9ee3a14a5a
Merge branch 'rapid7' into wchen-r7-smb_login_smb_login_handling
...
[Closes #913 ]
2012-10-16 13:08:11 -05:00
fafa6e49ce
address comments from jvazquez
2012-10-16 12:10:37 -05:00
6f227dddff
Related to #885 , allow Prepend* for osx/x86/exec payload
2012-10-16 16:26:18 +02:00
e583847a31
I missed this sucker.
2012-10-15 22:02:26 -05:00
52feae2dcd
Add missing require
...
[FixRM #7345 ]
2012-10-15 17:18:04 -05:00
8e668e2808
Check STATUS_ACCESS_DENIED properly
...
When Samba throws STATUS_ACCESS_DENIED, the exception that's
throwin is actually Rex::Proto::SMB::Exception::ErrorCode, not
as LoginError. It was handled correctly in try_user_pass(), but
not in other functions that also use smb_login().
2012-10-15 16:52:34 -05:00
9192a01803
All exploits need a disclosure date.
2012-10-15 16:29:12 -05:00
553ce82e79
added mssql ntlm stealer
2012-10-15 13:29:51 -05:00
29299b29a5
Added modules for CVE-2012-4933
2012-10-15 16:03:19 +02:00
adfced8d0e
Post require on gpg_creds
2012-10-15 06:58:35 -05:00
2acfb0537c
Merge branch 'ajaxplorer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ajaxplorer
2012-10-15 08:30:08 +02:00
529f88c66d
Some msftidy fixes
2012-10-14 19:16:54 -05:00
97ac7fa184
Merge branch 'module-wle-service-permissions' of git://github.com/zeroSteiner/metasploit-framework
2012-10-14 18:27:32 -05:00
e00dbfcc0d
You mean.. FILEPATH.
2012-10-14 18:18:11 -05:00
2f04fdd71a
Merge branch 'apache_activemq_traversal' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-apache_activemq_traversal
2012-10-14 18:16:41 -05:00
d971abaeb9
deleted extra comma
2012-10-14 22:39:07 +02:00
14bd0373d3
deleted extra space
2012-10-14 22:38:14 +02:00
ac6a4c9283
Added module for CVE-2010-1587
2012-10-14 22:36:02 +02:00
2b644dbc45
added module for Apache ActiveMQ directory traversal
2012-10-14 22:30:38 +02:00
79da6c7186
added Lantronix telnet password recovery module
2012-10-14 12:46:52 -05:00
cedcace1a7
Forgot to change the output variable
...
Because the original script used match()
2012-10-14 11:43:33 -05:00
cc303665e8
Credit
2012-10-13 00:42:44 -05:00
5b2998a121
Add OSVDB-63552 AjaXplorer module (2010)
2012-10-13 00:35:48 -05:00
7196ca5b5e
Fix bad indent
2012-10-12 18:35:05 -05:00
7aa6776e4b
let's not rejoin threads we've already joined.
2012-10-12 17:12:42 -04:00
694eacfc4b
performance fix for host discovery post modules
2012-10-12 16:43:42 -04:00
f5302bfc49
add deprication warning to the original module
2012-10-12 13:49:25 -04:00
90ae5c1178
Add PhpEXE support to RateMyPet module
2012-10-12 04:53:01 -05:00
db12413b09
Convert vcms_upload to use PhpEXE
...
Incidentally adds a Linux x86 target
2012-10-12 04:29:57 -05:00
13a5892e95
Add a mixin for uploading/executing bins with PHP
...
And use it in three modules that had copy-paste versions of the same
idea.
2012-10-12 02:57:41 -05:00
3ab24cdbb9
added exploits/windows/local/service_permissions
2012-10-11 22:42:36 -04:00
0adabb1e06
Merge branch 'wchen-r7-projectpier' into rapid7
...
[Closes #889 ]
2012-10-11 18:32:04 -05:00
55c0cda86c
Merge branch 'fix_vprint_reduceright' of git://github.com/kernelsmith/metasploit-framework into kernelsmith-fix_vprint_reduceright
2012-10-11 16:55:52 -05:00
c911eeece2
change vprint_error to print_error
...
exploits/windows/browser/mozilla_reduceright does not tell you when an
incompatible browser connects like most other browser exploits do
(unless verbose is true). This change just changes the vprint to print
to be more consistent w/other browser exploits
2012-10-11 16:51:17 -05:00
9ea208d129
Oops, overwrote egypt's changes by accident
2012-10-11 16:40:52 -05:00
82eaa322fe
Make cleanup work better
2012-10-11 16:39:54 -05:00
3a66a07844
Proposed re-wording of description
...
[See #889 ]
2012-10-11 15:48:04 -05:00
24980e735b
I found an OSVDB ID
2012-10-11 15:28:07 -05:00
55128f5bb3
Make sure res has value before passing it on to exec_php
2012-10-11 14:43:38 -05:00
033a11eff5
Add Project Pier File Upload Vulnerability
2012-10-11 13:47:40 -05:00
b8e880bf82
Merge branch 'post-module-sdel' of https://github.com/bmerinofe/metasploit-framework into bmerinofe-post-module-sdel
2012-10-10 13:42:20 -05:00
1ea73b7bd2
Small description change and favor the use of print_error
2012-10-10 13:37:23 -05:00
f32ce87071
delete comment added by error
2012-10-10 19:32:25 +02:00
13e914d65e
added on_new_session handler to warn users about cleanup
2012-10-10 19:31:38 +02:00
37dc19951b
Added module for ZDI-12-169
2012-10-10 19:14:54 +02:00
21d1a5857a
Adding Iterations options
2012-10-10 12:32:30 +02:00
7b45ef6038
Applying changes. Blocks -Begin .. End- deleted
2012-10-09 21:52:49 +02:00
22f7c42b85
Merge branch 'master' into feature/updated-mobile
2012-10-09 12:58:19 -05:00
4fa3631e34
avoiding the python support on the barracuda one if cannot be tested
2012-10-09 18:01:23 +02:00
f33411abd1
Merge branch 'python_payload_support' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-python_payload_support
2012-10-09 18:00:44 +02:00
a12aed7ffc
Don't really need these keywords
2012-10-09 00:49:05 -05:00
b657fd31cc
Merge branch 'php_include' of https://github.com/ethicalhack3r/metasploit-framework into ethicalhack3r-php_include
2012-10-09 00:45:46 -05:00
c094508119
Support Python payload
...
Pretty sure if the app is run on Unix/Apache, or supports perl and
ruby, chances are python works too.
2012-10-08 22:17:11 -05:00
b356b403b0
Merge branch 'phptax' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-phptax
2012-10-09 00:10:31 +02:00
286b86949b
Prefix with host:port for readability
2012-10-08 15:23:26 -05:00
06e2994b7e
connectiontype to find and python payload support
2012-10-08 15:13:27 -05:00
abb4bdd408
metadata formatting, and a little res gotcha
2012-10-08 15:00:51 -05:00
04aa69192d
Dang typo
2012-10-08 13:35:13 -05:00
ef9d627e13
Added module for ZDI-12-106
2012-10-08 20:04:01 +02:00
8ff4442f9e
Add PhpTax pfilez exec module
...
This module exploits a vuln found in PhpTax. When generating a
PDF, the icondrawpng() function in drawimage.php does not
properly handle the pfilez parameter, which will be used in a
exec() statement, and results in arbitrary code execution.
2012-10-08 12:46:56 -05:00
e9b70a3a4f
Merge branch 'avaya_winpmd_unihostrouter' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-avaya_winpmd_unihostrouter
2012-10-07 15:35:30 -05:00
0acd9e4eec
Merge branch 'ms10_002_ropdb_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms10_002_ropdb_update
2012-10-07 17:49:45 +02:00
40983460bf
added module for avaya winpmd bof, osvdb 73269
2012-10-07 12:05:13 +02:00
bdb9b75e1e
Use RopDb, and print what target the module has selected.
2012-10-07 01:42:29 -05:00
64f29952dc
Merge branch 'master' into feature/updated-mobile
2012-10-07 00:32:02 -05:00
5b656087b5
Use RopDb in adobe_flash_otf_font, also cleaner code & output
2012-10-06 21:03:41 -05:00
874fe64343
Merge branch 'ms11_050_ropdb_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms11_050_ropdb_update
2012-10-06 14:10:36 +02:00
e02adc1f35
Merge branch 'mubix-bypassuac_uac_check'
2012-10-06 02:09:16 -05:00
33429c37fd
Change print_error to print_debug as a warning
2012-10-06 02:08:19 -05:00
94d5eb7a8c
Use RopDb in MS11-050, and correct autopwninfo
2012-10-06 01:45:40 -05:00
55474dd8bf
add simple UAC checks to bypassuac
2012-10-06 00:59:54 -04:00
b984d33996
add RunAs ask module
2012-10-06 00:51:44 -04:00
769fa3743e
Explain why the user cannot modify the URIPATH
2012-10-05 17:24:06 -05:00
f4e442bcbd
Added headers support to php_include module
2012-10-05 23:00:38 +02:00
2aa59623d1
Merge branch 'ropdb_for_browsers' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ropdb_for_browsers
2012-10-05 15:43:18 -05:00
21ea77ff8b
Fix spaces
2012-10-05 15:40:37 -05:00
a60851e9d1
Merge branch 'mubix-bypassuac_localport'
2012-10-05 14:28:12 -05:00
6342c270f4
Merge branch 'bypassuac_localport' of https://github.com/mubix/metasploit-framework into mubix-bypassuac_localport
2012-10-05 14:16:16 -05:00
33db3d9610
RopDb for ntr_activex_check_bof.rb
2012-10-05 14:09:59 -05:00
f92843c96e
RopDb for ie_execcommand_uaf.rb
2012-10-05 13:49:17 -05:00
aba69d8438
fix indentation
2012-10-05 20:18:40 +02:00
4c646762a5
Added target debian squeeze
2012-10-05 20:12:09 +02:00
9a53a49625
RopDb for vlc_amv.rb
2012-10-05 12:54:16 -05:00
d9278d82f8
Adopt RopDb for msxml_get_definition_code_exec.rb
2012-10-05 12:20:41 -05:00
6fc8790dd7
Adopt RopDb for ms12_037_same_id.rb
2012-10-05 12:17:19 -05:00
1268614d54
Adopt RopDb for adobe_flash_mp4_cprt.rb
2012-10-05 11:15:53 -05:00
98931e339a
Adopt RopDb for adobe_flash_rtmp.rb
2012-10-05 11:05:19 -05:00
631a06f3bb
Adopt RopDb for adobe_flashplayer_flash10o.rb
2012-10-05 10:55:55 -05:00
0ae7756d26
fixed missing > on author
2012-10-05 11:13:40 -04:00
8b8bfec6b8
Merge branch 'gpg' of https://github.com/kholia/metasploit-framework into kholia-gpg
2012-10-05 09:23:54 +02:00
bcc56cb7cc
Merge branch 'bypassuac_localport' of https://github.com/mubix/metasploit-framework into mubix-bypassuac_localport
2012-10-05 01:05:30 -05:00
77438d2fc7
Make URI modification more obvious, and let the user know why
2012-10-04 17:52:04 -05:00
8520cbf218
fixes spotted by @jlee-r7
2012-10-04 17:34:35 -04:00
f3e94d2ee2
extend dep to 3 months and use print_error
2012-10-04 16:42:08 -04:00
cf8501775a
re-add bypassuac post mod w/ deprication warning
2012-10-04 16:31:20 -04:00
ae11c2ffc0
Merge branch 'rapid7' into kernelsmith-update-ms10_042-info
...
[Closes #860 ]
2012-10-04 15:29:32 -05:00
4400cb94b5
Removing trailing spaces
2012-10-04 14:58:53 -05:00
6ef87d1695
update info to reflect use of webdav
...
ms10_042_helpctr_xss_cmd_exec.rb doesn't tell you that it's going to
use webdav, and it's options dont' have the (Don't change) warning for
SRVPORT and URIPATH. This update fixes all that
2012-10-04 14:09:53 -05:00
3f2fe8d5b4
port bypassuac from post module to local exploit
2012-10-04 14:31:23 -04:00
dc9907da98
Fix load order issue with multi/gather/ssh_creds
...
Make sure Post::Unix exists before including
2012-10-04 11:19:14 -05:00
James Lee
nullbind
jvazquez-r7
sinn3r
Tod Beardsley
jgor
Raphael Mudge
Spencer McIntyre
kernelsmith
Borja Merino
HD Moore
Rob Fuller
ethicalhack3r