ff6ad30be0
Add module for ZDI-13-006
2013-08-22 18:15:35 -05:00
965e2d88fe
Use normalize_uri
2013-08-21 16:49:24 -05:00
ffac6478cc
Un typo a client and server socket mixup.
2013-08-21 14:59:30 -04:00
514d2b4721
Fix to make msftidy happy.
2013-08-21 21:46:44 +03:00
b72566b8aa
Add module for ZDI-13-190
2013-08-21 12:47:47 -05:00
0cc499faf7
Minor deletes related to filetime change.
2013-08-21 14:47:50 +03:00
3a2433dac9
Remove unneeded filetime read
2013-08-21 12:18:07 +03:00
50e7d8015a
Validate datastore option "YEAR"
...
The YEAR option is a numeric value, so should be OptInt in order to
go through validation.
[FixRM #8345 ]
[FixRM #8344 ]
2013-08-21 01:38:16 -05:00
89753a6390
Fix undefined method error
...
[FixRM #8323 ]
2013-08-21 01:22:27 -05:00
92752de651
Fix undefined method error
...
[FixRM #8324 ]
2013-08-21 01:20:57 -05:00
77942f0d29
Fix undefined method error
...
[FixRM #8325 ]
2013-08-21 01:20:03 -05:00
2fa75e0133
Fix undefined method error
...
[FixRM #8325 ]
2013-08-21 01:16:49 -05:00
be29e44788
Fix undefined method error
...
[FixRM #8328 ]
2013-08-21 01:15:07 -05:00
ae8c40c8f7
Fix undefined method error
...
[FixRM #8329 ]
2013-08-21 01:10:46 -05:00
42a7766f1b
Fix undefined method error
...
[FixRM #8330 ]
2013-08-21 01:09:24 -05:00
0f85fa21b4
Fix undefined method error
...
[FixRM #8331 ]
2013-08-21 01:08:19 -05:00
8eeb66f96d
Fix undefined method error
...
[FixRM #8332 ]
2013-08-21 01:06:54 -05:00
785f633d1d
Fix undefined method error
...
[FixRM #8334 ]
[FixRM #8333 ]
2013-08-21 01:01:53 -05:00
0561928b92
Fix undefined method error
...
[FixRM #8336 ]
2013-08-21 00:54:08 -05:00
2597c71831
Fix undefined method error
...
[FixRM #8338 ]
[FixRM #8337 ]
2013-08-21 00:52:33 -05:00
092b43cbfa
Fix undefined method error
...
[FixRM #8339 ]
2013-08-21 00:50:37 -05:00
32a190f1bd
Fix undefined method error
...
[FixRM #8340 ]
2013-08-21 00:49:13 -05:00
217d89fa7c
Fix undefined method error
...
[FixRM #8341 ]
2013-08-21 00:47:31 -05:00
3a271e7cc7
Fix undefined method error
...
[FixRM #8342 ]
2013-08-21 00:45:48 -05:00
8806e76e4d
Fix undefined method error
...
[FixRM #8343 ]
2013-08-21 00:44:10 -05:00
37eaa62096
Fix undefined method error
...
[FixRM #8346 ]
2013-08-21 00:42:33 -05:00
9ca7a727e1
Fix undefined method error
...
[FixRM #8347 ]
2013-08-21 00:41:49 -05:00
5993cbe3a8
Fix undefined method error
...
[FixRM #8348 ]
2013-08-21 00:40:38 -05:00
9f98d4afe6
Fix undefined method error
...
[FixRM #8349 ]
2013-08-21 00:38:35 -05:00
35b15b6809
Fix undefined method error
...
[FixRM #8322 ]
2013-08-21 00:37:22 -05:00
ea78e8309d
Fix undefined method error
...
[FixRM #8350 ]
2013-08-21 00:35:36 -05:00
fe089030d4
Land #2257 , @wchen-r7's patch for [SeeRM #8317 ]
2013-08-20 13:43:37 -05:00
ceb0f56f42
Land #2258 , @wchen-r7's patch for [SeeRM #8318 ]
2013-08-20 13:26:34 -05:00
1702cf2af9
Use TARGETURI
2013-08-20 13:23:32 -05:00
3ac59fede7
Land #2251 , @wchen-r7's patch to use OptRegexp
2013-08-20 12:55:30 -05:00
202b31d869
Better fix based on feedback
...
Tell daddy how you want it.
2013-08-20 12:52:04 -05:00
42f774a064
Fix check method
2013-08-20 12:02:09 -05:00
533d98bd1b
Adding module for CVE 2013-5093, Graphite Web Exploit
2013-08-20 12:56:30 -04:00
546c523ed8
Land #2252 , @wchen-r7's patch for print_line vs print
2013-08-20 11:17:38 -05:00
8adc4f05dd
Land #2250 , @wchen-r7's clean up for mssql_ping
2013-08-20 10:38:01 -05:00
586ae8ded3
Land #2249 , @wchen-r7's patch for [SeeRM #8314 ]
2013-08-20 10:32:47 -05:00
277fc69a19
Land #2246 , @wchen-r7's patch for [SeeRM #8313 ]
2013-08-20 10:15:15 -05:00
f68d581b7a
[FixRM #8319 ] - Properly disable BLANK_PASSWORDS for ektron_cms400net
...
In module ektron_cms400net.rb, datastore option "BLANK_PASSWORDS" is
set to false by default, because according to the original author, a
blank password will result in account lockouts. Since the user should
never set "BLANK_PASSWORDS" to true, this option should never be
presented as an option (when issuing the "show options").
While fixing #8319 , I also noticed another bug at line 108, where
res.code is used when res could be nil due to a timeout, so I ended
up fixing it, too.
2013-08-20 01:20:52 -05:00
4790d8de50
Land #2256 , @wchen-r7's patch for [FixRM #8316 ]
2013-08-19 23:23:57 -05:00
246c2d82f9
[FixRM #8318 ] - Use normalize_uri properly
...
normalize_uri should be used when paths are being merged, not after.
2013-08-19 18:04:12 -05:00
3c27520e10
[FixRM #8317 ] - Fix possible double slash in file path
...
It is possible to have a double slash in the base path, shouldn't
happen.
2013-08-19 17:55:14 -05:00
268a3e769e
Missed this one
2013-08-19 17:45:05 -05:00
5366453031
[FixRM #8316 ] - Escape characters correctly
...
dots need to be escaped
2013-08-19 16:51:19 -05:00
7fc37231e0
Fix email format
...
Correct email format
2013-08-19 16:34:14 -05:00
a8ca32ab34
Oh yeah, need to do this too
2013-08-19 16:28:58 -05:00
154b1e8888
Remove comments
2013-08-19 16:27:35 -05:00
cf10a0ca91
Use print_line instead of print
...
These modules should be using print_line instead of print
2013-08-19 16:25:44 -05:00
8eb9266bff
Use the correct var
2013-08-19 16:19:03 -05:00
58d5cf6faa
Module should use OptRegexp for regex pattern option
...
Instead of using OptString, OptRegexp should be used because this
datastore option is a regex pattern.
2013-08-19 16:16:34 -05:00
8c03e905de
Get rid of function that's never used
...
RPORT datastore option is deregistered, and is never used anywhere
in the module, so I don't why we need this rport() function here.
2013-08-19 16:09:10 -05:00
a815d9277e
Merge pull request #2245 from todb-r7/grammar-and-such
...
Trivial grammar and word choice fixes for modules
2013-08-19 13:45:18 -07:00
17b5e57280
Typo
2013-08-19 15:32:19 -05:00
fb5ded1472
[FixRM #8314 ] - Use OptPath instead of OptString
...
These modules need to use OptPath to make sure the path is validated.
2013-08-19 15:30:33 -05:00
7b555679e6
Really delete the telnet target
2013-08-19 15:06:47 -05:00
d64c8748e8
Fix descriptions and names
2013-08-19 15:05:27 -05:00
2e74c50880
[SeeRM #8313 ] - Print where files are stored
...
As an user, I want to be able to see where my file is stored when the
module I'm using runs a store_loot().
2013-08-19 15:02:15 -05:00
232289d500
Add new module to exploit to through telnet dlink_upnp_exec_noauth
2013-08-19 15:01:29 -05:00
846925e3ba
Delete telnet target from dlink_upnp_exec_noauth
2013-08-19 14:56:12 -05:00
d0b56e1650
Use the correct variable
2013-08-19 14:38:40 -05:00
d89932bfd8
Use the correct variable
2013-08-19 14:33:01 -05:00
ca313806ae
Trivial grammar and word choice fixes for modules
2013-08-19 13:24:42 -05:00
4cef4e88a6
If exception hits, make sure it's closed.
2013-08-19 13:21:53 -05:00
11ef366818
Properly close hashlist
2013-08-19 13:14:13 -05:00
89d4f0180d
Make sure we close hashlist
2013-08-19 12:54:27 -05:00
e276b57ee7
Merge remote-tracking branch 'upstream/master' into python-meterpreter-dev
2013-08-19 08:37:12 -04:00
abaec32ad6
What Luke said.
...
"You cannot, in general, place a variable declaration in a begin
scope and use it in the ensure scope unless you use nil?. It is
better to swap line 35 and line 34."
2013-08-18 23:54:04 -05:00
86d6bce8c4
[FixRM #8312 ] - Fix file handle leaks
...
Fix file handle leaks for [SeeRM #8312 ]
2013-08-18 20:31:13 -05:00
f843743294
Adds fixes from @wchen-r7.
2013-08-18 18:46:51 -05:00
017309d02d
Minor fixes to keylogger.
2013-08-18 16:29:34 -05:00
1cdf77df7d
OSX keylogger module finally working.
2013-08-18 16:21:38 -05:00
abd4fb778f
add osvdb ref for chasys overflow
2013-08-18 06:35:28 -05:00
0037ccceed
add osvdb ref for openx backdoor
2013-08-18 06:34:50 -05:00
02e394e1c3
php_include - fix check
2013-08-17 17:36:43 +01:00
98b4c653c0
php_include - uses verbose
2013-08-17 17:35:09 +01:00
c5d426fc70
Land #2235 , @wchen-r7's patch for [SeeRM #6264 ]
2013-08-17 10:05:41 -05:00
a75a4906f2
Description update
2013-08-16 23:28:24 -05:00
780293d817
Minor changes
2013-08-16 23:24:40 -05:00
a8cc15db20
Add module for ZDI-13-178
2013-08-16 18:13:18 -05:00
a94c6aa72b
[FixRM 6264] Check required vulnerable component before testing
...
tomcat_enum requires the admin web app package for it to work, but
by default many Apache Tomcat don't actually have this. The module
should check that first before trying usernames.
[FixRM 6264], see:
http://dev.metasploit.com/redmine/issues/6264
I also made changes to do_login in order to verify successful/bad
attempts more specific.
2013-08-16 15:45:23 -05:00
e50ef209b2
Land #2233 , @bperry-r7's module for nexpose
2013-08-16 14:21:22 -05:00
f42797fc5c
Fix indentation
2013-08-16 14:19:37 -05:00
f7339f4f77
Cleanup various style issues
...
* Unset default username and password
* Register SSL as a DefaultOption instead of redefining it
* Use the HttpClient mixin `ssl` instead of datastore.
* Unless is better than if !
* Try to store loot even if you can't cleanup the site ID.
2013-08-16 14:03:59 -05:00
dfa1310304
Commas in the author array
2013-08-16 13:54:46 -05:00
24b8fb0d7b
Whitespace retab, add rport 3780 as default
2013-08-16 13:31:05 -05:00
85b050112a
Land #2231 , @wchen-r7's patch for [SeeRM #8114 ]
2013-08-16 12:52:10 -05:00
a86b247077
Land #2224 - Add brute force module for Cisco IronPort
2013-08-16 12:07:14 -05:00
bbe57dbf3a
Some cleanup, also remove TARGETURI because not registered by default
2013-08-16 12:06:24 -05:00
d4dbea5594
Check 200
2013-08-16 11:34:32 -05:00
e436d31d23
Use SSL by defailt
2013-08-16 11:32:10 -05:00
60a229c71a
Use rhost and rport, not local host and port
2013-08-16 11:12:39 -05:00
646d55b638
Description should be present tense
2013-08-16 11:06:34 -05:00
f0237f07d6
Correct author and references
2013-08-16 11:04:51 -05:00
46d6fb3b42
Add module for xxe
2013-08-16 10:51:05 -05:00
0063d4e06c
Extend description & add Win2k3 section to WinXP section.
2013-08-16 14:44:08 +03:00
e4885b2017
updated module
...
removed the csrfkey parameter from login uri.
2013-08-16 13:04:02 +05:30
1a3b4eebdb
Fix directory name on ruby
2013-08-15 22:54:31 -05:00
795ad70eab
Change directory names
2013-08-15 22:52:42 -05:00
c5c2aebf15
Update references
2013-08-15 22:04:15 -05:00
8602e744da
Add support for Win2k3
2013-08-16 02:46:16 +03:00
cc5804f5f3
Add Port for OSVDB 96277
2013-08-15 18:34:51 -05:00
79acc96e9a
Land #2230 , enum_shares nil deref
...
[FixRM #8224 ]
2013-08-15 16:55:39 -05:00
462ccc3d36
Missed these little devils
2013-08-15 16:50:13 -05:00
cd734acf3e
[See RM 8114] - Reduce false positive if traffic is redirected
...
Fix complaint for hitting this false positive when the user has
all the traffic redirected.
2013-08-15 16:33:10 -05:00
83a179ff08
[Fix RM 8224] - undefined method `include?' for nil:NilClass
...
Bug due to registry_enumkeys returning nil.
2013-08-15 16:04:35 -05:00
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
a65181d51b
new revision - cisco_ironport_enum
...
Added code to check successful conn first, so now if there is no connectivity on target port, script aborts run.
New check to ensure 'set-cookie' is set by the app as expected, before any further fingerprinting & b-f starts.
If the app is not Ironport, 'set-cookie' will not be set & remains null, and so script aborts run.
De-registered 'TARGETURI.'
Registered 'username' and 'password' with default value.
Changed some run messages.
And lastly, changed the csrf key piece cos I miss a cold beer right now.
2013-08-15 04:06:30 +05:30
23c5f02e9a
Land #2225 - Fix dlink_dir300_exec_telnet
2013-08-14 13:11:42 -05:00
98e0053dc6
Fix indent level
2013-08-14 13:07:01 -05:00
178a7b0dbb
Fix author's email format
2013-08-14 11:56:47 -05:00
2a4b8e4a64
Add useful comment
2013-08-14 11:49:32 -05:00
e6c36864c4
Fix telnet related stuff
2013-08-14 11:47:57 -05:00
d526663a53
Add module to brute force the Cisco IronPort application
2013-08-14 09:16:49 -07:00
7145a85fb4
Add MiniWeb (Build 300) Arbitrary File Upload
2013-08-15 01:01:46 +09:30
1d82ed176f
Update joomla_media_upload_exec references
2013-08-13 23:27:01 -05:00
bce50d1b05
Land #2220 - OSX Password Prompt Spoof
2013-08-13 22:15:14 -05:00
919e0d1901
MSF license, make use of print_good
2013-08-13 22:14:35 -05:00
e1856651bc
Incorporate the suggested edits from the PR review.
...
* Rewrites helpers to just use cmd_exec, since that works in meterpreter and shell.
* Changes _EOF_ to EOF, since that threw a harmless error in shell
commits
* Prefer using Post mixin API instead of rolling-own implementation
* Fixes whitespace
[SeeRM #5940 ]
2013-08-13 19:35:55 -05:00
99ef714d00
Updates pps description.
2013-08-13 19:35:55 -05:00
52fa000211
Get password_prompt_spoof module working. [RM #5940 ]
2013-08-13 19:35:55 -05:00
54cffdb27d
Land #2219 - OSVDB-95933: Joomla Media Manager File Upload Vulnerability
2013-08-13 19:04:57 -05:00
e912a64ccc
Description change
2013-08-13 19:04:25 -05:00
c9799c1ee6
Land #2212 - Change migrate order & print target_pid
2013-08-13 18:56:54 -05:00
312ff1a20e
Delete period from regular expressions
2013-08-13 17:50:26 -05:00
04eed49310
Add support for FileDropper
2013-08-13 16:47:24 -05:00
e4a570d36b
Update metadata according to OSVDB
2013-08-13 16:42:53 -05:00
2086c51b67
Add module for Joomla Upload Exploit in the wild
2013-08-13 16:27:27 -05:00
73e9bf9fa8
Merge branch 'bug/smart_migrate' of github.com:/dmaloney-r7/metasploit-framework into bug/smart_migrate
...
Conflicts:
modules/post/windows/manage/smart_migrate.rb
2013-08-13 13:56:01 -05:00
6be4d9e583
missing interpolation
2013-08-13 13:52:44 -05:00
31cbc270fd
Favor unless over if for negative condition
2013-08-13 08:46:12 -05:00
bc9a26d4ee
Fix condition
2013-08-12 23:05:26 -05:00
568181de84
Add sthetic spaces
2013-08-12 22:33:34 -05:00
6d70d4924e
Land #2206 , @PsychoSpy module for OSVDB 94097
2013-08-12 22:27:03 -05:00
7981601eb8
Do final cleanup on intrasrv_bof
2013-08-12 22:24:53 -05:00
ebd485349f
Retab smart_migrate.rb module
...
Retabs completely for PR #2212
2013-08-12 20:23:33 -05:00
2d3c2c1c87
Set default target to 0 because there's only one
2013-08-12 20:01:23 -05:00
c0335cee26
Land #2214 - CVE-2013-3928: Chasys Draw IES Buffer Overflow
2013-08-12 19:16:02 -05:00
7562324d96
Land #2210 - CVE-2013-5019: Ultra Mini HTTPD Stack Buffer Overflow
2013-08-12 19:13:58 -05:00
51d9c59dcd
Extra tabs, bye
2013-08-12 19:13:20 -05:00
db78ffcc46
...
2013-08-12 18:21:10 -04:00
49bcec5c92
Additional cleanup
2013-08-12 18:20:03 -04:00
b3f229ff59
Add module for CVE-2013-3928
2013-08-12 17:18:30 -05:00
7014322dfd
Code cleanup
2013-08-12 18:16:00 -04:00
264fe32705
Added new badchars
2013-08-12 18:08:49 -04:00
bbc93b2a58
msftidy
2013-08-12 15:14:01 -04:00
28f030494e
Use tcp mixin/clean corrupt bytes
2013-08-12 15:12:15 -04:00
4480dc3bec
Land #2213 , @todb-r7's deletion of deprecated modules
2013-08-12 11:36:24 -05:00
b1fc8308c1
Land #2211 , @bcoles exploit for CVE-201-2620
2013-08-12 11:23:20 -05:00
bfb5040dbf
Remove deprecated modules
...
These three modules are well over their deprecation dates. Making good
on that threat now.
* service_permissions: Marked for removal on 2013-01-10
* bypassuac: Marked for removal on 2013-01-04
* ms10_092_schelevator: Marked for removal on 2013-06-01
2013-08-12 11:21:45 -05:00
8ac01d3b8e
Fix description and make it aggressive
2013-08-12 11:19:25 -05:00
c9bd791ff6
fix smart_migrate choice order
...
was trying winlogon first
should do explorer first
2013-08-12 11:02:27 -05:00
7854c452d2
Added more payload padding
2013-08-12 11:10:10 -04:00
9f33a59dc2
Fix target ret
2013-08-12 11:04:55 -04:00
6f96445b42
Change target ret/cleanup
2013-08-12 10:13:48 -04:00
a35d548979
Use HttpClient
2013-08-12 10:01:01 -04:00
d63d7bc7da
Add Open-FTPD 1.2 Writable Directory Traversal Execution
2013-08-12 08:49:49 +09:30
896320ed42
fix typo
2013-08-11 16:48:43 -04:00
4b14fa53e0
tidy debugs
2013-08-11 16:39:41 -04:00
90ef224c46
Implement CVE-2012-5019
2013-08-11 16:33:40 -04:00
f2e5092fd5
Add module for ZDI-13-179
2013-08-10 18:44:33 -05:00
185ef2ecae
msftidy
2013-08-10 16:01:44 -04:00
6fe4e3dd0e
Added Intrasrv 1.0 BOF
2013-08-10 15:56:07 -04:00
5436ec7dd3
Title change for dlink_dir300_exec_telnet
...
Title change for dlink_dir300_exec_telnet. Also correct the email
format.
2013-08-09 15:41:50 -05:00
5128458c90
Land #2201 - Better check for ppr_flatten_rec
2013-08-09 14:44:23 -05:00
021c358159
Land #2203 - Fix regex for x64 detection
2013-08-09 13:23:38 -05:00
6c0b067d7c
Land #2163 , known secret session cookie for RoR
...
From @joernchen, leverages an infoleak to gain a shell on rails
applications. There is no patch, since you are expected to keep your
secrets, well, secret.
2013-08-09 12:30:37 -05:00
969b380d71
More explicit title, grammar check on description
2013-08-09 12:27:45 -05:00
13ea8aaaad
VALIDATE_COOKIE better grammar on fail message
2013-08-09 12:26:12 -05:00
94e7164b01
Allow user to choose to validate the cookie or not
2013-08-09 12:22:28 -05:00
376c37d4cc
Two more fixes, Arch and unneeded include.
2013-08-09 09:23:50 +02:00
7178633140
Fixed architecture detection in bypassuac modules
2013-08-09 03:42:02 +02:00
155c121cbb
More spacing between ends
2013-08-08 16:35:38 -05:00
f4fc0ef3fb
Moved classes into the Metasploit3 space
...
I'm just worried about all those naked classes just hanging around in
the top namespace. This shouldn't impact functionality at all.
While most modules don't define their own classes (this is usually the
job of Msf::Exploit and Rex), I can't think of a reason why you
shouldn't (well, aside from reusability). And yet, very rarely do
modules do it. It's not unknown, though -- the drda.rb capture module
defines a bunch of Constants, and the
post/windows/gather/credentials/bulletproof_ftp.rb module defines some
more interesting things.
So, this should be okay, as long as things are defined in the context of
the Metasploit module proper.
2013-08-08 16:22:34 -05:00
4e166f3da4
Adding more blank lines between methods
...
For readability
2013-08-08 16:20:38 -05:00
567873f3cc
Use normalize_uri a little better
2013-08-08 15:12:51 -05:00
4a609504e3
Land #2199 , @jlee-r7's exploit for CVE-2013-4211
2013-08-08 14:57:28 -05:00
06ebc686c4
Land #2194 , @CharlieEriksen exploit for CVE-2013-5036
2013-08-08 14:50:28 -05:00
40a61ec654
Do minor cleanup
2013-08-08 14:47:46 -05:00
318280fea7
Add 7/2k8 RTM versions
2013-08-08 20:02:14 +01:00
d64352652f
Adds unsupported Vista versions
2013-08-08 19:58:40 +01:00
08c32c250f
File versions
2013-08-08 19:42:14 +01:00
a03d71d60e
Land #2181 - More targets for hp_sys_mgmt_exec
...
Thanks mwulftange!
2013-08-08 13:35:33 -05:00
a73f87eaa5
No autodetect. Allow the user to manually select.
2013-08-08 13:34:25 -05:00
28b36ea29b
Removing a space at EOL I missed.
2013-08-08 14:30:53 -04:00
1c6e994fe8
Adding improvements based on Juan's feedback
2013-08-08 14:29:35 -04:00
080ca0b1b1
Use fail_with when failing instead of print_error
2013-08-08 13:12:39 -05:00
a7c80ebfc2
Land #2185 , @bmerinofe's post module for dns cache dumping
2013-08-08 12:49:37 -05:00
5d0e868701
Land #2192 after cleanup
2013-08-08 08:44:17 -05:00
74eeacf9f2
Fix regex
2013-08-08 08:40:45 -05:00
ca7c0defe1
No need to rescue if we're just re-raising
2013-08-07 17:36:07 -05:00
c808930f15
Add module for CVE-2013-4211, openx backdoor
2013-08-07 17:24:47 -05:00
3a24765585
Adding CVE ID
2013-08-07 18:11:43 -04:00
0f975da5f4
Update target info and something else...
2013-08-07 16:00:06 -05:00
d1beb313f6
Add module for 2013-1690
2013-08-07 15:36:54 -05:00
821673c4d2
Try to fix a little description
2013-08-07 10:26:39 -05:00
33ac0c5c3f
Make exploit more print friendly
2013-08-07 10:21:14 -05:00
32436973e4
Land #2192 , @m-1-k-3's exploit for OSVDB-89861
2013-08-07 10:16:49 -05:00
ae685ac41d
Beautify description
2013-08-07 09:52:29 -05:00
afb8a95f0a
Land #2179 , @m-1-k-3's exploit for OSVDB-92698
2013-08-07 09:00:41 -05:00
7412981138
Adding an OSVDB reference
2013-08-07 07:15:00 -04:00
36bab2fdfa
Adding a space between init and check
2013-08-06 16:14:21 -04:00
be683d5dc6
Fixing the TARGETURI variable, adding check
2013-08-06 16:13:44 -04:00
a745ec8fa6
Adding reference
2013-08-06 14:43:25 -04:00
cfd5f29220
Fixing the use of APIKEY, which is not needed
2013-08-06 14:10:48 -04:00
69a86b60e2
Added initial squash RCE exploit
2013-08-06 14:00:17 -04:00
2d69174c5b
Initial commit of the python meterpreter.
2013-08-05 23:38:49 -04:00
c73e417531
Merge pull request #2171 from frederic/master
...
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-08-05 18:31:41 -07:00
dd35495fb8
dir 300 and 600 auxiliary module replacement
2013-08-05 22:28:59 +02:00
786f16fc91
feedback included
2013-08-05 21:55:30 +02:00
9790181dd2
Land #2176 , @wchen-r7's fix for [TestRM #8272 ]
2013-08-05 13:10:25 -05:00
40f015f596
Avoid require race with powershell
2013-08-05 09:56:32 -05:00
8431eb7a79
Msftidy fixes, also use correct possessive plurals
...
http://englishplus.com/grammar/00000132.htm
2013-08-05 09:43:38 -05:00
bddcb33507
Update description for reverse_https_proxy
2013-08-05 09:35:14 -05:00
a885ff9bcc
Use consistent caps for 'PowerShell'
2013-08-05 09:33:49 -05:00
5ea67586c8
Rewrite description for MS13-005
...
The first part of the description was copy-pasted from
http://packetstormsecurity.com/files/122588/ms13_005_hwnd_broadcast.rb.txt
which contained some grammatical errors. Please try to avoid cribbing
other researchers' descriptions directly for Metasploit modules.
2013-08-05 09:29:29 -05:00
e7206af5b5
OSVDB and comment doc fixes
2013-08-05 09:08:17 -05:00
5ef1e507b8
Make msftidy happy with http_login
2013-08-05 08:41:07 -05:00
98c8c16803
Change offset values and hostname length
2013-08-05 12:29:54 +02:00
9955899d9a
Minor formal fixes
2013-08-04 08:03:02 +02:00
8be3f511a4
Fix undefined variable 'path' for http_login
2013-08-03 21:35:22 -05:00
3e6de5d2e9
added a post-exploitation module to dump the cache dns entries
2013-08-03 13:37:32 +02:00
8cc07cc571
Merge Linux and Windows exploit in multi platform exploit
2013-08-02 18:49:03 +02:00
a19afd163a
feedback included
2013-08-02 17:30:39 +02:00
10e9b97a88
Land #2180 - Accepting args for x64 osx exec payload
2013-08-02 00:45:09 -05:00
f927d1d7d3
Increase exploit reliability
...
From some limited testing, it appears that this exploit is
missing \x0d\x0a in the bad chars. If the generated payload / hunter
or egg contain that combination, it seems to cause reliability issues
and exploitation fails.
The home page for this software can be found at
http://www.leighb.com/intrasrv.htm
2013-08-02 09:06:20 +10:00
4a127c2ed2
Add hp_sys_mgmt_exec module for Linux and enhance module for Windows
...
The hp_sys_mgmt_exec module for Linux is a port of the Windows module with minor changes due to the requirement of quotes. It also uses Perl instead of PHP as PHP may not always be in the environment PATH. Although the Windows module works perfectly, it now uses the same technique to encode the command (thankfully, PHP adopted major syntax characteristics and functions from Perl).
2013-07-31 22:05:25 +02:00
592176137a
Rewrite osx x64 cmd payload to accept args.
...
[SeeRM #8260 ]
2013-07-31 08:50:28 -05:00
15906b76db
dir300 and 615 command injection
2013-07-31 14:36:51 +02:00
6b514bb44a
dir300 and 615 command injection telnet session
2013-07-31 14:34:03 +02:00
8c47f1df2d
We don't need this option anymore
2013-07-31 03:30:34 -05:00
af0046658b
Change the way file is stored
2013-07-31 03:28:24 -05:00
5e1def26aa
remove Axis M1011 fingerprint, may not be specific enough to be used automatically.
2013-07-30 09:54:33 +02:00
1b6f6b8bf0
Land #2168 again
...
Adding Dhiru's module back now that things are straight.
2013-07-29 22:10:25 -05:00
7e539332db
Reverting disaster merge to 593363c5f with diff
...
There was a disaster of a merge at 6f37cf22eb593363c5f9
2013-07-29 21:47:52 -05:00
63940d438e
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-07-30 01:56:10 +02:00
300781823d
Undo bad landing
...
This reverts commit e624ed18ad593363c5f9
2013-07-29 17:39:12 -05:00
438fbababd
Land #2158 , @kholia's post module to collect .ecryptfs info
2013-07-29 17:21:10 -05:00
b29d18d8b8
Merge branch 'ecryptfs-creds' of https://github.com/kholia/metasploit-framework
2013-07-29 16:41:41 -05:00
05be76ecb7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 16:41:22 -05:00
ab75d00f8a
Land #2169 - Description update
2013-07-29 14:24:57 -05:00
5efcbbd474
Land #2167 - PineApp Mail-SeCure livelog.html Exec
2013-07-29 13:18:18 -05:00
7967426db1
Land #2166 - PineApp Mail-SeCure ldapsyncnow.php EXEC
2013-07-29 13:16:42 -05:00
7801eadbc2
psh description
2013-07-29 19:14:12 +01:00
baa0b983c8
Land #2165 - PineApp Mail-SeCure test_li_connection.php CMD EXEC
2013-07-29 13:13:55 -05:00
8379225e9b
make msftidy happy (hopefully)
2013-07-29 23:42:29 +05:30
455569aee8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 12:10:12 -05:00
3a05993f16
Make msftidy happy and warn user about long times
2013-07-29 11:45:30 -05:00
0851974408
Land #2162 , @Meatballs1's exploit for ms13-005
2013-07-29 11:43:31 -05:00
37312f2aa9
Module, singular
2013-07-29 10:58:36 -05:00
11e9cca855
Spelling and description touch ups.
2013-07-29 10:57:19 -05:00
ac28dbe734
Minor typo fix
2013-07-28 19:44:44 +02:00
2de0a3e0f9
Add information gathering module for eCryptfs
2013-07-28 23:09:42 +05:30
a1d9ed300e
Add module for ZDI-13-184
2013-07-28 09:57:41 -05:00
8cdd163150
Module polishing, thanks @todb-r7.
...
Two test-apps (Rails 3/4) are available for this module. Ping me if you want to use them.
2013-07-28 13:52:27 +02:00
f4e35b62ac
Add module for ZDI-13-185
2013-07-27 12:12:06 -05:00
fab9d33092
Fix disclosure date
2013-07-27 12:10:21 -05:00
ac7bb1b07f
Add module for ZDI-13-188
2013-07-27 03:25:39 -05:00
234e49d982
Add type technique
2013-07-26 23:33:16 +01:00
805a9675a7
Modify the check for Integrity Level and Allow dropt o fs
2013-07-26 14:54:50 -05:00
7f3eccd644
Rails 3/4 RCE w/ token
2013-07-26 20:23:18 +02:00
12a58c730a
Small fix
2013-07-26 10:15:47 +01:00
6a13ed0371
Missing include
2013-07-26 03:18:17 +01:00
72b8891ba3
Check for low integrity
2013-07-26 03:16:45 +01:00
030640d5bc
back to cmd
2013-07-26 03:00:36 +01:00
d3f3e5d63e
Working with psh download
2013-07-26 02:29:55 +01:00
b99ad41a64
Add api constants and tidy
2013-07-26 01:48:39 +01:00
4a0b33241f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 18:41:50 -05:00
7b7603a5e7
Land #2104 - reverse_https_proxy
2013-07-25 17:26:56 -05:00
8dae114c7c
msftidy happiness
2013-07-25 17:25:36 -05:00
0235e6803d
Initial working
2013-07-25 23:24:11 +01:00
5014919198
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 09:02:20 -05:00
dff35c0820
Minor update to Target Selection. Refer to comments on #2128 .
2013-07-24 19:02:47 -04:00
d478df520f
Merge remote-tracking branch 'rapid7/master'
...
Starting fresh.
2013-07-24 18:31:53 -04:00
93a63081a5
Land #2151 , @jvazquez-r7's Struts pwnage
2013-07-24 16:49:06 -05:00
a70b346978
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 16:43:39 -05:00
7641aa3e63
Delete stop_service calls
2013-07-24 16:35:15 -05:00
95b0735695
Land #2150 , smb_enumshares SRVSVC null byte fix
2013-07-24 14:08:01 -05:00
e9a4f6d5da
Merge branch 'dll_fix' of https://github.com/Meatballs1/metasploit-framework
2013-07-24 14:00:52 -05:00
44cae75af1
Cleanup
2013-07-24 19:52:59 +01:00
9d032760ac
changed description back
2013-07-24 11:51:06 -07:00
e89e2af9dc
changed to chomp
2013-07-24 11:09:00 -07:00
dbad1a5e4c
Clean up description
2013-07-24 12:02:33 -05:00
18dbdb828f
Land #2133 , @Meatballs1's exploit for PSH Web Delivery
2013-07-24 12:01:37 -05:00
f79d3f7591
Shorten cmd
2013-07-24 17:48:03 +01:00
47c21dfe85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 11:42:11 -05:00
8103baf21a
Update title
2013-07-24 17:29:23 +01:00
18ac83bec1
Final updates and tidy
2013-07-24 17:28:19 +01:00
8dd7a664b4
Give a chance to FileDropper too
2013-07-24 08:57:43 -05:00
04b9e3a3e6
Add module for CVE-2013-2251
2013-07-24 08:52:02 -05:00
3854d08dd9
Fixed smb_enumshares to support dir list in SRVSVC
2013-07-23 21:36:26 -07:00
b0c17fdebc
Land #2002 , @jlee-r7's patch for better handling uri resources
2013-07-23 15:49:21 -05:00
147d432b1d
Move from DLink to D-Link
2013-07-23 14:11:16 -05:00
e828517ed8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 17:10:45 -05:00
af1bd01b62
Change datastore options names for consistency
2013-07-22 16:57:32 -05:00
6055ae7ba5
Land #2132 , adding logging to hostname resolver
...
Also incidentally updated the description.
2013-07-22 15:19:47 -05:00
b4589c3c82
Expanding description
2013-07-22 15:19:30 -05:00
jvazquez-r7
Spencer McIntyre
jiuweigui
sinn3r
Charlie Eriksen
Brandon Turner
Tod Beardsley
Joe Vennix
Steve Tornio
g0tmi1k
Brandon Perry
Karn Ganeshen
James Lee
HD Moore
bcoles
Joff Thyer
David Maloney
Tab Assassin
Nathan Einwechter
joernchen of Phenoelit
Sagi Shahar
Meatballs
root
m-1-k-3
bmerinofe
Markus Wulftange
Ruslaideemin
Frederic Basse
Dhiru Kholia
Sean Verity
William Vu
Rich Lundeen