72794e4c1a
Removed double spaces
2015-03-20 01:16:49 +00:00
b8c7161819
Fix up NameError'd payload_exe
2015-05-06 11:34:05 -05:00
ab94f15a60
Take care of modules using the 'DEBUG' option
2015-04-21 12:13:40 -05:00
4f903a604c
Fix #5103 , Revert unwanted URI encoding
...
Fix #5103 . By default, Httpclient will encode the URI but
we don't necessarily want that. These modules originally
didn't use URI encoding when they were written so we should
just keep them that way.
2015-04-17 13:59:49 -05:00
352e170624
more failure reasons
2015-04-16 22:04:11 +02:00
ba6548db75
be consistent about naming
2015-04-16 21:44:56 +02:00
b62011121b
Minor word choice fix on Solarwinds exploit
...
Removing the second person pronoun usage.
[See #5050 ]
2015-04-06 12:40:22 -05:00
7c9b19c6f8
Do minor cleanup
2015-04-03 11:53:50 -05:00
0b14a18ad2
This is final
2015-04-01 12:00:49 -05:00
0ee858cd65
Some useful messages
2015-04-01 01:41:31 -05:00
8ad07cdc0f
This should be on the right track
2015-04-01 01:27:50 -05:00
6795c90eac
Some progress
2015-03-31 20:46:34 -05:00
97305629cb
Add Solarwinds FSM module
...
starter
2015-03-31 16:21:52 -05:00
4f4bf9debb
paylod vs payload
2015-03-27 11:55:15 -07:00
921b9eab8e
Update minishare_get_overflow.rb
...
set WfsDelay 30
2015-03-20 23:42:54 +01:00
505ecd32fb
Update minishare_get_overflow.rb
...
Windows 2003 SP1 English, Windows 2003 SP2 English
2015-03-20 23:09:50 +01:00
e715eaba58
Update description
2015-03-04 16:39:27 -06:00
77abd57397
Do code cleanup
2015-03-04 16:37:31 -06:00
e7de09df29
Change module filename
2015-03-04 16:18:45 -06:00
1337b7ace8
Clean module
2015-03-04 16:18:10 -06:00
d4738d8c0a
Update #3076 branch
2015-03-04 15:51:00 -06:00
a90ebfe9a7
Modify primer to utilise file_contents macro.
2015-03-04 09:51:32 +00:00
53e45498ca
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/http/hp_pcm_snac_update_certificates.rb.
2015-02-24 05:19:47 -06:00
943ff2da75
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/http/hp_pcm_snac_update_domain.rb.
2015-02-24 05:19:46 -06:00
4963992b17
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:31:15 +00:00
666b8e3e72
Add timeout to connection handler
2015-02-17 17:27:03 +00:00
728cfafe4d
cleanups
2015-02-17 17:27:03 +00:00
e4bab60007
Generic HTTP DLL Injection Exploit Module
...
This is an example implementation of using the
Msf::Exploit::Remote::SMBFileServer module to perform
arbitrary DLL injection over SMB.
2015-02-17 17:27:03 +00:00
831a1494ac
Keep default behavior for modules forcing Msf::Encoder::Type::AlphanumUpper
2015-02-08 18:29:25 -06:00
3e7e9ae99b
Keep default behavior for modules forcing Msf::Encoder::Type::AlphanumMixed
2015-02-08 18:22:11 -06:00
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
7876401419
Land #4476 - Lexmark MarkVision Enterprise Arbitrary File Upload
2015-01-12 10:44:23 -06:00
44dfa746eb
Resolve #4513 - Change #inspect to #to_s
...
Resolve #4513
2015-01-05 11:50:51 -06:00
d2af956b16
Do minor cleanups
2014-12-29 10:39:51 -06:00
9f98fd4d87
Info leak webapp ROOT so we can cleanup
2014-12-27 08:47:51 -06:00
5afd2d7f4b
Add module for ZDI-14-410
2014-12-26 20:40:28 -06:00
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
d1523c59a9
Land #3965 - BMC Track-It! Arbitrary File Upload
2014-10-17 19:47:42 -05:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
b1223165d4
Trivial grammar fixes
2014-10-14 12:00:50 -05:00
4b7a446547
... and restore use of the complicated socket
2014-10-09 18:30:45 +01:00
c78651fccc
Use numbers for version tracking
2014-10-09 18:29:27 +01:00
411f6c8b2d
Land #3793 , @mfadzilr's exploit for CVE-2014-6287, HFS remote code execution
2014-10-08 12:16:09 -05:00
98b69e095c
Use %TEMP% and update ranking
2014-10-08 12:12:00 -05:00
d90fe4f724
Improve check method
2014-10-08 12:03:16 -05:00
25344aeb6a
Change filename
2014-10-08 11:55:33 -05:00
909f88680b
Make exploit aggressive
2014-10-08 11:08:01 -05:00
d02f0dc4b9
Make minor cleanup
2014-10-08 10:36:56 -05:00
d913bf1c35
Fix metadata
2014-10-08 10:29:59 -05:00
0a9795216a
Add OSVDB id and full disclosure URL
2014-10-08 08:25:41 +01:00
d328b2c29d
Add exploit for Track-It! file upload vuln
2014-10-07 23:50:10 +01:00
a2a2ca550e
add test result on different windows version
2014-09-20 20:06:30 +08:00
dd71c666dc
added osvdb reference and software download url, use FileDropper method
...
for cleanup
2014-09-20 15:31:28 +08:00
19ed594e98
using FileDropper method for cleanup
2014-09-20 10:52:21 +08:00
677d035ce8
added proper regex for check function
...
add comment for changed code
2014-09-19 11:30:51 +08:00
978803e9d8
add proper regex
2014-09-16 21:49:02 +08:00
783b03efb6
change line 84 as mubix advice, update disclosure date according to
...
bugtraq security list.
2014-09-15 17:21:05 +08:00
9860ed340e
run msftidy, make correction for CVE format and space at EOL (line 77)
2014-09-15 13:13:25 +08:00
f1d3c44f4f
exploit module for HTTP File Server version 2.3b, exploiting HFS scripting commands 'save' and 'exec'.
2014-09-15 12:59:27 +08:00
74ef83812a
update module vulnerability information
2014-09-15 01:43:18 +08:00
8b4b66fcaa
initial test
2014-09-14 12:26:02 +08:00
0a6ce1f305
Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP
2014-09-09 17:21:03 -05:00
f063dcf0f4
Land #3741 , @pedrib's module for CVE-2014-5005 Desktop Central file upload
2014-09-04 15:44:21 -05:00
f466b112df
Minor cleaning on check
2014-09-04 15:43:59 -05:00
74b8e8eb40
Change module filename
2014-09-04 15:39:34 -05:00
7563c0bd0e
Use Gem::Version
2014-09-04 14:40:13 -05:00
2615a7a3be
Favor \&\& and || operands
2014-09-04 14:35:37 -05:00
f0e3fa18a3
Restore the original filename
2014-09-03 21:32:05 +01:00
d69049008c
Refactor and rename desktopcentra_file_upload
...
- Rewrite check method
- Declare that v7 is also exploitable (tested and it works)
- Rename to dc_agentlogupload_file_upload to match the other DC module's naming convention
- Add CVE / OSVDB / Full disclosure references
2014-09-02 23:12:33 +01:00
05856016c9
Add exploit for CVE-2014-5005
2014-09-02 23:09:10 +01:00
8b1791da22
Modify modules to keep old behavior
2014-08-31 01:18:53 -05:00
474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-20 21:01:54 +01:00
8733dcb2f8
Land #3531 - Windows 2008 Update for HP AutoPass License
2014-07-16 15:13:05 -05:00
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
b6ded9813a
Remove EOL whitespace
2014-07-16 14:56:34 -05:00
7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-16 20:34:34 +01:00
6d05a24653
Add target information
2014-07-15 17:45:45 -05:00
604a612393
Have into account differences between windows default installs
2014-07-15 15:03:07 -05:00
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
9fef2ca0f3
Description/whitespace changes (minor)
...
Four modules updated for the weekly release with minor cosmetic fixes.
- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
2014-07-07 12:39:05 -05:00
79c433e7ea
Land #3480 - Oracle Event Processing FileUploadServlet Arbitrary File Upload
2014-07-03 14:09:12 -05:00
c207d14d1f
Update description
2014-07-03 14:08:31 -05:00
5e0211016d
Merge to solve conflicts
2014-07-03 09:16:04 -05:00
449fde5e7c
Description update
2014-07-01 10:26:52 -05:00
c43006f820
Update cogent module description, fix msftidy warnings
2014-07-01 10:06:33 -05:00
1acd5e76cb
Add check code for event processing 12
2014-06-29 15:47:57 -05:00
a94396867c
Add module for ZDI-14-106, Oracle Event Processing
2014-06-29 15:44:20 -05:00
748589f56a
Make cmdstager flavor explicit or from info
...
Every module that uses cmdstager either passes the flavor
as an option to the execute_cmdstager function or relies
on the module / target info now.
2014-06-28 17:40:49 -04:00
c8e44c341c
Fix use of sock.get vs sock.get_once
2014-06-28 16:10:18 -05:00
6e80481384
Fix bad use of sock.get() and check() implementations
...
Many of these modules uses sock.get() when they meant get_once()
and their HTTP-based checks were broken in some form. The response
to the sock.get() was not being checked against nil, which would
lead to stack traces when the service did not reply (a likely
case given how malformed the HTTP requests were).
2014-06-28 16:05:05 -05:00
45248dcdec
Add YARD documentation for methods
2014-06-27 08:34:56 -04:00
870fa96bd4
Allow quotes in CmdStagerFlavor metadata
2014-06-27 08:34:56 -04:00
91e2e63f42
Add CmdStagerFlavor to metadata
2014-06-27 08:34:55 -04:00
7ced5927d8
Use One CMDStagermixin
2014-06-27 08:34:55 -04:00
ae25c300e5
Initial attempt to unify the command stagers.
2014-06-27 08:34:55 -04:00
a60dfdaacb
Land #3471 - HP AutoPass License Server File Upload
2014-06-26 14:34:32 -05:00
3ed7050b67
Lands 3420 after wrapping most lines at 80
2014-06-24 17:37:43 -05:00
3fe162a8b1
wraps most lines at 80
2014-06-24 17:36:10 -05:00
267642aa4b
Fix description
2014-06-23 09:20:47 -05:00
cc3c06440f
Add module for ZDI-14-195, HP AutoPass License Traversal
2014-06-23 09:19:56 -05:00
g0tmi1k
William Vu
jvazquez-r7
wchen-r7
Christian Mehlmauer
Tod Beardsley
C-P
Adam Ziaja
Matthew Hall
URI Assassin
Pedro Ribeiro
mfadzilr
Meatballs
Spencer McIntyre
HD Moore
Joshua Smith