Commit Graph

1047 Commits (2d6c76d0ad1fac45a47b7b7b953e92f4624a0725)

Author SHA1 Message Date
jvazquez-r7 ece36c0610 Update references for the las Java exploit 2013-04-22 21:55:04 -05:00
jvazquez-r7 b6365db0b5 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-22 09:38:32 -05:00
jvazquez-r7 1365dfe68c Add Oracle url 2013-04-20 01:43:14 -05:00
jvazquez-r7 b99fc06b6f description updated 2013-04-20 01:43:14 -05:00
jvazquez-r7 19f2e72dbb Added module for Java 7u17 sandboxy bypass 2013-04-20 01:43:13 -05:00
jvazquez-r7 bbf7cc4394 up to date 2013-04-17 11:54:12 -05:00
jvazquez-r7 48def7dbdb up to date 2013-04-17 06:36:44 -05:00
Jon Hart 83ec9757ec Addressed feedback from PR#1717 2013-04-16 19:00:26 -07:00
jvazquez-r7 cc35591723 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-15 17:43:15 -05:00
Tod Beardsley 873bdbab57 Removing APSB13-03, not ready.
This was landed by @todb-r7 on #1709 but that was premature. #1717 was
a proposed set of fixes, but it didn't go far enough.

@jhart-r7 and @jvazquez-r7 should revisit this module for sure, there's
some good stuff in there, but it's not ready for a real release quite
yet. Take a look at the issues discussed in those PRs and open a new PR
with a new module?

Sorry for the switcheroo, not trying to be a jerk.

[Closes #1717]
2013-04-15 13:36:47 -05:00
timwr 32bd812bdb android meterpreter 2013-04-12 18:57:04 +01:00
jvazquez-r7 2ab7552a85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-10 09:11:41 +02:00
Tod Beardsley 0d2746fb4c defs should have parens when taking args
While it's allowed in ruby to drop most parens, many are useful for
readability.

Also adds a missing CVE.
2013-04-09 17:57:52 -05:00
Tod Beardsley 90e986860e Adding most suggested changes to jhart's adobe module 2013-04-09 17:55:28 -05:00
Jon Hart 8a98b1af4a Added command mode, plus fixed the dropping of payloads 2013-04-07 15:39:38 -07:00
Jon Hart f482496795 Initial commit of an exploit module for the CVEs covered by APSB13-03.
Not complete but will currently get command execution on Coldfusion 9.x
instances with CSRF protection disabled
2013-04-06 20:08:50 -07:00
jvazquez-r7 358c43f6f6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-03 19:17:53 +02:00
Tod Beardsley e4d901d12c Space at EOL (msftidy) 2013-04-03 09:20:01 -05:00
jvazquez-r7 070fd399f2 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-31 20:23:08 +02:00
jvazquez-r7 315abd8839 fix Privileged field 2013-03-30 19:39:01 +01:00
jvazquez-r7 a46805d95d description updated 2013-03-30 19:36:35 +01:00
jvazquez-r7 c880a63e75 Added module for ZDI-13-049 2013-03-30 19:35:04 +01:00
jvazquez-r7 224188ddf6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-29 21:49:40 +01:00
jvazquez-r7 714fc83cfe Merge branch 'Ra1NX_pubcall' of https://github.com/bwall/metasploit-framework into bwall-Ra1NX_pubcall 2013-03-29 19:58:06 +01:00
bwall 21ea1c9ed4 Merge branch 'Ra1NX_pubcall' of https://github.com/bwall/metasploit-framework into Ra1NX_pubcall 2013-03-29 13:29:38 -04:00
bwall 10d9e86b42 Renamed file to be all lower case 2013-03-29 13:29:05 -04:00
jvazquez-r7 cd1820d769 trying to solve irc comm issues 2013-03-29 12:54:57 +01:00
bwall 6cf44d9c85 added a 3 message window for recieving the check response 2013-03-28 21:14:52 -04:00
jvazquez-r7 e9842eac2e Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-28 15:18:41 +01:00
jvazquez-r7 29ad9939e1 cleanup for stunshell_eval 2013-03-28 15:11:20 +01:00
jvazquez-r7 514aed404c Merge branch 'STUNSHELL_eval' of https://github.com/bwall/metasploit-framework into bwall-STUNSHELL_eval 2013-03-28 15:10:57 +01:00
jvazquez-r7 3ffbc5e5b3 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-28 14:58:43 +01:00
jvazquez-r7 9b18eb858b cleanup for stunshell_exec 2013-03-28 14:45:51 +01:00
jvazquez-r7 a7a5569725 Merge branch 'STUNSHELL_exec' of https://github.com/bwall/metasploit-framework into bwall-STUNSHELL_exec 2013-03-28 14:45:28 +01:00
jvazquez-r7 6cd6a7d6b9 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-28 12:16:18 +01:00
bwall ce9f11aeb3 Changed the targets to be more specific 2013-03-27 17:22:29 -04:00
bwall f14d5ba8ec Removed extra comma 2013-03-27 17:15:34 -04:00
bwall 2a60ef2d60 Renamed and fixed some code issues 2013-03-27 17:14:41 -04:00
bwall cc92b54e83 Moved module and cleaned code 2013-03-27 17:03:18 -04:00
bwall 76fb6ff48f Updated ranking 2013-03-27 16:41:35 -04:00
jvazquez-r7 e25a06c649 delete comma 2013-03-27 21:33:58 +01:00
jvazquez-r7 5fc5a4f429 use target_uri 2013-03-27 20:45:34 +01:00
jvazquez-r7 f29cfbf393 cleanup for v0pCr3w_exec 2013-03-27 20:38:11 +01:00
bwall fd302d62b8 Removed testing code 2013-03-27 12:50:42 -04:00
jvazquez-r7 787f8cc32f up to date 2013-03-26 12:18:53 +01:00
jvazquez-r7 6f5fc77019 up to date 2013-03-26 11:59:41 +01:00
jvazquez-r7 2d0a813aa6 Merge branch 'heyder-joomla' of https://github.com/heyder/metasploit-framework 2013-03-26 11:23:33 +01:00
bwall a5346240de Updated v0pCr3w_exec to use send_request_cgi 2013-03-26 01:33:30 -04:00
heyder 014c01099e improve cleanup 2013-03-26 02:22:10 -03:00
bwall 5218831167 Added license information and tidied up the code 2013-03-25 00:05:31 -04:00
bwall e98a463de2 Added license information and tidied up code 2013-03-25 00:04:39 -04:00
bwall e37fa3b40a Added license information and tidied up code 2013-03-25 00:03:32 -04:00
bwall 6be88224bf Added the license information and tidied up 2013-03-25 00:01:20 -04:00
heyder 0c169f94eb correct some bad indent 2013-03-24 21:07:51 -03:00
heyder 50ac5cf247 Adjust payload size and others code adjustments 2013-03-24 20:25:29 -03:00
bwall 7e0b0ac092 Added STUNSHELL webshell remote command execution module 2013-03-24 15:18:08 -04:00
bwall b23d259485 Added STUNSHELL webshell remote code evaluation[PHP] module 2013-03-24 15:16:45 -04:00
bwall bbcf21ee24 Added v0pCr3w webshell remote command execution module 2013-03-24 15:13:42 -04:00
bwall ca6ab7c8c2 Added Ra1NX pubcall authentication bypass exploit module 2013-03-24 14:59:27 -04:00
jvazquez-r7 cb56b2de4b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-23 20:06:05 +01:00
heyder 5bee1471df many code adjustments 2013-03-22 23:07:08 -03:00
sinn3r 11754f271a Merge branch 'mutiny_subnetmask_exec' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mutiny_subnetmask_exec 2013-03-22 13:05:16 -05:00
heyder b5c65ad51b add Joomla Component JCE File Upload Code Execution 2013-03-22 10:41:35 -03:00
jvazquez-r7 bbff20fd65 cleanup for struts_code_exec_parameters 2013-03-21 22:17:47 +01:00
jvazquez-r7 50c6a98530 Merge branch 'struts-param-rce' of https://github.com/Console/metasploit-framework into Console-struts-param-rce 2013-03-21 22:17:20 +01:00
jvazquez-r7 296f2e7c2c up to date 2013-03-21 22:10:18 +01:00
Console cbccda10ca fixing issue raised by @meatballs1 2013-03-21 20:58:40 +00:00
jvazquez-r7 9c1694e8a0 Merge branch 'struts-param-rce' of https://github.com/Console/metasploit-framework 2013-03-21 20:44:10 +01:00
Console 302193f98b Various fixes and improvements
Chunk_length now varies according to targeturi and parameter
A few typographical inconsistences corrected
CMD option removed as its not being used
custom http request timeout removed
2013-03-21 19:03:39 +00:00
Console 8027615608 fixed comments left in by accident 2013-03-21 16:43:44 +00:00
Console 4edf5260f4 check function now tells user about delay 2013-03-21 16:40:45 +00:00
Console a714b430ca used normalize_uri 2013-03-21 14:05:08 +00:00
Console 5c9bec1552 commit fix branch for Console-struts-RCE 2013-03-21 13:40:16 +00:00
jvazquez-r7 29fff62869 up to date 2013-03-12 18:29:53 +01:00
Darren Martyn 73717f1522 Added webacoo code execution module 2013-03-09 19:12:22 +00:00
Spencer McIntyre 8b5a83c7f5 Remove the DECODER option 2013-03-08 15:25:16 -05:00
James Lee 2160718250 Fix file header comment
[See #1555]
2013-03-07 17:53:19 -06:00
jvazquez-r7 25db782b03 change print location 2013-03-07 19:15:40 +01:00
jvazquez-r7 fdd7c375ad added linux native target 2013-03-07 19:12:25 +01:00
David Maloney 4212c36566 Fix up basic auth madness 2013-03-01 11:59:02 -06:00
David Maloney c290bc565e Merge branch 'master' into feature/http/authv2 2013-02-28 14:33:44 -06:00
Joe Rozner abdcde06cd Fix polarcms_upload_exec exploit 2013-02-25 22:58:26 -08:00
sinn3r 181e3c0496 Uses normalize_uri 2013-02-25 19:36:48 -06:00
sinn3r 1ed74b46be Add CVE-2013-0803
From:
http://dev.metasploit.com/redmine/issues/7691
2013-02-25 14:14:57 -06:00
sinn3r f3f913edc5 Correct bad naming style 2013-02-25 13:29:27 -06:00
sinn3r 690e7ec8a7 Uses normalize_uri 2013-02-25 13:28:00 -06:00
sinn3r b930613653 Merge branch 'kordil-edms-upload-exec' of github.com:bcoles/metasploit-framework into bcoles-kordil-edms-upload-exec 2013-02-25 12:43:50 -06:00
sinn3r 5fe2c26d82 Merge branch 'bcoles-glossword_upload_exec' 2013-02-25 12:41:05 -06:00
sinn3r 52241b847a Uses normalize_uri instead of manually adding a slash 2013-02-25 12:20:37 -06:00
bcoles d7c0ce4e4a Fix 'check()' in glossword_upload_exec 2013-02-25 15:52:07 +10:30
bcoles 1f46b3aa02 Add Glossword Arbitrary File Upload Vulnerability exploit 2013-02-25 01:59:46 +10:30
bcoles 002654317c Add Kordil EDMS File Upload Vulnerability exploit 2013-02-22 23:32:17 +10:30
jvazquez-r7 1913d60d65 multibrowser support 2013-02-21 01:13:25 +01:00
jvazquez-r7 bf216cca5c description and references updated 2013-02-20 18:14:53 +01:00
jvazquez-r7 d7b89a2228 added security level bypass 2013-02-20 17:50:47 +01:00
jvazquez-r7 d88ad80116 Added first version of cve-2013-0431 2013-02-20 16:39:53 +01:00
David Maloney 0ae489b37b last of revert-merge snaffu 2013-02-19 23:16:46 -06:00
James Lee 9d4a3ca729 Fix a typo that broke this module against x64
[SeeRM #7747]
2013-02-19 19:22:42 -06:00
jvazquez-r7 221ce22f53 make msftidy happy 2013-02-15 19:01:58 +01:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
2013-02-11 20:49:55 -06:00
James Lee 5b3b0a8b6d Merge branch 'dmaloney-r7-http/auth_methods' into rapid7 2013-02-08 12:45:35 -06:00
James Lee 9b6f2fcd1d Use the install path to tell us the separator
Fixes the java target on windows victims
2013-02-08 12:10:42 -06:00
James Lee 5b398076ae Couple of fixes for windows
* Catch IOError when chmod doesn't exist (i.e. Windows)
* Proper escaping for paths
2013-02-08 11:52:50 -06:00
James Lee 071df7241b Merge branch 'rapid7' into sonicwall_gms
Conflicts:
	modules/exploits/multi/http/sonicwall_gms_upload.rb

Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
James Lee 1f9a09d5dd Add a method to upload and exec in one step 2013-02-07 21:09:32 -06:00
James Lee 13d1045989 Works for java and native linux targets 2013-02-07 16:56:38 -06:00
James Lee b6c6397da3 typo 2013-02-06 19:21:20 -06:00
James Lee 1095fe198b Merge branch 'rapid7' into dmaloney-r7-http/auth_methods 2013-02-06 16:57:50 -06:00
HD Moore 80a8bab02f Correct the CVE reference 2013-02-05 10:37:24 -06:00
sinn3r 42912bf286 Merge branch 'jjarmoc-rails_methods' of github.com:jjarmoc/metasploit-framework into jjarmoc-jjarmoc-rails_methods 2013-02-04 16:50:01 -06:00
Jeff Jarmoc 9b30e354ea Updates HTTP_METHOD option to use OptEnum. 2013-02-04 15:32:36 -06:00
sinn3r 45db43d2b3 Merge branch 'msftidy/no-twitter-handles' of github.com:todb-r7/metasploit-framework into todb-r7-msftidy/no-twitter-handles 2013-02-04 14:21:40 -06:00
David Maloney 8d013d1034 Merge branch 'master' into http/auth_methods 2013-02-04 13:11:57 -06:00
David Maloney 4c1e630bf3 BasicAuth datastore cleanup
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
HD Moore 4c8811bb8a Add a debug target 2013-02-03 23:24:44 -06:00
HD Moore 191eed88bc Fix liberal matching expression on target 2013-02-03 21:50:03 -06:00
HD Moore 9379c68e51 Fix typo, auto-fingerprint, unconnected sockets 2013-02-03 21:23:05 -06:00
HD Moore 42c8a2d265 Add VU and blog references 2013-02-03 18:17:51 -06:00
HD Moore c24da99104 Update authors, add Richard (thanks!) 2013-02-03 18:13:28 -06:00
HD Moore 9e491f0b1c Add a fingerprint string and more comments 2013-02-03 18:03:32 -06:00
HD Moore 1f227243b8 Make it clear BadChars are ignored 2013-02-03 17:54:25 -06:00
HD Moore 214a60aa01 iFix spacing 2013-02-03 17:52:33 -06:00
HD Moore 94953d0450 Fix idents from copypasta 2013-02-03 17:48:13 -06:00
HD Moore 975230c9e7 Add the first module for unique_service_name() 2013-02-03 17:46:20 -06:00
RageLtMan ffb88baf4a initial module import from SV rev_ssl branch 2013-02-03 15:06:24 -05:00
Tod Beardsley e8def29b4f Dropping all twitter handles
Also adds "pbot" as an accepted lowercase word. This will come up pretty
routinley for functions and stuff.
2013-02-01 16:33:52 -06:00
jvazquez-r7 70b252dc7b Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2 2013-01-31 22:32:50 +01:00
egypt 5332e80ae9 Fix errant use of .to_s instead of .path 2013-01-31 14:18:42 -06:00
sinn3r 66ca906bfb This is a string, not a variable 2013-01-31 01:56:05 -06:00
sinn3r c174e6a208 Correctly use normalize_uri()
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
sinn3r ec0db66fcb Merge branch 'patch-2' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-2 2013-01-30 12:36:53 -06:00
Jeff Jarmoc 55600ce276 Update modules/exploits/multi/http/rails_xml_yaml_code_exec.rb
Remove unecessary include.  Tested against rails 3.2.10.
2013-01-29 11:46:02 -06:00
Jeff Jarmoc 929814dabf Update modules/exploits/multi/http/rails_json_yaml_code_exec.rb
Removes unnecessary include.  Tested on 3.0.19 and 2.3.15.
2013-01-29 11:04:20 -06:00
Tod Beardsley 38785015e1 Missing period in description 2013-01-28 23:08:53 -06:00
James Lee 464d048eca Remove debugging print 2013-01-28 22:25:57 -06:00
James Lee dc19968555 Minor cleanups 2013-01-28 22:21:03 -06:00
James Lee c0757ce905 Add support for 2.x 2013-01-28 21:41:15 -06:00
James Lee 92c736a6a9 Move fork stuff out of exploit into payload mixin
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
James Lee ee2579607a Working against 3.0.19 2013-01-28 21:05:14 -06:00
James Lee 044fefd02a Initial support for Java target
Still some debugging junk, needs some more love.
2013-01-28 00:02:26 -06:00
sinn3r 49aac302e6 normalize_uri() breaks URI parsing
Please see: http://dev.metasploit.com/redmine/issues/7727
2013-01-26 22:57:01 -06:00
jvazquez-r7 1bccc410a3 Merge branch 'module-movabletype_upgrade_exec' of https://github.com/kacpern/metasploit-framework into kacpern-module-movabletype_upgrade_exec 2013-01-24 15:02:48 +01:00
Kacper Nowak ba41ee9c83 - applied all the changes from #1363
- some extra escaping for the sake of it
- removed the timeout in http_send_raw
2013-01-24 13:15:42 +00:00
jvazquez-r7 96d0b13de2 Merge branch 'excellentrankings' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-excellentrankings 2013-01-24 13:00:01 +01:00
sinn3r 3146b7ce77 Change default target
ExcellentRanking requires the module to auto-target. If the payload
is universal, that works too.
2013-01-23 23:40:47 -06:00
sinn3r 0c0f4a3e66 Lower ranking because they cannot auto-target
In order to be qualified as ExcellentRanking, auto-target is a must,
or the module has to default to a payload that's universal for
multiple platforms.  Otherwise you're wasting time in Pro.
2013-01-23 23:35:31 -06:00
sinn3r 75f3a62ac4 Explain why we need this empty on_new_session 2013-01-23 16:43:36 -06:00
sinn3r 9c3e9f798f Lower the ranking, because it cannot auto-target.
When it's excellent, Pro will fire this first, and that will only
generate more traffic than actually popping a shell.
2013-01-23 16:39:24 -06:00
sinn3r 53599e4c45 It's better to have a version # in the title, easier to find 2013-01-23 16:32:57 -06:00
sinn3r d1736b8880 Merge branch 'sonicwall_upload' of github.com:julianvilas/metasploit-framework into julianvilas-sonicwall_upload 2013-01-23 16:32:06 -06:00
Kacper Nowak c47392f5d1 normalize_uri and path fix 2013-01-23 16:57:30 +00:00
Kacper Nowak ff875d04e0 - RPATH changed to TARGETURI
- both CVE numbers referenced
- sightly changed exception handling
2013-01-23 16:50:35 +00:00
booboule 8bcf4a86ef Update modules/exploits/multi/browser/java_jre17_method_handle.rb
Wrong reference type (URL instead of OSVDB)
2013-01-23 17:14:53 +01:00
Kacper Nowak a3fa7cc6bc adjusted disclosure date 2013-01-23 12:49:08 +00:00
jvazquez-r7 e78174297e assuring stdapi loads on meterpreter 2013-01-23 12:44:55 +01:00
Kacper Nowak 5d6ca30422 removed spaces at EOL 2013-01-23 10:33:55 +00:00
Kacper Nowak 17d1c9f996 - expanded description
- updated references
2013-01-23 10:29:11 +00:00
jvazquez-r7 807bd6e88a Merge branch 'java_jre17_glassfish_averagerangestatisticimpl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_glassfish_averagerangestatisticimpl 2013-01-22 15:33:39 +01:00
jvazquez-r7 c498930644 Merge branch 'java_jre17_method_handle' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_method_handle 2013-01-22 15:33:07 +01:00
Kacper Nowak 8a59c7b8fb removed extra print_status() calls 2013-01-22 12:31:40 +00:00
Kacper Nowak 08a5f467b1 added URL for developer site 2013-01-22 12:14:38 +00:00
Kacper Nowak cd29a88c18 added Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution 2013-01-22 11:58:24 +00:00
Julian Vilas eb92070df8 added module for CVE-2013-1359 2013-01-22 01:54:41 +01:00
jvazquez-r7 967c04e727 finally it doesn't use FileDropper atm 2013-01-20 19:54:24 +01:00
jvazquez-r7 aed71f8446 linux stager plus little cleanup 2013-01-20 13:42:02 +01:00
Spencer McIntyre 6b40011a6f use target_uri and normalize_uri as well as fix a cookie problem 2013-01-19 19:10:56 -05:00
Spencer McIntyre 9f7aafccdf add module to execute commands via Jenkins Script Console 2013-01-18 14:56:52 -05:00
jvazquez-r7 3465aa00bd title updated 2013-01-18 18:42:27 +01:00
jvazquez-r7 ef16a7fd24 cleanup 2013-01-17 21:45:13 +01:00
jvazquez-r7 670b4e8e06 cleanup 2013-01-17 21:39:41 +01:00
jvazquez-r7 78279a0397 Added new module for cve-2012-5076 2013-01-17 21:27:47 +01:00
jvazquez-r7 d0b9808fc7 Added module for CVE-2012-5088 2013-01-17 21:14:49 +01:00
joe 771fc07264 Change :vuln_test to :os_name for checking OS. 2013-01-14 02:17:40 -06:00
joe efcdb1097c Add BAP options to itms_overflow module. 2013-01-14 01:42:58 -06:00
Spencer McIntyre b178ce1895 allow the mixin to auto detect an available decoder binary 2013-01-12 17:31:11 -05:00
kernelsmith 0b130e49e7 Squashed commit of the following:
commit 1beebe758c32a277e0a77f7d1011a56fda707732
Author: kernelsmith <kernelsmith@kernelsmith>
Date:   Fri Jan 11 17:55:27 2013 -0600

    fixes missing word in descript. of rails exploit

    simple omission fix in description

[Closes #1295]
2013-01-11 19:02:06 -06:00
sinn3r 4adf429c31 Adds one more ref 2013-01-11 01:33:26 -06:00
sinn3r 23ef8280be Merge branch 'java_0day_refs' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-java_0day_refs
Conflicts:
	modules/exploits/multi/browser/java_jre17_jmxbean.rb
2013-01-11 01:33:11 -06:00
HD Moore 6471a70053 Pass the X-HTTP-Method-Override parameter for compat 2013-01-10 20:27:13 -06:00
sinn3r e709811c5a CVE update 2013-01-10 19:51:04 -06:00
jvazquez-r7 2c05af721c module also updated with refs 2013-01-11 00:57:05 +01:00
HD Moore 9c652d1d55 Add a note about ruby 1.9 requirements 2013-01-10 17:10:03 -06:00
jvazquez-r7 ea000d6ee0 updated authors 2013-01-10 20:48:54 +01:00
jvazquez-r7 876d889d82 added exploit for j7u10 0day 2013-01-10 20:30:43 +01:00
Bouke van der Bijl 3b491ab998 Change charlisome in the list of authors to charliesome 2013-01-10 16:12:07 +01:00
HD Moore 42ea64c21b Merge in Rails2 support now that its in master 2013-01-10 02:14:08 -06:00
HD Moore 0b74f98946 Rescue errors and update credits 2013-01-10 01:06:46 -06:00
HD Moore 1e94b090e7 The __END__ trick is no longer needed 2013-01-10 00:29:11 -06:00
HD Moore acabc14ec3 This restores functionality across all rails 3.x 2013-01-10 00:28:12 -06:00
HD Moore 0e92de8f61 This works against a wider range of RoR 3.x targets 2013-01-10 00:10:26 -06:00
HD Moore 5e7a4f154e Fix platform/arch 2013-01-09 23:24:37 -06:00
HD Moore e15c731651 Clarify credit 2013-01-09 23:22:40 -06:00
HD Moore 4c1e501ed0 Exploit for CVE-2013-0156 and new ruby-platform modules 2013-01-09 23:10:13 -06:00
jvazquez-r7 ad3ca3a6bb regex to check version fixed 2013-01-09 23:48:55 +01:00
jvazquez-r7 52157b9124 extplorer_upload_exec cleanup 2013-01-09 19:45:17 +01:00
jvazquez-r7 8f91352c4a Merge branch 'extplorer_upload_exec' of https://github.com/bcoles/metasploit-framework into bcoles-extplorer_upload_exec 2013-01-09 19:44:43 +01:00
Spencer McIntyre d79a3c8e6b list valid DECODER values and add the sshexec module 2013-01-09 10:27:22 -05:00
Tod Beardsley 36adf86184 Various and sundry fixes for normalize_uri 2013-01-07 12:02:08 -06:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Christian Mehlmauer 6654faf55e Msftidy fixes 2013-01-04 09:29:34 +01:00
Christian Mehlmauer 8f2dd8e2ce msftidy: Remove $Revision$ 2013-01-04 00:48:10 +01:00
Christian Mehlmauer 25aaf7a676 msftidy: Remove $Id$ 2013-01-04 00:41:44 +01:00
Charlie Eriksen 97253d46a1 Multiple change for Juan
Incooperated changes as per Juan's suggestions.

- Removed redundant space option for the payload
- Doing the uri more intelligently
- Detecting allow_url_include being disabled and reporting it
- Moved to unix/webapp
- Removed redundant handler call
- Adding to description that this requires allow_url_include to be
enabled
2013-01-02 21:19:06 +00:00
Charlie Eriksen 78c6d04b31 Fixing from crlf to lf
By accident the line endings changed to crlf.

Mihi pointed out that the last diff was funky because the commit by
accident had crlf rather than the lf from the initial commits.

Also adding an email, as per the HACKING guide and since hdm pointed out
the usefulness of it.
2013-01-02 20:14:09 +00:00
Charlie Eriksen ef3f15e881 Adding a PLUGINSPATH option
Adding a PUGINSPATH option as per FireFart's comment.

Because the path to plugins(and wp-content) can be changed, I've added a
PLUGINSPATH options.
This allows for targeting of sites where either folder has been moved,
by specifying the relative path to where all plugins are stored.
2013-01-02 18:56:49 +00:00
Charlie Eriksen 6fb2130265 Adding a damn space
It suddenly jumped at me that there was a missing space in the module
info. Couldn't unsee.
2013-01-01 23:40:01 +00:00
Charlie Eriksen 4ba5b45ad3 Fixed the check
Turns out the export returns a 500 by default. Fixing.
2013-01-01 23:15:10 +00:00
Charlie Eriksen dd0482cb9d Code style fix!
Now variable names are in-line with the coding guidelines!
2013-01-01 23:01:14 +00:00
Charlie Eriksen 2fe2d5d3dd Adding exploit for OSVDB 87353
Adding an exploit for OSVDB 87353, which allows for a remote file
inclusion in the Advanced Custom Fields plugin for Wordpress. and shell
given that url include is enabled in the php installation.
2013-01-01 22:52:55 +00:00
bcoles 8e543cf5f5 Add eXtplorer v2.1 auth bypass exploit module 2012-12-30 23:51:41 +10:30
sinn3r d97a63a94c Make changes based on juan and egypt's feedback 2012-12-22 02:35:22 -06:00
sinn3r 49248c79d6 Oops, didn't mean to keep these lines 2012-12-21 22:22:58 -06:00
sinn3r ca72132fc0 Add a check 2012-12-21 16:23:31 -06:00
sinn3r 1323081bce msftidy cleanup 2012-12-21 16:11:16 -06:00
sinn3r 529a3c9a63 Add Netwin SurgeFTP module 2012-12-21 16:10:27 -06:00
sput-nick 4595a96ece updated CVE and OSVDB wikka_spam_exec references 2012-12-19 16:42:47 -05:00
Garret Picchioni fa42d0c7fe Fixed minor spelling errors 2012-12-17 15:18:08 -07:00
Tod Beardsley 10511e8281 Merge remote branch 'origin/bug/fix-double-slashes'
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
sinn3r 3f4efea879 No twitter name, please. 2012-12-11 14:52:39 -06:00
sinn3r f5193b595c Update references 2012-12-10 11:42:21 -06:00
sinn3r 2260e4b471 Switch to manual payload selection, because we don't auto-detect 2012-12-07 11:07:11 -06:00
jvazquez-r7 e5cc950fe1 fix identation 2012-12-07 11:57:11 +01:00
jvazquez-r7 133ad04452 Cleanup of #1062 2012-12-07 11:55:48 +01:00
jvazquez-r7 dd1d60293c Merge branch 'indesign_server' of https://github.com/h0ng10/metasploit-framework into h0ng10-indesign_server 2012-12-05 15:27:25 +01:00
jvazquez-r7 2cca857f6f added support for Mac OS X 2012-12-04 22:04:21 +01:00
sinn3r b764110e6e Use PhpEXE to be able to support PHP and Linux native payloads 2012-11-28 15:06:39 -06:00
sinn3r fd2296317d Strip the credential dumping stuff (making it auxiliary)
Also a little description update
2012-11-28 14:27:01 -06:00
sinn3r 6b524ff22a Merge branch 'eaton_network_shutdown' of git://github.com/h0ng10/metasploit-framework into h0ng10-eaton_network_shutdown 2012-11-28 11:22:36 -06:00
h0ng10 897ae102d4 fixed msftidy.rb complains 2012-11-28 01:22:19 -05:00
h0ng10 7109d63f36 Code clean up, thanks to Brandon Perry 2012-11-28 01:20:41 -05:00
h0ng10 4ef0d8699a added exploit for OSVDB 83199 2012-11-27 12:29:10 -05:00
sinn3r 9c3be383d0 The 'Set-Cookie' header should be checked before accessing it 2012-11-26 12:06:43 -06:00
sinn3r edaa66094c Merge branch 'jlee-r7-feature/automatic-fs-cleanup' 2012-11-19 16:13:08 -06:00
sinn3r f4aa84956c Add technet reference 2012-11-17 01:24:12 -06:00
James Lee 591b085858 Add support for shell sessions in FileDropper 2012-11-16 15:51:54 -06:00
James Lee 83708a5a48 Add a FileDropper mixin for recording cleanup targets
Doesn't cover shell sessions yet, so needs a bit more work
2012-11-15 17:52:10 -06:00
jvazquez-r7 8e7a748805 thins in place... 2012-11-11 20:19:20 +01:00
jvazquez-r7 c4f10a1d53 added bid reference 2012-11-11 17:48:57 +01:00
jvazquez-r7 9d3c068da0 added linux target 2012-11-11 17:28:48 +01:00
jvazquez-r7 8619c5291b Added module for CVE-2012-5076 2012-11-11 17:05:51 +01:00
Chris John Riley f88ec5cbc8 Add normalize_uri to modules that may have
been missed by PULL 1045.

Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)

ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
HD Moore 36066f8c78 Catch a few stragglers for double slash 2012-11-08 07:21:37 -06:00
Tod Beardsley b1b85bee44 Actually require PhpEXE mixin. 2012-11-01 14:53:18 -05:00
sinn3r 4e6b5393c5 Merge branch 'manage_engine_sqli' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-manage_engine_sqli 2012-10-27 18:53:47 -05:00
sinn3r 799c22554e Warn user if a file/permission is being modified during new session 2012-10-24 00:54:17 -05:00
sinn3r f1423bf0b4 If a message is clearly a warning, then use print_warning 2012-10-24 00:44:53 -05:00
sinn3r 8eb790f62c Final touchup 2012-10-23 19:46:09 -05:00
sinn3r f9bb910c3b Make the check() try SQLI 2012-10-23 19:42:36 -05:00
sinn3r 8c5a73bb7f Change exception handling 2012-10-23 19:34:12 -05:00
sinn3r 90542547c6 Add auto-target, and some changes to cleanup 2012-10-23 19:07:13 -05:00