Commit Graph

9065 Commits (34085e43ebbc5d790981f521c90397b36d8b17aa)

Author SHA1 Message Date
jvazquez-r7 0109d81c95 fix typo 2013-03-27 17:39:18 +01:00
m-1-k-3 e042fd3697 first test of e1500 down and exec exploit 2013-03-27 17:09:17 +01:00
jvazquez-r7 353f02cdcc move word_unc_injector to gather dir 2013-03-27 16:23:19 +01:00
jvazquez-r7 ed23fe6502 Merge branch 'post-word_unc_injector.rb' of https://github.com/SphaZ/metasploit-framework into SphaZ-post-word_unc_injector.rb 2013-03-27 16:21:54 +01:00
nmonkee 8fc67b5c4e SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Execution 2013-03-27 15:01:46 +00:00
m-1-k-3 aa981cc991 DIR-645 also working 2013-03-27 12:11:14 +01:00
jvazquez-r7 ef11a584f4 work on word_unc_injector 2013-03-27 11:17:29 +01:00
m-1-k-3 615aa57399 Dlink DIR615 HW rev B login module 2013-03-27 09:26:23 +01:00
m-1-k-3 680b551215 default to user admin 2013-03-27 08:59:19 +01:00
m-1-k-3 032214fb1d default to user admin 2013-03-27 08:49:04 +01:00
jvazquez-r7 c225d8244e Added module for CVE-2013-1493 2013-03-26 22:30:18 +01:00
m-1-k-3 e1a719a6c0 http login module for DLink DIR300revB, DIR600revB, DIR815 2013-03-26 20:57:24 +01:00
m-1-k-3 c4fe21865c user fix 2013-03-26 20:15:19 +01:00
nmonkee f16c8094f9 Rex::Text.rand_text_alphanumeric for file name 2013-03-26 13:53:16 +00:00
nmonkee ff7096782f SAP /sap/bc/soap/rfc SOAP Service SXPG_COMMAND_EXEC Function Command Injection 2013-03-26 12:16:50 +00:00
jvazquez-r7 1d95abc458 cleanup for joomla_comjce_imgmanager 2013-03-26 12:02:39 +01:00
jvazquez-r7 9b3bbd577f module moved to unix webapps 2013-03-26 12:02:08 +01:00
jvazquez-r7 c4fcf85af2 Merge branch 'heyder-joomla' of https://github.com/heyder/metasploit-framework into heyder-heyder-joomla 2013-03-26 12:01:46 +01:00
bwall a5346240de Updated v0pCr3w_exec to use send_request_cgi 2013-03-26 01:33:30 -04:00
heyder 014c01099e improve cleanup 2013-03-26 02:22:10 -03:00
nmonkee bcc26427c0 EPS_GET_DIRECTORY_LISTING (List Directory abd SMB Relay) 2013-03-25 20:26:56 +00:00
nmonkee 121c75f646 vprint_status mod 2013-03-25 20:18:14 +00:00
nmonkee da6a99defb vprint_status mod 2013-03-25 20:16:11 +00:00
nmonkee f66ffbfa81 vprint_status mod 2013-03-25 20:13:45 +00:00
jvazquez-r7 9717a8c3b4 cleanup for tplink_traversal_noauth 2013-03-25 19:20:18 +01:00
jvazquez-r7 543b401a55 Merge branch 'tplink-traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-tplink-traversal 2013-03-25 19:18:53 +01:00
nmonkee f92f59bfad EPS_DELETE_FILE (File deletion and SMB Relay) 2013-03-25 17:23:27 +00:00
sinn3r dcce23d23d Merge branch 'bugs/tomcat_enum-double_check' of github.com:neinwechter/metasploit-framework into neinwechter-bugs/tomcat_enum-double_check 2013-03-25 12:19:52 -05:00
nmonkee 01ee30e389 PFL_CHECK_OS_FILE_EXISTENCE (file existence and SMB relay) 2013-03-25 17:11:23 +00:00
jvazquez-r7 fdd06c923a cleanup for dlink_dir_645_password_extractor 2013-03-25 18:04:12 +01:00
jvazquez-r7 a9a5a3f64f Merge branch 'dlink-dir645-password-extractor' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink-dir645-password-extractor 2013-03-25 18:02:51 +01:00
Nathan Einwechter aad0eed485 Fix whitespace EOL 2013-03-25 13:00:37 -04:00
nmonkee 5be98593a9 RZL_READ_DIR_LOCAL (directory listing and SMB relay) 2013-03-25 16:59:37 +00:00
Nathan Einwechter 3f79b2fd3b Use :abort for scanner mixin 2013-03-25 12:59:18 -04:00
sinn3r 56c07211a0 Merge branch 'actfax_raw_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-actfax_raw_bof 2013-03-25 11:56:15 -05:00
sinn3r 47e3d7de59 Merge branch 'bugs/RM7108-adobe_flash_mp4_cprt-add_resource_issue' of github.com:neinwechter/metasploit-framework into neinwechter-bugs/RM7108-adobe_flash_mp4_cprt-add_resource_issue 2013-03-25 11:46:37 -05:00
sinn3r 0d56da0511 Merge branch 'netgear-sph200d' of github.com:m-1-k-3/metasploit-framework into m-1-k-3-netgear-sph200d 2013-03-25 11:45:40 -05:00
sinn3r f4c04503d2 Merge branch 'master' of github.com:rapid7/metasploit-framework 2013-03-25 11:38:08 -05:00
Nathan Einwechter 99fe2a33d7 Deregister USER_AS_PASS and stop on connect error 2013-03-25 12:35:52 -04:00
jvazquez-r7 53b862300e cleanup for linksys_e1500_traversal 2013-03-25 17:33:38 +01:00
jvazquez-r7 ea804d433e change file name 2013-03-25 17:33:16 +01:00
jvazquez-r7 660d3d5388 Merge branch 'linksys-traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys-traversal 2013-03-25 17:31:11 +01:00
m-1-k-3 e57498190b dlink dir 300/600 login module - initial commit 2013-03-25 08:48:24 +01:00
bwall 5218831167 Added license information and tidied up the code 2013-03-25 00:05:31 -04:00
bwall e98a463de2 Added license information and tidied up code 2013-03-25 00:04:39 -04:00
bwall e37fa3b40a Added license information and tidied up code 2013-03-25 00:03:32 -04:00
bwall 6be88224bf Added the license information and tidied up 2013-03-25 00:01:20 -04:00
heyder 0c169f94eb correct some bad indent 2013-03-24 21:07:51 -03:00
jvazquez-r7 d54687cb37 fix typo 2013-03-25 00:58:47 +01:00
jvazquez-r7 26b43d9ed2 Added module for ZDI-13-050 2013-03-25 00:54:30 +01:00
heyder 50ac5cf247 Adjust payload size and others code adjustments 2013-03-24 20:25:29 -03:00
m-1-k-3 98ac6e8090 feedback included 2013-03-24 21:01:30 +01:00
bwall 7e0b0ac092 Added STUNSHELL webshell remote command execution module 2013-03-24 15:18:08 -04:00
bwall b23d259485 Added STUNSHELL webshell remote code evaluation[PHP] module 2013-03-24 15:16:45 -04:00
bwall bbcf21ee24 Added v0pCr3w webshell remote command execution module 2013-03-24 15:13:42 -04:00
bwall ca6ab7c8c2 Added Ra1NX pubcall authentication bypass exploit module 2013-03-24 14:59:27 -04:00
m-1-k-3 d90de54891 reporting and feedback 2013-03-24 15:00:18 +01:00
m-1-k-3 9f8ec37060 store loot 2013-03-24 11:48:49 +01:00
m-1-k-3 71708c4bc3 dir 645 password extractor - initial commit 2013-03-24 11:44:24 +01:00
jvazquez-r7 49ac3ac1a3 cleanup for linksys_e1500_e2500_exec 2013-03-23 23:30:49 +01:00
jvazquez-r7 98be5d97b8 Merge branch 'linksys-e1500-e2500-exec' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys-e1500-e2500-exec 2013-03-23 23:30:14 +01:00
m-1-k-3 b2bf1df098 fixed encoding and set telnetd as default cmd 2013-03-23 22:56:15 +01:00
m-1-k-3 7ff9c70e38 10 to 0 is good :) 2013-03-23 22:46:26 +01:00
m-1-k-3 47d458a294 replacement of the netgear-sph200d module 2013-03-23 22:40:32 +01:00
m-1-k-3 bd522a03e3 replace module to the scanner directory 2013-03-23 22:29:44 +01:00
m-1-k-3 b1ae2f7bf4 replace module to the scanner directory 2013-03-23 22:29:31 +01:00
m-1-k-3 8f59999f82 replace module to the scanner directory 2013-03-23 22:25:04 +01:00
m-1-k-3 f58554bb57 replace module to the scanner directory 2013-03-23 22:24:50 +01:00
m-1-k-3 965ec34368 check of the server on the first try 2013-03-23 22:13:01 +01:00
m-1-k-3 aacd14ae45 version removed, encode params removed 2013-03-23 21:31:08 +01:00
m-1-k-3 b01959ea70 tplink traversal - initial commit 2013-03-23 20:30:32 +01:00
m-1-k-3 36d1746c0d linksys traversal module - initial commit 2013-03-23 17:01:02 +01:00
m-1-k-3 270f64acc2 feedback included 2013-03-23 15:54:34 +01:00
heyder 5bee1471df many code adjustments 2013-03-22 23:07:08 -03:00
Nathan Einwechter 89c0e8c27e Fix add_resource call in adobe_flas_mp5_cprt 2013-03-22 19:27:02 -04:00
jvazquez-r7 6eaf995642 cleaning exploiting string 2013-03-22 21:48:02 +01:00
jvazquez-r7 fd63283524 make msftidy happy 2013-03-22 21:46:12 +01:00
sinn3r f22c18e026 Merge branch 'module-psexec_command-file_prefix' of github.com:kn0/metasploit-framework into kn0-module-psexec_command-file_prefix 2013-03-22 13:08:13 -05:00
sinn3r 11754f271a Merge branch 'mutiny_subnetmask_exec' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mutiny_subnetmask_exec 2013-03-22 13:05:16 -05:00
sinn3r 051e31c19f Merge branch 'kingview_kingmess_kvl' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-kingview_kingmess_kvl 2013-03-22 13:00:38 -05:00
sinn3r dea48b459f Merge branch 'download_exec_shell' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-download_exec_shell 2013-03-22 12:53:36 -05:00
Tod Beardsley d908050808 Merge epo_sql fix from neinwechter
Easy, sensible fix -- since report_auth_info uses full_user, print_good
should too.

[Closes #1629]
2013-03-22 11:22:24 -05:00
Nathan Einwechter 096ec9a5d7 Fix to print out correct/full username 2013-03-22 10:22:24 -04:00
heyder b5c65ad51b add Joomla Component JCE File Upload Code Execution 2013-03-22 10:41:35 -03:00
jvazquez-r7 bbff20fd65 cleanup for struts_code_exec_parameters 2013-03-21 22:17:47 +01:00
jvazquez-r7 50c6a98530 Merge branch 'struts-param-rce' of https://github.com/Console/metasploit-framework into Console-struts-param-rce 2013-03-21 22:17:20 +01:00
Console cbccda10ca fixing issue raised by @meatballs1 2013-03-21 20:58:40 +00:00
Console 302193f98b Various fixes and improvements
Chunk_length now varies according to targeturi and parameter
A few typographical inconsistences corrected
CMD option removed as its not being used
custom http request timeout removed
2013-03-21 19:03:39 +00:00
Console 8027615608 fixed comments left in by accident 2013-03-21 16:43:44 +00:00
Console 4edf5260f4 check function now tells user about delay 2013-03-21 16:40:45 +00:00
jvazquez-r7 f27333567f use bash or sh according to availability 2013-03-21 17:26:56 +01:00
jvazquez-r7 47ea8aea30 Merge branch 'download_exec_wget' of https://github.com/dougsko/metasploit-framework into dougsko-download_exec_wget 2013-03-21 17:09:20 +01:00
Console a714b430ca used normalize_uri 2013-03-21 14:05:08 +00:00
Console 5c9bec1552 commit fix branch for Console-struts-RCE 2013-03-21 13:40:16 +00:00
jvazquez-r7 370f849e29 cleanup for download_exec 2013-03-21 09:24:02 +01:00
Doug P 39b1ad8bd6 spacing cleanup 2013-03-21 00:21:10 -04:00
Doug P 837d426ff0 removed an extra space 2013-03-21 00:18:35 -04:00
Doug P 08029ca2e8 edited Description 2013-03-21 00:17:55 -04:00
Doug P edd85ccd69 added wget support 2013-03-21 00:09:22 -04:00
Tod Beardsley e149c8670b Unconflicting ruby_string method
Looks like the conflict was created by the msftidy fixes that happened
over on the master branch. No big deal after all.
2013-03-20 15:49:23 -05:00
m-1-k-3 dcd2aebdcd feedback included 2013-03-20 21:34:30 +01:00
SphaZ 804e2cfa3a small fixup of unused old vars 2013-03-20 21:31:28 +01:00
Tod Beardsley 011b6899b0 Merge 'neinwechter/browser_autopwn-updates'
Brings in neinwechter's BAP fixes. Seems to not only be a more sane
strategy, but in practice, ends up with tons more shells for at least
MSIE which is what most people are using it for anyway.

[Closes #1612]
2013-03-20 15:26:09 -05:00
SphaZ b275797ba2 Used msf file mixin where possible and more in memory handling 2013-03-20 21:25:07 +01:00
Tod Beardsley e377e30873 unscrewing syntax error 2013-03-20 15:04:31 -05:00
Tod Beardsley fd20eba35e Expanding the title and desc for external_ip
Also allowing the capitalization on "via" to be small.
2013-03-20 14:42:12 -05:00
jvazquez-r7 cd58a6e1a1 cleanup for nagios_nrpe_arguments 2013-03-20 19:22:48 +01:00
jvazquez-r7 072fca9f6c Merge branch 'post_linux_manage_download_exec' of https://github.com/jasbro/metasploit-framework into jasbro-post_linux_manage_download_exec 2013-03-20 18:02:51 +01:00
jvazquez-r7 54f22ed06c check if curl is on the path 2013-03-20 17:31:48 +01:00
Joshua Abraham 9948d1ec12 change from vcmd_exec to a method in the module 2013-03-19 20:40:25 -04:00
jvazquez-r7 26dec4eb8f last cleanup for sami_ftpd_list 2013-03-19 21:32:05 +01:00
jvazquez-r7 42efe5955b Merge branch 'osvdb-90815' of https://github.com/dougsko/metasploit-framework into dougsko-osvdb-90815 2013-03-19 21:31:46 +01:00
jvazquez-r7 b19c51aa81 cleanup for sami_ftpd_list 2013-03-19 19:04:14 +01:00
m-1-k-3 9fc0f9a927 initial commit 2013-03-19 17:31:01 +01:00
dougsko e2a9245b08 Changed target to Windows XP 2013-03-19 13:20:23 -03:00
sinn3r 0c0d15024a No tabs for these 2013-03-19 08:39:47 -05:00
sinn3r 07a3f15292 Merge branch 'coolpdf_image_stream_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-coolpdf_image_stream_bof 2013-03-19 08:38:30 -05:00
sinn3r 116f5b87f0 Merge branch 'axigen_file_access' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-axigen_file_access 2013-03-19 08:33:58 -05:00
Joel Parish 21e9f7dbd2 Added module for CVE-2013-1362
Module exploits a shell code metacharacter escaping vulnerability in
poorly configured Nagios Remote Plugin Executor installations.
2013-03-19 01:43:46 -07:00
Matt Andreko fd5bd52e6d Added some error handling if the connection dies. 2013-03-18 17:26:40 -04:00
Matt Andreko 66dcbca562 Sysax Multi-Server SSHD DoS
This exploit affects Sysax Multi-Server version 6.10. It causes a
Denial of Service by sending a specially crafted Key Exchange, which
causes the service to crash.
2013-03-18 17:16:12 -04:00
dougsko fb90a1b497 Uses IP address length in offset calculation 2013-03-18 16:18:04 -03:00
jvazquez-r7 4aab1cc5df delete debug code 2013-03-18 16:28:39 +01:00
jvazquez-r7 dffec1cd41 added module for cve-2012-4914 2013-03-17 21:12:40 +01:00
Doug P 3d92d6e977 removed the handler call 2013-03-15 16:48:53 -04:00
Doug P a96283029e made payload size a little smaller 2013-03-15 16:08:43 -04:00
Doug P 8b5c782b54 changed Platform from Windows to win 2013-03-15 15:13:52 -04:00
Doug P 8f4b3d073a Explicitly set EXITFUNC to thread 2013-03-15 14:52:39 -04:00
Doug P e9af05a178 made recommended changes 2013-03-15 11:35:12 -04:00
Joshua Abraham 07d78af421 Linux post module to download and run a command 2013-03-15 10:13:56 -04:00
Doug P 4bb64a0f41 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-14 16:10:10 -04:00
Doug P bbbf395659 got everything working and cleaned up 2013-03-14 16:02:41 -04:00
jvazquez-r7 d8f46e3df4 Merge branch 'module/fb_cnct_target_214' of https://github.com/zeroSteiner/metasploit-framework into zeroSteiner-module/fb_cnct_target_214 2013-03-14 16:27:58 +01:00
jvazquez-r7 b86b70c31c Merge branch 'openpli-shell' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-openpli-shell 2013-03-14 15:58:14 +01:00
jvazquez-r7 02f90b5bbd cleanup for dopewars 2013-03-14 15:53:19 +01:00
jvazquez-r7 4d9f2bbb06 Merge branch 'master' of https://github.com/dougsko/metasploit-framework into dougsko-master 2013-03-14 15:51:47 +01:00
jvazquez-r7 6ccfa0ec18 cleanup for dreambox_openpli_shell 2013-03-14 15:02:21 +01:00
jvazquez-r7 7403239de7 cleanup for psexec_ntdsgrab 2013-03-14 13:40:45 +01:00
jvazquez-r7 9ae2c8e718 Merge branch 'ntdsgrab4' of https://github.com/R3dy/metasploit-framework into R3dy-ntdsgrab4 2013-03-14 13:39:41 +01:00
m-1-k-3 9366e3fcc5 last adjustment 2013-03-14 11:18:52 +01:00
m-1-k-3 0140caf1f0 Merge branch 'master' of git://github.com/rapid7/metasploit-framework into openpli-shell 2013-03-14 10:55:52 +01:00
Trenton Ivey 97023413cb Added advanced option for temp filenames prefix 2013-03-14 01:50:52 -05:00
Royce Davis abbb3b248d methods that use @ip now reference it directly instead of being passed in as paramaters 2013-03-13 19:35:53 -05:00
Royce Davis 462ffb78c1 Simplified copy_ntds & copy_sys check on line 91 2013-03-13 19:31:36 -05:00
Royce Davis 4e9af74763 All print statements now use #{peer} 2013-03-13 19:28:09 -05:00
Royce Davis edf2804bb5 Added simple.disconnect to end of cleanup_after method 2013-03-13 19:23:22 -05:00
Royce Davis 8eba71ebe2 Added simple.disconnect to end of download_sys_hive method 2013-03-13 19:20:58 -05:00
Doug P 1f7b2a8e9f minor edits 2013-03-13 17:48:37 -04:00
Doug P fa5c988110 got sami_ftpd_list.rb working 2013-03-13 17:27:02 -04:00
James Lee 2f11796dfa Fix typo
[SeeRM #7800]
2013-03-13 16:10:20 -05:00
jvazquez-r7 456e4449e5 definitely the free trial of 6.53 is also vulnerable 2013-03-13 20:29:07 +01:00
jvazquez-r7 5345af87f2 better description according to advisory 2013-03-13 20:25:13 +01:00
jvazquez-r7 5339c6f76e better target description according to advisory 2013-03-13 20:23:22 +01:00
jvazquez-r7 50083996ff better target description 2013-03-13 20:13:09 +01:00
jvazquez-r7 a2755820cb Added module for CVE-2012-4711 2013-03-13 20:07:58 +01:00
Spencer McIntyre 458ffc1f19 Add a target for Firebird 2.1.4.18393 2013-03-13 13:44:28 -04:00
jvazquez-r7 e5f7c08d6f Added module for CVE-2012-4940 2013-03-13 11:52:54 +01:00
Doug P 22133ba8ff removed version number 2013-03-12 16:36:14 -04:00
Doug P 70da739666 fixed errors in dopewars.rb shown by msftidy 2013-03-12 15:47:31 -04:00
doug b5c3161ceb Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-12 13:20:06 -04:00
Doug P c8c50a6407 cleaned up dopewars module 2013-03-12 12:56:12 -04:00
Royce Davis 9a970415bc Module uses store_loot now instead of logdir which has been removed 2013-03-11 20:05:23 -05:00
doug a199c397e4 ... 2013-03-11 17:09:17 -04:00
doug 4d6e19b40b small edits to dopewars.rb 2013-03-11 17:07:05 -04:00
James Lee 6da4c53191 Merge remote-tracking branch 'jvazquez-r7/netcat_gaping' into rapid7
[Closes #1576]
2013-03-11 16:02:49 -05:00
doug 0e607f8252 added dopewars module 2013-03-11 16:52:49 -04:00
jvazquez-r7 2684e6103c use of send_request_cgi 2013-03-11 20:36:47 +01:00
jvazquez-r7 9c89599737 cleanup before merge external_ip 2013-03-11 20:35:25 +01:00
jvazquez-r7 546e24a9c6 Merge branch 'external_ip_discovery' of https://github.com/sempervictus/metasploit-framework into sempervictus-external_ip_discovery 2013-03-11 20:35:07 +01:00
Royce Davis aa4cc11640 Removed Scanner class running as stand-alone single target module now 2013-03-11 13:39:47 -05:00
Tod Beardsley 2f95d083e8 Updating URL for Honewell EBI exploit 2013-03-11 13:35:58 -05:00
Tod Beardsley 23972fbebc Merge branch 'release' 2013-03-11 13:08:30 -05:00
Tod Beardsley d81d9261e7 Adding Honeywell exploit. 2013-03-11 13:03:59 -05:00
jvazquez-r7 4852f1b9f7 modify exploits to be compatible with the new netcat payloads 2013-03-11 18:35:44 +01:00
jvazquez-r7 627e7f6277 avoiding grouping options 2013-03-11 18:26:03 +01:00
jvazquez-r7 f0cee29100 modified CommandDispatcher::Exploit to have the change into account 2013-03-11 18:08:46 +01:00
jvazquez-r7 c9268c3d54 original modules renamed 2013-03-11 18:04:22 +01:00
jvazquez-r7 074ea7dee4 Merge branch 'ssl' of https://github.com/luh2/metasploit-framework into luh2-ssl 2013-03-11 15:36:20 +01:00
Royce Davis a96753e9df Added licensing stuff at the top 2013-03-10 20:07:04 -05:00
Royce Davis bf9a2e4f52 Fixed module to use psexec mixin 2013-03-10 15:15:50 -05:00
Royce Davis 907983db4a updating with r7-msf 2013-03-10 14:19:20 -05:00
James Lee 2160718250 Fix file header comment
[See #1555]
2013-03-07 17:53:19 -06:00
RageLtMan 25f3f935c4 Apply Egypt's cleanup
Remove revision, raise the exception itself, remove scanner mixin,
datastore['RHOST'] unstead of RHOSTS, and useles agent var removed.
2013-03-07 18:34:12 -05:00
jvazquez-r7 64398d2b60 deleting some commas 2013-03-07 21:34:51 +01:00
jvazquez-r7 ab44e3e643 cleanup for fb_cnct_group 2013-03-07 21:34:07 +01:00
jvazquez-r7 969490771f Merge branch 'module-fb_cnct_group' of https://github.com/zeroSteiner/metasploit-framework into zeroSteiner-module-fb_cnct_group 2013-03-07 21:33:33 +01:00
jvazquez-r7 c5e61f1e9d Merge branch 'msftidy_ssl_shells' of https://github.com/sempervictus/metasploit-framework into sempervictus-msftidy_ssl_shells 2013-03-07 20:47:11 +01:00
jvazquez-r7 25db782b03 change print location 2013-03-07 19:15:40 +01:00
jvazquez-r7 fdd7c375ad added linux native target 2013-03-07 19:12:25 +01:00
Spencer McIntyre 398d13e053 Initial commit of the Firebird CNCT Group Number Buffer Overflow. 2013-03-07 09:51:05 -05:00
jvazquez-r7 03f3b06ccb added module for cve-2012-3001 2013-03-07 14:23:13 +01:00
J.Townsend db1f4d7e1d added license info 2013-03-07 00:20:02 +00:00
J.Townsend e8c1899dc2 added license info 2013-03-07 00:18:32 +00:00
J.Townsend 3946cdf91e added license info 2013-03-07 00:17:55 +00:00
J.Townsend 1b493d0e4c added license info 2013-03-07 00:16:26 +00:00
J.Townsend 9e89d9608f added license info 2013-03-07 00:11:45 +00:00
J.Townsend 56639e7f15 added license info 2013-03-07 00:10:46 +00:00
RageLtMan 7f80692457 everyone will comply, resistance is futile 2013-03-06 18:38:14 -05:00
sinn3r b65f410048 Updates the description 2013-03-06 16:37:41 -06:00
RageLtMan dfe3a4f394 msftidy and module placement per todb 2013-03-06 17:36:01 -05:00
sinn3r fee07678dd Rename module to better describe the bug. 2013-03-06 16:33:41 -06:00
sinn3r 79d3597d31 That's not a real check... 2013-03-06 16:32:53 -06:00
sinn3r 16d7b625bc Format cleanup 2013-03-06 16:31:39 -06:00
sinn3r 7219c7b4aa Merge branch 'codesys_gateway_server_remote_execution.rb' of github.com:nahualito/metasploit-framework into nahualito-codesys_gateway_server_remote_execution.rb 2013-03-06 16:15:24 -06:00
Royce Davis 1d8c759a34 yeah 2013-03-06 16:01:36 -06:00
Enrique A. Sanchez Montellano aa5c9461ae Fixed more styling issues, EOL, tabs and headers 2013-03-06 10:50:31 -08:00
Enrique A. Sanchez Montellano 437d6d6ba6 Fixed EOL, bad indent, added header, removed #!/usr/env/ruby 2013-03-06 10:44:29 -08:00
sinn3r af9982e289 Merge branch 'codesys_gateway_server_remote_execution.rb' of github.com:nahualito/metasploit-framework into nahualito-codesys_gateway_server_remote_execution.rb 2013-03-06 12:11:58 -06:00
Enrique A. Sanchez Montellano aa3a54fba0 Added CoDeSyS Gateway.exe Server remote execution via arbitrary file creation 2013-03-06 09:29:28 -08:00
RageLtMan 225b15f7f3 Add external IP discovery module
This module performs an HTTP request to ifconfig.me/ip.
The body of the response contains the publicly routable IP from
which the request originated. This can be useful in discovering
routes on pivoted hosts and initial recon as a simple aux module.
2013-03-05 23:42:31 -05:00
James Lee ca43900a7c Merge remote-tracking branch 'R3dy/psexec-mixin2' into rapid7 2013-03-05 16:34:11 -06:00
jvazquez-r7 781132b1cf cleanup for openssl_aesni 2013-03-05 22:41:16 +01:00
jvazquez-r7 784c075986 Merge branch 'module-cve-2012-2686' of https://github.com/ettisan/metasploit-framework into ettisan-module-cve-2012-2686 2013-03-05 22:40:46 +01:00
James Lee 27727df415 Merge branch 'R3dy-psexec-mixin2' into rapid7 2013-03-05 14:36:55 -06:00
James Lee a74b576a0f Merge branch 'rapid7' into rsmudge-authproxyhttpstager 2013-03-04 17:50:48 -06:00
James Lee c0689a7d43 Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7 2013-03-04 12:14:33 -06:00
Wolfgang Ettlinger 867875b445 Beautified OpenSSL-AESNI module
Modifed the CVE-2012-2686 module to follow
suggestions by @jvazquez-r7:
* Added description for all fields in the
  SSL packets
* MAX_TRIES now required
* use get_once instead of timeout
2013-03-04 19:09:50 +01:00
David Maloney 71ba044d03 remove debugging aid 2013-03-04 11:25:34 -06:00
David Maloney 6dcca7df78 Remove duplicated header issues
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
sinn3r 7fa24d9060 Module rename 2013-03-04 10:54:33 -06:00
sinn3r 59b5e8e688 Merge branch 'setuid_tunnelblick' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-setuid_tunnelblick 2013-03-04 10:53:31 -06:00
sinn3r 95cd46d362 Merge branch 'master' of github.com:rapid7/metasploit-framework 2013-03-04 10:46:27 -06:00
sinn3r 12247d47ba Rename module, sorry, no pull request. 2013-03-04 10:46:05 -06:00
jvazquez-r7 e465a07030 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-04 17:41:18 +01:00
jvazquez-r7 92ee4300df cleanup for reflective_dll_inject 2013-03-04 17:40:09 +01:00
jvazquez-r7 582395412f Merge branch 'post_ref_dll_inj' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-post_ref_dll_inj 2013-03-04 17:39:11 +01:00
jvazquez-r7 a980bf0ef6 minor fixes 2013-03-03 19:54:17 +01:00
jvazquez-r7 248481f195 fixed EOF 2013-03-03 19:52:31 +01:00
jvazquez-r7 81e2dbc71e added module for CVE-2012-3485 2013-03-03 19:48:12 +01:00
jvazquez-r7 76180f22fc added module for cve-2012-4284 2013-03-03 13:23:21 +01:00
Raphael Mudge 1cc49f75f5 move flag comment to where it's used. 2013-03-03 03:26:43 -05:00
Raphael Mudge ecdb884b13 Make download_exec work with authenticated proxies
Adds INTERNET_FLAG_KEEP_CONNECTION to HttpOpenRequest flags to allow
download_exec to transparently authenticate to a proxy device through
wininet.

Fun trivia, Windows 7 systems uses Connection: keep-alive by default.
This flag benefits older targets (e.g., Windows XP).
2013-03-03 01:42:17 -05:00
Michael Schierl 4a17a30ffd Regenerate ruby modules
For shellcode changes (removed unneeded instruction) committed in
46a5c4f4bf. Saves 2 bytes per shellcode.
2013-03-03 00:14:30 +01:00
David Maloney 4212c36566 Fix up basic auth madness 2013-03-01 11:59:02 -06:00
David Maloney b2f68f0fdb Merge branch 'dmaloney-r7-feature/http/authv2' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-dmaloney-r7-feature/http/authv2 2013-02-28 14:37:37 -06:00
David Maloney c290bc565e Merge branch 'master' into feature/http/authv2 2013-02-28 14:33:44 -06:00
jvazquez-r7 8f58c7b25e cleanup for sap_icf_public_info 2013-02-28 18:47:48 +01:00
jvazquez-r7 0dcfb51071 cleanup for sap_soap_rfc_system_info 2013-02-28 18:46:18 +01:00
jvazquez-r7 1a10c27872 Merge branch 'sap_rfc_system_info' of https://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-sap_rfc_system_info 2013-02-28 18:45:42 +01:00
RageLtMan 3778ae09e9 This commit adds DNS resolution to rev_tcp_rc4
Due to the modular structure of payload stages its pretty trivial
to add DNS resolution instead of hard-coded IP address in stage0.

The only real complication here is that ReverseConnectRetries ends
up being one byte further down than in the original shellcode. It
appears that the original rev_tcp_dns payload suffers from the same
issue.

Hostname substitution is handled in the same method as the RC4 and
XOR keys, with an offset provided and replace_vars ignoring the
hostname.

Tested in x86 native and WOW64 on XP and 2k8r2 respectively.

This is a good option for those of us needing to leave persistent
binaries/payloads on hosts for long periods. Even if the hostname
resolves to a malicious party attempting to steal our hard earned
session, they'd be hard pressed to crypt the payload with the
appropriate RC4 pass. So long as we control the NS and records, the
hardenned shellcode should provide a better night's sleep if running
shells over the WAN. Changing the RC4 password string in the
shellcode and build.py should reduce the chances of recovery by RE.

Next step will likely be to start generating elipses for ECDH SSL
in meterpreter sessions and passing them with stage2 through the
RC4 socket. If P is 768-1024 the process is relatively quick, but
we may want to precompute a few defaults as well to have 2048+.
2013-02-28 02:59:20 -05:00
Wolfgang Ettlinger e7015985e7 Added CVE-2012-2686
Added Module for a DoS issue in OpenSSL (pre 1.0.1d). Can be exploited
with services that use TLS >= 1.1 and AES-NI. Because of improper
length computation, an integer underflow occurs leading to a
segmentation fault. This module brute-forces serveral encrypted
messages - when the decrypted message coincidentally specifies a
certain value for the size, the integer underflow occurs. Though this
could be accomplished more effectively (e.g. implementing or
maninpulating and TLS implementation), this module still does what it
should do.
2013-02-27 22:57:53 +01:00
James Lee d3b3587660 Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-27 14:01:57 -06:00
sinn3r 4085fa73c5 Merge branch 'stephenfewer-master' 2013-02-27 11:13:10 -06:00
sinn3r 3334257aa4 Merge branch 'bug/fix_screenspy' of github.com:kernelsmith/metasploit-framework into kernelsmith-bug/fix_screenspy 2013-02-26 13:54:47 -06:00
Joe Rozner abdcde06cd Fix polarcms_upload_exec exploit 2013-02-25 22:58:26 -08:00
sinn3r 0158919031 Merge branch 'master' of github.com:L1ghtn1ng/metasploit-framework into L1ghtn1ng-master 2013-02-25 19:41:29 -06:00
sinn3r 181e3c0496 Uses normalize_uri 2013-02-25 19:36:48 -06:00
J.Townsend cbce1bdff2 update module description
This adds the version of wordpress the issue was fixed in to the description
2013-02-26 00:24:46 +00:00
James Lee 1ce86b7adb Whitespace 2013-02-25 14:29:10 -06:00
James Lee e41922853e Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-25 14:15:22 -06:00
sinn3r 1ed74b46be Add CVE-2013-0803
From:
http://dev.metasploit.com/redmine/issues/7691
2013-02-25 14:14:57 -06:00
sinn3r cae1939914 Kinda too long 2013-02-25 13:44:11 -06:00
sinn3r 593be7ab2f Merge branch 'xbmc' of github.com:mandreko/metasploit-framework into mandreko-xbmc 2013-02-25 13:43:12 -06:00
sinn3r f3f913edc5 Correct bad naming style 2013-02-25 13:29:27 -06:00
sinn3r 690e7ec8a7 Uses normalize_uri 2013-02-25 13:28:00 -06:00
sinn3r b930613653 Merge branch 'kordil-edms-upload-exec' of github.com:bcoles/metasploit-framework into bcoles-kordil-edms-upload-exec 2013-02-25 12:43:50 -06:00
sinn3r 5fe2c26d82 Merge branch 'bcoles-glossword_upload_exec' 2013-02-25 12:41:05 -06:00
sinn3r 52241b847a Uses normalize_uri instead of manually adding a slash 2013-02-25 12:20:37 -06:00
Tod Beardsley 1446992253 Merge jvazquez-r7's java exploit 2013-02-25 07:19:12 -06:00
bcoles d7c0ce4e4a Fix 'check()' in glossword_upload_exec 2013-02-25 15:52:07 +10:30
Raphael Mudge 788c96566f Allow HTTP stager to work with authenticated proxies
The HttpOpenRequest function from WinINet requires the
INTERNET_FLAG_KEEP_CONNECTION flag to communicate through an
authenticated proxy.

From MSDN ( http://tinyurl.com/chwt86j ):

"Uses keep-alive semantics, if available, for the connection. This
 flag is required for Microsoft Network (MSN), NT LAN Manager (NTLM),
 and other types of authentication."

Without this flag, the HTTP stager will fail when faced with a proxy
that requires authentication. The Windows HTTPS stager does not have
this problem.

For HTTP Meterpreter to communicate through an authenticated proxy a
separate patch will need to be made to the Meterpreter source code.
This is at line 1125 of source/common/core.c in the Meterpreter source
code.

My motivation for this request is for windows/dllinject/reverse_http
to download a DLL even when faced with an authenticated proxy. These
changes accomplish this.

Test environment:

I staged a SmoothWall device with the Advanced Proxy Web Add-on. I
enabled Integrated Windows Authentication with a W2K3 DC. I verified
the HTTP stager authenticated to and communicated through the proxy
by watching the proxy access.log
2013-02-24 17:33:00 -05:00
bcoles 1f46b3aa02 Add Glossword Arbitrary File Upload Vulnerability exploit 2013-02-25 01:59:46 +10:30
Matt Andreko 2c0a916c83 Made the password optional 2013-02-23 17:14:30 -05:00
Matt Andreko b221711ecd Added basic error handling 2013-02-23 10:24:04 -05:00
Matt Andreko 67c2c3da20 Code Review Feedback
Fixed the USER/PASS that I missed in last review
Converted from Scanner module to Gather
2013-02-23 10:09:23 -05:00
sinn3r 2b65cfa5ab Minor changes 2013-02-22 21:02:19 -06:00
sinn3r 1623877151 Merge branch 'MS13-009' of github.com:jjarmoc/metasploit-framework into jjarmoc-MS13-009 2013-02-22 20:58:42 -06:00
Meatballs 15d505f7a9 Msftidy 2013-02-22 22:09:19 +00:00
Meatballs 0ea7247a43 Initial commit 2013-02-22 22:05:29 +00:00
James Lee fc07bf16e7 Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-22 15:41:49 -06:00
bcoles 002654317c Add Kordil EDMS File Upload Vulnerability exploit 2013-02-22 23:32:17 +10:30
Matt Andreko b4f002d080 Code Review Feedback
Modified USER and PASS to USERNAME and PASSWORD
Moved the Scanner mixin to the bottom and removed deregister
2013-02-21 16:55:27 -05:00
James Lee c423ad2583 Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7 2013-02-21 15:30:43 -06:00
Matt Andreko 4784db3403 Fixed name 2013-02-21 15:48:41 -05:00
Matt Andreko 29cb4b1008 Merge remote-tracking branch 'upstream/master' into xbmc 2013-02-21 15:25:37 -05:00
jvazquez-r7 5b16e26f82 change module filename 2013-02-21 20:05:13 +01:00
jvazquez-r7 b4f4cdabbc cleanup for the module 2013-02-21 20:04:05 +01:00
jvazquez-r7 1913d60d65 multibrowser support 2013-02-21 01:13:25 +01:00
jvazquez-r7 bf216cca5c description and references updated 2013-02-20 18:14:53 +01:00
jvazquez-r7 d7b89a2228 added security level bypass 2013-02-20 17:50:47 +01:00
Royce Davis ac50c32d51 Tested, works on server 2k8 2013-02-20 10:02:50 -06:00
jvazquez-r7 d88ad80116 Added first version of cve-2013-0431 2013-02-20 16:39:53 +01:00
David Maloney 0ae489b37b last of revert-merge snaffu 2013-02-19 23:16:46 -06:00
James Lee 9d4a3ca729 Fix a typo that broke this module against x64
[SeeRM #7747]
2013-02-19 19:22:42 -06:00
jvazquez-r7 04ec4e432d minor cleanup for shell_bind_tcp 2013-02-20 01:02:58 +01:00
jvazquez-r7 3d199fe6db Merge branch 'mipsle-shell_bind_tcp' of https://github.com/kost/metasploit-framework into kost-mipsle-shell_bind_tcp 2013-02-20 01:00:34 +01:00
sinn3r 92093cd7d8 There's no HttpClient, so it shouldn't be using normalize_uri 2013-02-19 15:04:18 -06:00
sinn3r e9f4900beb Merge branch 'fixgenericcustom' of github.com:rsmudge/metasploit-framework into rsmudge-fixgenericcustom 2013-02-19 14:47:18 -06:00
James Lee f5d9887a06 Merge branch 'rapid7' into R3dy-psexec-mixin2 2013-02-19 12:58:03 -06:00
James Lee 4703278183 Move SMB mixins into their own directory 2013-02-19 12:55:06 -06:00
sinn3r 37634a9e60 Merge branch 'hp_vsa_exec_9' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_vsa_exec_9 2013-02-19 12:36:39 -06:00
James Lee ede804e6af Make psexec mixin a bit better
* Removes copy-pasted code from psexec_command module and uses the mixin
  instead

* Uses the SMB protocol to delete files rather than psexec'ing to call
  cmd.exe and del

* Replaces several instances of "rescue StandardError" with better
  exception handling so we don't accidentally swallow things like
  NoMethodError

* Moves file reading and existence checking into the Exploit::SMB mixin
2013-02-19 12:33:19 -06:00
sinn3r 189558b862 Merge branch 'openemr_upload_exec' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-openemr_upload_exec 2013-02-19 12:25:00 -06:00
sinn3r 5108e8ef1c Correct tab 2013-02-19 11:44:41 -06:00
sinn3r b2664e04fb Merge branch 'bigant_server_dupf_upload' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-bigant_server_dupf_upload 2013-02-19 11:42:04 -06:00
sinn3r 9813c815ef Minor changes 2013-02-19 11:40:06 -06:00
sinn3r 553d7abe43 Merge branch 'bigant_server_sch_dupf_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-bigant_server_sch_dupf_bof 2013-02-19 11:26:47 -06:00
James Lee 49f00acc11 Fix nil deref when dnsdomain is empty 2013-02-19 11:24:05 -06:00
Chris John Riley d49797267e Correct SAP Table Name 2013-02-19 11:20:49 +01:00
Chris John Riley 358b2f5783 Added module credit as this has turned into a rewrite ;) 2013-02-19 11:15:04 +01:00
Chris John Riley f3cf8ad1b9 Whitespace EOL 2013-02-19 11:13:33 +01:00
Chris John Riley a75bae927d Replaced report_note and table output with single function
Added proposed extract data function (HDM)
2013-02-19 11:12:12 +01:00
Chris John Riley d4011227e3 Made suitable changes to original module also (only report on non empty response) 2013-02-19 09:43:36 +01:00
Chris John Riley 4170a85d8a Added logic to only report when value is present 2013-02-19 09:42:13 +01:00
jvazquez-r7 416a7aeaa3 make msftidy happy for s4u_persistence 2013-02-18 15:23:06 +01:00
jvazquez-r7 be0feecf8f Merge branch 's4u_persistence' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-s4u_persistence 2013-02-18 15:22:37 +01:00
Thomas McCarthy 25f8a7dcb9 Fix expire tag logic and slight clean up
Was a dumbass again and didn't fully understand how Optints worked when left blank at run time. If not 0 the expire tag will be inserted now. Also made it print the xpath if used because I believe it will be of value to the user for trouble shooting.
2013-02-17 22:35:52 -05:00
Raphael Mudge 06ba2ef791 Allow generic/custom payload to generate an exe
The datastore value of ARCH has no effect on the array of
architectures the generic/custom payload is compatible with.
This commit forces the payload to update its list of compatible
architectures on generation if the ARCH value is set in the
datastore.

See:

http://dev.metasploit.com/redmine/issues/7755
2013-02-17 20:39:54 -05:00
jvazquez-r7 322fa53d49 fix typo 2013-02-17 20:29:41 +01:00
jvazquez-r7 31a3a374c3 Added module for CVE-2012-6274 2013-02-17 20:25:39 +01:00
jvazquez-r7 1a2a0bc38e Added module for CVE-2012-6275 2013-02-17 20:21:45 +01:00
Thomas McCarthy a8d574e4ce Updated one print_status 2013-02-17 14:08:33 -05:00
m-1-k-3 3ab5585107 make msftidy happy 2013-02-16 20:49:32 +01:00
m-1-k-3 121a736e28 initial commit 2013-02-16 20:42:02 +01:00
jvazquez-r7 ec5c8e3a88 Merge branch 'dlink-dir300-600-execution' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink-dir300-600-execution 2013-02-16 19:12:42 +01:00
jvazquez-r7 6b1bb9e1e8 Added module for OSVDB 90222 2013-02-16 13:11:46 +01:00
jvazquez-r7 a19da61177 deleting trailing comma 2013-02-16 00:53:28 +01:00
jvazquez-r7 221ce22f53 make msftidy happy 2013-02-15 19:01:58 +01:00
jvazquez-r7 829cf0f076 name changed to dns_srv_enum 2013-02-15 16:20:55 +01:00
jvazquez-r7 d1ba860409 changing filename for dns_srv 2013-02-15 16:20:33 +01:00
jvazquez-r7 374faf9b02 cleanup for dns_srv 2013-02-15 16:19:48 +01:00
jvazquez-r7 9d4bd763a6 Merge branch 'darkoperator-dnsenum2dnssrv' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-dnsenum2dnssrv 2013-02-15 16:19:31 +01:00
jvazquez-r7 38f5fbced3 cleanup for dns_reverse_lookup 2013-02-15 12:56:01 +01:00
jvazquez-r7 f1e3dab45f Merge branch 'darkoperator-dnsenum2dnsreverselookup' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-dnsenum2dnsreverselookup 2013-02-15 12:55:39 +01:00
jvazquez-r7 6aed858f80 cleanup for dns_bruteforce 2013-02-15 12:37:46 +01:00
jvazquez-r7 1be003a4d0 Merge branch 'darkoperator-dnsenum2dnsbruteforce' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-dnsenum2dnsbruteforce 2013-02-15 12:37:27 +01:00
jvazquez-r7 57e1d1baa5 cleanup for dns_info 2013-02-15 12:03:08 +01:00
jvazquez-r7 8a1874b4d1 Merge branch 'darkoperator-dnsenum2dnsinfo' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-dnsenum2dnsinfo 2013-02-15 12:02:48 +01:00
Carlos Perez bcd59aa8fa Typo word module does not go in the name. 2013-02-14 21:56:24 -04:00
Carlos Perez 1d64de6c11 Typo word module does not go in the name. 2013-02-14 21:55:38 -04:00
Carlos Perez 7f7b4e5a97 more changes to description and name 2013-02-14 21:49:57 -04:00
Carlos Perez faf970cf1f more changes to description and name 2013-02-14 21:47:43 -04:00
Carlos Perez 1b8610042a more changes to description and name 2013-02-14 21:46:21 -04:00
Carlos Perez 0b9d4d976f more changes to description and name 2013-02-14 21:44:31 -04:00
SphaZ ff508fa222 msftidy 2013-02-14 21:51:50 +01:00
SphaZ 91f89f8c68 Rewrite of module after auxilliary. Also moved to post/windows 2013-02-14 21:41:19 +01:00
kernelsmith 8a91f0d7ec rescue ENOENT as well 2013-02-14 14:04:45 -06:00
Carlos Perez 23320a5dde Fix spelling problems 2013-02-14 15:48:11 -04:00
Carlos Perez a7d4f5ff4a Fix spelling problems 2013-02-14 15:46:36 -04:00
Carlos Perez 7f97ff271f Fix spelling problems 2013-02-14 15:44:32 -04:00
Carlos Perez 1872b137f5 Fix spelling problems 2013-02-14 15:41:17 -04:00
Carlos Perez e8ccfae048 Fix spelling problems 2013-02-14 15:38:17 -04:00
Jeff Jarmoc ade2c9ef56 msftidy - fix line endings. 2013-02-14 11:42:02 -06:00
Jeff Jarmoc 4c90cacffe Send iframe when URIPATH isnt '/' 2013-02-14 11:23:08 -06:00
Jeff Jarmoc 947aa24d44 MS13-009 / CVE-2013-0025 ie_slayout_uaf.rb by Scott Bell 2013-02-14 11:18:19 -06:00
Thomas McCarthy 7b2c1afadb I'm an idiot, fix logon xpath 2013-02-14 09:16:47 -05:00
Jeff Jarmoc c2f8e4adbd Minor - Note Rails 3.1.11 patch in Description. 2013-02-13 22:30:54 -06:00
smilingraccoon e78cbdd14d missed one line 2013-02-13 18:17:38 -05:00
smilingraccoon bbf8fe0213 Use Post::File methods and fail_with 2013-02-13 18:10:05 -05:00
sinn3r 1f881d7c21 Merge branch 'tasos-r7-feature/web_crawler_skip_paths' 2013-02-13 14:35:14 -06:00
sinn3r 4074a12fd7 Randomize some gadgets 2013-02-13 14:12:52 -06:00
sinn3r 4eca6e5502 Merge branch 'feature/web_crawler_skip_paths' of github.com:tasos-r7/metasploit-framework into tasos-r7-feature/web_crawler_skip_paths 2013-02-13 14:07:20 -06:00
sinn3r 323a58b9cb Merge branch 'foxit_reader_plugin_url_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-foxit_reader_plugin_url_bof 2013-02-13 14:01:25 -06:00
jvazquez-r7 d1784babea little cleanup plus msftidy compliant 2013-02-13 20:24:49 +01:00
jvazquez-r7 0ae473b010 info updated with rails information 2013-02-13 09:52:17 +01:00
jvazquez-r7 f46eda2fa9 Merge branch 'rails_devise_pw_reset' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-rails_devise_pw_reset 2013-02-13 09:51:37 +01:00
jvazquez-r7 799beb5adc minor cleanup 2013-02-13 01:00:25 +01:00
jvazquez-r7 167f5970c1 minor cleanup for rails_json_yaml_scanner 2013-02-13 00:07:58 +01:00
jvazquez-r7 3e2a368823 Merge branch 'rails_json_yaml_scanner' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-rails_json_yaml_scanner 2013-02-13 00:07:11 +01:00
Jeff Jarmoc 846052a34d s/URIPATH/TARGETURI/g per @jvasquez-r7 comments on another pull. 2013-02-12 15:13:06 -06:00
Jeff Jarmoc 1d5d33f306 use normalize_uri() 2013-02-12 14:58:07 -06:00
Jeff Jarmoc c6a7a4e68d /URIPATH/TARGETURI/g 2013-02-12 14:50:10 -06:00
Tasos Laskos f2cf4304d2 Merge remote-tracking branch 'upstream/master' into feature/web_crawler_skip_paths 2013-02-12 22:10:40 +02:00
Tasos Laskos 9efd3f6c5e scanner/http/crawler: added ExcludePathPatterns opt
Option 'ExcludePathPatterns' allows users to specify which paths should
be excluded from the crawl (and which forms to ignore) by passing a
list of patterns (only allows '*' wildcards).
2013-02-12 21:47:12 +02:00
Jeff Jarmoc c7719bf4cb Verify response is non-nil. 2013-02-12 13:41:21 -06:00
Jeff Jarmoc 9e1f106a87 msftidy cleanup 2013-02-12 13:38:58 -06:00
HD Moore cae6661574 Handle invalid commands gracefully (dont exit) 2013-02-12 11:33:23 -08:00
jvazquez-r7 f58cc6a2e0 more fix version info 2013-02-12 18:51:04 +01:00
jvazquez-r7 96b1cb3cfb fix version info 2013-02-12 18:50:36 +01:00
jvazquez-r7 69267b82b0 Make stable #1318 foxit reader exploit 2013-02-12 18:44:19 +01:00
HD Moore 4c2bddc452 Fix a typo and always treat ports as integers: 2013-02-12 08:59:11 -08:00
HD Moore a33d1ef877 This allows the ruby payloads to work properly on Windows 2013-02-12 08:55:37 -08:00
Chris John Riley 3a6cd6f395 Added module for requesting RFC_SYSTEM_INFO via ICF web interface 2013-02-12 14:42:59 +01:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
2013-02-11 20:49:55 -06:00
jvazquez-r7 9040fcd5ae Merge branch 'darkoperator-post2localexploit' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-post2localexploit 2013-02-12 01:52:05 +01:00
jvazquez-r7 42a6d96ff4 using Post::File methods plus little more cleanup 2013-02-12 01:33:07 +01:00
jvazquez-r7 97edbb7868 using always a vbs file to drop exe 2013-02-12 00:58:26 +01:00
Jeff Jarmoc ddd7d307e6 Add a scanner aux module for Rails JSON/YAML vuln CVE-2013-0333 2013-02-11 16:48:44 -06:00
jvazquez-r7 766257d26a pointed by @m-1-k-3 while working on #1472 2013-02-11 21:21:43 +01:00
jvazquez-r7 d4d41f36d4 Merge branch 'bug/basic_auth' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-bug/basic_auth 2013-02-11 21:16:35 +01:00
Jeff Jarmoc 5f0a3c6b9e Removes pry, oops. 2013-02-11 14:02:46 -06:00
Jeff Jarmoc 753fa2c853 Handles error when TARGETEMAIL is invalid. 2013-02-11 13:58:56 -06:00
David Maloney a43b902b5c Fix tomcat_mgr_login auth 2013-02-11 12:00:40 -06:00
Jeff Jarmoc 61ffcedbfd Address HD's other comments, fixes mismatched var name in last commit. 2013-02-11 11:17:26 -06:00
Jeff Jarmoc e72dc47448 Uses REXML for encoding of password. 2013-02-11 11:12:29 -06:00
sinn3r f3a1339a4c Merge branch 'jvazquez-r7-novell_groupwise_gwcls1_actvx' 2013-02-11 10:40:33 -06:00
Carlos Perez 6c85e5242e change wildcard message to print_warning 2013-02-11 12:04:30 -04:00
Carlos Perez 431641fec9 added check for retry options 2013-02-11 12:02:15 -04:00
Carlos Perez 5edb138a8f fixed nil issue 2013-02-11 11:51:33 -04:00
Carlos Perez fd6f00f641 added report note for wildcard 2013-02-11 11:37:20 -04:00
Carlos Perez 5f10704697 applied fixes 2013-02-11 11:31:13 -04:00
Carlos Perez 55efe01bf7 Applied fixes 2013-02-11 11:23:06 -04:00
jvazquez-r7 24c3f1b99d fix msftidy 2013-02-11 15:07:49 +01:00
jvazquez-r7 991e65770c minor cleanup for word_unc_injector 2013-02-11 15:06:19 +01:00
jvazquez-r7 41564fd51d Merge branch 'aux-word_unc_injector.rb' of https://github.com/SphaZ/metasploit-framework into SphaZ-aux-word_unc_injector.rb 2013-02-11 15:05:27 +01:00
Jeff Jarmoc 43a1fbb6f2 Make msftiday happy. 2013-02-10 21:13:18 -06:00
Jeff Jarmoc 55cba56591 Aux module for joernchen's devise vuln - CVE-2013-0233 2013-02-10 21:10:00 -06:00
smilingraccoon 3a499b1a6d added s4u_persistence.rb 2013-02-10 14:22:36 -05:00
jvazquez-r7 17b349ab50 added crash to comments 2013-02-09 17:49:57 +01:00
jvazquez-r7 5b576c1ed0 fix ident and make happy msftidy 2013-02-09 17:40:45 +01:00