL, and appears to be broken. Because 2.72b actually uses the same
ext.dll as BadBlue EE 2.7 (and that target 0 actually also works
against 2.72b), we might as well just use the same P/P/R again.
[FixRM #7875 ]
2013-04-25 20:20:24 -05:00
9dd9b2d1ba
implement cleanup functionality
...
register DELETE_FILES advanced option to take control of the cleanup
functionality of CmdStagerVBS and FileDropper, implement the necessary
changes
2013-04-25 20:02:24 +02:00
a28ef1847b
update references
2013-04-25 18:26:13 +02:00
676f2f5f4a
implement "check" functionality
2013-04-25 07:47:30 +02:00
3b46d5d4cd
fix typos
2013-04-25 07:22:16 +02:00
2759ef073e
correction on error handling
2013-04-25 07:19:27 +02:00
6b14ac5e71
add rank to module
2013-04-25 07:07:35 +02:00
f22d19a10c
remove unused code block
...
ARCH_CMD was implemented in previous version of this code.
2013-04-24 21:51:35 +02:00
0339be229a
implement dynamic timeout handling
2013-04-24 18:22:37 +02:00
6f8fc81497
improve error handling
2013-04-24 17:59:11 +02:00
57113bee80
fine correction
...
add license
remove one unnecessary tab to make msftidy happy
2013-04-24 15:07:32 +02:00
6485124cdf
fix module name
2013-04-24 10:54:52 +02:00
jvazquez-r7
Christian Mehlmauer
sinn3r
URI Assassin
Tod Beardsley
Pedro Ribeiro
mfadzilr
Meatballs
William Vu
Spencer McIntyre
HD Moore
Joshua Smith
TecR0c
Brendan Coles
OJ
Thomas Hibbert
jvazquez-r7
Norbert Szetei
Nathan Einwechter
Markus Wulftange
Ruslaideemin
Steve Tornio
steponequit
James Lee
Andras Kabai