f108d7b20a
fixed code comment
2014-11-04 08:51:27 -06:00
fbe3adcb4c
added mssql_escalate_executeas module
2014-11-03 11:29:15 -06:00
b990b14a65
Land #3771 , @us3r777's deletion of jboss_bshdeployer STAGERNAME option
2014-10-27 18:09:35 -05:00
4dfbce425a
use vprintf...
2014-10-26 09:20:32 -05:00
c31fb0633d
Merge branch 'wp-psexeccmd' of github.com:webstersprodigy/metasploit-framework into webstersprodigy-wp-psexeccmd
2014-10-26 09:05:25 -05:00
00f137cdcf
Land #4040 , @nullbind's MS SQL privilege escalation through SQLi
2014-10-20 16:23:50 -05:00
acc590b59c
Modify metadata
2014-10-20 16:22:10 -05:00
1381c7fb37
Modify title
2014-10-20 16:17:47 -05:00
323680c31a
Clean code
2014-10-20 16:17:06 -05:00
935a23296d
Updates to NAT-PMP, lands #4041
2014-10-20 11:26:26 -05:00
036d43ba37
fixed logic bug
2014-10-19 20:56:29 -05:00
1e2f1eaee0
cleaning up
2014-10-18 12:00:11 -05:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
bf92769ba2
added mssql_escalate_dbowner_sqli
2014-10-17 10:25:20 -05:00
8fdae8fbfb
Move protocol and lifetime to mixin, use correct map_target if CHOST
2014-10-16 13:24:17 -07:00
07f2d4dafe
Further improvements to NAT-PMP. Faster, more useful, less not useful
2014-10-15 06:39:38 -07:00
ea6824c46f
WIP of NAT-PMP rework
2014-10-14 14:20:24 -07:00
3305b1e9c3
Land #3984 , @nullbind's MSSQL privilege escalation module
2014-10-09 11:39:15 -05:00
10b160bedd
Do final cleanup
2014-10-09 11:38:45 -05:00
bbe435f5c9
Don't rescue everything
2014-10-09 11:25:13 -05:00
0cd7454a64
Use default value for doprint
2014-10-09 11:04:42 -05:00
db6f6d4559
Reduce code complexity
2014-10-09 10:59:14 -05:00
615b8e5f4a
Make easy method comments
2014-10-09 10:48:00 -05:00
dd03e5fd7d
Make just one connection
2014-10-09 10:46:51 -05:00
168f1e559c
fixed status
2014-10-08 21:19:50 -05:00
3ebcaa16a1
removed scanner
2014-10-08 21:18:56 -05:00
031fb19153
requested updates
2014-10-06 23:52:30 -05:00
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
4fbab43f27
Release fixes, all titles and descs
2014-10-01 14:26:09 -05:00
b266233e95
fix bug
2014-09-30 00:21:52 +02:00
c51c19ca88
bugfix
2014-09-27 14:56:34 +02:00
9a424a81bc
fixed bug
2014-09-27 13:46:55 +02:00
1c30c35717
Added WordPress custom_contact_forms module
2014-09-27 13:42:49 +02:00
ebf4e5452e
Added mssql_escalate_dbowner module
2014-09-26 10:29:35 -05:00
81406defed
hopefully what you are looking for this time
2014-09-23 11:36:13 -05:00
2a714a7c4d
Fix a typo
...
Downloading and deleting are two very different things. Thanks Dan.
2014-09-21 18:35:26 -05:00
2ae23bbe99
Remove STAGERNAME option
...
This option wasn't really required, the stager can be removed as
soon as the WAR is deployed. This commit does the modifications needed
to remove the stager right after the WAR deployment.
2014-09-09 21:44:08 +02:00
4abee39ab2
Fixup for release
...
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
2014-09-08 14:00:34 -05:00
c86d01a667
Fix win.ini signature
2014-09-07 01:46:38 -05:00
44b9dc9b28
Update tmlisten_traversal
2014-09-06 01:18:11 -05:00
cb490fc00e
[SeeRM #8836 ] Change boot.ini to win.ini
2014-09-04 17:03:21 -05:00
185ce36859
Land #3701 , @wchen-ru's AppleTV modules
2014-09-03 12:30:50 -05:00
10dee28fbd
Add http socket to the module sockets and allow the framework to cleanup
2014-09-03 12:01:48 -05:00
5acbcc80e2
no threading
2014-09-03 11:37:30 -05:00
fbae68870c
cleanup one stray comment
2014-08-29 10:57:51 -05:00
4c93cbc62c
changes based on feedback, added timeout error message
2014-08-29 10:57:20 -05:00
f7091d854e
Add a timeout
2014-08-28 22:26:38 -05:00
67efa76fc4
changes based on feedback
2014-08-27 09:08:18 -05:00
5c57f9b4eb
Don't overload RPORT/LPORT for mapping external -> internal ports
2014-08-26 10:49:53 -07:00
162508f532
Update NAT-PMP modules to use new/updated mixins
2014-08-26 10:49:53 -07:00
816404bb88
Move common NAT-PMP functionality into a central place
2014-08-26 10:49:53 -07:00
463815d240
Add AppleTV modules (imge, video and login)
2014-08-25 15:24:41 -05:00
e23acf8d82
fix for oracle_login not checking connection status and stopping on timeout
2014-08-25 14:57:45 -05:00
6d9833e32b
Minor pre-release updates with descriptions
2014-08-25 13:34:45 -05:00
03a1f4455d
No need to escape single quotes in %q{} strigns
2014-08-25 13:03:33 -05:00
0737d0dbd5
Refactor auxiliary module
2014-08-22 17:05:45 -05:00
9ef09a7725
Pass msftidy
2014-08-22 13:24:59 -05:00
38e6576990
Update
2014-08-22 13:22:57 -05:00
08bb815bd8
Add Yokogawa unauth admin module
2014-08-09 13:30:10 -05:00
ed97751ead
Land #2999 , @j0hnf's modifiction to check_dir_file to handle file:
2014-08-04 11:55:18 -05:00
cd45ed0e0a
Handle exceptions when connecting the SMBHSARE
2014-08-04 11:54:30 -05:00
85b5c5a691
Refactor check_path
2014-08-04 11:48:13 -05:00
1e29bef51b
Fix msftidy warnings
2014-08-04 11:46:27 -05:00
04bf0b4ab6
Fix forgotten comma
2014-08-04 11:34:12 -05:00
cd2e225359
Refactored auxilliary jboss_bshdeployer
...
Switch modules/auxiliary/admin/http/jboss_bshdeployer.rb to use the
changes.
2014-08-02 11:10:49 +02:00
9e9244830a
Added spec for lib/msf/http/jboss
...
Also renamed get_undeploy_bsh and get_undeploy_stager to
gen_undeploy_bsh and gen_undeploy_stager to be consistent
with the other functions
2014-07-29 01:57:04 +02:00
cd2ec0a863
Refactored jboss mixin and modules
...
Moved fail_with() from mixin to modules. Added PACKAGE datastore to
lib/msf/http/jboss/bsh.rb.
2014-07-24 22:58:58 +02:00
b526fc50f8
Refactored jboss mixin and modules
...
Moved VERB option to the mixin. Replaced "if datastore['VERBOSE']"
by vprint_status().
2014-07-22 23:08:42 +02:00
ae2cd63391
Refactored Jboss mixin
...
Moved TARGETURI option to the JBoss mixin. The mixin now includes
Msf::Exploit::Remote::HttpClient which provides USERNAME and PASSWORD
2014-07-21 23:41:58 +02:00
088f208c7c
Added auxiliary module jboss_bshdeployer
...
The module allows to deploy a WAR (a webshell for instance) using the
BSHDeployer.
Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to
use the new Mixin (lib/msf/http/jboss).
2014-07-18 11:51:46 +02:00
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
b6ded9813a
Remove EOL whitespace
2014-07-16 14:56:34 -05:00
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
90eccefcc8
Fix sock.get use and some minor bugs
2014-06-28 16:17:15 -05:00
5e900a9f49
Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse
2014-06-28 16:06:46 -05:00
3868348045
Fix incorrect use of sock.get that leads to indefinite hang
2014-06-28 15:48:58 -05:00
0219c4974a
Release fixups, word choice, refs, etc.
2014-06-23 11:17:00 -05:00
61f4c769eb
Land #3461 , Chromecast factory reset module
2014-06-21 17:43:31 -04:00
79bf80e6bf
Add generic error handling
...
Just in case a factory reset happens to fail.
2014-06-21 15:35:03 -05:00
075eec39e1
Add Chromecast factory reset module
2014-06-18 10:04:17 -05:00
1a82a20c09
re-added incorrectly removed SMBSHARE option
2014-06-16 20:10:11 +01:00
cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key)
2014-06-12 13:41:44 -05:00
1aa029dbed
Avoid double quotes in the initialize/elewhere
...
There is no need to have double quotes there for uninterpolated strings,
and every other module uses single quotes.
2014-06-12 13:20:59 -05:00
6ca5cf6c26
Add Chromecast YouTube remote control
2014-06-11 00:08:08 -05:00
8a9c005f13
Add URL
2014-05-20 17:43:07 -05:00
0ef2e07012
Minor desc and status updates, cosmetic
2014-05-19 08:59:54 -05:00
2012d41b3d
Add origin of the user, and mark web users
2014-05-16 13:51:42 -05:00
4143474da9
Add support for web databases
2014-05-16 11:47:01 -05:00
883d2f14b5
delete debug print_status
2014-05-16 11:13:03 -05:00
ea38a2c6e5
Handle ISO-8859-1 special chars
2014-05-16 11:11:58 -05:00
c9465a8922
Rescue when the recovered info is in a format we can't understand
2014-05-16 08:57:59 -05:00
7ec85c9d3a
Delete blank lines
2014-05-16 01:03:04 -05:00
9091ce443a
Add suport to decode passwords
2014-05-16 00:59:27 -05:00
5b3bb8fb3b
Fix @FireFart's review
2014-05-14 09:00:52 -05:00
a7075c7e08
Add module for ZDI-14-077
2014-05-13 14:17:59 -05:00
3f3283ba06
Resolved some msftidy warnings (Set-Cookie)
2014-05-12 21:23:30 +02:00
b80d366bb7
Add filter to output WPA-PSK password on Netgear DG834GT
2014-04-26 15:52:31 +02:00
9035d1523d
Update wol.rb to specify rhost/rport directly
...
- [ ] Fire up tcpdump on the listening interface
- [ ] Run the module and see the pcap:
listening on vmnet8, link-type EN10MB (Ethernet), capture size 65535
bytes
20:56:02.592331 IP 192.168.145.1.41547 > 255.255.255.255.9: UDP, length
102
2014-04-14 20:57:20 -05:00
d83f665466
Delete commas
2014-03-25 13:34:02 -05:00
e27adf6366
Fix msftidy warnings
2014-03-25 10:39:40 -03:00
473f745c3c
Add katello_satellite_priv_esc.rb
...
This module exploits a missing authorization vulnerability in the
"update_roles" action of "users" controller of Katello and Red Hat
Satellite (Katello 1.5.0-14 and earlier) by changing the specified
account to an administrator account.
2014-03-24 23:44:44 -03:00
da0c37cee2
Land #2684 , Meatballs PSExec refactor
2014-03-14 13:01:20 -05:00
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
de6be50d64
Minor cleanup and finger-wagging about a for loop
2014-03-03 14:12:22 -06:00
bfdefdb338
Land #3023 , @m-1-k-3's module for Linksys WRT120N bof reset password
2014-02-26 09:36:14 -06:00
6ba26bf743
Use normalize_uri
2014-02-26 09:35:42 -06:00
582372ec3e
Do minor cleanup
2014-02-26 09:32:11 -06:00
b79197b8ab
feedback included, cleanup, login check
2014-02-26 13:44:36 +01:00
d2945b55c1
Fix typo
...
inside_workspace_boundary() -> inside_workspace_boundary?()
2014-02-24 14:46:08 -06:00
ec8e1e3d6f
small fixes
2014-02-21 21:59:45 +01:00
1384150b7a
make msftidy happy
2014-02-21 21:56:46 +01:00
c77fc034da
linksys wrt120 admin reset exploit
2014-02-21 21:53:56 +01:00
c62fa83a70
msf recommended changes + tweaked exception handling
2014-02-19 22:20:24 +00:00
4b247e2b9f
altered check_dir_file.rb so that it can check for the presence of a list of files/directories supplied using file:/ format rather than being limited to just the one file, handy for checking for indicators of compromise
2014-02-16 03:22:11 +00:00
89e1bcc0ca
Deprecate modules with date 2013-something
...
These modules had an expiration date of 2013.
2014-02-04 14:49:18 -06:00
7faa41dac0
Change Unknown to Safe because it's just a banner check
2014-01-23 15:36:19 -06:00
81a3b2934e
Fix prints
2014-01-23 15:33:24 -06:00
5025736d87
Fix check for modicon_password_recovery
2014-01-19 17:20:20 -06:00
0b1671f1b8
Undo debugging comment
2014-01-14 17:02:30 -06:00
6372ae6121
Save some parsing
2014-01-14 17:00:00 -06:00
2d40f936e3
Added some additional creds that were useful
2014-01-13 23:15:51 -05:00
42fb8c48d1
Fixed the credential parsing and made output consistent
...
So in the previous refactor, we made the dedicated method to parse
usernames and passwords from the split up config values. However, that
didn't work, because on a single iteration of the loop, you only have
access to a possible username OR password. The other matching key will
be another iteration of the loop. Because of this, no credential pairs
were being reported.
The only way I can see around this (maybe because I'm a ruby newb) would
be to iterate over configs, and if the user or password regex matches,
add the matching value to a hash, which is identified by a key for both
user & pass. Then upon completion of the loop, it'd iterate over the
hash, finding keys that had both user & pass values.
2014-01-13 22:57:25 -05:00
207e9c413d
Add the test info for sercomm_dump_config
2014-01-13 14:27:03 -06:00
671027a126
Pre-release title/desc fixes
2014-01-13 13:57:34 -06:00
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
410302d6d1
Fix indentation
2014-01-09 15:14:52 -06:00
b1073b3dbb
Code Review Feedback
...
Removed the parameters from get() since it works without them
2014-01-09 15:54:23 -05:00
2a0f2acea4
Made fixes from the PR from jvazquez-r7
...
The get_once would *only* return "MMcS", and stop. I
modified it to be a get(3, 3). Additionally, the command
length was set to 0x01 when it needed to be 0x00.
2014-01-09 15:33:04 -05:00
be6958c965
Clean sercomm_dump_config
2014-01-09 13:42:11 -06:00
01c5585d44
Moved auxiliary module to a more appropriate folder
2014-01-09 10:17:26 -05:00
d9e737c3ab
Code Review Feedback
...
Refactored the configuration settings so that creds could be reported to
the database more easily, while still being able to print general
configuration settings separately.
2014-01-09 10:14:34 -05:00
81adff2bff
Code Review Feedback
...
Changed datastore['rhost'] to rhost
Made the array storing configuration values into a class const
Moved superfluous array look-over to not be executed unless in verbose
mode
2014-01-09 09:19:13 -05:00
1479ef3903
Update typo3_winstaller_default_enc_keys.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:08:10 +01:00
c5a3a0b5b7
Cleanup
2014-01-02 20:44:18 -05:00
6effdd42fa
Added module to enumerate certain Sercomm devices through backdoor
...
See more: https://github.com/elvanderb/TCP-32764
2014-01-02 20:42:42 -05:00
7f9f4ba4db
Make gsubs compliant with the new indentation standard
2013-12-31 11:06:53 -06:00
0eac17083a
Clean cfme_manageiq_evm_pass_reset
2013-12-18 16:16:32 -06:00
b9a9b90088
Update module to use added bcrypt gem
2013-12-18 16:15:35 -02:00
e20569181b
Remove EzCrypto-related code as per review
2013-12-18 16:15:22 -02:00
ef081cec49
Add missing disclosure date as per review
2013-12-18 15:47:23 -02:00
37826688ce
Add cfme_manageiq_evm_pass_reset.rb
...
This module exploits a SQL injection vulnerability in the "explorer"
action of "miq_policy" controller of the Red Hat CloudForms Management
Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier)
by changing the password of the target account to the specified
password.
2013-12-09 16:49:07 -02:00
230db6451b
Remove @peer for modules that use HttpClient
...
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
55847ce074
Fixup for release
...
Notably, adds a description for the module landed in #2709 .
2013-12-02 16:19:05 -06:00
20e0a7dcfb
Land #2709 - ZyXEL GS1510-16 Password Extractor
2013-12-02 13:13:01 -06:00
39fbb59ba9
re-added the reference I accidentally deleted
2013-12-02 19:06:19 +01:00
cb98d68e47
added @wchen-r7's code to store the password into the database
2013-12-02 18:35:59 +01:00
8e73023baa
and now in the correct data structure
2013-12-01 17:38:35 +01:00
ef77b7fbbf
added reference as requested at https://github.com/rapid7/metasploit-framework/pull/2709
2013-12-01 17:36:15 +01:00
aa62800184
added ZyXEL GS1510-16 Password Extractor
2013-11-29 10:42:17 +01:00
03838aaa79
Update rails_devise_pass_reset.rb
...
Fixed erroneous status if FLUSHTOKENS is false.
2013-11-27 22:27:45 -06:00
7f8baf979d
Adds the ability to configure object name in URI and XML. This allows exploiting other platforms that include devise.
...
For example, activeadmin is exploitable if running a vulnerable devise and rails version with the following settings;
msf > use auxiliary/admin/http/rails_devise_pass_reset
msf auxiliary(rails_devise_pass_reset) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf auxiliary(rails_devise_pass_reset) > set RPORT 3000
RPORT => 3000
msf auxiliary(rails_devise_pass_reset) > set TARGETEMAIL admin@example.com
TARGETEMAIL => admin@example.com
msf auxiliary(rails_devise_pass_reset) > set TARGETURI /admin/password
TARGETURI => /admin/password
msf auxiliary(rails_devise_pass_reset) > set PASSWORD msf_pwnd
PASSWORD => msf_pwnd
msf auxiliary(rails_devise_pass_reset) > set OBJECTNAME admin_user
OBJECTNAME => admin_user
msf auxiliary(rails_devise_pass_reset) > exploit
[*] Clearing existing tokens...
[*] Generating reset token for admin@example.com...
[+] Reset token generated successfully
[*] Resetting password to "msf_pwnd"...
[+] Password reset worked successfully
[*] Auxiliary module execution completed
msf auxiliary(rails_devise_pass_reset) >
2013-11-27 15:35:43 -06:00
dd9bb459bf
PSEXEC Refactor
...
Move peer into mixin
PSEXEC should use the psexec mixin
2013-11-24 16:24:05 +00:00
84572c58a8
Minor fixup for release
...
* Adds some new refs.
* Fixes a typo in a module desc.
* Fixes a weird slash continuation for string building (See #2589 )
2013-11-04 12:10:38 -06:00
c3113f796e
Incorporating a few more cleanup items from jvazquez
2013-10-31 21:32:58 -07:00
cbfef6ec7a
incoporating jvazquez feedback
2013-10-31 00:17:50 -07:00
344413b74d
Reorder refs for some reason.
2013-10-30 12:25:55 -05:00
32794f9d37
Move OpenBravo to aux module land
2013-10-30 12:20:04 -05:00
9bb9f8b27b
Update descriptions on SMB file utils.
2013-10-28 13:48:25 -05:00
0f63420e9f
Be specific about the type of hash
...
See #2583 . Since there are several types of hashes, we need to be more
specific about this -- see modules/exploits/windows/smb/psexec.rb which
uses an "smb_hash" as a password type.
Also, the fixes in #2583 do not appear to address anything else reported
on the Redmine issue, namely, operating system and architecture
identification discovered with this module (assuming good credentials).
Therefore, the Redmine issue should not be considered resolved.
[SeeRM #4398 ]
2013-10-28 13:40:07 -05:00
9276a839d4
[FixRM #4398 ] Report credentials to database
2013-10-25 16:19:47 -05:00
7ee615223d
Land #2570 - HP Intelligent Management SOM Account Creation
2013-10-24 14:14:06 -05:00
69da39ad52
Add module for ZDI-13-240
2013-10-23 16:01:01 -05:00
d1e1968cb9
Land #2566 - Download and delete a file via SMB
2013-10-23 12:28:57 -05:00
9a51dd5fc4
Do exception handling and stuff
2013-10-23 12:28:25 -05:00
0500842625
Do some exception handling
2013-10-23 12:22:49 -05:00
83a4ac17e8
Make sure fd is closed to avoid a possible resource leak
2013-10-23 12:16:18 -05:00
af02fd0355
Use store_loot, sorry mubix
2013-10-23 12:13:05 -05:00
8f3228d191
chage author but basic copied from hdms upload_file
2013-10-22 21:13:30 -04:00
b2b8824e2e
add delete and download modules for smb
2013-10-22 16:31:56 -04:00
2aed8a3aea
Update modules to use new ZDI reference
2013-10-21 15:13:46 -05:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
6430fa3354
Land #2539 - Support Windows CMD generic payload
...
This also upgrades auxiliary/admin/scada/igss_exec_17 to an exploit
2013-10-21 11:26:13 -05:00
be1d6ee0d3
Support Windows CMD generic payload
2013-10-17 14:07:27 -05:00
07ab53ab39
Merge from master to clear conflict
...
Conflicts:
modules/exploits/windows/brightstor/tape_engine_8A.rb
modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
2013-10-17 13:29:24 -05:00
2833d58387
Add OSVDB for vbulletin exploit
2013-10-16 15:01:28 -05:00
3c2dddd7aa
Update reference with a non-plagarised source
2013-10-16 14:44:18 -05:00
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
cad7329f2d
Minor updates to vbulletin admin exploit
2013-10-10 22:09:38 -05:00
4f3bbaffd1
Clean module and add reporting
2013-10-09 13:54:28 -05:00
5c36533742
Add module for the vbulletin exploit in the wild
2013-10-09 13:12:57 -05:00
c460f943f7
Merge branch 'master' into data_dir
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
plugins/sounds.rb
scripts/meterpreter/powerdump.rb
scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
09fa7b7692
remove rport methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:50:34 +02:00
d006ee52b1
Land #2344 - Sophos Web Protection Appliance patience.cgi Directory Traversal
2013-09-12 14:13:32 -05:00
02a073a8fe
Change module filename
2013-09-09 23:30:37 -05:00
64348dc020
Update information
2013-09-09 23:29:48 -05:00
2252aee398
Fix ltype on store_loot
2013-09-09 14:02:28 -05:00
ce769b0c78
Add module for CVE-2013-2641
2013-09-09 13:56:45 -05:00
3d48ba5cda
Escape dot on regex
2013-09-08 20:26:20 -05:00
be9b0da595
Update print message
2013-09-06 16:09:38 -05:00
830bc2ae64
Update OSVDB reference
2013-09-06 13:01:39 -05:00
4e3d4994c3
Update description
2013-09-06 12:58:54 -05:00
45821a505b
Add module for CVE-2013-0653
2013-09-06 12:42:34 -05:00
6b330ad39f
Retab changes for PR #2134
2013-09-05 14:24:37 -05:00
52ce6afd99
Merge for retab
2013-09-05 14:24:31 -05:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
b9360b9de6
Land #2286 , @wchen-r7's patch for undefined method errors
2013-08-26 20:46:05 -05:00
7fad26968c
More fix to jboss_seam_exec
2013-08-26 17:16:15 -05:00
5b4890f5b9
Fix caps on typo3_winstaller module
2013-08-26 14:47:42 -05:00
37eaa62096
Fix undefined method error
...
[FixRM #8346 ]
2013-08-21 00:42:33 -05:00
9ca7a727e1
Fix undefined method error
...
[FixRM #8347 ]
2013-08-21 00:41:49 -05:00
5993cbe3a8
Fix undefined method error
...
[FixRM #8348 ]
2013-08-21 00:40:38 -05:00
9f98d4afe6
Fix undefined method error
...
[FixRM #8349 ]
2013-08-21 00:38:35 -05:00
ea78e8309d
Fix undefined method error
...
[FixRM #8350 ]
2013-08-21 00:35:36 -05:00
586ae8ded3
Land #2249 , @wchen-r7's patch for [SeeRM #8314 ]
2013-08-20 10:32:47 -05:00
4790d8de50
Land #2256 , @wchen-r7's patch for [FixRM #8316 ]
2013-08-19 23:23:57 -05:00
5366453031
[FixRM #8316 ] - Escape characters correctly
...
dots need to be escaped
2013-08-19 16:51:19 -05:00
7fc37231e0
Fix email format
...
Correct email format
2013-08-19 16:34:14 -05:00
17b5e57280
Typo
2013-08-19 15:32:19 -05:00
fb5ded1472
[FixRM #8314 ] - Use OptPath instead of OptString
...
These modules need to use OptPath to make sure the path is validated.
2013-08-19 15:30:33 -05:00
f42797fc5c
Fix indentation
2013-08-16 14:19:37 -05:00
f7339f4f77
Cleanup various style issues
...
* Unset default username and password
* Register SSL as a DefaultOption instead of redefining it
* Use the HttpClient mixin `ssl` instead of datastore.
* Unless is better than if !
* Try to store loot even if you can't cleanup the site ID.
2013-08-16 14:03:59 -05:00
dfa1310304
Commas in the author array
2013-08-16 13:54:46 -05:00
24b8fb0d7b
Whitespace retab, add rport 3780 as default
2013-08-16 13:31:05 -05:00
e436d31d23
Use SSL by defailt
2013-08-16 11:32:10 -05:00
60a229c71a
Use rhost and rport, not local host and port
2013-08-16 11:12:39 -05:00
646d55b638
Description should be present tense
2013-08-16 11:06:34 -05:00
f0237f07d6
Correct author and references
2013-08-16 11:04:51 -05:00
46d6fb3b42
Add module for xxe
2013-08-16 10:51:05 -05:00
7e539332db
Reverting disaster merge to 593363c5f with diff
...
There was a disaster of a merge at 6f37cf22eb593363c5f9
2013-07-29 21:47:52 -05:00
47c21dfe85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 11:42:11 -05:00
147d432b1d
Move from DLink to D-Link
2013-07-23 14:11:16 -05:00
4367a9ae49
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 15:09:35 -05:00
70900cfe5e
Final cleanup for foreman_openstack_satellite_priv_esc
2013-07-22 14:59:23 -05:00
b6c9fd4723
Add foreman_openstack_satellite_priv_esc.rb
...
This module exploits a mass assignment vulnerability in the 'create'
action of 'users' controller of Foreman and Red Hat OpenStack/Satellite
(Foreman 1.2.0-RC1 and earlier) by creating an arbitrary administrator
account.
2013-07-22 15:24:25 -03:00
12e48e252f
one more logdir fix, tested
2013-07-20 10:40:06 -07:00
5fd8d53378
fixed bug with default logdir
2013-07-20 10:35:25 -07:00
183cd7337d
added ability to execute larger scripts
2013-07-19 15:24:51 -07:00
52079c960f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 12:52:42 -05:00
3ac2ae6098
Disambiguate the module title from existing psexec
2013-07-17 17:11:56 -05:00
7ab4d4dcc4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 17:34:29 -05:00
5c265c99d2
Clean jboss_seam_exec @cmaruti's collab
2013-06-25 14:09:30 -05:00
f78b4d8874
modified according to jvazquez-r7 feedback
2013-06-20 16:29:42 +02:00
4846a680db
modified according to jvazquez-r7 feedback
2013-06-20 16:19:43 +02:00
8e64bf3d16
modified according to jvazquez-r7 feedback
2013-06-20 16:15:28 +02:00
a5332e5ed2
Module was updated to support WebSphere AS running seam-2.
...
msf auxiliary(jboss_seam_exec) > run
[*] Found right index at [0] - getRuntime
[*] Index [1]
[*] Index [2]
[*] Index [3]
[*] Index [4]
[*] Index [5]
[*] Found right index at [6] - exec
[*] Index [7]
[*] Index [8]
[*] Index [9]
[*] Index [10]
[*] Index [11]
[*] Index [12]
[*] Index [13]
[*] Index [14]
[*] Index [15]
[*] Index [16]
[*] Index [17]
[*] Index [18]
[*] Index [19]
[*] Index [20]
[*] Index [21]
[*] Index [22]
[*] Index [23]
[*] Index [24]
[*] Target appears VULNERABLE!
[*] Sending remote command:pwd
[*] Exploited successfully
[*] Auxiliary module execution completed
2013-06-20 12:17:07 +02:00
66ea59b03f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-28 15:22:46 -05:00
6f2ddb3704
Update mssql_findandsampledata.rb
2013-05-25 11:33:57 +05:00
011b0bb741
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-15 09:07:47 -05:00
649a8829d3
Add modules for Mutiny vulnerabilities
2013-05-15 09:02:25 -05:00
51a532e8b4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-12 17:39:58 -05:00
feac292d85
Clean up for dlink_dsl320b_password_extractor
2013-05-12 17:35:59 -05:00
ee46771de5
Land #1799 , @m-1-k-3's auth bypass module for Dlink DSL320
2013-05-12 17:34:08 -05:00
e3582887cf
OSVDB, Base64
2013-05-07 08:28:48 +02:00
0f2a3fc2d4
dsl320b authentication bypass - password extract
2013-05-06 14:31:47 +02:00
7bf4aa317f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-25 10:31:51 -05:00
b67fcd3219
Add OSVDB ref to sap_configservlet_exec_noauth
2013-04-25 08:13:32 -05:00
96b66d3856
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-22 21:49:59 -05:00
nullbind
jvazquez-r7
scriptjunkie
HD Moore
URI Assassin
Jon Hart
Christian Mehlmauer
Tod Beardsley
Thomas Ring
sinn3r
us3r777
William Vu
Spencer McIntyre
j0hnf
nodeofgithub
Ramon de C Valle
David Maloney
Michael Messner
James Lee
Matt Andreko
Niel Nielsen
Sven Vetsch / Disenchant
Jeff Jarmoc
Jeff Jarmoc
Meatballs
Rich Lundeen
jvazquez-r7
Rob Fuller
Brandon Perry
Cristiano Maruti
darknight007
m-1-k-3