h0ng10
2b6aa6bbdb
Added Exploit for deployfilerepository via JMX
2012-09-03 13:50:16 -04:00
jvazquez-r7
4fd9f88304
avoid the redefinition of Module.target_host
2012-08-30 14:45:14 +02:00
sinn3r
7ddcc787bd
Merge branch 'jboss-exploits-revision2' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-exploits-revision2
2012-08-21 14:37:09 -05:00
h0ng10
c6b9121f8b
Added support for CVE-2010-0738
2012-08-15 15:47:44 -04:00
h0ng10
6965431389
Added support for CVE-2010-0738, msftidy
2012-08-15 15:47:14 -04:00
h0ng10
e5498e3e1d
Added fix for CVE-2010-0738, corrections
2012-08-15 15:46:34 -04:00
Tod Beardsley
0e4e7dc903
Indentation fix
2012-08-14 12:27:27 -05:00
Tod Beardsley
6597d25726
Shortening an over-200 long line for readability
...
It's a contrived fix, but scrolling over is a hassle. This comes up a
lot in long regexes, not sure the best way to address these.
2012-08-14 12:27:27 -05:00
jvazquez-r7
d6b28dc44d
ranking changed plus on_new_session handler added
2012-08-13 19:29:13 +02:00
jvazquez-r7
468030786f
small fixes, mainly check res agains nil, res.code and use send_request_cgi
2012-08-13 18:57:59 +02:00
bcoles
8bb3181f68
Add TestLink v1.9.3 arbitrary file upload module
2012-08-13 16:30:10 +09:30
sinn3r
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
Steve Tornio
b646dcc87f
add osvdb ref
2012-08-05 09:02:32 -05:00
Tod Beardsley
d5b165abbb
Msftidy.rb cleanup on recent modules.
...
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
h0ng10
8872ea693c
real support for cve-2010-0738/verb bypass
2012-08-03 14:22:40 -04:00
h0ng10
52b1919315
Additional cleanups, verb tampering
2012-08-02 17:33:17 -04:00
sinn3r
9815faec37
Add OSVDB-83822
2012-07-31 13:31:06 -05:00
h0ng10
36be7cd9c4
removed unnecessary cleanup
2012-07-27 16:32:08 -04:00
sinn3r
d67234bd03
Better regex and email format correction
2012-07-27 01:14:32 -05:00
sinn3r
2939e3918e
Rename file
2012-07-27 01:06:57 -05:00
bcoles
cec15aa204
Added CuteFlow v2.11.2 Arbitrary File Upload
...
- modules/exploits/multi/http/cuteflow_2.11.2_upload_exec.rb
2012-07-27 12:30:20 +09:30
HD Moore
b133428bc1
Better error handling in two web app modules
2012-07-15 21:56:00 -05:00
jvazquez-r7
6c8ee443c8
datastore cleanup according to sinn3r
2012-07-12 09:31:22 +02:00
h0ng10
87f5002516
added datastore cleanup
2012-07-11 12:56:23 -04:00
h0ng10
0d38a7e45f
switched to Rex::Text.encode_base64()
2012-07-11 12:52:09 -04:00
h0ng10
61ec07a10c
additional targets, meterpreter, bugfixes
2012-07-10 13:33:28 -04:00
sinn3r
e2a2789f78
Support Ruby 1.8 syntax. Thanks M M.
2012-07-02 14:15:14 -05:00
sinn3r
cf9a6d58cc
Update missing OSVDB ref
2012-06-28 00:44:01 -05:00
sinn3r
e605a35433
Make sure the check func is always returning the same data type
2012-06-27 17:07:55 -05:00
sinn3r
cb1af5ab79
Final cleanup
2012-06-27 16:57:04 -05:00
jvazquez-r7
73360dfae3
minor fixes
2012-06-27 23:38:52 +02:00
jvazquez-r7
245205c6c9
changes on openfire_auth_bypass
2012-06-27 23:15:40 +02:00
jvazquez-r7
6ec990ed85
Merge branch 'Openfire-auth-bypass' of https://github.com/h0ng10/metasploit-framework into h0ng10-Openfire-auth-bypass
2012-06-27 23:09:26 +02:00
h0ng10
6cc8390da9
Module rewrite, included Java support, direct upload, plugin deletion
2012-06-26 11:56:44 -04:00
HD Moore
e31a09203d
Take into account an integer-normalized datastore
2012-06-24 22:59:14 -05:00
h0ng10
65197e79e2
added Exploit for CVE-2008-6508 (Openfire Auth bypass)
2012-06-24 07:35:38 -04:00
HD Moore
d40e39b71b
Additional exploit fail_with() changes to remove raise calls
2012-06-19 19:43:41 -05:00
HD Moore
fb7f6b49f0
This mega-diff adds better error classification to existing modules
2012-06-19 12:59:15 -05:00
sinn3r
a631e1fef1
Change the default state to make it work on Metasploitable by default
2012-06-13 00:43:59 -05:00
sinn3r
597726d433
Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection
2012-06-13 00:40:02 -05:00
Jeff Jarmoc
bbfe0f8f49
" is 0x22, duh.
2012-06-12 20:00:28 -05:00
Jeff Jarmoc
12a28bd519
Fixed ruby 1.9 String Indexing issue, using Rex::Text.uri_encode
2012-06-12 14:59:06 -05:00
sinn3r
c3c9051014
Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection
2012-06-11 11:15:15 -05:00
jvazquez-r7
02a5dff51f
struts_code_exec_exception_delegator_on_new_session: on_new_session modified
2012-06-11 12:07:38 +02:00
Michael Schierl
b4d33fb85a
Add ARCH_JAVA support to struts_code_exec_exception_delegator
2012-06-09 21:53:43 +02:00
sinn3r
a709fe1fe3
Fix regex escaping thanks to w3bd3vil
2012-06-07 16:00:59 -05:00
sinn3r
a071d2805e
Fix the rest of possible nil res bugs I've found
2012-06-04 14:56:27 -05:00
jvazquez-r7
b53a1396fc
Use of TARGETURI
2012-06-03 22:36:23 +02:00
jvazquez-r7
659b030269
Verbose messages cleanup
2012-06-03 22:29:31 +02:00
jvazquez-r7
34f42bab17
Fix typo in the URI param
2012-06-03 22:14:13 +02:00
jvazquez-r7
efe4136e5b
Added module for CVE-2012-0391
2012-06-03 22:08:31 +02:00
sinn3r
1817942aae
Merge branch 'logcms_writeinfo' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-logcms_writeinfo
2012-06-02 17:43:51 -05:00
sinn3r
7bb36bfbde
Fix typo thanks to juan
2012-06-02 16:57:53 -05:00
sinn3r
7e318e9787
Merge branch 'logcms_writeinfo' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-logcms_writeinfo
2012-06-02 14:14:56 -05:00
Christian Mehlmauer
3752c10ccf
Adding FireFart's RPORT(80) cleanup
...
This was tested by creating a resource script to load every changed
module and displaying the options, like so:
````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````
...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.
Thanks FireFart!
Squashed commit of the following:
commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Fri May 25 22:09:42 2012 +0200
Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
2012-06-02 09:53:19 -05:00
sinn3r
59468846e3
Change filename
2012-06-02 01:51:20 -05:00
sinn3r
522991f351
Correct name
2012-06-02 01:49:43 -05:00
sinn3r
7fd3644b8b
Add CVE-2011-4825 module
2012-06-01 18:45:44 -05:00
James Lee
4681ed1c1e
Whitespace, thanks msftidy.rb!
2012-05-31 18:18:27 -06:00
Steve Tornio
5105c1a4df
add osvdb ref
2012-05-31 08:49:58 -05:00
Tod Beardsley
7e6c2f340e
Minor updates; added BID, fixed grammar
...
Modules should not refer to themselves in the first person unless they
are looking for Sarah Connor.
2012-05-30 16:16:41 -05:00
sinn3r
54e14014c3
Merge pull request #428 from wchen-r7/php_volunteer
...
Add PHP Volunteer Management System exploit
2012-05-30 09:33:32 -07:00
sinn3r
59ea8c9ab9
Print IP/Port for each message
2012-05-30 11:30:55 -05:00
sinn3r
43dffbe996
If we don't get a new file, we assume the upload failed. This is
...
possible when we actually don't have WRITE permission to the
'uploads/' directory.
2012-05-30 11:26:06 -05:00
sinn3r
efdcda55ef
Don't really care about the return value for the last send_request_raw
2012-05-30 11:00:31 -05:00
sinn3r
13ba51db34
Allow the login() function to be a little more verbose for debugging purposes
2012-05-30 10:56:59 -05:00
sinn3r
b81315790d
Add PHP Volunteer Management System exploit
2012-05-30 10:38:45 -05:00
sinn3r
ac0d22453a
Merge pull request #414 from wchen-r7/apprain
...
Add CVE-2012-1153
2012-05-23 16:34:30 -07:00
sinn3r
8d837f5d20
Module description update. TARGETURI description update.
2012-05-23 18:33:32 -05:00
sinn3r
fab3bfcea1
Add CVE-2012-1153
2012-05-23 17:50:13 -05:00
Tod Beardsley
5dd866ed4a
Fixed print_status to include rhost:rport
...
Also don't let the failed user:pass be a mystery to the user.
2012-05-21 11:11:34 -05:00
Tod Beardsley
1fc7597a56
Msftidy fixes.
...
Fixed up activecollab_chat, batik_svg_java, and foxit_reader_launch
All whitespace fixes.
2012-05-21 10:59:52 -05:00
Steve Tornio
ba2787df8a
add osvdb ref
2012-05-20 07:13:56 -05:00
sinn3r
964a6af423
Add Active Collab chat module PHP injection exploit, by mr_me
2012-05-19 02:06:30 -05:00
Jeff Jarmoc
c2c160f86c
randomizes options from equivilants
2012-05-11 11:31:26 -05:00
sinn3r
2b13330483
Merge pull request #376 from wchen-r7/wikkawiki
...
Add CVE-2011-4449
2012-05-10 10:13:56 -07:00
sinn3r
6e8c3ad1e3
It's "inject", not "upload"... because technically that's what really happens.
2012-05-10 12:06:02 -05:00
sinn3r
c69e34d407
Update description
2012-05-10 12:02:55 -05:00
sinn3r
86c3ad5e0c
Add CVE-2011-4449
2012-05-10 11:57:40 -05:00
Jeff Jarmoc
e1156834b9
Lots of encoding randomizations for php_cgi_arg_injection
2012-05-09 14:13:21 -05:00
Jeff Jarmoc
4909d8073a
Added lots or encoding randomness
2012-05-09 11:01:15 -05:00
Steve Tornio
cef2da6110
add osvdb ref
2012-05-05 10:13:42 -05:00
James Lee
18a44148dc
Randomize case for ini true/false values
2012-05-04 17:32:32 -06:00
HD Moore
423437c620
Woops, small typo in disable_functions
2012-05-04 12:17:41 -05:00
HD Moore
c6b39e8e5c
Add additional definitions to disable safe_mode, open_basedir, suhosin. (thanks @i0n1c)
2012-05-04 12:15:46 -05:00
HD Moore
2ce3558bb4
Bump the rank
2012-05-04 10:19:37 -05:00
HD Moore
bed4846763
A little more module cleanup
2012-05-04 10:06:18 -05:00
HD Moore
d668e2321d
Rename this to a more suitable location
2012-05-04 09:59:40 -05:00
sinn3r
5bebd01eb0
Tabs vs spaces war round 2
2012-04-24 16:06:08 -05:00
sinn3r
bc42375565
Fix spaces to proper hard tabs. Not very fun to do.
2012-04-24 16:03:41 -05:00
Chris John Riley
f4f1ec70bc
Altered regex to detect Jetty hosts
...
Added in detection for 401 Authentication responses
Added alternative REST based run method (seen in Axis2 1.1.1)
Added check to prevent // from appearing at the start of the URI (causes issues on Jetty hosts)
There should be a default method for URI to prevent double / from appearing at the start of the path (can cause unknown issues).
2012-04-15 15:13:21 +02:00
andurin
4e955e5870
replace spaces with tabs
2012-04-06 10:45:10 -05:00
andurin
67e6c7b850
tomcat_mgr_deploy may report successful creds
...
Using following code for 'check' as 'exploit':
report_auth_info(
:host => rhost,
:port => rport,
:sname => (ssl ? "https" : "http"),
:user => datastore['BasicAuthUser'],
:pass => datastore['BasicAuthPass'],
:proof => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
:active => true
)
Resulting in:
Credentials
===========
host port user pass type active?
---- ---- ---- ---- ---- -------
192.168.x.xxx 8080 tomcat s3cret password true
2012-04-06 10:45:10 -05:00
Tod Beardsley
14e3cd75dc
Revert "tomcat_mgr_deploy may report successful creds"
...
This reverts commit 937f8f035a
.
2012-04-05 16:17:06 -05:00
andurin
937f8f035a
tomcat_mgr_deploy may report successful creds
2012-04-05 11:09:56 +02:00
Tod Beardsley
2f3bbdc00c
Sed replacement of exploit-db links with EDB refs
...
This is the result of:
find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/ \([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
Tod Beardsley
23c9c51014
Fixing CVE format on sit_file_upload.
2012-03-21 09:59:20 -05:00
sinn3r
aeb691bbee
Massive whitespace cleanup
2012-03-18 00:07:27 -05:00
sinn3r
7c77fe20cc
Some variables don't need to be in a double-quote.
2012-03-17 20:37:42 -05:00
Tod Beardsley
e3f2610985
Msftidy run through on the easy stuff.
...
Still have some hits, but that requires a little more code contortion to
fix.
2012-03-15 17:06:20 -05:00
Tod Beardsley
9144c33345
MSFTidy check for capitalization in modules
...
And also fixes up a dozen or so failing modules.
2012-03-15 16:38:12 -05:00
sinn3r
5250b179c8
Add CVE and OSVDB ref
2012-03-15 04:40:27 -05:00
James Lee
8d93e3ad44
Actually use the password we were given...
2012-03-08 10:17:39 -07:00
James Lee
02ea38516f
Add a check method for tomcat_mgr_deploy
2012-03-06 23:22:44 -07:00
sinn3r
22a12a6dfc
Add Lotus CMS exploit (OSVDB-75095)
2012-03-06 11:36:28 -06:00
James Lee
464cf7f65f
Normalize service names
...
Downcases lots and standardizes a few. Notably, modules that reported a
service name of "TNS" are now "oracle". Modules that report http
now check for SSL and report https instead.
[Fixes #6437 ]
2012-02-21 22:59:20 -07:00
HD Moore
4932a9ca25
Dont dump an HTML document to the console
2012-02-21 23:45:25 -06:00
Tod Beardsley
4a631e463c
Module title normalization
...
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/
The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
2012-02-21 11:07:44 -06:00
HD Moore
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
HD Moore
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00
sinn3r
5bb9afe789
Correct disclosure date format
2012-02-16 18:15:51 -06:00
Joshua J. Drake
01a6b02c3e
Add exploit for CVE-2012-0209, thx eromang!
2012-02-16 03:10:55 -06:00
Joshua J. Drake
d2444e1cf6
fix a few typos
2012-02-16 03:10:22 -06:00
Tod Beardsley
829040d527
A bunch of msftidy fixes, no functional changes.
2012-02-10 19:44:03 -06:00
Jonathan Cran
c3bd151197
add a ranking
2012-01-31 20:43:32 -06:00
Steve Tornio
e392958d90
add osvdb ref
2012-01-31 07:06:33 -06:00
sinn3r
bfd4734cbf
Forgot to add CMD as a datastore option, here it is
2012-01-30 17:34:58 -06:00
sinn3r
08134ad600
Add Exploit-DB reference
2012-01-30 16:17:25 -06:00
sinn3r
f3c340a9ab
Add vBSEO proc_deutf() Remote Code Execution (Feature #6307 )
2012-01-30 16:15:27 -06:00
sinn3r
9e5d2ff60e
Improve URI, plus some other minor changes.
2012-01-19 13:26:25 -06:00
joernchen of Phenoelit
2199cd18d7
fine tuning thx to sinn3r
2012-01-19 19:50:30 +01:00
joernchen of Phenoelit
df9380500a
disclosure date added
2012-01-19 19:19:53 +01:00
joernchen of Phenoelit
197eb16f72
gitorious remote command exec exploit
2012-01-19 11:36:08 +01:00
Tod Beardsley
7e25f9a6cc
Death to unicode
...
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
Tod Beardsley
e7d7302644
Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a viewer has a Unicode-capable terminal.
2012-01-09 11:22:44 -06:00
sinn3r
243dbe50f0
Correct author name. Unfortunately not all editors can print unicode correctly.
2012-01-07 15:18:25 -06:00
sinn3r
4e858aba89
Add CVE-2012-0262 Op5 welcome.php Remote Code Execution
2012-01-07 15:13:45 -06:00
sinn3r
4645c1c2b9
Add CVE-2012-0261 Op5 license.php Remote Code Execution
2012-01-07 15:12:49 -06:00
sinn3r
d484e18300
Add e-mail for tecr0c
2011-12-29 11:14:15 -06:00
sinn3r
b5b2c57b9f
Correct e-mail format
2011-12-29 10:57:00 -06:00
Steve Tornio
a00dad32fe
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2011-12-29 07:50:33 -06:00
Steve Tornio
27d1601028
add osvdb ref
2011-12-29 07:49:16 -06:00
Tod Beardsley
0e3370f1fe
Grammar and spelling on splunk and oracle exploits
2011-12-28 13:42:56 -06:00
sinn3r
101eba6aa5
Add CVE-2011-3587 Plone/Zope Remote CMD Injection (Feature #6151 )
2011-12-27 00:59:26 -06:00
sinn3r
b5b24a1fbf
Add a check. I decided not to try to login in the check function in order to remain non-malicious.
...
However, this decision doesn't represent how modules should write their own check.
2011-12-22 13:16:54 -06:00
sinn3r
262fe75e0a
Add CVE-2011-4642 - Splunk Remote Code Execution (Feature #6129 )
2011-12-22 13:04:37 -06:00
Steve Tornio
85caabbf5d
add osvdb ref
2011-12-14 07:19:34 -06:00
HD Moore
cb456337a0
Handle invalid http responses better, see #6113
2011-12-13 19:54:10 -06:00
sinn3r
d87d8d5799
Add CVE-2011-4453 (PmWiki Remote code exeuction - Feature #6103 )
2011-12-13 11:45:24 -06:00
sinn3r
32c8301c19
Add feature #6082 (Traq 2.3 Auth bypass remote code execution)
2011-12-12 15:45:19 -06:00
sinn3r
e043fb52c2
Incrase timeout
2011-12-08 11:21:03 -06:00
sinn3r
5afba20c21
Merge pull request #43 from jduck/master
...
Clear up how to use native payloads for tomcat_mgr_deploy
2011-12-06 23:01:53 -08:00
sinn3r
edec6b98ee
Add feature #6067 Family Connections CMS 2.7.1 exploit
2011-12-07 00:00:56 -06:00
Joshua J. Drake
ac7edc268a
Add some more clear documentation for selecting payloads for this module.
2011-12-05 00:35:11 -06:00
Rob Fuller
c411c216c0
Solved most of msftidy issues with the /modules directory
2011-11-28 17:10:29 -06:00
David Maloney
4a22df4014
Fix to the axis2 Deployer exploit to add Default Target
2011-11-22 10:27:38 -08:00
David Maloney
30d1451159
Consolidation of the Axis2 Deployer Exploits
...
Fixes #5276
2011-11-22 08:47:53 -08:00
sinn3r
41d746a07a
Add Support Incident Tracker (Feature #5964 ) by Juan
2011-11-12 12:36:21 -06:00
Wei Chen
e767214411
Fix: whitespaces, svn propset, author e-mail format
...
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 22:02:26 +00:00
Wei Chen
0dff3f3e52
Add #5682 (phpscheduleit module). Thx Juan.
...
git-svn-id: file:///home/svn/framework3/trunk@14073 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 18:06:12 +00:00
Will Vandevanter
a0d8a08851
java meterpreter should be used when the target is set to automatic
...
git-svn-id: file:///home/svn/framework3/trunk@14068 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 20:02:09 +00:00
Wei Chen
2b46420b36
check nil
...
git-svn-id: file:///home/svn/framework3/trunk@14062 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 16:19:55 +00:00
Wei Chen
7ba5a8ec4e
Module is busted when it loads, restoring to the original method. Mixin should not be loaded into an exploit
...
git-svn-id: file:///home/svn/framework3/trunk@14061 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 16:04:33 +00:00
Wei Chen
9cb54e37c5
Handle payloads better, also add a cleanup routine specifically for php/exec
...
git-svn-id: file:///home/svn/framework3/trunk@14060 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 05:25:39 +00:00
Wei Chen
2da07d4963
Fix bug #5834 (uri being nil in print_good)
...
git-svn-id: file:///home/svn/framework3/trunk@14057 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 00:40:03 +00:00
Wei Chen
3da8bb8b69
Add feature #5820 by mr_me and tecr0c
...
git-svn-id: file:///home/svn/framework3/trunk@14055 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 23:22:32 +00:00
Joshua Drake
62c8c6ea9f
big msftidy pass, ping me if there are issues
...
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
Wei Chen
975cc52bac
Fix spelling errors
...
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 00:54:05 +00:00
Tod Beardsley
94eb3ac14c
Deleting a puts statement.
...
git-svn-id: file:///home/svn/framework3/trunk@13968 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 03:52:10 +00:00
Tod Beardsley
30ac88694f
More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster.
...
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:58:53 +00:00
Tod Beardsley
020abd926b
A handful of rankings changes, also converting whitespace.
...
git-svn-id: file:///home/svn/framework3/trunk@13941 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 22:58:20 +00:00
Wei Chen
14d7db1641
Add disclosure dates to all the exploit modules that didn't have one
...
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 21:09:17 +00:00
Wei Chen
f2d328d969
cmd exec module should receive ExcellentRanking
...
git-svn-id: file:///home/svn/framework3/trunk@13935 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:10:53 +00:00
HD Moore
142ae9288b
Fix title
...
git-svn-id: file:///home/svn/framework3/trunk@13933 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 19:56:57 +00:00
Wei Chen
262b3bbe00
Use Rex to encode payload to base64
...
git-svn-id: file:///home/svn/framework3/trunk@13846 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 20:31:51 +00:00
Wei Chen
98157272fd
Fix indentation for exploit description
...
git-svn-id: file:///home/svn/framework3/trunk@13843 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 06:12:54 +00:00
Wei Chen
d1b1b26d01
Add Feature #5499 (Snortreport module)
...
git-svn-id: file:///home/svn/framework3/trunk@13842 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 06:10:18 +00:00
Wei Chen
44ac9d67e0
svn propset
...
git-svn-id: file:///home/svn/framework3/trunk@13831 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-07 17:45:15 +00:00
Steve Tornio
9ec92ee603
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13830 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-07 15:37:54 +00:00
HD Moore
9862987f45
Add a new module from joernchen
...
git-svn-id: file:///home/svn/framework3/trunk@13829 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-07 15:30:24 +00:00
Wei Chen
612cdc8c73
No need to check if version is 'unknown' if nothing else (other than default) is assigned to it
...
git-svn-id: file:///home/svn/framework3/trunk@13799 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-27 19:12:31 +00:00
Wei Chen
8bfdebeaf3
Handle the return value for send_request during the early stage
...
git-svn-id: file:///home/svn/framework3/trunk@13791 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-25 19:28:15 +00:00
Wei Chen
db79d21f75
Apply patch for non-default logins by jabra
...
git-svn-id: file:///home/svn/framework3/trunk@13778 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-23 02:48:48 +00:00
Jonathan Cran
064255e910
fixup the payload encoding, per joernchen's comment in the #metasploit channel.
...
git-svn-id: file:///home/svn/framework3/trunk@13747 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-17 17:48:51 +00:00
Mario Ceballos
6f28911d3d
added patch from joshua taylor.
...
git-svn-id: file:///home/svn/framework3/trunk@13698 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-06 19:58:40 +00:00
Joshua Drake
496170eac1
aDjUsT tHe CaSe
...
git-svn-id: file:///home/svn/framework3/trunk@13644 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-26 23:46:49 +00:00
David Rude
c78ba0e4d5
hehe remove debugging put call
...
git-svn-id: file:///home/svn/framework3/trunk@13586 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 05:59:32 +00:00
David Rude
63e2b759e7
require the URI option
...
git-svn-id: file:///home/svn/framework3/trunk@13585 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 05:54:58 +00:00
David Rude
402ca57bb4
Adds Struts2 Remote Code Execution exploit CVE-2010-1870
...
git-svn-id: file:///home/svn/framework3/trunk@13584 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 05:52:09 +00:00
Steve Tornio
28177fd255
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13505 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 02:54:56 +00:00
HD Moore
f1afbacb2a
Cron'd
...
git-svn-id: file:///home/svn/framework3/trunk@13485 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-04 17:36:01 +00:00
Wei Chen
f47a2c7565
Format dictatorship round 2: Fix author e-mail format for all exploit modules
...
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 20:17:58 +00:00
Wei Chen
d13654740a
Update some jboss modules' metadata associated with CVE-2010-0738
...
git-svn-id: file:///home/svn/framework3/trunk@13204 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 05:18:25 +00:00
James Lee
c412a836ed
add VERBOSE option to all modules and vprint_* methods to use it
...
git-svn-id: file:///home/svn/framework3/trunk@13183 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-15 15:33:35 +00:00
HD Moore
eea05fcaaa
Correct the parent class name
...
git-svn-id: file:///home/svn/framework3/trunk@12930 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-12 19:31:38 +00:00
HD Moore
7f3e2d182d
Fix Axis2 to inherit from the correct class, prevent a stack trace when a non-Remote exploit has the cleanup method called.
...
git-svn-id: file:///home/svn/framework3/trunk@12928 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-12 18:32:27 +00:00
David Rude
a8b6c43636
reverting the disclosure dates for now need to clean up the patch
...
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 20:43:19 +00:00
David Rude
3b7ea08f6a
Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy
...
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:17:31 +00:00
David Rude
3b5cf3826a
Added TheLightCosines OpenSSL ChangeCipherSpec DoS aux module
...
git-svn-id: file:///home/svn/framework3/trunk@12538 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:08:28 +00:00
Steve Tornio
319b4993a4
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12397 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 19:38:42 +00:00
David Rude
0f9a232025
Added Spreecommerce Remote Code Execution exploit module - thanks joernchen
...
git-svn-id: file:///home/svn/framework3/trunk@12392 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 16:57:17 +00:00
Joshua Drake
f0673cb1ac
Tweak to work with FreeBSD, thx for the patch!
...
git-svn-id: file:///home/svn/framework3/trunk@12224 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-03 17:40:45 +00:00
David Rude
c5ce597483
removing coldfusion until some general code fixes can be applied
...
git-svn-id: file:///home/svn/framework3/trunk@11995 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 21:41:47 +00:00
Mario Ceballos
dfd2df6b47
puts this in the appropiate place
...
git-svn-id: file:///home/svn/framework3/trunk@11987 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 10:22:07 +00:00
Joshua Drake
1604b5616f
apply some more changes from Konrads
...
git-svn-id: file:///home/svn/framework3/trunk@11533 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-10 14:34:24 +00:00
Joshua Drake
9ef757bf17
Fixes #3387 , add the PACKAGE option to allow 3.2
...
git-svn-id: file:///home/svn/framework3/trunk@11518 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 04:11:01 +00:00
James Lee
dd6afdc74c
make these titles a little clearer
...
git-svn-id: file:///home/svn/framework3/trunk@11330 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-14 17:26:44 +00:00
Joshua Drake
26a9fe6fc7
add some missing CVE references
...
git-svn-id: file:///home/svn/framework3/trunk@11180 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 20:19:18 +00:00
Joshua Drake
d5835fe7b0
remove commented out REST portion
...
git-svn-id: file:///home/svn/framework3/trunk@11179 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 19:11:42 +00:00
Joshua Drake
98e8ec4cc9
add REST version of axis2 deployer
...
git-svn-id: file:///home/svn/framework3/trunk@11178 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 18:17:33 +00:00
Joshua Drake
e9faf75503
fix some more titles with periods
...
git-svn-id: file:///home/svn/framework3/trunk@11127 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-24 19:35:38 +00:00
Joshua Drake
2fe78ec685
double grammar fail
...
git-svn-id: file:///home/svn/framework3/trunk@11053 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-16 20:23:11 +00:00
Joshua Drake
f4d2af3e73
fix typo
...
git-svn-id: file:///home/svn/framework3/trunk@11052 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-16 20:17:25 +00:00
Joshua Drake
25611afb6c
add sap businessobject modules from jabra, woot!
...
git-svn-id: file:///home/svn/framework3/trunk@11046 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-15 05:12:48 +00:00
Joshua Drake
4a5bee45c5
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@11015 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-12 23:14:46 +00:00
Mario Ceballos
2aca76ef66
added exploit module freenas_exec_raw.rb. php/meterpreter ftw.
...
git-svn-id: file:///home/svn/framework3/trunk@11014 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-12 23:02:28 +00:00
James Lee
326dc42bca
add EncodedPayload#encoded_exe, encoded_jar, and encoded_war. simplifies exploits that need java and native payloads. see #406 and #3009
...
git-svn-id: file:///home/svn/framework3/trunk@10999 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 23:01:35 +00:00
Joshua Drake
1f235a8c9b
remove 64-bit targets since we dont have an x86_64 linux exe generator
...
git-svn-id: file:///home/svn/framework3/trunk@10833 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-27 17:21:54 +00:00
Joshua Drake
be841a4810
check for failed serverinfo result
...
git-svn-id: file:///home/svn/framework3/trunk@10788 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 21:32:12 +00:00
James Lee
3b2c43fac4
get rid of the redundant second java target
...
git-svn-id: file:///home/svn/framework3/trunk@10785 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 20:07:18 +00:00
James Lee
f33d7cc670
revamp java payloads and make shells work with tomcat_mgr_deploy. tested java_trusted_chain and java_tester to verify that this doesn't break other java payload usage. see #3009 and #2973 , meterpreter doesn't work yet, so not marking resolved.
...
git-svn-id: file:///home/svn/framework3/trunk@10781 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 10:19:51 +00:00
Joshua Drake
c6f1fa716d
add a java target, fixes #2973
...
git-svn-id: file:///home/svn/framework3/trunk@10755 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-19 22:36:59 +00:00
Joshua Drake
771ea5862c
fix typo
...
git-svn-id: file:///home/svn/framework3/trunk@10754 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-19 22:24:33 +00:00
Joshua Drake
1935f2007f
fix exe generation for auto-targetting
...
git-svn-id: file:///home/svn/framework3/trunk@10753 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-19 22:21:19 +00:00
Joshua Drake
042e71c357
add ports/refs for ZDI-10-214
...
git-svn-id: file:///home/svn/framework3/trunk@10747 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-19 14:28:52 +00:00
Joshua Drake
b49e81300a
fix auto-target exe generation
...
git-svn-id: file:///home/svn/framework3/trunk@10688 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-14 21:26:05 +00:00
Joshua Drake
279c604015
missed a couple exe generater includes
...
git-svn-id: file:///home/svn/framework3/trunk@10504 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-28 16:19:50 +00:00
Joshua Drake
bd1eeb3722
rework to_jsp_war a bit, fix uses, default msfencode -t war to x86/win32
...
git-svn-id: file:///home/svn/framework3/trunk@10397 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 15:59:46 +00:00
Joshua Drake
4590844871
tons of indentation fixes, some other style tweaks
...
git-svn-id: file:///home/svn/framework3/trunk@10394 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 08:06:27 +00:00
Joshua Drake
d540818f01
split http exploit mixin into http/server and http/client
...
git-svn-id: file:///home/svn/framework3/trunk@9971 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-07 06:59:16 +00:00
Joshua Drake
2f384cde82
add alias for calling Msf::Exploit regenerate_payload explicitly -- fixes #2312
...
git-svn-id: file:///home/svn/framework3/trunk@9950 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-03 15:14:34 +00:00
Joshua Drake
16ff17c9d1
add more http fingerprints -- thx mc
...
git-svn-id: file:///home/svn/framework3/trunk@9797 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-12 23:25:31 +00:00
Joshua Drake
663b863b6d
http fingerprint checking update
...
git-svn-id: file:///home/svn/framework3/trunk@9719 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-07 17:38:59 +00:00
Joshua Drake
a3d901a6b9
various minor fixes, some added fingerprinting
...
git-svn-id: file:///home/svn/framework3/trunk@9671 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 06:21:31 +00:00
Joshua Drake
7d945ed9dc
add lots of disclosure dates from OSVDB
...
git-svn-id: file:///home/svn/framework3/trunk@9669 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 03:13:45 +00:00
Joshua Drake
0882838491
ensure binary mode when opening files, whitespace fixes
...
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 23:33:07 +00:00
Joshua Drake
93b09648c7
add additional CVE reference, cleanup references
...
git-svn-id: file:///home/svn/framework3/trunk@9642 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 19:42:11 +00:00
Joshua Drake
12fbdcd878
add http_fingerprint calls to modules that use various headers
...
git-svn-id: file:///home/svn/framework3/trunk@9627 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-25 20:53:12 +00:00
Joshua Drake
48994d234a
oops, remove java from platform list
...
git-svn-id: file:///home/svn/framework3/trunk@9609 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-24 16:38:24 +00:00
Joshua Drake
099b90b0d6
another update for jboss stuff, thanks Patrick!
...
git-svn-id: file:///home/svn/framework3/trunk@9596 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-23 22:25:03 +00:00
Joshua Drake
58cbf5d6ad
oops, fixed app_base mistake
...
git-svn-id: file:///home/svn/framework3/trunk@9586 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-22 23:10:30 +00:00
Mario Ceballos
9780efabdd
missed Version
...
git-svn-id: file:///home/svn/framework3/trunk@9578 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-22 01:24:52 +00:00
Mario Ceballos
ccece11b9b
changed from the orignal method, thanks patrick.
...
git-svn-id: file:///home/svn/framework3/trunk@9577 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-22 01:08:02 +00:00
Joshua Drake
752905a777
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@9571 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-21 16:53:52 +00:00
Joshua Drake
19742afb38
use pack instead of Base64
...
git-svn-id: file:///home/svn/framework3/trunk@9569 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-21 16:45:26 +00:00
Joshua Drake
4ceb936533
some jboss updates, much thanks to Patrick Hof
...
git-svn-id: file:///home/svn/framework3/trunk@9568 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-21 16:26:14 +00:00
Joshua Drake
698da3bdea
add CVE for cognos express
...
git-svn-id: file:///home/svn/framework3/trunk@9502 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-12 09:37:21 +00:00
Joshua Drake
711e08b5e9
make sure to use correct verbs, thanks mc!
...
git-svn-id: file:///home/svn/framework3/trunk@9285 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-11 16:20:46 +00:00
Joshua Drake
7f758d5a02
add VERB option to enable exploiting cve-2010-0738
...
git-svn-id: file:///home/svn/framework3/trunk@9282 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-11 09:14:36 +00:00
Joshua Drake
d7c99b107c
RE-fix and add svnkeywords, MC!!!
...
git-svn-id: file:///home/svn/framework3/trunk@9261 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-09 17:30:05 +00:00
Mario Ceballos
d33dc27e26
updated.. thanks jmg.
...
git-svn-id: file:///home/svn/framework3/trunk@9256 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-09 12:54:16 +00:00
Steve Tornio
a47f7dcb2e
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@9251 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-08 16:46:49 +00:00
Joshua Drake
d296e0cdc3
minor cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@9245 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-07 22:28:21 +00:00
Mario Ceballos
579d35035b
added exploit module for cve-2006-5750
...
git-svn-id: file:///home/svn/framework3/trunk@9244 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-07 22:21:44 +00:00
Joshua Drake
61402c4b55
add to description
...
git-svn-id: file:///home/svn/framework3/trunk@9202 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-02 21:04:56 +00:00
Joshua Drake
ff46c5d867
add exploit module for cve-2010-0361 on windows
...
git-svn-id: file:///home/svn/framework3/trunk@9201 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-02 20:52:14 +00:00
Joshua Drake
0ea6eca4bc
big module whitespace/formatting cleanup pass
...
git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-30 08:40:19 +00:00
Joshua Drake
22529ae81b
add USERNAME/PASSWORD options
...
git-svn-id: file:///home/svn/framework3/trunk@9177 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-30 06:30:59 +00:00
Joshua Drake
1a47c436d3
support amd64 arch
...
git-svn-id: file:///home/svn/framework3/trunk@9025 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-06 04:08:39 +00:00
HD Moore
7af2fdf42e
Remove silly cases of print_good
...
git-svn-id: file:///home/svn/framework3/trunk@9021 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-05 23:34:10 +00:00