joernchen of Phenoelit
197eb16f72
gitorious remote command exec exploit
2012-01-19 11:36:08 +01:00
Tod Beardsley
7e25f9a6cc
Death to unicode
...
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
Tod Beardsley
e7d7302644
Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a viewer has a Unicode-capable terminal.
2012-01-09 11:22:44 -06:00
sinn3r
243dbe50f0
Correct author name. Unfortunately not all editors can print unicode correctly.
2012-01-07 15:18:25 -06:00
sinn3r
4e858aba89
Add CVE-2012-0262 Op5 welcome.php Remote Code Execution
2012-01-07 15:13:45 -06:00
sinn3r
4645c1c2b9
Add CVE-2012-0261 Op5 license.php Remote Code Execution
2012-01-07 15:12:49 -06:00
sinn3r
d484e18300
Add e-mail for tecr0c
2011-12-29 11:14:15 -06:00
sinn3r
b5b2c57b9f
Correct e-mail format
2011-12-29 10:57:00 -06:00
Steve Tornio
a00dad32fe
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2011-12-29 07:50:33 -06:00
Steve Tornio
27d1601028
add osvdb ref
2011-12-29 07:49:16 -06:00
Tod Beardsley
0e3370f1fe
Grammar and spelling on splunk and oracle exploits
2011-12-28 13:42:56 -06:00
sinn3r
101eba6aa5
Add CVE-2011-3587 Plone/Zope Remote CMD Injection (Feature #6151 )
2011-12-27 00:59:26 -06:00
sinn3r
b5b24a1fbf
Add a check. I decided not to try to login in the check function in order to remain non-malicious.
...
However, this decision doesn't represent how modules should write their own check.
2011-12-22 13:16:54 -06:00
sinn3r
262fe75e0a
Add CVE-2011-4642 - Splunk Remote Code Execution (Feature #6129 )
2011-12-22 13:04:37 -06:00
Steve Tornio
85caabbf5d
add osvdb ref
2011-12-14 07:19:34 -06:00
HD Moore
cb456337a0
Handle invalid http responses better, see #6113
2011-12-13 19:54:10 -06:00
sinn3r
d87d8d5799
Add CVE-2011-4453 (PmWiki Remote code exeuction - Feature #6103 )
2011-12-13 11:45:24 -06:00
sinn3r
32c8301c19
Add feature #6082 (Traq 2.3 Auth bypass remote code execution)
2011-12-12 15:45:19 -06:00
sinn3r
e043fb52c2
Incrase timeout
2011-12-08 11:21:03 -06:00
sinn3r
5afba20c21
Merge pull request #43 from jduck/master
...
Clear up how to use native payloads for tomcat_mgr_deploy
2011-12-06 23:01:53 -08:00
sinn3r
edec6b98ee
Add feature #6067 Family Connections CMS 2.7.1 exploit
2011-12-07 00:00:56 -06:00
Joshua J. Drake
ac7edc268a
Add some more clear documentation for selecting payloads for this module.
2011-12-05 00:35:11 -06:00
Steve Tornio
2bb97791f7
Update OSVDF refs for servu module.
...
* Added osvdb ref to servu module.
* Fixed rhino entry in osvdb, removed comment from module.
Squashed commit of the following:
commit 80ce65253f51e07a0bcb8900402a1b3d59eaeaa1
Author: Steve Tornio <swtornio@gmail.com>
Date: Fri Dec 2 07:44:28 2011 -0600
add osvdb ref
commit 558f20d84dd705b57b7f807a5ea3815e17b6f9f5
Author: Steve Tornio <swtornio@gmail.com>
Date: Wed Nov 30 08:15:20 2011 -0600
fixed in osvdb
[Closes #39 ]
2011-12-02 13:21:41 -05:00
sinn3r
93a419c76b
Having nothing on the webpage may probably confuse some novice users. But I do like stealth.
2011-12-01 03:02:35 -06:00
sinn3r
f26f6da74b
Add CVE-2011-3544 (feature #6023 ) Java Rhino exploit
2011-11-29 18:05:20 -06:00
Tod Beardsley
f503bd9488
Fixes #5749 by converting to unix-style linefeeds and forcing jtr modules to read files as binary, and updating msftidy to allow for r+b as a ghetto append.
2011-11-28 17:52:34 -06:00
Rob Fuller
c411c216c0
Solved most of msftidy issues with the /modules directory
2011-11-28 17:10:29 -06:00
David Maloney
4a22df4014
Fix to the axis2 Deployer exploit to add Default Target
2011-11-22 10:27:38 -08:00
David Maloney
30d1451159
Consolidation of the Axis2 Deployer Exploits
...
Fixes #5276
2011-11-22 08:47:53 -08:00
sinn3r
41d746a07a
Add Support Incident Tracker (Feature #5964 ) by Juan
2011-11-12 12:36:21 -06:00
Matt Buck
16f45fc894
Add empty directories from svn repo.
2011-11-09 18:41:40 -06:00
Wei Chen
e767214411
Fix: whitespaces, svn propset, author e-mail format
...
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 22:02:26 +00:00
Wei Chen
0dff3f3e52
Add #5682 (phpscheduleit module). Thx Juan.
...
git-svn-id: file:///home/svn/framework3/trunk@14073 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 18:06:12 +00:00
Will Vandevanter
a0d8a08851
java meterpreter should be used when the target is set to automatic
...
git-svn-id: file:///home/svn/framework3/trunk@14068 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 20:02:09 +00:00
Wei Chen
2b46420b36
check nil
...
git-svn-id: file:///home/svn/framework3/trunk@14062 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 16:19:55 +00:00
Wei Chen
7ba5a8ec4e
Module is busted when it loads, restoring to the original method. Mixin should not be loaded into an exploit
...
git-svn-id: file:///home/svn/framework3/trunk@14061 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 16:04:33 +00:00
Wei Chen
9cb54e37c5
Handle payloads better, also add a cleanup routine specifically for php/exec
...
git-svn-id: file:///home/svn/framework3/trunk@14060 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 05:25:39 +00:00
Wei Chen
2da07d4963
Fix bug #5834 (uri being nil in print_good)
...
git-svn-id: file:///home/svn/framework3/trunk@14057 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 00:40:03 +00:00
Wei Chen
3da8bb8b69
Add feature #5820 by mr_me and tecr0c
...
git-svn-id: file:///home/svn/framework3/trunk@14055 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 23:22:32 +00:00
Joshua Drake
62c8c6ea9f
big msftidy pass, ping me if there are issues
...
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
Wei Chen
975cc52bac
Fix spelling errors
...
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 00:54:05 +00:00
Tod Beardsley
c336d063da
Mostly file format (unix linefeeds) and File.open() calls using binary. Fixed ranking for mozilla_nstreerange and disclosure and BID # for tugzip.
...
git-svn-id: file:///home/svn/framework3/trunk@13971 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 04:20:53 +00:00
Tod Beardsley
94eb3ac14c
Deleting a puts statement.
...
git-svn-id: file:///home/svn/framework3/trunk@13968 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 03:52:10 +00:00
Tod Beardsley
30ac88694f
More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster.
...
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:58:53 +00:00
Tod Beardsley
020abd926b
A handful of rankings changes, also converting whitespace.
...
git-svn-id: file:///home/svn/framework3/trunk@13941 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 22:58:20 +00:00
Wei Chen
14d7db1641
Add disclosure dates to all the exploit modules that didn't have one
...
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 21:09:17 +00:00
Wei Chen
f2d328d969
cmd exec module should receive ExcellentRanking
...
git-svn-id: file:///home/svn/framework3/trunk@13935 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:10:53 +00:00
HD Moore
142ae9288b
Fix title
...
git-svn-id: file:///home/svn/framework3/trunk@13933 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 19:56:57 +00:00
Wei Chen
262b3bbe00
Use Rex to encode payload to base64
...
git-svn-id: file:///home/svn/framework3/trunk@13846 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 20:31:51 +00:00
Wei Chen
98157272fd
Fix indentation for exploit description
...
git-svn-id: file:///home/svn/framework3/trunk@13843 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 06:12:54 +00:00
Wei Chen
d1b1b26d01
Add Feature #5499 (Snortreport module)
...
git-svn-id: file:///home/svn/framework3/trunk@13842 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 06:10:18 +00:00
Wei Chen
44ac9d67e0
svn propset
...
git-svn-id: file:///home/svn/framework3/trunk@13831 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-07 17:45:15 +00:00
Steve Tornio
9ec92ee603
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13830 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-07 15:37:54 +00:00
HD Moore
9862987f45
Add a new module from joernchen
...
git-svn-id: file:///home/svn/framework3/trunk@13829 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-07 15:30:24 +00:00
Wei Chen
612cdc8c73
No need to check if version is 'unknown' if nothing else (other than default) is assigned to it
...
git-svn-id: file:///home/svn/framework3/trunk@13799 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-27 19:12:31 +00:00
Wei Chen
8bfdebeaf3
Handle the return value for send_request during the early stage
...
git-svn-id: file:///home/svn/framework3/trunk@13791 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-25 19:28:15 +00:00
Wei Chen
db79d21f75
Apply patch for non-default logins by jabra
...
git-svn-id: file:///home/svn/framework3/trunk@13778 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-23 02:48:48 +00:00
Jonathan Cran
064255e910
fixup the payload encoding, per joernchen's comment in the #metasploit channel.
...
git-svn-id: file:///home/svn/framework3/trunk@13747 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-17 17:48:51 +00:00
Mario Ceballos
6f28911d3d
added patch from joshua taylor.
...
git-svn-id: file:///home/svn/framework3/trunk@13698 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-06 19:58:40 +00:00
HD Moore
5fa7ddf5f4
Move this aux module out of the exploits tree
...
git-svn-id: file:///home/svn/framework3/trunk@13657 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-29 15:30:13 +00:00
Joshua Drake
496170eac1
aDjUsT tHe CaSe
...
git-svn-id: file:///home/svn/framework3/trunk@13644 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-26 23:46:49 +00:00
David Rude
ab11d3e3eb
Fix the CVE reference
...
git-svn-id: file:///home/svn/framework3/trunk@13642 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-26 15:25:27 +00:00
David Rude
76f0226ff0
Adds the RealVNC Null Authentication Bypass exploit - gj thelightcosine =)
...
git-svn-id: file:///home/svn/framework3/trunk@13641 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-26 04:40:21 +00:00
David Rude
c78ba0e4d5
hehe remove debugging put call
...
git-svn-id: file:///home/svn/framework3/trunk@13586 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 05:59:32 +00:00
David Rude
63e2b759e7
require the URI option
...
git-svn-id: file:///home/svn/framework3/trunk@13585 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 05:54:58 +00:00
David Rude
402ca57bb4
Adds Struts2 Remote Code Execution exploit CVE-2010-1870
...
git-svn-id: file:///home/svn/framework3/trunk@13584 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 05:52:09 +00:00
Steve Tornio
28177fd255
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13505 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 02:54:56 +00:00
HD Moore
f1afbacb2a
Cron'd
...
git-svn-id: file:///home/svn/framework3/trunk@13485 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-04 17:36:01 +00:00
James Lee
d58d061735
complain if the given applet name is not formatted correctly, fixes #5082
...
git-svn-id: file:///home/svn/framework3/trunk@13389 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-28 17:46:36 +00:00
Tod Beardsley
df52bfaa4f
Ensure that we check for pcaprub before doing much anything else for those modules that actually require it. In some cases, that means moving open_pcap() up to be the first method call, in others, insert check_pcaprub_loaded first. Also removes a few cases of redundant checking (the Capture mixin does all this already anyway).
...
git-svn-id: file:///home/svn/framework3/trunk@13381 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 20:21:47 +00:00
Tod Beardsley
b22ca615c7
Fixes #5038 , missed a couple mentions of Racket. Excised now for sure.
...
git-svn-id: file:///home/svn/framework3/trunk@13371 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 17:44:36 +00:00
Tod Beardsley
c54e18d757
Fixes #5038 . Removes all instances of Racket objects, as far as I can tell. If I missed any through my mighty grep -ril racket . statement, please reopen!
...
git-svn-id: file:///home/svn/framework3/trunk@13342 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-26 01:29:21 +00:00
Wei Chen
f47a2c7565
Format dictatorship round 2: Fix author e-mail format for all exploit modules
...
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 20:17:58 +00:00
Wei Chen
d13654740a
Update some jboss modules' metadata associated with CVE-2010-0738
...
git-svn-id: file:///home/svn/framework3/trunk@13204 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 05:18:25 +00:00
James Lee
1d25a6d7d1
add an exploit for java's rmid and rmiregistry code-execution-by-design and supporting source. fixes #4378 , thanks mihi!
...
git-svn-id: file:///home/svn/framework3/trunk@13185 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-15 20:42:31 +00:00
Matt Weeks
1162aafa1e
p function causes problems with rpc.
...
git-svn-id: file:///home/svn/framework3/trunk@13184 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-15 18:45:05 +00:00
James Lee
c412a836ed
add VERBOSE option to all modules and vprint_* methods to use it
...
git-svn-id: file:///home/svn/framework3/trunk@13183 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-15 15:33:35 +00:00
James Lee
8e5311cb61
File.read is not binary safe. replace it with File.open in a few places where it matters.
...
git-svn-id: file:///home/svn/framework3/trunk@12957 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-16 22:02:00 +00:00
James Lee
ea5dc1c85c
use the right uri for our jar when other webserver modules are running
...
git-svn-id: file:///home/svn/framework3/trunk@12944 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-14 23:57:10 +00:00
HD Moore
eea05fcaaa
Correct the parent class name
...
git-svn-id: file:///home/svn/framework3/trunk@12930 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-12 19:31:38 +00:00
HD Moore
7f3e2d182d
Fix Axis2 to inherit from the correct class, prevent a stack trace when a non-Remote exploit has the cleanup method called.
...
git-svn-id: file:///home/svn/framework3/trunk@12928 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-12 18:32:27 +00:00
HD Moore
85f5e5fb98
Fix the disclosure date to match when signing was made available to the masses
...
git-svn-id: file:///home/svn/framework3/trunk@12891 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-09 17:08:05 +00:00
HD Moore
c3c061334d
Add a "disclosure date" (applets were included in the first java release) and changing the title.
...
git-svn-id: file:///home/svn/framework3/trunk@12883 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-08 03:31:49 +00:00
James Lee
1c4bf118e8
add a version check
...
git-svn-id: file:///home/svn/framework3/trunk@12847 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-03 23:47:44 +00:00
James Lee
5b91eadb87
fix the string replacement and do it at setup time instead of for every request
...
git-svn-id: file:///home/svn/framework3/trunk@12747 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-27 19:36:12 +00:00
James Lee
cd3f306ef2
clarify info a bit; make APPLETNAME option actually do something.
...
git-svn-id: file:///home/svn/framework3/trunk@12746 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-27 19:13:47 +00:00
James Lee
5a54a408f5
stupid debugging stuff
...
git-svn-id: file:///home/svn/framework3/trunk@12736 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-26 19:10:54 +00:00
James Lee
c5781ae515
add support for PKCS12 (.pfx) cert/key files and cert chains in PEM files
...
git-svn-id: file:///home/svn/framework3/trunk@12735 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-26 17:52:12 +00:00
James Lee
11a1b5dcad
fix the requires for java signing.
...
git-svn-id: file:///home/svn/framework3/trunk@12719 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-25 18:02:02 +00:00
James Lee
812bae9df9
add support for signing applets (or any other jar) with openssl. this removes the need for a dependency on RJB
...
git-svn-id: file:///home/svn/framework3/trunk@12718 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-25 16:45:20 +00:00
James Lee
ef48240606
Make it obvious which exploit is handling a request
...
git-svn-id: file:///home/svn/framework3/trunk@12693 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-23 17:05:44 +00:00
James Lee
04efaf9281
referencing navigator.javaEnabled breaks ie6, only check navigator.javaEnabled();
...
git-svn-id: file:///home/svn/framework3/trunk@12655 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-17 22:44:39 +00:00
David Rude
a8b6c43636
reverting the disclosure dates for now need to clean up the patch
...
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 20:43:19 +00:00
David Rude
3b7ea08f6a
Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy
...
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:17:31 +00:00
David Rude
3b5cf3826a
Added TheLightCosines OpenSSL ChangeCipherSpec DoS aux module
...
git-svn-id: file:///home/svn/framework3/trunk@12538 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:08:28 +00:00
Steve Tornio
319b4993a4
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12397 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 19:38:42 +00:00
David Rude
0f9a232025
Added Spreecommerce Remote Code Execution exploit module - thanks joernchen
...
git-svn-id: file:///home/svn/framework3/trunk@12392 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 16:57:17 +00:00
Wei Chen
6d71990dfc
Disclosure date change
...
git-svn-id: file:///home/svn/framework3/trunk@12390 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 15:40:59 +00:00
Joshua Drake
d2374a435f
add .jar extension, thx for the contribution!
...
git-svn-id: file:///home/svn/framework3/trunk@12285 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-09 17:03:41 +00:00
Steve Tornio
46d88f54f6
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12242 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-05 01:08:07 +00:00