Commit Graph

420 Commits (206018c8a3e6b7024ea6202857c6aed31e9f21bd)

Author SHA1 Message Date
joernchen of Phenoelit 197eb16f72 gitorious remote command exec exploit 2012-01-19 11:36:08 +01:00
Tod Beardsley 7e25f9a6cc Death to unicode
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.

Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
Tod Beardsley e7d7302644 Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a viewer has a Unicode-capable terminal. 2012-01-09 11:22:44 -06:00
sinn3r 243dbe50f0 Correct author name. Unfortunately not all editors can print unicode correctly. 2012-01-07 15:18:25 -06:00
sinn3r 4e858aba89 Add CVE-2012-0262 Op5 welcome.php Remote Code Execution 2012-01-07 15:13:45 -06:00
sinn3r 4645c1c2b9 Add CVE-2012-0261 Op5 license.php Remote Code Execution 2012-01-07 15:12:49 -06:00
sinn3r d484e18300 Add e-mail for tecr0c 2011-12-29 11:14:15 -06:00
sinn3r b5b2c57b9f Correct e-mail format 2011-12-29 10:57:00 -06:00
Steve Tornio a00dad32fe Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2011-12-29 07:50:33 -06:00
Steve Tornio 27d1601028 add osvdb ref 2011-12-29 07:49:16 -06:00
Tod Beardsley 0e3370f1fe Grammar and spelling on splunk and oracle exploits 2011-12-28 13:42:56 -06:00
sinn3r 101eba6aa5 Add CVE-2011-3587 Plone/Zope Remote CMD Injection (Feature #6151) 2011-12-27 00:59:26 -06:00
sinn3r b5b24a1fbf Add a check. I decided not to try to login in the check function in order to remain non-malicious.
However, this decision doesn't represent how modules should write their own check.
2011-12-22 13:16:54 -06:00
sinn3r 262fe75e0a Add CVE-2011-4642 - Splunk Remote Code Execution (Feature #6129) 2011-12-22 13:04:37 -06:00
Steve Tornio 85caabbf5d add osvdb ref 2011-12-14 07:19:34 -06:00
HD Moore cb456337a0 Handle invalid http responses better, see #6113 2011-12-13 19:54:10 -06:00
sinn3r d87d8d5799 Add CVE-2011-4453 (PmWiki Remote code exeuction - Feature #6103) 2011-12-13 11:45:24 -06:00
sinn3r 32c8301c19 Add feature #6082 (Traq 2.3 Auth bypass remote code execution) 2011-12-12 15:45:19 -06:00
sinn3r e043fb52c2 Incrase timeout 2011-12-08 11:21:03 -06:00
sinn3r 5afba20c21 Merge pull request #43 from jduck/master
Clear up how to use native payloads for tomcat_mgr_deploy
2011-12-06 23:01:53 -08:00
sinn3r edec6b98ee Add feature #6067 Family Connections CMS 2.7.1 exploit 2011-12-07 00:00:56 -06:00
Joshua J. Drake ac7edc268a Add some more clear documentation for selecting payloads for this module. 2011-12-05 00:35:11 -06:00
Steve Tornio 2bb97791f7 Update OSVDF refs for servu module.
* Added osvdb ref to servu module.
* Fixed rhino entry in osvdb, removed comment from module.

Squashed commit of the following:

commit 80ce65253f51e07a0bcb8900402a1b3d59eaeaa1
Author: Steve Tornio <swtornio@gmail.com>
Date:   Fri Dec 2 07:44:28 2011 -0600

    add osvdb ref

commit 558f20d84dd705b57b7f807a5ea3815e17b6f9f5
Author: Steve Tornio <swtornio@gmail.com>
Date:   Wed Nov 30 08:15:20 2011 -0600

    fixed in osvdb

[Closes #39]
2011-12-02 13:21:41 -05:00
sinn3r 93a419c76b Having nothing on the webpage may probably confuse some novice users. But I do like stealth. 2011-12-01 03:02:35 -06:00
sinn3r f26f6da74b Add CVE-2011-3544 (feature #6023) Java Rhino exploit 2011-11-29 18:05:20 -06:00
Tod Beardsley f503bd9488 Fixes #5749 by converting to unix-style linefeeds and forcing jtr modules to read files as binary, and updating msftidy to allow for r+b as a ghetto append. 2011-11-28 17:52:34 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
David Maloney 4a22df4014 Fix to the axis2 Deployer exploit to add Default Target 2011-11-22 10:27:38 -08:00
David Maloney 30d1451159 Consolidation of the Axis2 Deployer Exploits
Fixes #5276
2011-11-22 08:47:53 -08:00
sinn3r 41d746a07a Add Support Incident Tracker (Feature #5964) by Juan 2011-11-12 12:36:21 -06:00
Matt Buck 16f45fc894 Add empty directories from svn repo. 2011-11-09 18:41:40 -06:00
Wei Chen e767214411 Fix: whitespaces, svn propset, author e-mail format
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 22:02:26 +00:00
Wei Chen 0dff3f3e52 Add #5682 (phpscheduleit module). Thx Juan.
git-svn-id: file:///home/svn/framework3/trunk@14073 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 18:06:12 +00:00
Will Vandevanter a0d8a08851 java meterpreter should be used when the target is set to automatic
git-svn-id: file:///home/svn/framework3/trunk@14068 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 20:02:09 +00:00
Wei Chen 2b46420b36 check nil
git-svn-id: file:///home/svn/framework3/trunk@14062 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 16:19:55 +00:00
Wei Chen 7ba5a8ec4e Module is busted when it loads, restoring to the original method. Mixin should not be loaded into an exploit
git-svn-id: file:///home/svn/framework3/trunk@14061 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 16:04:33 +00:00
Wei Chen 9cb54e37c5 Handle payloads better, also add a cleanup routine specifically for php/exec
git-svn-id: file:///home/svn/framework3/trunk@14060 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 05:25:39 +00:00
Wei Chen 2da07d4963 Fix bug #5834 (uri being nil in print_good)
git-svn-id: file:///home/svn/framework3/trunk@14057 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 00:40:03 +00:00
Wei Chen 3da8bb8b69 Add feature #5820 by mr_me and tecr0c
git-svn-id: file:///home/svn/framework3/trunk@14055 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 23:22:32 +00:00
Joshua Drake 62c8c6ea9f big msftidy pass, ping me if there are issues
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
Wei Chen 975cc52bac Fix spelling errors
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 00:54:05 +00:00
Tod Beardsley c336d063da Mostly file format (unix linefeeds) and File.open() calls using binary. Fixed ranking for mozilla_nstreerange and disclosure and BID # for tugzip.
git-svn-id: file:///home/svn/framework3/trunk@13971 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 04:20:53 +00:00
Tod Beardsley 94eb3ac14c Deleting a puts statement.
git-svn-id: file:///home/svn/framework3/trunk@13968 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 03:52:10 +00:00
Tod Beardsley 30ac88694f More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster.
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:58:53 +00:00
Tod Beardsley 020abd926b A handful of rankings changes, also converting whitespace.
git-svn-id: file:///home/svn/framework3/trunk@13941 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 22:58:20 +00:00
Wei Chen 14d7db1641 Add disclosure dates to all the exploit modules that didn't have one
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 21:09:17 +00:00
Wei Chen f2d328d969 cmd exec module should receive ExcellentRanking
git-svn-id: file:///home/svn/framework3/trunk@13935 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:10:53 +00:00
HD Moore 142ae9288b Fix title
git-svn-id: file:///home/svn/framework3/trunk@13933 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 19:56:57 +00:00
Wei Chen 262b3bbe00 Use Rex to encode payload to base64
git-svn-id: file:///home/svn/framework3/trunk@13846 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 20:31:51 +00:00
Wei Chen 98157272fd Fix indentation for exploit description
git-svn-id: file:///home/svn/framework3/trunk@13843 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 06:12:54 +00:00
Wei Chen d1b1b26d01 Add Feature #5499 (Snortreport module)
git-svn-id: file:///home/svn/framework3/trunk@13842 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 06:10:18 +00:00
Wei Chen 44ac9d67e0 svn propset
git-svn-id: file:///home/svn/framework3/trunk@13831 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-07 17:45:15 +00:00
Steve Tornio 9ec92ee603 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@13830 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-07 15:37:54 +00:00
HD Moore 9862987f45 Add a new module from joernchen
git-svn-id: file:///home/svn/framework3/trunk@13829 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-07 15:30:24 +00:00
Wei Chen 612cdc8c73 No need to check if version is 'unknown' if nothing else (other than default) is assigned to it
git-svn-id: file:///home/svn/framework3/trunk@13799 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-27 19:12:31 +00:00
Wei Chen 8bfdebeaf3 Handle the return value for send_request during the early stage
git-svn-id: file:///home/svn/framework3/trunk@13791 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-25 19:28:15 +00:00
Wei Chen db79d21f75 Apply patch for non-default logins by jabra
git-svn-id: file:///home/svn/framework3/trunk@13778 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-23 02:48:48 +00:00
Jonathan Cran 064255e910 fixup the payload encoding, per joernchen's comment in the #metasploit channel.
git-svn-id: file:///home/svn/framework3/trunk@13747 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-17 17:48:51 +00:00
Mario Ceballos 6f28911d3d added patch from joshua taylor.
git-svn-id: file:///home/svn/framework3/trunk@13698 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-06 19:58:40 +00:00
HD Moore 5fa7ddf5f4 Move this aux module out of the exploits tree
git-svn-id: file:///home/svn/framework3/trunk@13657 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-29 15:30:13 +00:00
Joshua Drake 496170eac1 aDjUsT tHe CaSe
git-svn-id: file:///home/svn/framework3/trunk@13644 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-26 23:46:49 +00:00
David Rude ab11d3e3eb Fix the CVE reference
git-svn-id: file:///home/svn/framework3/trunk@13642 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-26 15:25:27 +00:00
David Rude 76f0226ff0 Adds the RealVNC Null Authentication Bypass exploit - gj thelightcosine =)
git-svn-id: file:///home/svn/framework3/trunk@13641 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-26 04:40:21 +00:00
David Rude c78ba0e4d5 hehe remove debugging put call
git-svn-id: file:///home/svn/framework3/trunk@13586 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 05:59:32 +00:00
David Rude 63e2b759e7 require the URI option
git-svn-id: file:///home/svn/framework3/trunk@13585 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 05:54:58 +00:00
David Rude 402ca57bb4 Adds Struts2 Remote Code Execution exploit CVE-2010-1870
git-svn-id: file:///home/svn/framework3/trunk@13584 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 05:52:09 +00:00
Steve Tornio 28177fd255 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@13505 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 02:54:56 +00:00
HD Moore f1afbacb2a Cron'd
git-svn-id: file:///home/svn/framework3/trunk@13485 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-04 17:36:01 +00:00
James Lee d58d061735 complain if the given applet name is not formatted correctly, fixes #5082
git-svn-id: file:///home/svn/framework3/trunk@13389 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-28 17:46:36 +00:00
Tod Beardsley df52bfaa4f Ensure that we check for pcaprub before doing much anything else for those modules that actually require it. In some cases, that means moving open_pcap() up to be the first method call, in others, insert check_pcaprub_loaded first. Also removes a few cases of redundant checking (the Capture mixin does all this already anyway).
git-svn-id: file:///home/svn/framework3/trunk@13381 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 20:21:47 +00:00
Tod Beardsley b22ca615c7 Fixes #5038, missed a couple mentions of Racket. Excised now for sure.
git-svn-id: file:///home/svn/framework3/trunk@13371 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 17:44:36 +00:00
Tod Beardsley c54e18d757 Fixes #5038. Removes all instances of Racket objects, as far as I can tell. If I missed any through my mighty grep -ril racket . statement, please reopen!
git-svn-id: file:///home/svn/framework3/trunk@13342 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-26 01:29:21 +00:00
Wei Chen f47a2c7565 Format dictatorship round 2: Fix author e-mail format for all exploit modules
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 20:17:58 +00:00
Wei Chen d13654740a Update some jboss modules' metadata associated with CVE-2010-0738
git-svn-id: file:///home/svn/framework3/trunk@13204 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 05:18:25 +00:00
James Lee 1d25a6d7d1 add an exploit for java's rmid and rmiregistry code-execution-by-design and supporting source. fixes #4378, thanks mihi!
git-svn-id: file:///home/svn/framework3/trunk@13185 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-15 20:42:31 +00:00
Matt Weeks 1162aafa1e p function causes problems with rpc.
git-svn-id: file:///home/svn/framework3/trunk@13184 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-15 18:45:05 +00:00
James Lee c412a836ed add VERBOSE option to all modules and vprint_* methods to use it
git-svn-id: file:///home/svn/framework3/trunk@13183 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-15 15:33:35 +00:00
James Lee 8e5311cb61 File.read is not binary safe. replace it with File.open in a few places where it matters.
git-svn-id: file:///home/svn/framework3/trunk@12957 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-16 22:02:00 +00:00
James Lee ea5dc1c85c use the right uri for our jar when other webserver modules are running
git-svn-id: file:///home/svn/framework3/trunk@12944 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-14 23:57:10 +00:00
HD Moore eea05fcaaa Correct the parent class name
git-svn-id: file:///home/svn/framework3/trunk@12930 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-12 19:31:38 +00:00
HD Moore 7f3e2d182d Fix Axis2 to inherit from the correct class, prevent a stack trace when a non-Remote exploit has the cleanup method called.
git-svn-id: file:///home/svn/framework3/trunk@12928 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-12 18:32:27 +00:00
HD Moore 85f5e5fb98 Fix the disclosure date to match when signing was made available to the masses
git-svn-id: file:///home/svn/framework3/trunk@12891 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-09 17:08:05 +00:00
HD Moore c3c061334d Add a "disclosure date" (applets were included in the first java release) and changing the title.
git-svn-id: file:///home/svn/framework3/trunk@12883 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-08 03:31:49 +00:00
James Lee 1c4bf118e8 add a version check
git-svn-id: file:///home/svn/framework3/trunk@12847 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-03 23:47:44 +00:00
James Lee 5b91eadb87 fix the string replacement and do it at setup time instead of for every request
git-svn-id: file:///home/svn/framework3/trunk@12747 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-27 19:36:12 +00:00
James Lee cd3f306ef2 clarify info a bit; make APPLETNAME option actually do something.
git-svn-id: file:///home/svn/framework3/trunk@12746 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-27 19:13:47 +00:00
James Lee 5a54a408f5 stupid debugging stuff
git-svn-id: file:///home/svn/framework3/trunk@12736 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-26 19:10:54 +00:00
James Lee c5781ae515 add support for PKCS12 (.pfx) cert/key files and cert chains in PEM files
git-svn-id: file:///home/svn/framework3/trunk@12735 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-26 17:52:12 +00:00
James Lee 11a1b5dcad fix the requires for java signing.
git-svn-id: file:///home/svn/framework3/trunk@12719 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-25 18:02:02 +00:00
James Lee 812bae9df9 add support for signing applets (or any other jar) with openssl. this removes the need for a dependency on RJB
git-svn-id: file:///home/svn/framework3/trunk@12718 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-25 16:45:20 +00:00
James Lee ef48240606 Make it obvious which exploit is handling a request
git-svn-id: file:///home/svn/framework3/trunk@12693 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-23 17:05:44 +00:00
James Lee 04efaf9281 referencing navigator.javaEnabled breaks ie6, only check navigator.javaEnabled();
git-svn-id: file:///home/svn/framework3/trunk@12655 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-17 22:44:39 +00:00
David Rude a8b6c43636 reverting the disclosure dates for now need to clean up the patch
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 20:43:19 +00:00
David Rude 3b7ea08f6a Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:17:31 +00:00
David Rude 3b5cf3826a Added TheLightCosines OpenSSL ChangeCipherSpec DoS aux module
git-svn-id: file:///home/svn/framework3/trunk@12538 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:08:28 +00:00
Steve Tornio 319b4993a4 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12397 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 19:38:42 +00:00
David Rude 0f9a232025 Added Spreecommerce Remote Code Execution exploit module - thanks joernchen
git-svn-id: file:///home/svn/framework3/trunk@12392 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 16:57:17 +00:00
Wei Chen 6d71990dfc Disclosure date change
git-svn-id: file:///home/svn/framework3/trunk@12390 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 15:40:59 +00:00
Joshua Drake d2374a435f add .jar extension, thx for the contribution!
git-svn-id: file:///home/svn/framework3/trunk@12285 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-09 17:03:41 +00:00
Steve Tornio 46d88f54f6 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12242 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-05 01:08:07 +00:00