jvazquez-r7
ece36c0610
Update references for the las Java exploit
2013-04-22 21:55:04 -05:00
jvazquez-r7
b6365db0b5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-22 09:38:32 -05:00
jvazquez-r7
1365dfe68c
Add Oracle url
2013-04-20 01:43:14 -05:00
jvazquez-r7
b99fc06b6f
description updated
2013-04-20 01:43:14 -05:00
jvazquez-r7
19f2e72dbb
Added module for Java 7u17 sandboxy bypass
2013-04-20 01:43:13 -05:00
jvazquez-r7
bbf7cc4394
up to date
2013-04-17 11:54:12 -05:00
jvazquez-r7
48def7dbdb
up to date
2013-04-17 06:36:44 -05:00
Jon Hart
83ec9757ec
Addressed feedback from PR#1717
2013-04-16 19:00:26 -07:00
jvazquez-r7
cc35591723
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-15 17:43:15 -05:00
Tod Beardsley
873bdbab57
Removing APSB13-03, not ready.
...
This was landed by @todb-r7 on #1709 but that was premature. #1717 was
a proposed set of fixes, but it didn't go far enough.
@jhart-r7 and @jvazquez-r7 should revisit this module for sure, there's
some good stuff in there, but it's not ready for a real release quite
yet. Take a look at the issues discussed in those PRs and open a new PR
with a new module?
Sorry for the switcheroo, not trying to be a jerk.
[Closes #1717 ]
2013-04-15 13:36:47 -05:00
timwr
32bd812bdb
android meterpreter
2013-04-12 18:57:04 +01:00
jvazquez-r7
2ab7552a85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-10 09:11:41 +02:00
Tod Beardsley
0d2746fb4c
defs should have parens when taking args
...
While it's allowed in ruby to drop most parens, many are useful for
readability.
Also adds a missing CVE.
2013-04-09 17:57:52 -05:00
Tod Beardsley
90e986860e
Adding most suggested changes to jhart's adobe module
2013-04-09 17:55:28 -05:00
Jon Hart
8a98b1af4a
Added command mode, plus fixed the dropping of payloads
2013-04-07 15:39:38 -07:00
Jon Hart
f482496795
Initial commit of an exploit module for the CVEs covered by APSB13-03.
...
Not complete but will currently get command execution on Coldfusion 9.x
instances with CSRF protection disabled
2013-04-06 20:08:50 -07:00
jvazquez-r7
358c43f6f6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-03 19:17:53 +02:00
Tod Beardsley
e4d901d12c
Space at EOL (msftidy)
2013-04-03 09:20:01 -05:00
jvazquez-r7
070fd399f2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-31 20:23:08 +02:00
jvazquez-r7
315abd8839
fix Privileged field
2013-03-30 19:39:01 +01:00
jvazquez-r7
a46805d95d
description updated
2013-03-30 19:36:35 +01:00
jvazquez-r7
c880a63e75
Added module for ZDI-13-049
2013-03-30 19:35:04 +01:00
jvazquez-r7
224188ddf6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-29 21:49:40 +01:00
jvazquez-r7
714fc83cfe
Merge branch 'Ra1NX_pubcall' of https://github.com/bwall/metasploit-framework into bwall-Ra1NX_pubcall
2013-03-29 19:58:06 +01:00
bwall
21ea1c9ed4
Merge branch 'Ra1NX_pubcall' of https://github.com/bwall/metasploit-framework into Ra1NX_pubcall
2013-03-29 13:29:38 -04:00
bwall
10d9e86b42
Renamed file to be all lower case
2013-03-29 13:29:05 -04:00
jvazquez-r7
cd1820d769
trying to solve irc comm issues
2013-03-29 12:54:57 +01:00
bwall
6cf44d9c85
added a 3 message window for recieving the check response
2013-03-28 21:14:52 -04:00
jvazquez-r7
e9842eac2e
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-28 15:18:41 +01:00
jvazquez-r7
29ad9939e1
cleanup for stunshell_eval
2013-03-28 15:11:20 +01:00
jvazquez-r7
514aed404c
Merge branch 'STUNSHELL_eval' of https://github.com/bwall/metasploit-framework into bwall-STUNSHELL_eval
2013-03-28 15:10:57 +01:00
jvazquez-r7
3ffbc5e5b3
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-28 14:58:43 +01:00
jvazquez-r7
9b18eb858b
cleanup for stunshell_exec
2013-03-28 14:45:51 +01:00
jvazquez-r7
a7a5569725
Merge branch 'STUNSHELL_exec' of https://github.com/bwall/metasploit-framework into bwall-STUNSHELL_exec
2013-03-28 14:45:28 +01:00
jvazquez-r7
6cd6a7d6b9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-28 12:16:18 +01:00
bwall
ce9f11aeb3
Changed the targets to be more specific
2013-03-27 17:22:29 -04:00
bwall
f14d5ba8ec
Removed extra comma
2013-03-27 17:15:34 -04:00
bwall
2a60ef2d60
Renamed and fixed some code issues
2013-03-27 17:14:41 -04:00
bwall
cc92b54e83
Moved module and cleaned code
2013-03-27 17:03:18 -04:00
bwall
76fb6ff48f
Updated ranking
2013-03-27 16:41:35 -04:00
jvazquez-r7
e25a06c649
delete comma
2013-03-27 21:33:58 +01:00
jvazquez-r7
5fc5a4f429
use target_uri
2013-03-27 20:45:34 +01:00
jvazquez-r7
f29cfbf393
cleanup for v0pCr3w_exec
2013-03-27 20:38:11 +01:00
bwall
fd302d62b8
Removed testing code
2013-03-27 12:50:42 -04:00
jvazquez-r7
787f8cc32f
up to date
2013-03-26 12:18:53 +01:00
jvazquez-r7
6f5fc77019
up to date
2013-03-26 11:59:41 +01:00
jvazquez-r7
2d0a813aa6
Merge branch 'heyder-joomla' of https://github.com/heyder/metasploit-framework
2013-03-26 11:23:33 +01:00
bwall
a5346240de
Updated v0pCr3w_exec to use send_request_cgi
2013-03-26 01:33:30 -04:00
heyder
014c01099e
improve cleanup
2013-03-26 02:22:10 -03:00
bwall
5218831167
Added license information and tidied up the code
2013-03-25 00:05:31 -04:00
bwall
e98a463de2
Added license information and tidied up code
2013-03-25 00:04:39 -04:00
bwall
e37fa3b40a
Added license information and tidied up code
2013-03-25 00:03:32 -04:00
bwall
6be88224bf
Added the license information and tidied up
2013-03-25 00:01:20 -04:00
heyder
0c169f94eb
correct some bad indent
2013-03-24 21:07:51 -03:00
heyder
50ac5cf247
Adjust payload size and others code adjustments
2013-03-24 20:25:29 -03:00
bwall
7e0b0ac092
Added STUNSHELL webshell remote command execution module
2013-03-24 15:18:08 -04:00
bwall
b23d259485
Added STUNSHELL webshell remote code evaluation[PHP] module
2013-03-24 15:16:45 -04:00
bwall
bbcf21ee24
Added v0pCr3w webshell remote command execution module
2013-03-24 15:13:42 -04:00
bwall
ca6ab7c8c2
Added Ra1NX pubcall authentication bypass exploit module
2013-03-24 14:59:27 -04:00
jvazquez-r7
cb56b2de4b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-23 20:06:05 +01:00
heyder
5bee1471df
many code adjustments
2013-03-22 23:07:08 -03:00
sinn3r
11754f271a
Merge branch 'mutiny_subnetmask_exec' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mutiny_subnetmask_exec
2013-03-22 13:05:16 -05:00
heyder
b5c65ad51b
add Joomla Component JCE File Upload Code Execution
2013-03-22 10:41:35 -03:00
jvazquez-r7
bbff20fd65
cleanup for struts_code_exec_parameters
2013-03-21 22:17:47 +01:00
jvazquez-r7
50c6a98530
Merge branch 'struts-param-rce' of https://github.com/Console/metasploit-framework into Console-struts-param-rce
2013-03-21 22:17:20 +01:00
jvazquez-r7
296f2e7c2c
up to date
2013-03-21 22:10:18 +01:00
Console
cbccda10ca
fixing issue raised by @meatballs1
2013-03-21 20:58:40 +00:00
jvazquez-r7
9c1694e8a0
Merge branch 'struts-param-rce' of https://github.com/Console/metasploit-framework
2013-03-21 20:44:10 +01:00
Console
302193f98b
Various fixes and improvements
...
Chunk_length now varies according to targeturi and parameter
A few typographical inconsistences corrected
CMD option removed as its not being used
custom http request timeout removed
2013-03-21 19:03:39 +00:00
Console
8027615608
fixed comments left in by accident
2013-03-21 16:43:44 +00:00
Console
4edf5260f4
check function now tells user about delay
2013-03-21 16:40:45 +00:00
Console
a714b430ca
used normalize_uri
2013-03-21 14:05:08 +00:00
Console
5c9bec1552
commit fix branch for Console-struts-RCE
2013-03-21 13:40:16 +00:00
jvazquez-r7
29fff62869
up to date
2013-03-12 18:29:53 +01:00
Darren Martyn
73717f1522
Added webacoo code execution module
2013-03-09 19:12:22 +00:00
Spencer McIntyre
8b5a83c7f5
Remove the DECODER option
2013-03-08 15:25:16 -05:00
James Lee
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
jvazquez-r7
25db782b03
change print location
2013-03-07 19:15:40 +01:00
jvazquez-r7
fdd7c375ad
added linux native target
2013-03-07 19:12:25 +01:00
David Maloney
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
David Maloney
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
Joe Rozner
abdcde06cd
Fix polarcms_upload_exec exploit
2013-02-25 22:58:26 -08:00
sinn3r
181e3c0496
Uses normalize_uri
2013-02-25 19:36:48 -06:00
sinn3r
1ed74b46be
Add CVE-2013-0803
...
From:
http://dev.metasploit.com/redmine/issues/7691
2013-02-25 14:14:57 -06:00
sinn3r
f3f913edc5
Correct bad naming style
2013-02-25 13:29:27 -06:00
sinn3r
690e7ec8a7
Uses normalize_uri
2013-02-25 13:28:00 -06:00
sinn3r
b930613653
Merge branch 'kordil-edms-upload-exec' of github.com:bcoles/metasploit-framework into bcoles-kordil-edms-upload-exec
2013-02-25 12:43:50 -06:00
sinn3r
5fe2c26d82
Merge branch 'bcoles-glossword_upload_exec'
2013-02-25 12:41:05 -06:00
sinn3r
52241b847a
Uses normalize_uri instead of manually adding a slash
2013-02-25 12:20:37 -06:00
bcoles
d7c0ce4e4a
Fix 'check()' in glossword_upload_exec
2013-02-25 15:52:07 +10:30
bcoles
1f46b3aa02
Add Glossword Arbitrary File Upload Vulnerability exploit
2013-02-25 01:59:46 +10:30
bcoles
002654317c
Add Kordil EDMS File Upload Vulnerability exploit
2013-02-22 23:32:17 +10:30
jvazquez-r7
1913d60d65
multibrowser support
2013-02-21 01:13:25 +01:00
jvazquez-r7
bf216cca5c
description and references updated
2013-02-20 18:14:53 +01:00
jvazquez-r7
d7b89a2228
added security level bypass
2013-02-20 17:50:47 +01:00
jvazquez-r7
d88ad80116
Added first version of cve-2013-0431
2013-02-20 16:39:53 +01:00
David Maloney
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
James Lee
9d4a3ca729
Fix a typo that broke this module against x64
...
[SeeRM #7747 ]
2013-02-19 19:22:42 -06:00
jvazquez-r7
221ce22f53
make msftidy happy
2013-02-15 19:01:58 +01:00
Tod Beardsley
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
James Lee
5b3b0a8b6d
Merge branch 'dmaloney-r7-http/auth_methods' into rapid7
2013-02-08 12:45:35 -06:00
James Lee
9b6f2fcd1d
Use the install path to tell us the separator
...
Fixes the java target on windows victims
2013-02-08 12:10:42 -06:00
James Lee
5b398076ae
Couple of fixes for windows
...
* Catch IOError when chmod doesn't exist (i.e. Windows)
* Proper escaping for paths
2013-02-08 11:52:50 -06:00
James Lee
071df7241b
Merge branch 'rapid7' into sonicwall_gms
...
Conflicts:
modules/exploits/multi/http/sonicwall_gms_upload.rb
Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
James Lee
1f9a09d5dd
Add a method to upload and exec in one step
2013-02-07 21:09:32 -06:00
James Lee
13d1045989
Works for java and native linux targets
2013-02-07 16:56:38 -06:00
James Lee
b6c6397da3
typo
2013-02-06 19:21:20 -06:00
James Lee
1095fe198b
Merge branch 'rapid7' into dmaloney-r7-http/auth_methods
2013-02-06 16:57:50 -06:00
HD Moore
80a8bab02f
Correct the CVE reference
2013-02-05 10:37:24 -06:00
sinn3r
42912bf286
Merge branch 'jjarmoc-rails_methods' of github.com:jjarmoc/metasploit-framework into jjarmoc-jjarmoc-rails_methods
2013-02-04 16:50:01 -06:00
Jeff Jarmoc
9b30e354ea
Updates HTTP_METHOD option to use OptEnum.
2013-02-04 15:32:36 -06:00
sinn3r
45db43d2b3
Merge branch 'msftidy/no-twitter-handles' of github.com:todb-r7/metasploit-framework into todb-r7-msftidy/no-twitter-handles
2013-02-04 14:21:40 -06:00
David Maloney
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
David Maloney
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
HD Moore
4c8811bb8a
Add a debug target
2013-02-03 23:24:44 -06:00
HD Moore
191eed88bc
Fix liberal matching expression on target
2013-02-03 21:50:03 -06:00
HD Moore
9379c68e51
Fix typo, auto-fingerprint, unconnected sockets
2013-02-03 21:23:05 -06:00
HD Moore
42c8a2d265
Add VU and blog references
2013-02-03 18:17:51 -06:00
HD Moore
c24da99104
Update authors, add Richard (thanks!)
2013-02-03 18:13:28 -06:00
HD Moore
9e491f0b1c
Add a fingerprint string and more comments
2013-02-03 18:03:32 -06:00
HD Moore
1f227243b8
Make it clear BadChars are ignored
2013-02-03 17:54:25 -06:00
HD Moore
214a60aa01
iFix spacing
2013-02-03 17:52:33 -06:00
HD Moore
94953d0450
Fix idents from copypasta
2013-02-03 17:48:13 -06:00
HD Moore
975230c9e7
Add the first module for unique_service_name()
2013-02-03 17:46:20 -06:00
RageLtMan
ffb88baf4a
initial module import from SV rev_ssl branch
2013-02-03 15:06:24 -05:00
Tod Beardsley
e8def29b4f
Dropping all twitter handles
...
Also adds "pbot" as an accepted lowercase word. This will come up pretty
routinley for functions and stuff.
2013-02-01 16:33:52 -06:00
jvazquez-r7
70b252dc7b
Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2
2013-01-31 22:32:50 +01:00
egypt
5332e80ae9
Fix errant use of .to_s instead of .path
2013-01-31 14:18:42 -06:00
sinn3r
66ca906bfb
This is a string, not a variable
2013-01-31 01:56:05 -06:00
sinn3r
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
sinn3r
ec0db66fcb
Merge branch 'patch-2' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-2
2013-01-30 12:36:53 -06:00
Jeff Jarmoc
55600ce276
Update modules/exploits/multi/http/rails_xml_yaml_code_exec.rb
...
Remove unecessary include. Tested against rails 3.2.10.
2013-01-29 11:46:02 -06:00
Jeff Jarmoc
929814dabf
Update modules/exploits/multi/http/rails_json_yaml_code_exec.rb
...
Removes unnecessary include. Tested on 3.0.19 and 2.3.15.
2013-01-29 11:04:20 -06:00
Tod Beardsley
38785015e1
Missing period in description
2013-01-28 23:08:53 -06:00
James Lee
464d048eca
Remove debugging print
2013-01-28 22:25:57 -06:00
James Lee
dc19968555
Minor cleanups
2013-01-28 22:21:03 -06:00
James Lee
c0757ce905
Add support for 2.x
2013-01-28 21:41:15 -06:00
James Lee
92c736a6a9
Move fork stuff out of exploit into payload mixin
...
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
James Lee
ee2579607a
Working against 3.0.19
2013-01-28 21:05:14 -06:00
James Lee
044fefd02a
Initial support for Java target
...
Still some debugging junk, needs some more love.
2013-01-28 00:02:26 -06:00
sinn3r
49aac302e6
normalize_uri() breaks URI parsing
...
Please see: http://dev.metasploit.com/redmine/issues/7727
2013-01-26 22:57:01 -06:00
jvazquez-r7
1bccc410a3
Merge branch 'module-movabletype_upgrade_exec' of https://github.com/kacpern/metasploit-framework into kacpern-module-movabletype_upgrade_exec
2013-01-24 15:02:48 +01:00
Kacper Nowak
ba41ee9c83
- applied all the changes from #1363
...
- some extra escaping for the sake of it
- removed the timeout in http_send_raw
2013-01-24 13:15:42 +00:00
jvazquez-r7
96d0b13de2
Merge branch 'excellentrankings' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-excellentrankings
2013-01-24 13:00:01 +01:00
sinn3r
3146b7ce77
Change default target
...
ExcellentRanking requires the module to auto-target. If the payload
is universal, that works too.
2013-01-23 23:40:47 -06:00
sinn3r
0c0f4a3e66
Lower ranking because they cannot auto-target
...
In order to be qualified as ExcellentRanking, auto-target is a must,
or the module has to default to a payload that's universal for
multiple platforms. Otherwise you're wasting time in Pro.
2013-01-23 23:35:31 -06:00
sinn3r
75f3a62ac4
Explain why we need this empty on_new_session
2013-01-23 16:43:36 -06:00
sinn3r
9c3e9f798f
Lower the ranking, because it cannot auto-target.
...
When it's excellent, Pro will fire this first, and that will only
generate more traffic than actually popping a shell.
2013-01-23 16:39:24 -06:00
sinn3r
53599e4c45
It's better to have a version # in the title, easier to find
2013-01-23 16:32:57 -06:00
sinn3r
d1736b8880
Merge branch 'sonicwall_upload' of github.com:julianvilas/metasploit-framework into julianvilas-sonicwall_upload
2013-01-23 16:32:06 -06:00
Kacper Nowak
c47392f5d1
normalize_uri and path fix
2013-01-23 16:57:30 +00:00
Kacper Nowak
ff875d04e0
- RPATH changed to TARGETURI
...
- both CVE numbers referenced
- sightly changed exception handling
2013-01-23 16:50:35 +00:00
booboule
8bcf4a86ef
Update modules/exploits/multi/browser/java_jre17_method_handle.rb
...
Wrong reference type (URL instead of OSVDB)
2013-01-23 17:14:53 +01:00
Kacper Nowak
a3fa7cc6bc
adjusted disclosure date
2013-01-23 12:49:08 +00:00
jvazquez-r7
e78174297e
assuring stdapi loads on meterpreter
2013-01-23 12:44:55 +01:00
Kacper Nowak
5d6ca30422
removed spaces at EOL
2013-01-23 10:33:55 +00:00
Kacper Nowak
17d1c9f996
- expanded description
...
- updated references
2013-01-23 10:29:11 +00:00
jvazquez-r7
807bd6e88a
Merge branch 'java_jre17_glassfish_averagerangestatisticimpl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_glassfish_averagerangestatisticimpl
2013-01-22 15:33:39 +01:00
jvazquez-r7
c498930644
Merge branch 'java_jre17_method_handle' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_method_handle
2013-01-22 15:33:07 +01:00
Kacper Nowak
8a59c7b8fb
removed extra print_status() calls
2013-01-22 12:31:40 +00:00
Kacper Nowak
08a5f467b1
added URL for developer site
2013-01-22 12:14:38 +00:00
Kacper Nowak
cd29a88c18
added Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
2013-01-22 11:58:24 +00:00
Julian Vilas
eb92070df8
added module for CVE-2013-1359
2013-01-22 01:54:41 +01:00
jvazquez-r7
967c04e727
finally it doesn't use FileDropper atm
2013-01-20 19:54:24 +01:00
jvazquez-r7
aed71f8446
linux stager plus little cleanup
2013-01-20 13:42:02 +01:00
Spencer McIntyre
6b40011a6f
use target_uri and normalize_uri as well as fix a cookie problem
2013-01-19 19:10:56 -05:00
Spencer McIntyre
9f7aafccdf
add module to execute commands via Jenkins Script Console
2013-01-18 14:56:52 -05:00
jvazquez-r7
3465aa00bd
title updated
2013-01-18 18:42:27 +01:00
jvazquez-r7
ef16a7fd24
cleanup
2013-01-17 21:45:13 +01:00
jvazquez-r7
670b4e8e06
cleanup
2013-01-17 21:39:41 +01:00
jvazquez-r7
78279a0397
Added new module for cve-2012-5076
2013-01-17 21:27:47 +01:00
jvazquez-r7
d0b9808fc7
Added module for CVE-2012-5088
2013-01-17 21:14:49 +01:00
joe
771fc07264
Change :vuln_test to :os_name for checking OS.
2013-01-14 02:17:40 -06:00
joe
efcdb1097c
Add BAP options to itms_overflow module.
2013-01-14 01:42:58 -06:00
Spencer McIntyre
b178ce1895
allow the mixin to auto detect an available decoder binary
2013-01-12 17:31:11 -05:00
kernelsmith
0b130e49e7
Squashed commit of the following:
...
commit 1beebe758c32a277e0a77f7d1011a56fda707732
Author: kernelsmith <kernelsmith@kernelsmith>
Date: Fri Jan 11 17:55:27 2013 -0600
fixes missing word in descript. of rails exploit
simple omission fix in description
[Closes #1295 ]
2013-01-11 19:02:06 -06:00
sinn3r
4adf429c31
Adds one more ref
2013-01-11 01:33:26 -06:00
sinn3r
23ef8280be
Merge branch 'java_0day_refs' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-java_0day_refs
...
Conflicts:
modules/exploits/multi/browser/java_jre17_jmxbean.rb
2013-01-11 01:33:11 -06:00
HD Moore
6471a70053
Pass the X-HTTP-Method-Override parameter for compat
2013-01-10 20:27:13 -06:00
sinn3r
e709811c5a
CVE update
2013-01-10 19:51:04 -06:00
jvazquez-r7
2c05af721c
module also updated with refs
2013-01-11 00:57:05 +01:00
HD Moore
9c652d1d55
Add a note about ruby 1.9 requirements
2013-01-10 17:10:03 -06:00
jvazquez-r7
ea000d6ee0
updated authors
2013-01-10 20:48:54 +01:00
jvazquez-r7
876d889d82
added exploit for j7u10 0day
2013-01-10 20:30:43 +01:00
Bouke van der Bijl
3b491ab998
Change charlisome in the list of authors to charliesome
2013-01-10 16:12:07 +01:00
HD Moore
42ea64c21b
Merge in Rails2 support now that its in master
2013-01-10 02:14:08 -06:00
HD Moore
0b74f98946
Rescue errors and update credits
2013-01-10 01:06:46 -06:00
HD Moore
1e94b090e7
The __END__ trick is no longer needed
2013-01-10 00:29:11 -06:00
HD Moore
acabc14ec3
This restores functionality across all rails 3.x
2013-01-10 00:28:12 -06:00
HD Moore
0e92de8f61
This works against a wider range of RoR 3.x targets
2013-01-10 00:10:26 -06:00
HD Moore
5e7a4f154e
Fix platform/arch
2013-01-09 23:24:37 -06:00
HD Moore
e15c731651
Clarify credit
2013-01-09 23:22:40 -06:00
HD Moore
4c1e501ed0
Exploit for CVE-2013-0156 and new ruby-platform modules
2013-01-09 23:10:13 -06:00
jvazquez-r7
ad3ca3a6bb
regex to check version fixed
2013-01-09 23:48:55 +01:00
jvazquez-r7
52157b9124
extplorer_upload_exec cleanup
2013-01-09 19:45:17 +01:00
jvazquez-r7
8f91352c4a
Merge branch 'extplorer_upload_exec' of https://github.com/bcoles/metasploit-framework into bcoles-extplorer_upload_exec
2013-01-09 19:44:43 +01:00
Spencer McIntyre
d79a3c8e6b
list valid DECODER values and add the sshexec module
2013-01-09 10:27:22 -05:00
Tod Beardsley
36adf86184
Various and sundry fixes for normalize_uri
2013-01-07 12:02:08 -06:00
Tod Beardsley
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Christian Mehlmauer
6654faf55e
Msftidy fixes
2013-01-04 09:29:34 +01:00
Christian Mehlmauer
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
Christian Mehlmauer
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
Charlie Eriksen
97253d46a1
Multiple change for Juan
...
Incooperated changes as per Juan's suggestions.
- Removed redundant space option for the payload
- Doing the uri more intelligently
- Detecting allow_url_include being disabled and reporting it
- Moved to unix/webapp
- Removed redundant handler call
- Adding to description that this requires allow_url_include to be
enabled
2013-01-02 21:19:06 +00:00
Charlie Eriksen
78c6d04b31
Fixing from crlf to lf
...
By accident the line endings changed to crlf.
Mihi pointed out that the last diff was funky because the commit by
accident had crlf rather than the lf from the initial commits.
Also adding an email, as per the HACKING guide and since hdm pointed out
the usefulness of it.
2013-01-02 20:14:09 +00:00
Charlie Eriksen
ef3f15e881
Adding a PLUGINSPATH option
...
Adding a PUGINSPATH option as per FireFart's comment.
Because the path to plugins(and wp-content) can be changed, I've added a
PLUGINSPATH options.
This allows for targeting of sites where either folder has been moved,
by specifying the relative path to where all plugins are stored.
2013-01-02 18:56:49 +00:00
Charlie Eriksen
6fb2130265
Adding a damn space
...
It suddenly jumped at me that there was a missing space in the module
info. Couldn't unsee.
2013-01-01 23:40:01 +00:00
Charlie Eriksen
4ba5b45ad3
Fixed the check
...
Turns out the export returns a 500 by default. Fixing.
2013-01-01 23:15:10 +00:00
Charlie Eriksen
dd0482cb9d
Code style fix!
...
Now variable names are in-line with the coding guidelines!
2013-01-01 23:01:14 +00:00
Charlie Eriksen
2fe2d5d3dd
Adding exploit for OSVDB 87353
...
Adding an exploit for OSVDB 87353, which allows for a remote file
inclusion in the Advanced Custom Fields plugin for Wordpress. and shell
given that url include is enabled in the php installation.
2013-01-01 22:52:55 +00:00
bcoles
8e543cf5f5
Add eXtplorer v2.1 auth bypass exploit module
2012-12-30 23:51:41 +10:30
sinn3r
d97a63a94c
Make changes based on juan and egypt's feedback
2012-12-22 02:35:22 -06:00
sinn3r
49248c79d6
Oops, didn't mean to keep these lines
2012-12-21 22:22:58 -06:00
sinn3r
ca72132fc0
Add a check
2012-12-21 16:23:31 -06:00
sinn3r
1323081bce
msftidy cleanup
2012-12-21 16:11:16 -06:00
sinn3r
529a3c9a63
Add Netwin SurgeFTP module
2012-12-21 16:10:27 -06:00
sput-nick
4595a96ece
updated CVE and OSVDB wikka_spam_exec references
2012-12-19 16:42:47 -05:00
Garret Picchioni
fa42d0c7fe
Fixed minor spelling errors
2012-12-17 15:18:08 -07:00
Tod Beardsley
10511e8281
Merge remote branch 'origin/bug/fix-double-slashes'
...
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
sinn3r
3f4efea879
No twitter name, please.
2012-12-11 14:52:39 -06:00
sinn3r
f5193b595c
Update references
2012-12-10 11:42:21 -06:00
sinn3r
2260e4b471
Switch to manual payload selection, because we don't auto-detect
2012-12-07 11:07:11 -06:00
jvazquez-r7
e5cc950fe1
fix identation
2012-12-07 11:57:11 +01:00
jvazquez-r7
133ad04452
Cleanup of #1062
2012-12-07 11:55:48 +01:00
jvazquez-r7
dd1d60293c
Merge branch 'indesign_server' of https://github.com/h0ng10/metasploit-framework into h0ng10-indesign_server
2012-12-05 15:27:25 +01:00
jvazquez-r7
2cca857f6f
added support for Mac OS X
2012-12-04 22:04:21 +01:00
sinn3r
b764110e6e
Use PhpEXE to be able to support PHP and Linux native payloads
2012-11-28 15:06:39 -06:00
sinn3r
fd2296317d
Strip the credential dumping stuff (making it auxiliary)
...
Also a little description update
2012-11-28 14:27:01 -06:00
sinn3r
6b524ff22a
Merge branch 'eaton_network_shutdown' of git://github.com/h0ng10/metasploit-framework into h0ng10-eaton_network_shutdown
2012-11-28 11:22:36 -06:00
h0ng10
897ae102d4
fixed msftidy.rb complains
2012-11-28 01:22:19 -05:00
h0ng10
7109d63f36
Code clean up, thanks to Brandon Perry
2012-11-28 01:20:41 -05:00
h0ng10
4ef0d8699a
added exploit for OSVDB 83199
2012-11-27 12:29:10 -05:00
sinn3r
9c3be383d0
The 'Set-Cookie' header should be checked before accessing it
2012-11-26 12:06:43 -06:00
sinn3r
edaa66094c
Merge branch 'jlee-r7-feature/automatic-fs-cleanup'
2012-11-19 16:13:08 -06:00
sinn3r
f4aa84956c
Add technet reference
2012-11-17 01:24:12 -06:00
James Lee
591b085858
Add support for shell sessions in FileDropper
2012-11-16 15:51:54 -06:00
James Lee
83708a5a48
Add a FileDropper mixin for recording cleanup targets
...
Doesn't cover shell sessions yet, so needs a bit more work
2012-11-15 17:52:10 -06:00
jvazquez-r7
8e7a748805
thins in place...
2012-11-11 20:19:20 +01:00
jvazquez-r7
c4f10a1d53
added bid reference
2012-11-11 17:48:57 +01:00
jvazquez-r7
9d3c068da0
added linux target
2012-11-11 17:28:48 +01:00
jvazquez-r7
8619c5291b
Added module for CVE-2012-5076
2012-11-11 17:05:51 +01:00
Chris John Riley
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
HD Moore
36066f8c78
Catch a few stragglers for double slash
2012-11-08 07:21:37 -06:00
Tod Beardsley
b1b85bee44
Actually require PhpEXE mixin.
2012-11-01 14:53:18 -05:00
sinn3r
4e6b5393c5
Merge branch 'manage_engine_sqli' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-manage_engine_sqli
2012-10-27 18:53:47 -05:00
sinn3r
799c22554e
Warn user if a file/permission is being modified during new session
2012-10-24 00:54:17 -05:00
sinn3r
f1423bf0b4
If a message is clearly a warning, then use print_warning
2012-10-24 00:44:53 -05:00
sinn3r
8eb790f62c
Final touchup
2012-10-23 19:46:09 -05:00
sinn3r
f9bb910c3b
Make the check() try SQLI
2012-10-23 19:42:36 -05:00
sinn3r
8c5a73bb7f
Change exception handling
2012-10-23 19:34:12 -05:00
sinn3r
90542547c6
Add auto-target, and some changes to cleanup
2012-10-23 19:07:13 -05:00