Pedro Ribeiro
ded085f5cc
Add CVE ID
2014-09-03 07:22:10 +01:00
Brandon Perry
ee3e5c9159
Add check method
2014-09-02 21:35:47 -05:00
Pedro Ribeiro
c672fad9ef
Add OSVDB ID, remove comma from Author field
2014-09-02 23:17:10 +01:00
Pedro Ribeiro
d69049008c
Refactor and rename desktopcentra_file_upload
...
- Rewrite check method
- Declare that v7 is also exploitable (tested and it works)
- Rename to dc_agentlogupload_file_upload to match the other DC module's naming convention
- Add CVE / OSVDB / Full disclosure references
2014-09-02 23:12:33 +01:00
Pedro Ribeiro
05856016c9
Add exploit for CVE-2014-5005
2014-09-02 23:09:10 +01:00
Joe Vennix
f7617183d9
Revert "Add initial firefox xpi prompt bypass."
...
This reverts commit ebcf972c08
.
2014-09-02 12:27:41 -05:00
Pedro Ribeiro
d480a5e744
Credit h0ng10 properly
2014-09-01 07:58:26 +01:00
Pedro Ribeiro
59847eb15b
Remove newline at the top
2014-09-01 07:56:53 +01:00
Pedro Ribeiro
6a370a5f69
Add exploit for eventlog analyzer file upload
2014-09-01 07:56:01 +01:00
jvazquez-r7
c05edd4b63
Delete debug print_status
2014-08-31 01:34:47 -05:00
jvazquez-r7
8b1791da22
Modify modules to keep old behavior
2014-08-31 01:18:53 -05:00
jvazquez-r7
559ec4adfe
Add module for ZDI-14-299
2014-08-31 01:11:46 -05:00
Brandon Perry
438f0e6365
typos
2014-08-30 09:22:58 -05:00
Brandon Perry
f72cce9ff2
Update railo_cfml_rfi.rb
2014-08-29 17:33:15 -05:00
Spencer McIntyre
1cdf1c2c6e
Land #3709 , @nnam's wing ftp admin console cmd exec
2014-08-29 13:46:01 -04:00
Spencer McIntyre
8095b4893c
Rename and apply rubocop style to wing_ftp_admin_exec
2014-08-29 13:42:11 -04:00
nnam
02bbd53b82
Fix failure messages for check().
2014-08-28 12:09:35 -07:00
Nicholas Nam
6c90a50e47
Handle res.nil case in check(). Revert check for res.nil in
...
execute_command() because it was failing prior to the reverse_shell
connecting.
2014-08-28 10:57:52 -07:00
Nicholas Nam
0788ce9745
Removed unused require and import. Handle the res.nil case in
...
execute_command() and authenticate().
2014-08-28 10:30:30 -07:00
jvazquez-r7
58091b9e2b
Land #3708 , @pedrib fix for manage_engine_dc_pmp_sqli
2014-08-28 10:47:03 -05:00
jvazquez-r7
9d3d25a3b3
Solve conflicts
2014-08-28 10:19:12 -05:00
Brandon Perry
f4965ec5cf
Create railo_cfml_rfi.rb
2014-08-28 08:42:07 -05:00
sinn3r
633eaab466
Land #3714 - Firefox 22-27 WebIDL Privileged Javascript Injection
2014-08-27 01:45:18 -05:00
Joe Vennix
26cfed6c6a
Rename exploit module.
2014-08-26 23:05:41 -05:00
Joe Vennix
96276aa6fa
Get the disclosure date right.
2014-08-26 20:36:58 -05:00
Joe Vennix
52f33128cd
Add Firefox WebIDL Javascript exploit.
...
Also removes an incorrect reference from another FF exploit.
2014-08-26 20:35:17 -05:00
William Vu
9f6a40dfd6
Fix bad pack in mswin_tiff_overflow
...
Reported by @egyjuzer in #3706 .
2014-08-26 11:14:44 -05:00
Nicholas Nam
40b66fae33
Add Wing FTP Server post-auth remote command execution module
2014-08-26 07:28:41 -07:00
Pedro Ribeiro
a8d03aeb59
Fix bug with PMP db paths
2014-08-26 12:54:31 +01:00
Pedro Ribeiro
473341610c
Update name to mention DC; correct servlet name
2014-08-26 12:39:48 +01:00
Joe Vennix
6d3255a3b5
Update bad config error.
2014-08-25 14:43:23 -05:00
Joe Vennix
b652ebb44f
Add other gdb-supported platforms that run on allowed arches.
2014-08-25 14:15:20 -05:00
Joe Vennix
c4a173e943
Remove automatic target, couldn't figure out generic payloads.
2014-08-25 14:14:47 -05:00
Joe Vennix
6313b29b7a
Add #arch method to Msf::EncodedPayload.
...
This allows exploits with few one automatic target to support many
different architectures.
2014-08-24 02:22:15 -05:00
Joe Vennix
88f626184c
Remove linux platform limitation, target depends on arch only.
2014-08-24 01:39:04 -05:00
Joe Vennix
04d0b87067
Reorder module title.
2014-08-24 01:18:21 -05:00
Joe Vennix
c65ba20017
Fix incorrect Platforms key.
2014-08-24 01:15:34 -05:00
Joe Vennix
4e63faea08
Get a shell from a loose gdbserver session.
2014-08-24 01:10:30 -05:00
jvazquez-r7
0031913b34
Fix nil accesses
2014-08-22 16:19:11 -05:00
jvazquez-r7
38e6576990
Update
2014-08-22 13:22:57 -05:00
jvazquez-r7
e93fbbd904
Land #3685 , @pedrib's exploit for CVE-2014-3996
2014-08-22 11:45:41 -05:00
jvazquez-r7
cf147254ad
Use snake_case in the filename
2014-08-22 11:44:35 -05:00
jvazquez-r7
823649dfa9
Clean exploit, just a little
2014-08-22 11:43:58 -05:00
jvazquez-r7
9815b1638d
Refactor pick_target
2014-08-22 11:31:06 -05:00
jvazquez-r7
ecace8beec
Refactor check method
2014-08-22 11:05:36 -05:00
Brandon Turner
05f0d09828
Merge branch staging/electro-release into master
...
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63
and
82760bf5b3
).
We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3
).
This merge commit merges the staging/electro-release branch
(62b81d6814
) into master
(48f0743d1b
). It ensures that any changes
committed to master since the original squashed merge are retained.
As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
jvazquez-r7
ced65734e9
Make some datastore options advanced
2014-08-22 10:26:04 -05:00
jvazquez-r7
b4e3e84f92
Use CamelCase for target keys
2014-08-22 10:23:36 -05:00
jvazquez-r7
b58550fe00
Indent description and fix title
2014-08-22 10:21:08 -05:00
Brandon Turner
19ba7772f3
Revert "Various merge resolutions from master <- staging"
...
This reverts commit 149c3ecc63
.
Conflicts:
lib/metasploit/framework/command/base.rb
lib/metasploit/framework/common_engine.rb
lib/metasploit/framework/require.rb
lib/msf/core/modules/namespace.rb
modules/auxiliary/analyze/jtr_postgres_fast.rb
modules/auxiliary/scanner/smb/smb_login.rb
msfconsole
2014-08-22 10:17:44 -05:00
inkrypto
7e2d474a26
Ranking, Version, Spacing Edit
2014-08-22 11:06:42 -04:00
Pedro Ribeiro
da752b0134
Add exploit for CVE-2014-3996
2014-08-21 15:30:28 +01:00
sinn3r
e2e2dfc6a3
Undo FF
2014-08-19 17:47:44 -05:00
sinn3r
777efb5e48
Land #3669 - Deprecate ff 17 svg exploit
2014-08-19 17:42:31 -05:00
sinn3r
c73ec66c7a
Land #3659 - Add HybridAuth install.php PHP Code Execution
2014-08-19 17:19:01 -05:00
joev
b93fda5cef
Remove browser_autopwn hook from deprecated FF module.
2014-08-18 15:33:43 -05:00
joev
87aa63de6e
Deprecate FF17 SVG exploit.
...
This exploit needs flash, the tostring_console injection one does not.
2014-08-18 15:32:51 -05:00
Brendan Coles
564431fd41
Use arrays in refs for consistency
2014-08-18 18:54:54 +00:00
Tod Beardsley
cad281494f
Minor caps, grammar, desc fixes
2014-08-18 13:35:34 -05:00
HD Moore
d8e82b9394
Lands #3655 , fixes pack operators
...
the commit.
he commit.
2014-08-17 17:25:52 -05:00
Brendan Coles
b8b2e3edff
Add HybridAuth install.php PHP Code Execution module
2014-08-16 23:31:46 +00:00
sinn3r
e656a81c63
Land #3656 - FF toString console.time Privileged Javascript Injection
2014-08-15 17:07:23 -05:00
joev
6d958475d6
Oops, this doesn't work on 23, only 22.
2014-08-15 17:00:58 -05:00
joev
fb1fe7cb8b
Add some obfuscation.
2014-08-15 16:54:30 -05:00
joev
b574a4c4c5
Wow, this gets a shell all the way back to 15.0.
2014-08-15 16:39:36 -05:00
joev
5706371c77
Update browser autopwn settings.
2014-08-15 16:32:06 -05:00
joev
8c63c8f43d
Add browserautopwn hook now that this is not user-assisted.
2014-08-15 16:28:21 -05:00
joev
694d917acc
No need for web console YESSSS
2014-08-15 16:02:26 -05:00
joev
738a295f0a
Rename module to tostring_console*.
2014-08-15 15:17:37 -05:00
Meatballs
0cc3bdfb35
Moar bad packs
2014-08-15 21:11:37 +01:00
joev
f182613034
Invalid CVE format.
2014-08-15 15:09:45 -05:00
joev
edb9d32e5c
Add module for toString() injection in firefox.
2014-08-15 15:08:10 -05:00
inkrypto
7972da350d
Files move to appropriate directories and have proper formatting
2014-08-15 14:37:29 -04:00
Tod Beardsley
904c1b20b1
Land #3654 , update to 4.10-dev (electro)
2014-08-15 12:51:28 -05:00
Samuel Huckins
149c3ecc63
Various merge resolutions from master <- staging
...
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
jvazquez-r7
4cfd2abd8d
Land #3621 , @kaospunk's exploit for gitlab-shell CVE-2013-4490 command injection
2014-08-15 09:17:16 -05:00
jvazquez-r7
4e0f6dfcc7
Do minor cleanup
2014-08-15 09:10:08 -05:00
sinn3r
f91116a8e8
Land #3634 - Virtual box 3D Acceleration OpenGL Host escape
2014-08-13 20:08:13 -05:00
kaospunk
5ed3e6005a
Implement suggestions
...
This commit addresses feedback such as adding a check
function and changing the login fail case by being
more specific on what is checked for. The failing
ARCH_CMD payloads were addressed by adding BadChars.
Last, an ARCH_PYTHON target was added based on
@zerosteiner's feedback.
2014-08-13 20:26:48 -04:00
jvazquez-r7
127d094a8d
Dont share once device is opened
2014-08-13 16:13:38 -05:00
sinn3r
558cea6017
Land #3638 - Add VMTurbo Operations Manager 'vmtadmin.cgi' RCE
2014-08-13 11:55:56 -05:00
Meatballs
05a198bc96
Correct spelling
2014-08-13 14:06:25 +01:00
Meatballs
4a01c27ed4
Use get_env and good pack specifier
2014-08-13 10:59:22 +01:00
Emilio Pinna
4ff73a1467
Add version build check
2014-08-13 09:53:43 +02:00
jvazquez-r7
da4b572a0d
Change module name
2014-08-12 17:17:26 -05:00
jvazquez-r7
3eccc12f50
Switch from vprint to print
2014-08-12 17:11:24 -05:00
jvazquez-r7
f203fdebcb
Use Msf::Exploit::Local::WindowsKernel
2014-08-12 17:09:39 -05:00
jvazquez-r7
e1debd68ad
Merge to update
2014-08-12 16:21:39 -05:00
jvazquez-r7
183b27ee27
There is only one target
2014-08-12 16:14:41 -05:00
jvazquez-r7
c8e4048c19
Some style fixes
2014-08-12 16:11:31 -05:00
jvazquez-r7
ea3d2f727b
Dont fail_with while checking
2014-08-12 16:09:59 -05:00
Emilio Pinna
3440f82b2e
Minor description adjustment
2014-08-12 22:18:59 +02:00
Emilio Pinna
9e38ffb797
Add the check for the manual payload setting
2014-08-12 21:55:42 +02:00
Emilio Pinna
5b6be55c50
Fix (properly) 'execute_command()' missing 'opts' parameter
2014-08-12 19:49:27 +02:00
Emilio Pinna
3af17ffad0
Fixed 'execute_command()' missing 'opts' parameter
2014-08-12 19:24:24 +02:00
jvazquez-r7
042423088c
Make sure which the full payload is used
2014-08-12 11:41:29 -05:00
Emilio Pinna
f71589f534
Simplify payload upload using 'CmdStager' mixin
2014-08-12 10:49:17 +02:00
kaospunk
4e6a04d3ad
Modifications for login and key addition
...
This commit adds additional support for logging in
on multiple versions of Gitlab as well as adding a
key to exploit the vulnerability.
2014-08-11 19:54:10 -04:00
Emilio Pinna
cc5770558d
Remove local payload saving used for debugging
2014-08-11 19:16:14 +02:00
Emilio Pinna
4790b18424
Use FileDropper mixin to delete uploaded file
2014-08-11 19:02:09 +02:00