Commit Graph

170 Commits (206018c8a3e6b7024ea6202857c6aed31e9f21bd)

Author SHA1 Message Date
andurin 4e955e5870 replace spaces with tabs 2012-04-06 10:45:10 -05:00
andurin 67e6c7b850 tomcat_mgr_deploy may report successful creds
Using following code for 'check' as 'exploit':
               report_auth_info(
                       :host   => rhost,
                       :port   => rport,
                       :sname  => (ssl ? "https" : "http"),
                       :user   => datastore['BasicAuthUser'],
                       :pass   => datastore['BasicAuthPass'],
                       :proof  => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
                       :active => true
               )

Resulting in:

Credentials
===========

host           port  user    pass    type      active?
----           ----  ----    ----    ----      -------
192.168.x.xxx  8080  tomcat  s3cret  password  true
2012-04-06 10:45:10 -05:00
Tod Beardsley 14e3cd75dc Revert "tomcat_mgr_deploy may report successful creds"
This reverts commit 937f8f035a.
2012-04-05 16:17:06 -05:00
andurin 937f8f035a tomcat_mgr_deploy may report successful creds 2012-04-05 11:09:56 +02:00
Tod Beardsley 2f3bbdc00c Sed replacement of exploit-db links with EDB refs
This is the result of:

find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/\([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
Tod Beardsley 23c9c51014 Fixing CVE format on sit_file_upload. 2012-03-21 09:59:20 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
sinn3r 7c77fe20cc Some variables don't need to be in a double-quote. 2012-03-17 20:37:42 -05:00
Tod Beardsley e3f2610985 Msftidy run through on the easy stuff.
Still have some hits, but that requires a little more code contortion to
fix.
2012-03-15 17:06:20 -05:00
Tod Beardsley 9144c33345 MSFTidy check for capitalization in modules
And also fixes up a dozen or so failing modules.
2012-03-15 16:38:12 -05:00
sinn3r 5250b179c8 Add CVE and OSVDB ref 2012-03-15 04:40:27 -05:00
James Lee 8d93e3ad44 Actually use the password we were given... 2012-03-08 10:17:39 -07:00
James Lee 02ea38516f Add a check method for tomcat_mgr_deploy 2012-03-06 23:22:44 -07:00
sinn3r 22a12a6dfc Add Lotus CMS exploit (OSVDB-75095) 2012-03-06 11:36:28 -06:00
James Lee 464cf7f65f Normalize service names
Downcases lots and standardizes a few.  Notably, modules that reported a
service name of "TNS" are now "oracle".  Modules that report http
now check for SSL and report https instead.

[Fixes #6437]
2012-02-21 22:59:20 -07:00
HD Moore 4932a9ca25 Dont dump an HTML document to the console 2012-02-21 23:45:25 -06:00
Tod Beardsley 4a631e463c Module title normalization
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/

The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
2012-02-21 11:07:44 -06:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
HD Moore af56807668 Cleanup the titles of many exploit modules 2012-02-20 19:25:55 -06:00
sinn3r 5bb9afe789 Correct disclosure date format 2012-02-16 18:15:51 -06:00
Joshua J. Drake 01a6b02c3e Add exploit for CVE-2012-0209, thx eromang! 2012-02-16 03:10:55 -06:00
Joshua J. Drake d2444e1cf6 fix a few typos 2012-02-16 03:10:22 -06:00
Tod Beardsley 829040d527 A bunch of msftidy fixes, no functional changes. 2012-02-10 19:44:03 -06:00
Jonathan Cran c3bd151197 add a ranking 2012-01-31 20:43:32 -06:00
Steve Tornio e392958d90 add osvdb ref 2012-01-31 07:06:33 -06:00
sinn3r bfd4734cbf Forgot to add CMD as a datastore option, here it is 2012-01-30 17:34:58 -06:00
sinn3r 08134ad600 Add Exploit-DB reference 2012-01-30 16:17:25 -06:00
sinn3r f3c340a9ab Add vBSEO proc_deutf() Remote Code Execution (Feature #6307) 2012-01-30 16:15:27 -06:00
sinn3r 9e5d2ff60e Improve URI, plus some other minor changes. 2012-01-19 13:26:25 -06:00
joernchen of Phenoelit 2199cd18d7 fine tuning thx to sinn3r 2012-01-19 19:50:30 +01:00
joernchen of Phenoelit df9380500a disclosure date added 2012-01-19 19:19:53 +01:00
joernchen of Phenoelit 197eb16f72 gitorious remote command exec exploit 2012-01-19 11:36:08 +01:00
Tod Beardsley 7e25f9a6cc Death to unicode
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.

Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
Tod Beardsley e7d7302644 Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a viewer has a Unicode-capable terminal. 2012-01-09 11:22:44 -06:00
sinn3r 243dbe50f0 Correct author name. Unfortunately not all editors can print unicode correctly. 2012-01-07 15:18:25 -06:00
sinn3r 4e858aba89 Add CVE-2012-0262 Op5 welcome.php Remote Code Execution 2012-01-07 15:13:45 -06:00
sinn3r 4645c1c2b9 Add CVE-2012-0261 Op5 license.php Remote Code Execution 2012-01-07 15:12:49 -06:00
sinn3r d484e18300 Add e-mail for tecr0c 2011-12-29 11:14:15 -06:00
sinn3r b5b2c57b9f Correct e-mail format 2011-12-29 10:57:00 -06:00
Steve Tornio a00dad32fe Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2011-12-29 07:50:33 -06:00
Steve Tornio 27d1601028 add osvdb ref 2011-12-29 07:49:16 -06:00
Tod Beardsley 0e3370f1fe Grammar and spelling on splunk and oracle exploits 2011-12-28 13:42:56 -06:00
sinn3r 101eba6aa5 Add CVE-2011-3587 Plone/Zope Remote CMD Injection (Feature #6151) 2011-12-27 00:59:26 -06:00
sinn3r b5b24a1fbf Add a check. I decided not to try to login in the check function in order to remain non-malicious.
However, this decision doesn't represent how modules should write their own check.
2011-12-22 13:16:54 -06:00
sinn3r 262fe75e0a Add CVE-2011-4642 - Splunk Remote Code Execution (Feature #6129) 2011-12-22 13:04:37 -06:00
Steve Tornio 85caabbf5d add osvdb ref 2011-12-14 07:19:34 -06:00
HD Moore cb456337a0 Handle invalid http responses better, see #6113 2011-12-13 19:54:10 -06:00
sinn3r d87d8d5799 Add CVE-2011-4453 (PmWiki Remote code exeuction - Feature #6103) 2011-12-13 11:45:24 -06:00
sinn3r 32c8301c19 Add feature #6082 (Traq 2.3 Auth bypass remote code execution) 2011-12-12 15:45:19 -06:00
sinn3r e043fb52c2 Incrase timeout 2011-12-08 11:21:03 -06:00