James Lee
9c95c7992b
Require's for all the include's
2012-10-23 13:24:05 -05:00
James Lee
13a5892e95
Add a mixin for uploading/executing bins with PHP
...
And use it in three modules that had copy-paste versions of the same
idea.
2012-10-12 02:57:41 -05:00
sinn3r
9ea208d129
Oops, overwrote egypt's changes by accident
2012-10-11 16:40:52 -05:00
sinn3r
82eaa322fe
Make cleanup work better
2012-10-11 16:39:54 -05:00
James Lee
3a66a07844
Proposed re-wording of description
...
[See #889 ]
2012-10-11 15:48:04 -05:00
sinn3r
24980e735b
I found an OSVDB ID
2012-10-11 15:28:07 -05:00
sinn3r
55128f5bb3
Make sure res has value before passing it on to exec_php
2012-10-11 14:43:38 -05:00
sinn3r
033a11eff5
Add Project Pier File Upload Vulnerability
2012-10-11 13:47:40 -05:00
jvazquez-r7
4fa3631e34
avoiding the python support on the barracuda one if cannot be tested
2012-10-09 18:01:23 +02:00
jvazquez-r7
f33411abd1
Merge branch 'python_payload_support' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-python_payload_support
2012-10-09 18:00:44 +02:00
sinn3r
a12aed7ffc
Don't really need these keywords
2012-10-09 00:49:05 -05:00
sinn3r
c094508119
Support Python payload
...
Pretty sure if the app is run on Unix/Apache, or supports perl and
ruby, chances are python works too.
2012-10-08 22:17:11 -05:00
ethicalhack3r
f4e442bcbd
Added headers support to php_include module
2012-10-05 23:00:38 +02:00
sinn3r
d515b3274d
Apply wfsdelay and apply egypt's suggestions
2012-10-04 00:40:52 -05:00
bcoles
e2276bfedb
Add QNX QCOMM command execution module
2012-09-30 17:21:08 +09:30
Tod Beardsley
c83b49ad58
Unix linefeeds, not windows
...
That's what I get for just committing willy-nilly with a fresh install
of Gvim for Windows.
Also, this is an experiment to see if linefeeds are being respected in
this editor Window. I doubt it will be, given GitHub's resistence to
50/72 as a sensible default.
2012-09-16 18:10:35 -05:00
Tod Beardsley
2fc34e0073
Auth successful, not successfully
...
Just fixing up some adverb versus adjective grammar.
2012-09-16 17:51:00 -05:00
jvazquez-r7
cbc778cb47
add changes proposed by sinn3r
2012-09-15 23:53:09 +02:00
jvazquez-r7
0708ec72fc
module moved to a more correct location
2012-09-15 15:31:21 +02:00
jvazquez-r7
e27f736e95
BID reference added
2012-08-24 17:29:12 +02:00
jvazquez-r7
0e535e6485
added module for XODA file upload RCE
2012-08-22 00:54:13 +02:00
jvazquez-r7
c2cc4b3b15
juan author name updated
2012-08-06 18:59:16 +02:00
Tod Beardsley
d5b165abbb
Msftidy.rb cleanup on recent modules.
...
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
Daniel Miller
31510167e6
Make setuid_nmap more robust
...
Squashed commit of the following:
commit e1a1f84f9b1ce6466e82c72e39070c34607d6769
Author: James Lee <egypt@metasploit.com>
Date: Fri Aug 3 14:13:33 2012 -0600
Fix 1.8 compat
commit 26533219896b6e874b2f2113e7cbc6d5d7d1ac79
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Thu Aug 2 09:50:38 2012 -0500
Handle early Nmap versions that don't take absolute paths
commit 00db80131deba1f4a3bcc289b394feb5057fbbe9
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Fri Jul 27 11:58:36 2012 -0500
Add compatibility args to setuid_nmap command
Nmap before 4.75 would not run a script without a port scan being
performed. Example: 4.53 installed on Metasploitable would not work.
Added "-p80 localhost" to the command to ensure it works with these
older versions.
[Closes #649 ]
2012-08-03 14:15:09 -06:00
jvazquez-r7
2f66aa7c4f
Added module for OSVDB 83891
2012-07-21 12:14:29 +02:00
James Lee
efe478f847
Merge branch 'master' into omg-post-exploits
2012-07-16 09:20:23 -06:00
HD Moore
a57e712630
Be less verbose
2012-07-15 22:19:12 -05:00
HD Moore
b133428bc1
Better error handling in two web app modules
2012-07-15 21:56:00 -05:00
jvazquez-r7
4af75ff7ed
Added module for CVE-2011-4542
2012-07-10 18:40:18 +02:00
James Lee
6d6b4bfa92
Merge remote branch 'rapid7/master' into omg-post-exploits
2012-07-08 17:32:39 -06:00
Steve Tornio
44290c2c89
add osvdb ref
2012-07-07 08:40:25 -05:00
sinn3r
1e6c4301b6
We worked on it, so we got credit
2012-07-06 02:12:10 -05:00
sinn3r
f8123ef316
Add a "#" in the end after the payload
2012-07-06 02:09:31 -05:00
sinn3r
187731f2cb
Add a check function to detect the vuln
2012-07-06 01:58:01 -05:00
sinn3r
dcddc712d2
Missing a "&"
2012-07-06 01:50:18 -05:00
sinn3r
3c8a836091
Add lcashdol's module from #568
...
Initial version being worked on by sinn3r & juan
2012-07-06 01:41:34 -05:00
sinn3r
850242e733
Remove the extra comma and a tab char
2012-07-05 14:05:23 -05:00
jvazquez-r7
aee7d1a966
Added module for CVE-2012-0911
2012-07-05 20:58:27 +02:00
sinn3r
e5dd6fc672
Update milw0rm references.
...
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links. Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
sinn3r
f63a3959e0
Update web app module references
2012-06-28 00:37:37 -05:00
sinn3r
8927c8ae57
Make it more verbose, and do some exception handling for cleanup
2012-06-25 17:27:33 -05:00
jvazquez-r7
7b0f3383d2
delete default credentials
2012-06-25 23:53:56 +02:00
jvazquez-r7
7dc1a572e5
trying to fix serialization issues
2012-06-25 23:25:38 +02:00
jvazquez-r7
4c453f9b87
Added module for CVE-2012-0694
2012-06-25 17:21:03 +02:00
James Lee
815d80a2cc
Merge branch 'rapid7' into omg-post-exploits
2012-06-21 17:02:55 -06:00
HD Moore
d40e39b71b
Additional exploit fail_with() changes to remove raise calls
2012-06-19 19:43:41 -05:00
HD Moore
fb7f6b49f0
This mega-diff adds better error classification to existing modules
2012-06-19 12:59:15 -05:00
James Lee
96c16a498a
Add a check for distcc_exec
...
Just executes the exploit with an "echo <random>" payload to see if it
works.
2012-06-18 14:34:02 -06:00
James Lee
c39a42da3d
No need to alter time out
2012-06-12 23:58:20 -06:00
James Lee
0e8fb0fe98
Add a post-exploitation exploit for suid nmap
...
Tested on Ubuntu with nmap 6.00 and nmap 5.00
2012-06-12 23:58:20 -06:00
jvazquez-r7
4ae786590a
php_wordpress_foxypress from patrick updated. Related to Pull Request #475
2012-06-12 17:39:05 +02:00
Christian Mehlmauer
3752c10ccf
Adding FireFart's RPORT(80) cleanup
...
This was tested by creating a resource script to load every changed
module and displaying the options, like so:
````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````
...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.
Thanks FireFart!
Squashed commit of the following:
commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Fri May 25 22:09:42 2012 +0200
Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
2012-06-02 09:53:19 -05:00
David Maloney
54fb6d2f7a
Fixes unreal ircd race condition
...
Handler would exit before finishing staging
2012-05-29 17:16:07 -05:00
jvazquez-r7
e774df5c32
target info plus relocation
2012-05-25 20:16:13 +02:00
jvazquez-r7
c4fad0dea5
module added for OSVDB-73609
2012-05-25 17:18:09 +02:00
HD Moore
d668e2321d
Rename this to a more suitable location
2012-05-04 09:59:40 -05:00
HD Moore
6cf6a9548d
Fix up the PHP CGI exploit, remove debug lines
2012-05-04 09:58:10 -05:00
sinn3r
9a36017271
no unicode
2012-05-04 00:01:03 -05:00
James Lee
2d1f4d4f3e
Add hdm's better check method
2012-05-03 19:00:40 -06:00
James Lee
40ec3d9d40
Add an exploit module for the recent php cgi bug (CVE-2012-1823)
2012-05-03 18:51:54 -06:00
sinn3r
a8eada6016
This module should be able to support more payloads
2012-04-16 14:43:36 -05:00
sinn3r
edadc19757
This module should be able to support more payloads than it should be
2012-04-16 14:41:11 -05:00
Tod Beardsley
56404f5edd
Fixing EDB reference
2012-03-28 14:33:25 -06:00
Tod Beardsley
2bcf259301
Setting correct LFs on freepbx_callmenum.rb
2012-03-23 16:29:42 -05:00
wchen-r7
71462bc73d
Merging in freepbx_callmenum.rb and ricoh_dl_bof.rb
...
[Closes #266 ]
2012-03-23 16:23:36 -05:00
Tod Beardsley
47493af103
Merge pull request #259 from todb-r7/edb-2
...
Convert Exploit-DB references to first-tier "EDB-12345" references
2012-03-23 12:09:07 -07:00
James Lee
17a044db89
Print the full URI
...
Makes everything obvious from output alone, don't need to show options
to see what RHOST is.
2012-03-22 18:44:55 -06:00
Tod Beardsley
7d12a3ad3a
Manual fixup on remaining exploit-db references
2012-03-21 16:43:21 -05:00
Tod Beardsley
2f3bbdc00c
Sed replacement of exploit-db links with EDB refs
...
This is the result of:
find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/ \([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
sinn3r
aeb691bbee
Massive whitespace cleanup
2012-03-18 00:07:27 -05:00
James Lee
70162fde73
A few more author typos
2012-03-05 13:28:46 -07:00
James Lee
5e6c40edfd
Remove unnecessary space restrictions.
...
This allows using the full range of PHP payloads
2012-02-21 23:21:07 -07:00
James Lee
7ca573a1b4
Give these two old modules a chance to work by setting a proper arch
...
These must have been broken for quite some time. =/ They should
probably both be ARCH_PHP but I'm reluctant to make that big of a change
without having the target software to test.
2012-02-21 22:59:20 -07:00
HD Moore
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
HD Moore
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00
Tod Beardsley
7e25f9a6cc
Death to unicode
...
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
sinn3r
e7ab48693c
Repair dead milw0rm link to exploit-db
2011-12-13 16:12:57 -06:00
sinn3r
94b736c76c
Repair dead milw0rm link to exploit-db
2011-12-13 16:12:38 -06:00
sinn3r
97b74101fb
Repair dead milw0rm link to exploit-db
2011-12-13 16:12:11 -06:00
sinn3r
6f5d64f6de
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-11-29 03:31:15 -06:00
sinn3r
34a933d499
Feature #5610
2011-11-29 03:30:49 -06:00
Rob Fuller
c411c216c0
Solved most of msftidy issues with the /modules directory
2011-11-28 17:10:29 -06:00
Wei Chen
e767214411
Fix: whitespaces, svn propset, author e-mail format
...
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 22:02:26 +00:00
Steve Tornio
7a07e069da
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@14156 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 14:15:00 +00:00
Wei Chen
3722a5c3c1
Add LifeSize room command injection (feature #5333 )
...
git-svn-id: file:///home/svn/framework3/trunk@14143 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-02 19:40:05 +00:00
Joshua Drake
62c8c6ea9f
big msftidy pass, ping me if there are issues
...
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
HD Moore
5916a4afe3
Cosmetic
...
git-svn-id: file:///home/svn/framework3/trunk@13991 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:56:33 +00:00
HD Moore
f2469fc23f
Drop phpi to normal ranking, it eats too much time
...
git-svn-id: file:///home/svn/framework3/trunk@13990 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:10:45 +00:00
Wei Chen
975cc52bac
Fix spelling errors
...
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 00:54:05 +00:00
Wei Chen
d204f4027b
Catch nil first before do .empty?
...
git-svn-id: file:///home/svn/framework3/trunk@13978 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 15:59:57 +00:00
Tod Beardsley
30ac88694f
More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster.
...
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:58:53 +00:00
HD Moore
cf8524b1b4
Fixes #5414 by applying Joshua Taylor's patch that corrects bad reference types
...
git-svn-id: file:///home/svn/framework3/trunk@13949 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:53:53 +00:00
Wei Chen
14d7db1641
Add disclosure dates to all the exploit modules that didn't have one
...
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 21:09:17 +00:00
Wei Chen
1a02a2199b
These are considered as cmd exec and do not cause crashes, therefore received an ExcellentRanking
...
git-svn-id: file:///home/svn/framework3/trunk@13937 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:42:20 +00:00
Chao Mu
4b9346e40e
Switching my BSD modules to MSF_LICENSE to make life easier. Resistance is Futile! Assimilate!
...
git-svn-id: file:///home/svn/framework3/trunk@13925 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 23:29:52 +00:00
HD Moore
0ff7f17cba
Cosmetic module and service name fixes
...
git-svn-id: file:///home/svn/framework3/trunk@13917 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 00:52:15 +00:00
HD Moore
643223ff11
Fixes #5651 by applying patch
...
git-svn-id: file:///home/svn/framework3/trunk@13850 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 15:40:59 +00:00
Wei Chen
9ddfc122af
Fix indentation, white spaces, add patch URL to reference
...
git-svn-id: file:///home/svn/framework3/trunk@13847 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 20:39:02 +00:00
Tod Beardsley
921549fc3d
Adding OSVDB ref that just popped up for me.
...
git-svn-id: file:///home/svn/framework3/trunk@13844 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 15:49:02 +00:00
Tod Beardsley
3d9c94633d
Adding MyBB backdoor exploit submitted by tdz. Thanks!
...
git-svn-id: file:///home/svn/framework3/trunk@13838 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 03:22:07 +00:00