d964243cc4
Move heartbeat length to a variable
2014-04-08 16:33:05 -05:00
3d6c553efd
Fix endianess
2014-04-08 16:29:31 -05:00
373b05c5aa
Minimize extensions in the Hello
2014-04-08 16:21:38 -05:00
3254cce832
Align comment
2014-04-08 16:04:38 -05:00
c20b71e7b6
Switch to vprint unless success
2014-04-08 16:03:38 -05:00
7dbd690c99
Add new references
2014-04-08 16:01:06 -05:00
a55579dd4a
Fix references
2014-04-08 15:56:56 -05:00
4004cd8f9a
Allow hello data to grow dinamically
2014-04-08 15:52:39 -05:00
b8e2c9fe42
Clean and fix @Firefart's code
2014-04-08 15:32:13 -05:00
80bdbbed92
Solve conflict
2014-04-08 15:18:38 -05:00
8c7debb81d
Added some comments and modified JABBER
2014-04-08 22:13:02 +02:00
021da84459
Add authors and switch and's format
2014-04-08 15:10:27 -05:00
a2b709b20e
Land #3189 - Vtiger Install Unauthenticated Remote Command Execution
2014-04-08 14:58:34 -05:00
4012dd0acc
Fix everything that needs to be fixed
2014-04-08 14:57:42 -05:00
9c053a5b91
Added additional protocols
2014-04-08 21:56:05 +02:00
8dce80fd30
Added Big Endianess, improved check()-Function
...
Some Fritz!Box devices also run in Big Endianess mode. However, since
"uname -a" always returns "mips" and the "file"-command is not
available, autodetection is not an easy task.
The check()-function now checks, whether the device is really
vulnerable.
Furthemore, it's possible to send 92 bytes.
2014-04-08 21:32:36 +02:00
5f29026cb2
Complete @Firefart's module
2014-04-08 14:13:56 -05:00
3f6c8afbe3
Fix typo of MSCOMCTL not MCCOMCTL
2014-04-08 14:52:18 -04:00
85197dffe6
MS14-017 Word RTF listoverridecount memory corruption
2014-04-08 14:44:20 -04:00
21b220321f
Fix typo.
...
This isn't a Linksys exploit. Left over wording from a previous exploit?
2014-04-07 18:06:59 -05:00
17ddbccc34
Remove the broken lorcon module set
...
None of the lorcon / lorcon2 modules have been functional for a long
time, due to the lack of a "Lorcon" gem. It's unclear where it went.
I'm happy to include it and get these working again, but until someone
comes up with some functional code (hint: 'gem install' doesn't work) I
don't see any reason to keep shipping these.
Is there some trick people are doing to make these work? As far as I can
see, they are broken by default.
````
msf auxiliary(wifun) > show options
Module options (auxiliary/dos/wifi/wifun):
Name Current Setting Required Description
---- --------------- -------- -----------
CHANNEL 11 yes The initial channel
DRIVER autodetect yes The name of the wireless driver
for lorcon
INTERFACE wlan0 yes The name of the wireless
interface
msf auxiliary(wifun) > run
[*] The Lorcon2 module is not available: cannot load such file --
Lorcon2
[-] Auxiliary failed: RuntimeError Lorcon2 not available
[-] Call stack:
[-]
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/lorcon2.rb:67:in
`open_wifi'
[-]
/home/todb/git/rapid7/metasploit-framework/modules/auxiliary/dos/wifi/wifun.rb:29:in
`run'
[*] Auxiliary module execution completed
````
2014-04-07 16:37:10 -05:00
fb1318b91c
Land #3193 , @m-1-k-3's exploit for the Fritzbox RCE vuln
2014-04-07 16:13:31 -05:00
ceaa99e64e
Minor final cleanup
2014-04-07 16:12:54 -05:00
ac0cafcca6
Initial commit for openssl Heartbleed bug
2014-04-07 21:15:54 +02:00
44640b126c
Add Oracle Demantra 2013-5795 (Database Credentials Retrieval)
2014-04-07 11:42:47 -07:00
b1a6b28af9
fixed disclosure date
2014-04-07 19:29:37 +02:00
003310f18a
feedback included
2014-04-07 19:25:26 +02:00
7572d6612e
Spelling and grammar on new release modules
2014-04-07 12:18:13 -05:00
85de6ed0c9
feedback included
2014-04-07 18:20:15 +02:00
0c883723ba
Land #3149 - Oracle Demantra Arbitrary File Retrieval with auth bypass
2014-04-07 11:11:55 -05:00
31dfae3a01
Follow the 100 columns per line guideline
2014-04-07 11:10:20 -05:00
de242ecc00
Correct date format
...
Hmm weird, msftidy didn't pick this up
2014-04-07 11:09:27 -05:00
56bd35c8ce
Add module for WinRAR spoofing vulnerability
2014-04-07 09:21:49 -05:00
11bbb7f429
fritzbox echo exploit
2014-04-07 09:12:22 +02:00
ca7dcc0781
cleanup with msftidy
2014-04-06 12:41:58 +02:00
6d72860d58
Land #3004 , @m-1-k-3's linksys moon exploit
2014-04-04 14:04:48 -05:00
0ae75860ea
Code clean up
2014-04-04 14:02:12 -05:00
ea1c6fe8a4
Land #3177 - JIRA Issues Collector Directory Traversal
2014-04-04 10:41:51 -05:00
395f5beef8
Land #3178 , http header scan module
2014-04-04 11:36:35 -04:00
2b6ae68cbf
Minor modifications for http_header
2014-04-04 10:46:03 -04:00
e2cbcf3c5d
Land #3179 , @brandonprry AlienVault sqli aux module
2014-04-04 09:17:11 -05:00
ff6105e55d
Add check codes
2014-04-04 09:13:43 -05:00
44db611845
defaultoptions, not option
2014-04-04 05:55:35 -07:00
c90c49e319
Add vtiger install rce 0 day
2014-04-04 10:16:55 +02:00
6f14cd225d
Do minor clean up
2014-04-03 23:22:44 -05:00
48ef061c3c
Land #3046 , AIX ibtstat privesc exploit
2014-04-03 17:07:00 -05:00
6c67f1881f
Normalize syntax and whitespace
2014-04-03 16:54:33 -05:00
253a1c1f87
Land #3180 , EMC Cloud Tiering Appliance Unauthed XXE with root perms
2014-04-03 22:02:13 +02:00
a57da00932
fix refs line
2014-04-03 14:07:00 -07:00
51f83fccde
add some checks in vase the file wasn't retrievable
2014-04-03 14:04:05 -07:00
03559dedcd
Land #3187 - Changed OptString to OptRegexp
2014-04-03 14:52:59 -05:00
d69a9d3c45
Land #3186 , OptString should be OptRegexp
2014-04-03 13:07:23 -05:00
d995d84e91
Changed OptString to OptRegexp
2014-04-03 19:40:07 +02:00
b4aa08251f
changed option from string to regex
2014-04-03 19:34:40 +02:00
e2ded663a6
make more robust
2014-04-03 06:15:09 -07:00
53b8148438
make more random
2014-04-03 05:52:35 -07:00
77b64ee77d
make more random
2014-04-03 05:41:00 -07:00
a4adfac312
Added feedback for http_header module
2014-04-02 23:01:23 +02:00
75dc4c459b
msftidy
2014-04-02 13:22:21 -07:00
bb82277a41
msftidy
2014-04-02 13:20:13 -07:00
abc0b31f26
exploithub wat
2014-04-02 13:18:48 -07:00
577bd7c855
Land #3146 , @wchen-r7's flash version detection code
2014-04-02 15:13:41 -05:00
765657d55a
alienvault module
2014-04-02 13:09:46 -07:00
d3f353118a
edb update
2014-04-02 13:06:54 -07:00
32cd846fe4
emc cta xxe module
2014-04-02 13:05:53 -07:00
69192edd4b
Added new http_header module
2014-04-02 22:04:54 +02:00
a85d451904
Add module for CVE-2014-2314
2014-04-02 14:49:31 -05:00
4a575d57ab
Try to fix Meatballs1 suggestions : optional service_description change call
2014-04-02 20:33:09 +01:00
b636a679ae
Erf, sorry, fixed now
2014-04-02 20:33:08 +01:00
631a7b9c48
Adapt to new psexec mixin (first try :D)
2014-04-02 20:33:08 +01:00
978bdbb676
Custom Service Description
2014-04-02 20:33:07 +01:00
e3dda2e862
Land #3172 - CVE-2014-1510 to firefox_xpi_bootstrapped_addon
2014-04-02 14:07:37 -05:00
ebcf972c08
Add initial firefox xpi prompt bypass.
2014-04-01 23:48:35 -05:00
149948485a
Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra fixed issues
2014-04-01 12:28:41 -07:00
8611526a01
Fix more bugs and more syntax errors
2014-04-01 01:22:12 +02:00
becefde52f
Fix bugs and syntax
2014-04-01 00:54:51 +02:00
cf2589ba8d
Land #3162 , Microsoft module name changes
2014-03-28 23:10:27 -05:00
d7ca537a41
Microsoft module name changes
...
So after making changes for MSIE modules (see #3161 ), I decided to
take a look at all MS modules, and then I ended up changing all of
them. Reason is the same: if you list modules in an ordered list
, this is a little bit easier to see for your eyes.
2014-03-28 20:56:53 -05:00
466096f637
Add MSB number to name
2014-03-28 20:33:40 -05:00
c37dbd104a
Clean up perms and whitespace for owa_login
2014-04-02 01:45:15 -05:00
2972220f60
Land #3047 for real.
...
Merge branch 'land-3047-really' into upstream-master
2014-04-01 13:16:13 -05:00
367652592c
Land #2964 - Powershell CMD Encoder
2014-04-01 10:26:38 -05:00
f9a7cfaa67
Land #3168 , EICAR payload encoding
2014-04-01 09:17:10 -05:00
dfec2eb53f
Cleanup an expression and avoid fail_with
2014-03-31 18:05:20 -04:00
07e04717c2
Allow using a single URI and/or a list of URIs
2014-03-31 18:05:20 -04:00
b21d5c1801
use TARGET_URI if given, otherwise TARGET_URIS_FILE
2014-03-31 18:05:20 -04:00
5e9e7e15c8
Return whether result is nil or not.
2014-03-31 18:05:20 -04:00
0ac112b5e7
Support checking a single URI for ntlm information.
2014-03-31 18:05:19 -04:00
fb20759fc2
Comment doc speelling
2014-03-31 16:42:50 -05:00
6474c7be5c
Land #3166 and also #3167
...
[Closes #3167 ]
2014-03-31 16:21:07 -05:00
3b6d73420e
Fix syntax error in dns_amp
2014-03-31 16:18:49 -05:00
d9df2fbf08
Land #3158 , msftidy rank check for aux modules
2014-03-31 15:17:30 -05:00
159bc264a4
unretards the uri normalize loop
2014-03-31 15:58:21 -04:00
2290249a42
uses fail_with to bomb out on datastore probs
2014-03-31 15:52:05 -04:00
4f121e3e03
fixes if-logic for error condition
2014-03-31 15:38:05 -04:00
894bbcae97
More fix-up on the DNS amplication scanner
2014-03-31 14:37:10 -05:00
4d597174d0
Merge up from upstream/master
2014-03-31 14:33:28 -05:00
387da26f8d
Land #3159 , HP LaserJet printer SNMP enumeration
2014-03-31 12:48:23 -05:00
c6ceb8cdfd
Land #2929 , DNS recursion amplification scanner
2014-03-31 12:47:46 -05:00
aaa15d13d9
Land #2928 , extended SMTP open relay checks
2014-03-31 12:47:10 -05:00
ffdca3bf42
Fixup on some modules for release
...
There may be more coming, but if not, this should cover
this week's minor style changes.
2014-03-31 12:42:19 -05:00
2530fb9741
adds the return back in (forgot in prev commit)
2014-03-28 19:27:04 -04:00
dc4b8461e8
unbreaks & DRYs my previous change.
2014-03-28 19:15:38 -04:00
c559a6b39f
fix description
...
(cherry picked from commit 7c860b9553
2014-03-28 17:36:21 -05:00
ae53d75cdb
Module to HP LaserJet Printer SNMP Enumeration
...
(cherry picked from commit f18fef1864
2014-03-28 17:36:21 -05:00
2344a9368e
Fix warnings generated by #3158
...
Keeping ManualRanking for DoS modules.
2014-03-31 12:35:15 -05:00
9374777da1
Land #2996 , @mcantoni's jboss status aux module
2014-03-28 16:07:08 -05:00
7689751c10
Module module location
2014-03-28 16:05:37 -05:00
e3ec0e7624
Clean up jboss_status module
2014-03-28 16:04:43 -05:00
a173fcf2fa
Flash detection for firefox_svg_plugin
...
Good test case
2014-03-28 15:39:25 -05:00
f7b1874e7d
Land #3151 , @wchen-r7's use of BrowserExploitServer in ms13-59's exploit
2014-03-28 14:43:38 -05:00
69369c04b3
Land #3126 , @xistence's exploit for SePortal
2014-03-28 13:52:59 -05:00
7b56c9edac
Add references
2014-03-28 13:51:56 -05:00
196e07c5b1
Touch up the EICAR stuff
2014-03-28 11:45:28 -05:00
94494e38e7
Land #3152 - Use normalize_uri for module wp_property_upload_exec
2014-03-28 13:22:54 +01:00
5458200434
Fix a couple minor annoyances in PJL
2014-03-28 02:19:30 -05:00
c1fdc4d945
Fix a couple things that were bugging me
2014-03-28 02:15:38 -05:00
657b096be3
make msftidy happy
2014-03-27 19:24:25 +01:00
f4e62a8dcd
Land #3146 - Firefox Gather Cookies from Privileged Javascript Shell
2014-03-27 13:14:22 -05:00
0b3f49f22a
Land #3145 , Clean up firefox_svg_plugin, use FirefoxPrivilegeEscalation mixin
2014-03-27 12:59:49 -05:00
0b766cd412
changes per firefart
2014-03-27 10:08:44 -07:00
ad94653fc0
feedback included
2014-03-27 16:12:34 +01:00
744308bd35
tab...
2014-03-27 05:24:55 -07:00
a8c96213f0
normalize_uri for wp_property_upload_exec
2014-03-27 05:22:56 -07:00
107901b481
Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra msftidy fix
2014-03-26 22:37:21 -07:00
30da3575e8
Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra
2014-03-26 21:53:12 -07:00
8ec10f7438
Use BrowserExploitServer for MS13-059 module
2014-03-26 17:49:01 -05:00
4319885420
we do not need pieces ...
2014-03-26 20:45:30 +01:00
19918e3207
Land #3143 , @wchen-r7's switch to BrowserExploitServer on ie_setmousecapture_uaf
2014-03-26 14:16:35 -05:00
7ce71445fe
Land #3140 , @wchen-r7's requirements for ms14_012_textrange
2014-03-26 14:07:05 -05:00
b7f1cee8d3
Remove targets from post module.
2014-03-26 13:55:02 -05:00
ed8bf6279b
Use #run, not #exploit, for post modules.
2014-03-26 13:51:05 -05:00
6c51e0fd0d
Add cookie gathering post module for FF privileged sessions.
2014-03-26 13:49:53 -05:00
3fc114e265
exec payload - new try
2014-03-26 19:48:14 +01:00
80808fc98c
Cleans up firefox SVG plugin.
2014-03-26 13:12:39 -05:00
5b8d8d8009
Get Pro and Framework back in sync.
2014-03-26 09:25:19 -05:00
fdc355147f
Use BrowserExploitServer mixin for ie_setmousecapture_uaf.rb
2014-03-25 18:41:47 -05:00
cd448ba46c
Land #3132 , ntp_monlist improvements
2014-03-25 15:19:45 -05:00
33651d0753
Fix formatting of hash options.
2014-03-25 14:43:53 -05:00
c8784168d5
Fix references and whitespace in mips payloads.
2014-03-25 14:39:27 -05:00
1c4797337f
Clean up rapid7/metasploit-framework#3132
2014-03-25 14:04:43 -05:00
c72c96f0e0
Land #3138 , @rcvalle's exploit for CVE-2013-2143
2014-03-25 13:36:03 -05:00
d83f665466
Delete commas
2014-03-25 13:34:02 -05:00
6c206e4ced
Add a comment about what this build version range is covering
2014-03-25 11:43:13 -05:00
7108d2b90a
Add ua_ver and mshtml_build requirements
...
This vulnerability is specific to certain builds of IE9.
2014-03-25 11:35:35 -05:00
1ac3944627
Merge branch 'landing-pr-3095' into upstream-master
2014-03-25 10:56:42 -05:00
1680f9cc5d
Land PR #3127 , @m-1-k-3's mipsbe reboot payload, into master
2014-03-25 10:44:37 -05:00
e27adf6366
Fix msftidy warnings
2014-03-25 10:39:40 -03:00
50efd0b5d0
change name and filename and file included
2014-03-25 09:13:04 +01:00
a9952fa294
change name and filename
2014-03-25 09:11:16 +01:00
fca4425f95
feedback
2014-03-25 09:09:13 +01:00
473f745c3c
Add katello_satellite_priv_esc.rb
...
This module exploits a missing authorization vulnerability in the
"update_roles" action of "users" controller of Katello and Red Hat
Satellite (Katello 1.5.0-14 and earlier) by changing the specified
account to an administrator account.
2014-03-24 23:44:44 -03:00
0c3a535434
Land #3133 - LifeSize UVC Authenticated RCE via Ping
2014-03-24 21:16:10 -05:00
53b25c8c93
Fix header & author e-mail format
2014-03-24 21:15:27 -05:00
d2a9a26bc8
real fix for sinn3r bug
2014-03-24 18:40:48 -05:00
ec35f4b13f
some bugs for sinn3r
2014-03-24 18:17:50 -05:00
460a1f551c
Fix for R7-2014-05
2014-03-24 14:12:12 -05:00
cfdd64d5b1
Title, description grammar and spelling
2014-03-24 12:16:59 -05:00
cd9182c77f
Msftidy warning fix on Joomla module.
...
Pre-commit hooks people.
2014-03-24 12:03:12 -05:00
c7ba7e4d92
Land #3131 , @xistence's exploit for CVE-2014-1903
2014-03-24 08:48:06 -05:00
c3b753f92e
Make PHPFUNC advanced option
2014-03-24 08:47:31 -05:00
4f333d84c9
Clean up code
2014-03-24 08:15:54 -05:00
d6f397ab6d
whoops that isn't how you EDB
2014-03-22 11:48:41 -05:00
291692d6e0
Update lifesize_uvc_ping_rce.rb
2014-03-22 11:30:00 -05:00
67a3a7227b
Create lifesize_uvc_ping_rce.rb
2014-03-21 21:33:12 -05:00
312f117262
updates file read to close file more quickly
2014-03-21 14:53:15 -04:00
13f5c22536
Land #3129 - Fix 2782 with 2961 and stop stack-tracing download_exec
2014-03-21 11:36:59 -05:00
4b2a2d4dea
Improve NTP monlist auxiliary module
2014-03-21 16:39:53 +01:00
fbcd661504
removed snmp_enum_hp_laserjet from this pull request
2014-03-21 15:58:53 +01:00
c4f0d8e179
FreePBX config.php RCE CVE-2014-1903
2014-03-21 10:29:15 +07:00
aa26405c23
Cleanup an expression and avoid fail_with
2014-03-20 17:33:09 -04:00
b02337d8b6
Land #3123 - Horde Framework Unserialize PHP Code Execution
2014-03-20 12:32:14 -05:00
3d3681801a
Fix linux download_exec for #2961
...
Note! This module already seems pretty broken, in that it doesn't appear
to correctly locate curl or wget. Will open another bug on that.
[See RM #8777 ]
2014-03-20 12:09:38 -05:00
0c4b71c8bf
Land #3094 - Joomla weblinks-categories Unauth SQLI Arbitrary File Read
2014-03-20 12:08:18 -05:00
93ad818358
Fix header and e-mail format for author
2014-03-20 12:07:50 -05:00
a5afd929b4
Land #3120 , @wchen-r7's exploit for CVE-2014-0307
2014-03-20 11:16:40 -05:00
8cb7bc3cbe
Fix typo
2014-03-20 11:13:57 -05:00
74398c4b6e
Allow using a single URI and/or a list of URIs
2014-03-20 09:54:02 -04:00
4f1404eecc
reboot payload for mipsbe
2014-03-20 12:37:58 +01:00
2845f834c6
changed cookie retrieval to res.get_cookies
2014-03-20 16:39:26 +07:00
7bfb8e95e6
minor changes to seportal module
2014-03-20 13:44:39 +07:00
5ef49ff64b
SePortal 2.5 SQLi Remote Code Execution
2014-03-20 12:02:06 +07:00
a8d919feb0
use TARGET_URI if given, otherwise TARGET_URIS_FILE
2014-03-19 23:32:04 -05:00
c5158a3ccc
Update CVE
2014-03-19 22:13:23 -05:00
9b2cfb6c84
change default targeturi to something more universal
2014-03-19 21:03:50 -05:00
b52a535609
add official url
2014-03-19 20:41:32 -05:00
ab42cb1bff
better error handling for the user
2014-03-19 18:46:57 -05:00
b79920ba8f
Land #3089 , InvalidWordCount fix for smb_login
...
[FixRM #8730 ]
2014-03-19 16:12:56 -05:00
c1cbeff5f0
Land #3122 , lots of Meterpreter updates
...
This lands the binaries built from Meterpreter as of:
rapid7/meterpreter#80 , also known as
commit 5addac75741fadfff35f4f7839cee6fd69705455
as well as the functional changes in:
rapid7/metasploit-framework#2782
rapid7/metasploit-framework#2889
rapid7/metasploit-framework#3061
rapid7/metasploit-framework#3085
2014-03-19 15:35:49 -05:00
fe0b76e24e
Land #2994 - OWA 2013 support
2014-03-19 13:16:37 -05:00
d6faf20981
Make title more accurate
2014-03-19 12:43:34 -05:00
144b86fee3
Add reference
2014-03-19 12:17:53 -05:00
27d142b387
Solve conflict by keeping file
2014-03-19 12:15:05 -05:00
fb645b6692
Clean code
2014-03-19 12:06:20 -05:00
0a795ab602
Land #3106 , @xistence's exploit for Array Networks devices
2014-03-19 10:49:03 -05:00
0e27d75e60
Code clean up
2014-03-19 10:48:25 -05:00
2ef2f9b47c
use vars_get
2014-03-19 07:51:34 -07:00
920b2da720
Merge branch 'master' into joomla_sqli
2014-03-19 07:43:32 -07:00
d27264b402
Land #2782 , fix expand_path abuse
2014-03-19 08:41:28 -05:00
056ce5d097
removed file which did not belong in this pull request
2014-03-19 15:04:19 +07:00
jvazquez-r7
Christian Mehlmauer
sinn3r
Fabian Bräunlein
Spencer McIntyre
Jeff Jarmoc
Tod Beardsley
coma
Michael Messner
dummys
Brandon Perry
William Vu
agix
Florian Gaultier
joev
Sagi Shahar
Joshua Smith
Matteo Cantoni
Kurt Grutzmacher
Ramon de C Valle
Brandon Perry
Brandon Turner
xistence