Commit Graph

5217 Commits (42f774a0647332fa4c70e3af48d381c55ce644b5)

Author SHA1 Message Date
Nathan Einwechter a35d548979 Use HttpClient 2013-08-12 10:01:01 -04:00
bcoles d63d7bc7da Add Open-FTPD 1.2 Writable Directory Traversal Execution 2013-08-12 08:49:49 +09:30
Nathan Einwechter 896320ed42 fix typo 2013-08-11 16:48:43 -04:00
Nathan Einwechter 4b14fa53e0 tidy debugs 2013-08-11 16:39:41 -04:00
Nathan Einwechter 90ef224c46 Implement CVE-2012-5019 2013-08-11 16:33:40 -04:00
jvazquez-r7 f2e5092fd5 Add module for ZDI-13-179 2013-08-10 18:44:33 -05:00
Nathan Einwechter 185ef2ecae msftidy 2013-08-10 16:01:44 -04:00
Nathan Einwechter 6fe4e3dd0e Added Intrasrv 1.0 BOF 2013-08-10 15:56:07 -04:00
sinn3r 5436ec7dd3 Title change for dlink_dir300_exec_telnet
Title change for dlink_dir300_exec_telnet. Also correct the email
format.
2013-08-09 15:41:50 -05:00
sinn3r 5128458c90 Land #2201 - Better check for ppr_flatten_rec 2013-08-09 14:44:23 -05:00
sinn3r 021c358159 Land #2203 - Fix regex for x64 detection 2013-08-09 13:23:38 -05:00
Tod Beardsley 6c0b067d7c Land #2163, known secret session cookie for RoR
From @joernchen, leverages an infoleak to gain a shell on rails
applications. There is no patch, since you are expected to keep your
secrets, well, secret.
2013-08-09 12:30:37 -05:00
Tod Beardsley 969b380d71 More explicit title, grammar check on description 2013-08-09 12:27:45 -05:00
Tod Beardsley 13ea8aaaad VALIDATE_COOKIE better grammar on fail message 2013-08-09 12:26:12 -05:00
Tod Beardsley 94e7164b01 Allow user to choose to validate the cookie or not 2013-08-09 12:22:28 -05:00
joernchen of Phenoelit 376c37d4cc Two more fixes, Arch and unneeded include. 2013-08-09 09:23:50 +02:00
Sagi Shahar 7178633140 Fixed architecture detection in bypassuac modules 2013-08-09 03:42:02 +02:00
Tod Beardsley 155c121cbb More spacing between ends 2013-08-08 16:35:38 -05:00
Tod Beardsley f4fc0ef3fb Moved classes into the Metasploit3 space
I'm just worried about all those naked classes just hanging around in
the top namespace. This shouldn't impact functionality at all.

While most modules don't define their own classes (this is usually the
job of Msf::Exploit and Rex), I can't think of a reason why you
shouldn't (well, aside from reusability). And yet, very rarely do
modules do it. It's not unknown, though -- the drda.rb capture module
defines a bunch of Constants, and the
post/windows/gather/credentials/bulletproof_ftp.rb module defines some
more interesting things.

So, this should be okay, as long as things are defined in the context of
the Metasploit module proper.
2013-08-08 16:22:34 -05:00
Tod Beardsley 4e166f3da4 Adding more blank lines between methods
For readability
2013-08-08 16:20:38 -05:00
jvazquez-r7 567873f3cc Use normalize_uri a little better 2013-08-08 15:12:51 -05:00
jvazquez-r7 4a609504e3 Land #2199, @jlee-r7's exploit for CVE-2013-4211 2013-08-08 14:57:28 -05:00
jvazquez-r7 06ebc686c4 Land #2194, @CharlieEriksen exploit for CVE-2013-5036 2013-08-08 14:50:28 -05:00
jvazquez-r7 40a61ec654 Do minor cleanup 2013-08-08 14:47:46 -05:00
Meatballs 318280fea7 Add 7/2k8 RTM versions 2013-08-08 20:02:14 +01:00
Meatballs d64352652f Adds unsupported Vista versions 2013-08-08 19:58:40 +01:00
Meatballs 08c32c250f File versions 2013-08-08 19:42:14 +01:00
sinn3r a03d71d60e Land #2181 - More targets for hp_sys_mgmt_exec
Thanks mwulftange!
2013-08-08 13:35:33 -05:00
sinn3r a73f87eaa5 No autodetect. Allow the user to manually select. 2013-08-08 13:34:25 -05:00
Charlie Eriksen 28b36ea29b Removing a space at EOL I missed. 2013-08-08 14:30:53 -04:00
Charlie Eriksen 1c6e994fe8 Adding improvements based on Juan's feedback 2013-08-08 14:29:35 -04:00
James Lee 080ca0b1b1 Use fail_with when failing instead of print_error 2013-08-08 13:12:39 -05:00
jvazquez-r7 5d0e868701 Land #2192 after cleanup 2013-08-08 08:44:17 -05:00
jvazquez-r7 74eeacf9f2 Fix regex 2013-08-08 08:40:45 -05:00
James Lee ca7c0defe1 No need to rescue if we're just re-raising 2013-08-07 17:36:07 -05:00
James Lee c808930f15 Add module for CVE-2013-4211, openx backdoor 2013-08-07 17:24:47 -05:00
root 3a24765585 Adding CVE ID 2013-08-07 18:11:43 -04:00
jvazquez-r7 0f975da5f4 Update target info and something else... 2013-08-07 16:00:06 -05:00
jvazquez-r7 d1beb313f6 Add module for 2013-1690 2013-08-07 15:36:54 -05:00
jvazquez-r7 821673c4d2 Try to fix a little description 2013-08-07 10:26:39 -05:00
jvazquez-r7 33ac0c5c3f Make exploit more print friendly 2013-08-07 10:21:14 -05:00
jvazquez-r7 32436973e4 Land #2192, @m-1-k-3's exploit for OSVDB-89861 2013-08-07 10:16:49 -05:00
jvazquez-r7 ae685ac41d Beautify description 2013-08-07 09:52:29 -05:00
jvazquez-r7 afb8a95f0a Land #2179, @m-1-k-3's exploit for OSVDB-92698 2013-08-07 09:00:41 -05:00
root 7412981138 Adding an OSVDB reference 2013-08-07 07:15:00 -04:00
root 36bab2fdfa Adding a space between init and check 2013-08-06 16:14:21 -04:00
root be683d5dc6 Fixing the TARGETURI variable, adding check 2013-08-06 16:13:44 -04:00
root a745ec8fa6 Adding reference 2013-08-06 14:43:25 -04:00
root cfd5f29220 Fixing the use of APIKEY, which is not needed 2013-08-06 14:10:48 -04:00
root 69a86b60e2 Added initial squash RCE exploit 2013-08-06 14:00:17 -04:00
HD Moore c73e417531 Merge pull request #2171 from frederic/master
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-08-05 18:31:41 -07:00
m-1-k-3 dd35495fb8 dir 300 and 600 auxiliary module replacement 2013-08-05 22:28:59 +02:00
m-1-k-3 786f16fc91 feedback included 2013-08-05 21:55:30 +02:00
jvazquez-r7 9790181dd2 Land #2176, @wchen-r7's fix for [TestRM #8272] 2013-08-05 13:10:25 -05:00
Tod Beardsley 40f015f596 Avoid require race with powershell 2013-08-05 09:56:32 -05:00
Tod Beardsley a885ff9bcc Use consistent caps for 'PowerShell' 2013-08-05 09:33:49 -05:00
Tod Beardsley 5ea67586c8 Rewrite description for MS13-005
The first part of the description was copy-pasted from

http://packetstormsecurity.com/files/122588/ms13_005_hwnd_broadcast.rb.txt

which contained some grammatical errors. Please try to avoid cribbing
other researchers' descriptions directly for Metasploit modules.
2013-08-05 09:29:29 -05:00
Tod Beardsley e7206af5b5 OSVDB and comment doc fixes 2013-08-05 09:08:17 -05:00
Markus Wulftange 9955899d9a Minor formal fixes 2013-08-04 08:03:02 +02:00
Markus Wulftange 8cc07cc571 Merge Linux and Windows exploit in multi platform exploit 2013-08-02 18:49:03 +02:00
m-1-k-3 a19afd163a feedback included 2013-08-02 17:30:39 +02:00
Markus Wulftange 4a127c2ed2 Add hp_sys_mgmt_exec module for Linux and enhance module for Windows
The hp_sys_mgmt_exec module for Linux is a port of the Windows module with minor changes due to the requirement of quotes. It also uses Perl instead of PHP as PHP may not always be in the environment PATH. Although the Windows module works perfectly, it now uses the same technique to encode the command (thankfully, PHP adopted major syntax characteristics and functions from Perl).
2013-07-31 22:05:25 +02:00
m-1-k-3 15906b76db dir300 and 615 command injection 2013-07-31 14:36:51 +02:00
m-1-k-3 6b514bb44a dir300 and 615 command injection telnet session 2013-07-31 14:34:03 +02:00
sinn3r 8c47f1df2d We don't need this option anymore 2013-07-31 03:30:34 -05:00
sinn3r af0046658b Change the way file is stored 2013-07-31 03:28:24 -05:00
Frederic Basse 5e1def26aa remove Axis M1011 fingerprint, may not be specific enough to be used automatically. 2013-07-30 09:54:33 +02:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
Frederic Basse 63940d438e add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011 2013-07-30 01:56:10 +02:00
jvazquez-r7 05be76ecb7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-29 16:41:22 -05:00
sinn3r ab75d00f8a Land #2169 - Description update 2013-07-29 14:24:57 -05:00
sinn3r 5efcbbd474 Land #2167 - PineApp Mail-SeCure livelog.html Exec 2013-07-29 13:18:18 -05:00
sinn3r 7967426db1 Land #2166 - PineApp Mail-SeCure ldapsyncnow.php EXEC 2013-07-29 13:16:42 -05:00
Meatballs 7801eadbc2 psh description 2013-07-29 19:14:12 +01:00
sinn3r baa0b983c8 Land #2165 - PineApp Mail-SeCure test_li_connection.php CMD EXEC 2013-07-29 13:13:55 -05:00
jvazquez-r7 455569aee8 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-29 12:10:12 -05:00
jvazquez-r7 3a05993f16 Make msftidy happy and warn user about long times 2013-07-29 11:45:30 -05:00
Tod Beardsley 37312f2aa9 Module, singular 2013-07-29 10:58:36 -05:00
Tod Beardsley 11e9cca855 Spelling and description touch ups. 2013-07-29 10:57:19 -05:00
joernchen of Phenoelit ac28dbe734 Minor typo fix 2013-07-28 19:44:44 +02:00
jvazquez-r7 a1d9ed300e Add module for ZDI-13-184 2013-07-28 09:57:41 -05:00
joernchen of Phenoelit 8cdd163150 Module polishing, thanks @todb-r7.
Two test-apps (Rails 3/4) are available for this module. Ping me if you want to use them.
2013-07-28 13:52:27 +02:00
jvazquez-r7 f4e35b62ac Add module for ZDI-13-185 2013-07-27 12:12:06 -05:00
jvazquez-r7 fab9d33092 Fix disclosure date 2013-07-27 12:10:21 -05:00
jvazquez-r7 ac7bb1b07f Add module for ZDI-13-188 2013-07-27 03:25:39 -05:00
Meatballs 234e49d982 Add type technique 2013-07-26 23:33:16 +01:00
jvazquez-r7 805a9675a7 Modify the check for Integrity Level and Allow dropt o fs 2013-07-26 14:54:50 -05:00
joernchen of Phenoelit 7f3eccd644 Rails 3/4 RCE w/ token 2013-07-26 20:23:18 +02:00
Meatballs 12a58c730a Small fix 2013-07-26 10:15:47 +01:00
Meatballs 6a13ed0371 Missing include 2013-07-26 03:18:17 +01:00
Meatballs 72b8891ba3 Check for low integrity 2013-07-26 03:16:45 +01:00
Meatballs 030640d5bc back to cmd 2013-07-26 03:00:36 +01:00
Meatballs d3f3e5d63e Working with psh download 2013-07-26 02:29:55 +01:00
Meatballs b99ad41a64 Add api constants and tidy 2013-07-26 01:48:39 +01:00
Meatballs 0235e6803d Initial working 2013-07-25 23:24:11 +01:00
jvazquez-r7 5014919198 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-25 09:02:20 -05:00
Sean Verity dff35c0820 Minor update to Target Selection. Refer to comments on #2128. 2013-07-24 19:02:47 -04:00
Sean Verity d478df520f Merge remote-tracking branch 'rapid7/master'
Starting fresh.
2013-07-24 18:31:53 -04:00
William Vu 93a63081a5 Land #2151, @jvazquez-r7's Struts pwnage 2013-07-24 16:49:06 -05:00
jvazquez-r7 7641aa3e63 Delete stop_service calls 2013-07-24 16:35:15 -05:00