Commit Graph

9629 Commits (3e229fe236a59544d22014c3539b39fc68f7597c)

Author SHA1 Message Date
g0tmi1k 2a6056fd2a exploits/s4u_persistence~Fixed typos+default values 2013-07-03 00:38:50 +01:00
sinn3r a74f706bdb These modules should check PID before using it 2013-07-02 14:48:04 -05:00
Ricardo Almeida dd876008f9 Update instantcms_exec.rb 2013-07-02 17:26:14 +01:00
jvazquez-r7 76a9abfd4e Fix last print_ message format 2013-07-02 11:17:16 -05:00
jvazquez-r7 e9441f540e Land #2048, @todb-r7 fix for print_* messages on the ipmi work 2013-07-02 11:16:11 -05:00
jvazquez-r7 2ceb404f7d Land #2047, @hmoore-r7 ipmi related work 2013-07-02 11:13:25 -05:00
Tod Beardsley 2fbea86884 IPMI scanners should mention IPMI in their messages 2013-07-02 10:44:42 -05:00
Tod Beardsley d668a20820 Use rport instead of datastore['RPORT'] 2013-07-02 10:29:25 -05:00
Tod Beardsley 1d87530e67 Add some verbosity on IPMI version scanning 2013-07-02 10:25:40 -05:00
jvazquez-r7 1110aefe49 Land #2038, @modpr0be exploit for ABBS Audio Media Player 2013-07-01 23:20:50 -05:00
modpr0be 2e5398470b remove additional junk, tested and not needed 2013-07-02 09:23:42 +07:00
sinn3r 6815eef8f4 Fix multiple issues with memory_grep
This fixes the following:
[FixRM:#8118] - Allows the module to be able to enumerate from
multiple processes with the same name.

[FixRM:#8120] - Allows the module to be able to actually read data
from the heap.
2013-07-01 18:57:00 -05:00
James Lee 1865e6c19d Fix requrires for enable_support_account 2013-07-01 16:22:39 -05:00
Ricardo Almeida dafa333e57 Update instantcms_exec.rb 2013-07-01 22:03:37 +01:00
William Vu be1a0d3cae Land #2041, title and description cleanup 2013-07-01 15:55:13 -05:00
Tod Beardsley bc24f99f8d Various description and title updates 2013-07-01 15:37:37 -05:00
jvazquez-r7 1c6657ee86 Land #2034, @wchen-r7's patch for memory_grep 2013-07-01 13:34:57 -05:00
modpr0be 9b8bfa6290 change last junk from rand_text_alpha_upper to rand_text 2013-07-01 23:49:19 +07:00
modpr0be c631778a38 make a nice way to fill the rest of buffer 2013-07-01 23:39:08 +07:00
Ricardo Almeida 760133d878 Error on line 60 2013-07-01 12:04:03 -04:00
sinn3r dbce1b36e5 Land #2036 - CVE-2013-3660
Thx Tavis, Keebie4e, and Meatballs
2013-07-01 10:55:51 -05:00
Ricardo Almeida 4cd08966ff added InstantCMS 1.6 PHP Code Injection 2013-07-01 11:44:47 -04:00
modpr0be 478beee38b remove unnecessary option and make msftidy happy 2013-07-01 18:51:47 +07:00
modpr0be f16d097c00 clean version, tested on winxp sp3 and win7 sp1 2013-07-01 18:35:50 +07:00
sinn3r 43c4f07e06 Use "unless"
Guidelines favor "unless".
2013-06-30 18:32:15 -05:00
HD Moore 62b62f4e9d Fix bad hash detection 2013-06-30 15:57:47 -05:00
HD Moore cca071ff55 Rework to reduce open fds, remove bugs, handle null user 2013-06-30 15:32:33 -05:00
modpr0be e0ae71e874 minor fixing in the exploit module description 2013-07-01 03:27:06 +07:00
modpr0be 007fddb6bf remove SEH function, not needed 2013-07-01 03:13:20 +07:00
modpr0be 1e4b69ab03 Added abbs amp exploit module 2013-07-01 03:08:22 +07:00
HD Moore 6b3178a67b Fix EOL spaces 2013-06-30 14:38:30 -05:00
HD Moore ad4f15daed Switch to UDPScanner mixin, trim this down, add reporting 2013-06-30 14:36:51 -05:00
jvazquez-r7 867eed7957 Make msftidy happy 2013-06-30 10:01:40 -05:00
jvazquez-r7 db00599d44 Move carberp_backdoor_exec to unix webapp exploits foler 2013-06-30 10:00:14 -05:00
jvazquez-r7 79fb381412 Landing #2035, @bwall exploit for carberp control panel 2013-06-30 09:58:47 -05:00
HD Moore 8e4dd29a4c Add cipher zero scanner 2013-06-30 02:35:37 -05:00
jvazquez-r7 520a78e2c8 Add final cleanup for enable_support_account 2013-06-29 23:30:29 -05:00
jvazquez-r7 df88ace6d1 Land #1989, @salcho's post module for enable windows support account 2013-06-29 23:29:16 -05:00
HD Moore 1e21f0e2aa Updated output formats, top 1000 passwords 2013-06-29 22:01:25 -05:00
salcho 8717a3b7d8 using post mixins, fixed checks, module renamed 2013-06-29 15:44:36 -05:00
salcho 00bf9070aa using post mixins, fixed checks, module renamed 2013-06-29 15:41:36 -05:00
Brian Wallace d990c7f21f Dat line 2013-06-29 09:46:36 -07:00
Brian Wallace ec7c9b039a Further refactoring requested 2013-06-29 09:45:22 -07:00
jvazquez-r7 a2b8daf149 Modify fail message when exploitation doen't success 2013-06-29 10:45:13 -05:00
jvazquez-r7 a5c3f4ca9b Modify ruby code according to comments 2013-06-29 08:54:00 -05:00
Brian Wallace 8542342ff6 Merge branch 'carberp_backdoor_exec' of git@github.com:bwall/metasploit-framework.git into carberp_backdoor_exec 2013-06-28 22:45:03 -07:00
Brian Wallace b8cada9ab0 Applied some refactoring to decrease line count 2013-06-28 22:44:23 -07:00
jvazquez-r7 427e26c4dc Fix current_pid 2013-06-28 21:36:49 -05:00
jvazquez-r7 32ae7ec2fa Fix error description and bad variable usage 2013-06-28 21:30:33 -05:00
jvazquez-r7 fb67002df9 Switch from print_error to print_warning 2013-06-28 21:29:20 -05:00
jvazquez-r7 3ab948209b Fix module according to @wchen-r7 feedback 2013-06-28 20:44:42 -05:00
jvazquez-r7 00416f3430 Add a new print_status 2013-06-28 18:23:49 -05:00
jvazquez-r7 7725937461 Add Module for cve-2013-3660 2013-06-28 18:18:21 -05:00
(B)rian (Wall)ace 9486364cc4 Added Steven K's email 2013-06-28 15:31:17 -07:00
sinn3r 82eed1582f No need for the 2nd element 2013-06-28 17:05:43 -05:00
Brian Wallace fe0e16183c Carberp backdoor eval PoC 2013-06-28 14:47:13 -07:00
sinn3r a7ee95381b Updates module description, and uses the proper func for hex dump
As an user, it's important to know that using this module may result
a lost session because it must migrate to grep memory, but does not
migrate back.

The module also has its own hex dump routine, which is no longer
needed because we have a built-in Rex::Text.to_hex_dump
2013-06-28 16:28:00 -05:00
James Lee f158e421fa Add requires for pptp_tunnel 2013-06-28 10:07:52 -05:00
jvazquez-r7 3c1af8217b Land #2011, @matthiaskaiser's exploit for cve-2013-2460 2013-06-26 14:35:22 -05:00
William Vu e4fb5b327f Land #2028, update references for multiple modules 2013-06-26 10:18:27 -05:00
Steve Tornio 6ea622c45e reference updates 2013-06-26 09:44:56 -05:00
jvazquez-r7 8d914a5a00 Land #2026, @egypt's patch for write_file on freebsd 2013-06-26 08:25:02 -05:00
sinn3r 88a42aeffe Land #2021 - Add SMTP open relay detection 2013-06-25 22:14:30 -05:00
sinn3r 7009748cf5 Fix module 2013-06-25 22:09:45 -05:00
James Lee 3e929fb812 Use fixed `write_file` instead of re-implementing 2013-06-25 17:25:14 -05:00
Bruno Morisson 2da278f151 fixed indent 2013-06-25 23:08:58 +01:00
sinn3r 7ba54e2ece IIS requires a hello first 2013-06-25 15:43:58 -05:00
jvazquez-r7 5c265c99d2 Clean jboss_seam_exec @cmaruti's collab 2013-06-25 14:09:30 -05:00
jvazquez-r7 45a3e004c6 Land #1993, @cmaruti changes for jboss_seam_exec 2013-06-25 14:07:10 -05:00
Steve Tornio 5b71013dde reference updates 2013-06-25 13:41:22 -05:00
jvazquez-r7 4fa789791d Explain Ranking 2013-06-25 13:10:15 -05:00
jvazquez-r7 127300c62d Fix also ruby module 2013-06-25 12:59:42 -05:00
jvazquez-r7 b32513b1b8 Fix CVE-2013-2171 with @jlee-r7 feedback 2013-06-25 10:40:55 -05:00
zyx2k c829a7ec86 SMTP Open Relay scanner 2013-06-25 16:22:51 +01:00
jvazquez-r7 c9a7372f9f Land #2014, @wchen-r7's exploit for CVE-2013-2171 2013-06-25 09:33:56 -05:00
William Vu d6374ddfff Land #2020, CVE and OSVDB update 2013-06-25 08:17:54 -05:00
William Vu 55ea0cb3bd Land #2019, correct module naming style 2013-06-25 08:17:33 -05:00
sinn3r 4df943d1a2 CVE and OSVDB update 2013-06-25 02:06:20 -05:00
sinn3r ecfe083b0e Correct module naming style
I was just looking at these modules on the web gui, and these names
need to be fixed to maintain style consistency.
2013-06-25 00:26:53 -05:00
jvazquez-r7 795dd6a02a Add module for OSVDB 93718 2013-06-24 23:51:28 -05:00
sinn3r 72847ee4c9 Land #2007 - Add local privilege escalation for ZPanel zsudo 2013-06-24 19:25:27 -05:00
sinn3r d974e395e4 Add a check by checking uname 2013-06-24 15:54:41 -05:00
sinn3r 6b8e0605c0 Use FileDropper 2013-06-24 15:48:54 -05:00
HD Moore be20a76be1 Remove 'Hash' string from the written output 2013-06-24 15:45:09 -05:00
HD Moore 24b7d19ecc Fix target regex and wfsdelay 2013-06-24 14:56:43 -05:00
HD Moore 1801a5a270 Better HP iLO compatibility (retry on session ID error) 2013-06-24 14:23:53 -05:00
jvazquez-r7 b86b4d955a Make random strings also length random 2013-06-24 12:01:30 -05:00
sinn3r 6780566a54 Add CVE-2013-2171: FreeBSD 9 Address Space Manipulation Module 2013-06-24 11:50:21 -05:00
jvazquez-r7 f7650a4b18 Fix wrong local variable 2013-06-24 11:35:26 -05:00
sinn3r b3d90c68a4 Land #2008 - More OSVDB refs 2013-06-24 01:53:29 -05:00
Matthias Kaiser 8a96b7f9f2 added Java7u21 RCE module
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
RageLtMan 593a99d76e ipmi version scanner: fix probe method name 2013-06-24 01:38:17 -04:00
Steve Tornio a920127f8c reference updates for several modules 2013-06-23 20:43:34 -05:00
sinn3r 5b0092ff39 Land #2006 - Ref updates 2013-06-23 18:26:48 -05:00
Bruno Morisson 7ab8485acc output as table, added info on ports, added comment with default ports. msftidy cleanup. 2013-06-23 23:59:31 +01:00
Bruno Morisson 3cfcdfca9e output as table, added info on ports, added comment with default ports 2013-06-23 23:52:48 +01:00
Bruno Morisson 9f5eceec10 minor cleanups 2013-06-23 17:55:38 +01:00
jvazquez-r7 6672679530 Add local privilege escalation for ZPanel zsudo abuse 2013-06-23 11:00:39 -05:00
HD Moore c869112407 Cleanup, reporting, and automatic cracking 2013-06-23 01:35:31 -05:00
HD Moore 5656e0cb7a Initial commit of IPMI library, scanner, & cracker 2013-06-22 23:38:28 -05:00