443f19abcf
Merge branch 'CVE-2008-5499_adobe_flashplayer_aslaunch' of https://github.com/0a2940/metasploit-framework into 0a2940-CVE-2008-5499_adobe_flashplayer_aslaunch
2012-04-11 10:04:01 -05:00
b077efb7f0
Missed one.
2012-04-11 00:30:18 -06:00
d0eb383655
Un-standardize printing in browser modules
...
This is now handled by the HttpServer mixin
2012-04-11 00:26:25 -06:00
090566610a
Make sure @shares is initialized
...
Fixes a stack trace when the target isn't Windows
2012-04-10 15:00:47 -06:00
94cf69cdf8
Yank the ACTION option from persistence
...
Other problems with this module since commit
5ba5bbf077
2012-04-10 15:01:14 -05:00
654701f1b2
new file: data/exploits/CVE-2008-5499.swf
...
new file: external/source/exploits/CVE-2008-5499/Exploit.as
new file: modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb
2012-04-10 20:58:22 +01:00
03c958a9b1
ACTION on persistence.rb should be an OptEnum
...
That way, upcase / downcase problems get caught on option validation,
rather than down in the module's guts.
2012-04-10 14:45:54 -05:00
cbc12560a5
Leading tabs, not spaces
...
There's a coding style in here that will make msftidy.rb cry, and
that's:
```
varfoo = %q|
stuff
thats
html
|
```
Usually, you want something like
varfoo = ""
varfoo << %q| stuff|
varfoo << %q| thats|
varfoo << %q| html|
That said, the Description field is usually written as tab-intended
multiline %q{} enclosures, so that's what I'll do here to make
msftidy.rb happy.
2012-04-10 14:25:00 -05:00
cdc020ba9f
Trailing space on xpi bootstrap module
2012-04-10 14:24:08 -05:00
3cb7cbe994
Adding another ref and a disclosuredate to mihi's XPI module
...
Calling the disclosure date 2007 since TippingPoint published a blog
post back then about this XPI confirm-and-install vector.
2012-04-10 13:59:21 -05:00
0e1fff2c4b
Change the output style to comply with egyp7's expectations.
2012-04-10 13:42:52 -05:00
28534d5f6e
Merge branch 'rapid7' into bap-refactor
2012-04-10 12:42:27 -06:00
76c12fe7e6
Whitespace cleanup
2012-04-10 13:22:10 -05:00
705cf41858
Add firefox_xpi_bootstrapped_addon exploit
...
This is similar to java_signed_applet as it does not exploit a vulnerability, but
hope that the user will trust the addon.
2012-04-10 13:39:54 +02:00
a9d733f9fe
Fix pack order
2012-04-09 21:21:42 -05:00
2de0c801d9
Add vulnerable version numbers to the description
2012-04-09 14:41:42 -06:00
2c473e3cdd
Fix up koyo login
2012-04-09 15:07:47 -05:00
246ebca940
added module for CVE-2012-0198
2012-04-09 20:45:27 +02:00
a26e844ce5
Merge pull request #318 from wchen-r7/dolibarr_login
...
Add an aux module to brute force Dolibarr's login interface
2012-04-09 09:20:48 -07:00
bef12478fc
Merge branch 'bap-refactor' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-bap-refactor
2012-04-09 09:58:22 -05:00
037fbf655e
Standardize the print format for modules used by browser autopwn
2012-04-09 01:57:50 -06:00
b38933328f
Send exploits that are not assocated with any browser to all of them
2012-04-09 01:53:57 -06:00
3ca440089e
Add checks for .NET requisites
...
Also standardizes print_status format to look nicer with lots of cilents
2012-04-09 01:23:44 -06:00
a6b106e867
Remove autopwn support for enjoysapgui_comp_download
...
No automatic targeting, the payload doesn't execute immediately, and
requires the browser be running as Admin. Bascially just not a great
candidate for being run automatically.
2012-04-09 01:05:37 -06:00
409ba3139b
Add bap checks for blackice exploit
2012-04-09 00:50:04 -06:00
5fefb47b7f
Some cosmetic changes
2012-04-09 01:43:20 -05:00
95dbb8a818
Merge branch 'snort-dce-rpc' of https://github.com/carmaa/metasploit-framework into carmaa-snort-dce-rpc
2012-04-09 00:17:44 -05:00
da1cb2b81d
ActiveX controls require IE
2012-04-08 22:07:09 -06:00
9cec9639c7
Add an aux module to brute force Dolibarr's login interface
2012-04-08 18:16:38 -05:00
f520af036f
Move next_exploit() onto window object so it's accessible everywhere
...
I swear I committed this before, not sure what happened.
2012-04-08 17:11:15 -06:00
ce0de02a2a
Modified for 8-space tabs
2012-04-08 16:09:28 -04:00
89c1894e07
Minor formatting changes, tabs etc. and comments for clarity
2012-04-08 15:45:23 -04:00
51bdfe14fd
2012, not 2011, oops
2012-04-08 13:21:37 -05:00
24478e9eb5
Add Dolibarr ERP & CRM Command Injection Exploit
2012-04-08 13:20:22 -05:00
05eba0ab4c
Cosmetic changes, mostly :-)
2012-04-07 14:47:23 -05:00
00ff2e3dc1
Merge branch 'CVE-2012-1195_thinkmanagement' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2012-1195_thinkmanagement
2012-04-07 14:41:19 -05:00
938d5d0a75
added references for cve-2012-1196
2012-04-07 20:22:59 +02:00
ee7bce5995
deletion of the ASP script
2012-04-07 20:19:45 +02:00
dfe2bbc958
Use rport for modicon_password recovery, not 21.
2012-04-07 13:03:43 -05:00
8761d39190
exploit module added for CVE-2012-1195
2012-04-07 19:04:17 +02:00
b2e0acd92a
Tidied up the exploit
2012-04-06 20:41:54 -04:00
4e955e5870
replace spaces with tabs
2012-04-06 10:45:10 -05:00
67e6c7b850
tomcat_mgr_deploy may report successful creds
...
Using following code for 'check' as 'exploit':
report_auth_info(
:host => rhost,
:port => rport,
:sname => (ssl ? "https" : "http"),
:user => datastore['BasicAuthUser'],
:pass => datastore['BasicAuthPass'],
:proof => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
:active => true
)
Resulting in:
Credentials
===========
host port user pass type active?
---- ---- ---- ---- ---- -------
192.168.x.xxx 8080 tomcat s3cret password true
2012-04-06 10:45:10 -05:00
461352f24f
Don't need to require net/ftp anymore
...
Nothing actually used it anyway.
2012-04-06 10:35:28 -05:00
56b10d4d23
Merge branch 'CVE-2012-0270_csound_getnum_bof' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2012-0270_csound_getnum_bof
2012-04-06 02:28:26 -05:00
68c81e3ae0
Add OSVDB-80661 TRENDnet SecurView ActiveX BoF
2012-04-06 02:26:04 -05:00
b184a6dc5c
Exploit for Snort CVE-2006-5276 on Windows
2012-04-05 19:46:56 -04:00
9c8e6ac9da
Ruby 1.8 compat for the SCADA modules.
...
But really, you should be using Ruby 1.9 by now.
2012-04-05 17:05:03 -05:00
14e3cd75dc
Revert "tomcat_mgr_deploy may report successful creds"
...
This reverts commit 937f8f035a
2012-04-05 16:17:06 -05:00
5c6856539e
.idea dir deleted
2012-04-05 22:46:43 +02:00
955de5a68c
comment fixed
2012-04-05 22:46:13 +02:00
c5f73d3d7a
added module for CVE-2012-0270_csound_getnum_bof
2012-04-05 22:35:42 +02:00
0c3f1aab77
Tell the user what actually went wrong when migrate.rb fails
2012-04-05 11:49:03 -06:00
14d9953634
Adding DigitalBond SCADA modules
2012-04-05 12:35:48 -05:00
eb39b5f6aa
Msftidy on netop
2012-04-05 10:33:57 -05:00
8628991b1d
Merge pull request #305 from jlee-r7/bap-refactor
...
Bap refactor
2012-04-05 08:02:43 -07:00
937f8f035a
tomcat_mgr_deploy may report successful creds
2012-04-05 11:09:56 +02:00
40ab362e1c
Store host details in the target cache
...
This allows us to maintain a connection between the client and the
operating system/host where it's running.
Also fixes a counting problem for modules actually started.
2012-04-05 01:33:07 -06:00
0ddfa79a34
Move javascriptosdetect out to its own file
...
Allows editors to easily highlight correctly which makes editing a
little nicer. Also makes it easier to debug because line numbers are
only off by the length of the custom_js argument.
2012-04-04 17:07:17 -06:00
6ad0f41479
Add the client to output
2012-04-03 18:27:16 -06:00
974d95b175
Both of these are obsoleted by java_atomicreferencearray
2012-04-03 18:23:42 -06:00
893430894e
Tell the user how many sploits we've picked
2012-04-03 18:22:56 -06:00
c79060915a
Add Chap0's netop exploit
2012-04-03 11:51:58 -05:00
48d6157d6e
New NetOp Guest msf module http://www.netop.com/
2012-04-02 16:53:51 -07:00
9cf896ffa1
Pre-release fixups on titles and grammar
...
Fixing squid_pivot_scanning and enum_xchat
2012-04-02 11:24:49 -05:00
7b0ee58d9f
Fixing bug spotted by troulouliou in ipv6_neighbor
...
Just check for nilness, not the :symbol.
2012-04-02 10:02:59 -05:00
bd5f43c918
Add another good reference by @mihi42
2012-04-01 01:30:50 -05:00
bab4cddd83
Add Jeroen Frijters for finding/reporting the bug
2012-03-31 03:01:09 -05:00
1853f8b0c2
Merge pull request #291 from wchen-r7/enum_xchat
...
Add post module enum_xchat.rb
2012-03-31 00:42:15 -07:00
543f5ebfe2
Only display the retry message when necessary
2012-03-31 02:40:24 -05:00
4215030eb3
Set a limit to how many times we can retry
2012-03-31 02:38:46 -05:00
6e4ccaae6b
Add post module to collect xchat's configs and chat logs
2012-03-31 00:15:21 -05:00
cc54a260f5
Merge remote branch 'upstream/master'
2012-03-30 14:31:12 -06:00
0547369966
Add bap support for flash mp4 and new java bug
...
Also fixes a silly issue where adobe_flash_mp4_cprt was adding the
/test.mp4 resource after every request instead of just once at startup.
2012-03-30 12:59:07 -06:00
e723704a32
Merge pull request #289 from wchen-r7/enum_colloquy
...
Add post module enum_colloquy.rb to collect chatlogs and the plist
2012-03-30 09:24:32 -07:00
18a13a4bfb
Correct description
2012-03-30 11:22:55 -05:00
ae21c05e69
add osvdb ref
2012-03-30 07:26:07 -05:00
e018c6604f
Modify CVE-2012-0507
2012-03-30 02:06:56 -05:00
8d2a58dfd8
Add post module enum_colloquy.rb to collect chatlogs and the preferences list
2012-03-29 16:24:43 -05:00
f069a32223
Merge pull request #288 from wchen-r7/cve_2012_0507
...
Adding sinn3r and juan's exploit for CVE-2012-0507. Blog post coming soon.
2012-03-29 08:46:49 -07:00
791ebdb679
Add CVE-2012-0507 (Java)
2012-03-29 10:31:14 -05:00
bd4819e8f2
Merge pull request #238 from mak/linux-x64-find-port
...
linux/x64/shell_find_port payload
2012-03-29 05:54:54 -07:00
220ad7875f
Merge pull request #285 from wvandevanter-r7/squid_pivot_scanning
...
Squid pivot scanning
2012-03-29 05:02:05 -07:00
f5e05461f6
changed the false positive check IP to a user set variable
2012-03-28 22:18:56 -04:00
0fcab521d2
fixed print_bad
2012-03-28 02:32:03 -04:00
5248ec87b5
Fixing EDB reference
2012-03-27 16:49:47 -05:00
b1683c94ef
Merge pull request #281 from jlee-r7/module-tests
...
Module tests
2012-03-27 10:23:20 -07:00
812457fed0
Rename enum_user_dirs
2012-03-27 10:52:16 -06:00
5f9000efb3
Merge pull request #280 from wchen-r7/osx_airport
...
Add OSX Gather Airport post module
2012-03-27 05:48:26 -07:00
e44f9d06ec
Remove the extra 'require'
2012-03-27 01:24:12 -05:00
670e15b40f
Add OSX Gather Airport post module
2012-03-27 01:18:38 -05:00
fb9163caf9
Merge pull request #278 from wchen-r7/manageengine_deviceexpert
...
Add OSVDB-80262 ManageEngine DeviceExpert
2012-03-26 14:42:36 -07:00
7a74cc7694
Quoting "Chicken of the VNC"
...
Otherwise, this looks like a nonsense string to people not familiar with
this application.
2012-03-26 16:26:40 -05:00
8fbf4cf6d9
Grammar on dns_txt_query_exec payload name and desc
2012-03-26 16:23:54 -05:00
d95d60670e
Fix up desc again on enum_dns
2012-03-26 16:20:00 -05:00
14b45f9fb1
More fixes to enum_dns.rb
...
* Should use 'and', not & (bitwise AND)
* Made capitalization sane for Anglophones. See: http://owl.english.purdue.edu/owl/resource/592/1/
2012-03-26 16:14:04 -05:00
dc6f76eb20
Style fixes for enum_dns.rb
...
* Use a dotted.notation for note types
* Changed title to something more descriptive
* Expanded description
* Other trivial changes
2012-03-26 16:08:39 -05:00
79d74b8768
ADD OSVDB-80262
2012-03-26 12:58:18 -05:00
19fc8d9883
Add OSVDB-80262
2012-03-26 12:42:24 -05:00
507dd423ce
Rogue period, DELETED.
2012-03-26 10:54:26 -05:00
182f3744de
Cosmetic cleanup
2012-03-26 09:23:14 -05:00
ad32911b1a
probably safer to use regex
2012-03-26 09:01:40 -05:00
e2606764cb
forgot to add renamed module
2012-03-25 09:08:38 -07:00
7ea37253a0
modifications recommended by sinn3r
2012-03-25 09:04:35 -07:00
d8ddb19b56
cve-2008-0610 windows exploit module
2012-03-25 00:14:19 -07:00
135cf7ba04
remove trailing comma, thanks troulouliou
2012-03-23 17:00:04 -05:00
e1783acd6f
Adding newline to end of ricoh_dl_bof.rb
2012-03-23 16:31:11 -05:00
2bcf259301
Setting correct LFs on freepbx_callmenum.rb
2012-03-23 16:29:42 -05:00
71462bc73d
Merging in freepbx_callmenum.rb and ricoh_dl_bof.rb
...
[Closes #266 ]
2012-03-23 16:23:36 -05:00
fbfd308d79
This actually shouldn't go it now because it's still being code reviewed
2012-03-23 15:32:24 -05:00
47493af103
Merge pull request #259 from todb-r7/edb-2
...
Convert Exploit-DB references to first-tier "EDB-12345" references
2012-03-23 12:09:07 -07:00
6f0f9041c8
Merge pull request #267 from wchen-r7/hp_data_protector_win_cmd
...
Add HP Data Protector aux module for executing commands on Windows
2012-03-23 11:06:52 -07:00
10733f6a1c
Update description
2012-03-23 13:05:40 -05:00
fef1e31e2a
Merge branch 'olliwolli-3cdaemonsp3'
2012-03-23 08:52:19 -05:00
e30623a2c9
Merge pull request #264 from wchen-r7/ricoh_dc_exploit
...
Add Ricoh DC DL-10 FTP Buffer Overflow
2012-03-23 06:45:02 -07:00
20f0a58c6a
Minor fixes
2012-03-23 08:23:30 -05:00
41bc8ded3d
Add HP Data Protector aux module for executing commands on Windows
2012-03-23 07:57:13 -05:00
30a3d8bb96
Add Windows SP3 to targets.
2012-03-23 13:52:18 +01:00
17a044db89
Print the full URI
...
Makes everything obvious from output alone, don't need to show options
to see what RHOST is.
2012-03-22 18:44:55 -06:00
6625d97599
Add Ricoh DC DL-10 FTP Buffer Overflow
2012-03-22 15:30:00 -05:00
3dc0e97998
Updating description and refs to Patrick's module
...
There was some weirdness with the commit log on this module but it
should all be kosher now.
[Closes #260 ]
2012-03-22 10:30:25 -05:00
2d29184adc
Use interpolation to ensure LPORT is a string for gsub
...
[Fixes #6542 ]
2012-03-21 21:05:05 -06:00
ddacf1dde8
Merge pull request #258 from wchen-r7/ms10_002_ie
...
Add CVE-2010-0248 Internet Explorer Object Handling Use After Free
2012-03-21 17:20:27 -07:00
0a24c354db
Update ms10-002 with dyphens
2012-03-21 19:19:20 -05:00
7d12a3ad3a
Manual fixup on remaining exploit-db references
2012-03-21 16:43:21 -05:00
2f3bbdc00c
Sed replacement of exploit-db links with EDB refs
...
This is the result of:
find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/ \([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
2c16eb29b6
Add CVE-2010-0248 Internet Explorer Object Handling Use After Free exploit
2012-03-21 16:11:26 -05:00
31228ed65a
Comment indentation
2012-03-21 15:21:10 -05:00
482a1a8511
Merge pull request #253 from corelanc0d3r/dnspayload
...
rewrote DNS TXT query out-of-band payload delivery shellcode
2012-03-21 13:19:55 -07:00
8f17cc3f5c
MS12-020 not MS12-002
2012-03-21 13:58:18 -05:00
23c9c51014
Fixing CVE format on sit_file_upload.
2012-03-21 09:59:20 -05:00
b09d91d1c7
Removing enum_bing_url
...
Moving this over to unstable until the described http request problem
gets resolved.
2012-03-21 09:33:31 -05:00
89d7363a8f
fixed crash
2012-03-21 10:39:05 +01:00
c64226f4b8
Fix regex
2012-03-21 04:31:49 -05:00
056985625d
damn comma
2012-03-21 04:06:54 -05:00
e973da7c6d
Add Chicken of the VNC client profile collector module
2012-03-21 04:04:35 -05:00
f81730a7e1
changes to the way jmp to payload is done
2012-03-21 09:52:22 +01:00
45ef7fc35d
reset author
2012-03-20 20:43:56 +01:00
ed542e2b6c
Change dns_enum to enum_dns for naming style consistency
2012-03-20 14:11:04 -05:00
b8b5c79957
No need for net/http
2012-03-20 14:09:40 -05:00
777e221232
Add Bing URL enumerator by Royce (Feature #6499 )
2012-03-20 14:07:42 -05:00
da963fc8b2
Adding OSVDB for dell_webcam_crazytalk.rb
2012-03-20 07:52:50 -05:00
e325469f6e
Grammar fix for dell_webcam_crazytalk module
2012-03-20 07:43:02 -05:00
f4dac59894
Add Dell Webcam CrazyTalk component BackImage overflow exploit
2012-03-20 03:46:37 -05:00
a3035dc6d0
Adding corelandc0d3r's http/https/ftp payload
...
Picks up the one http/https/ftp payload, but not the other two DNS
payloads listed as part of the original pull request.
[Closes #173 ]
2012-03-19 16:50:59 -05:00
bff860c62d
s/brute force/bruteforce
...
This is the preferred spelling in Metasploit, at least, according to
grep consensus:
./metasploit-framework$ grep -ri "brute force" . | wc -l
111
./metasploit-framework$ grep -ri "bruteforce" . | wc -l
183
2012-03-19 16:14:00 -05:00
4391c24d2f
Trivial touchups on RDP DoS module.
...
Dropping a line about what it can't do, adding freenode comment.
2012-03-19 14:27:27 -05:00
3a851ef2c2
Fix typo
2012-03-19 13:20:59 -05:00
3d72d52625
Add reporting to MS12-020
2012-03-19 13:18:51 -05:00
fa4504e1f6
Let's make this clear, it's just a DoS
2012-03-19 13:00:29 -05:00
13f16daca7
Actually, that date is way off. Corrected.
2012-03-19 12:58:52 -05:00
d8be328b89
Ported Daniel/Alex/jduck's MS12-020 PoC as a Metasploit module
2012-03-19 12:53:34 -05:00
cdd7a16603
Apply egypt's fix for "\n"
2012-03-19 10:19:10 -05:00
aeb691bbee
Massive whitespace cleanup
2012-03-18 00:07:27 -05:00
7c77fe20cc
Some variables don't need to be in a double-quote.
2012-03-17 20:37:42 -05:00
acac3fa38d
Add back enum_protections with some new changes
2012-03-17 16:00:20 -05:00
14d427fa87
Added fix for enum_protections
2012-03-17 13:28:31 -04:00
78331bb4c1
A bunch of fixes
2012-03-17 03:14:26 -05:00
4a0c75f4b3
Merge branch 'post-mods' of https://github.com/ohdae/metasploit-framework
2012-03-17 02:38:35 -05:00
ff093c3f93
The comments in get_chatlogs need an update
2012-03-17 00:28:05 -05:00
39cfa43250
Correct license format
2012-03-17 00:25:41 -05:00
3479a314e3
Add enum_adium.rb post module
2012-03-17 00:22:03 -05:00
c3f98fe284
Changed store_note to store_loot. Fixed local/remote file retrieval
2012-03-16 16:54:36 -03:00
d3a87b59aa
This module is not ready, yanked.
2012-03-16 11:49:31 -05:00
ba6928cbf1
sockso_traversal 1.8 compatibility fix
2012-03-16 18:12:09 +02:00
c5a4dc39c3
fix
2012-03-16 09:17:35 -04:00
9b4ecc2777
Merge branch 'post-mods' of github.com:ohdae/metasploit-framework into post-mods
2012-03-16 09:15:47 -04:00
b635019d56
saves each config to loot instead of notes
2012-03-16 09:14:48 -04:00
9f0a293a53
Correct variable name
2012-03-16 01:17:39 -05:00
13b92b97e9
Fixed incorrect variable within get_sql_history
2012-03-16 01:40:12 -03:00
f6a2e2b890
Enumerate important and interesting configuration files
2012-03-15 22:59:42 -04:00
6011da7db8
More Virtualisation SSL fixes
2012-03-15 19:06:48 -05:00
e4778c2ba4
Default SSL to true for esx_fingerprint module
2012-03-15 18:15:29 -05:00
e3f2610985
Msftidy run through on the easy stuff.
...
Still have some hits, but that requires a little more code contortion to
fix.
2012-03-15 17:06:20 -05:00
9144c33345
MSFTidy check for capitalization in modules
...
And also fixes up a dozen or so failing modules.
2012-03-15 16:38:12 -05:00
46dbaf8283
Fix typos and output
2012-03-15 16:10:05 -05:00
81b3eaa482
Fix typo
2012-03-15 15:56:24 -05:00
db4538389c
Add sockso dir traversal
2012-03-15 15:55:54 -05:00
74e40763d6
Fix syntax error in 1.8, thanks Jun Koi for the patch
2012-03-15 14:32:16 -06:00
e53938b9d7
Merge branch 'ohdae-post-mods'
2012-03-15 14:30:23 -05:00
2770199d28
enum_protections is now find_apps
2012-03-15 14:27:40 -05:00
e5c420b676
File rename, as well as design and cosmetic changes
2012-03-15 14:22:23 -05:00
8b91cc54c3
Merge branch 'post-mods' of https://github.com/ohdae/metasploit-framework into ohdae-post-mods
2012-03-15 13:50:43 -05:00
7e7b220b70
added report_note, removed store_loot function, cleaned up info/author
2012-03-15 15:29:52 -03:00
d5f83be2d0
Cosmetic changes
2012-03-15 11:21:41 -05:00
0389e47dfe
fix little mistake
2012-03-15 16:21:00 +01:00
b88af39f74
fixed output newline issue
2012-03-15 12:18:29 -03:00
9928b102b5
Added rails_mass_assignment module.
2012-03-15 16:56:38 +02:00
5250b179c8
Add CVE and OSVDB ref
2012-03-15 04:40:27 -05:00
32002c595d
fixed save line
2012-03-15 01:05:35 -03:00
c165b7b7c2
removed unneeded comments
2012-03-15 01:02:07 -03:00
58b2d570c9
fixed output issue
2012-03-15 01:00:55 -03:00
65bde7ec99
Add OSVDB-79863 NetDecision Directory Traversal
2012-03-14 16:50:54 -05:00
f91b894375
added posibilities for generating payload from asm to more arch's
...
added linux/x64/shell_find_port payload
2012-03-14 22:39:56 +01:00
ffc41bf265
removed unneeded dependency
2012-03-14 18:26:53 -03:00
c38aaede03
duplicate of enum_users_history.rb
2012-03-14 16:07:49 -05:00
5c74b7741b
locates installed 3rd part av, fws, etc
2012-03-14 13:30:16 -04:00
d1efb40d2d
Fix bad path for Windows (bug #6523 ) - Thanks Francesco
2012-03-14 12:27:40 -05:00
3b880359fe
Change module name to better describe the purpose of it. Also some cosmetic corrections.
2012-03-14 11:44:03 -05:00
704f8e391d
Remove the line that's commented out
2012-03-14 11:37:43 -05:00
60b3ee7b16
Added user specific tasks to enum_users, removed bash_hist from enum_sys, added disk space info to enum_system
2012-03-14 09:06:51 -04:00
50f8b6088b
Fix cosmetic problems
2012-03-14 05:20:19 -05:00
4872e80385
Cleanup whitespace and author format
2012-03-14 05:18:00 -05:00
9d7e22876c
Merge branch 'my-branch' of https://github.com/ohdae/metasploit-framework
2012-03-14 05:14:33 -05:00
ecb1fda682
Add OSVDB-79651: NetDecision 4.5 HTTP Server Buffer Overflow
2012-03-14 05:13:22 -05:00
fbd076e749
removed old/ folder
2012-03-13 22:49:01 -04:00
b86fa5c85b
Combined network tasks into enum_network.rb, Combined user/system tasks into enum_system.rb
2012-03-13 22:24:49 -04:00
0fe26780b9
Merge branch 'my-branch' of github.com:ohdae/metasploit-framework into my-branch
2012-03-13 22:20:59 -04:00
96fb9fd458
Combined network tasks into one module, Combined system/user tasks into one module
2012-03-13 22:18:24 -04:00
f79bda2dc7
Update modules/post/linux/gather/enum_linux.rb
2012-03-13 21:15:47 -03:00
3260bc6b65
Update modules/post/linux/gather/enum_linux.rb
2012-03-13 21:14:49 -03:00
bd5950ea52
added active connections, iwconfig, if-up/down, open ports
2012-03-13 20:09:41 -04:00
4b7e380581
Linux post ssh enum, Linux post network info
2012-03-13 17:27:21 -04:00
81248f35c4
Changing H.323 constant for H323_STATUS_FACILITY
...
However, it's not actually being used in the module anywhere, so this
change appears cosmetic more than anything right now. However, I'm
inclined to believe Ricky's suggestions when it comes to H.323.
Corroborated by this 2003 post to the Ethereal mailing list:
http://www.ethereal.com/lists/ethereal-users/200311/msg00001.html
[See #6521 ]
2012-03-13 12:26:03 -05:00
b0ba10f79c
Added afp_login module.
2012-03-13 10:01:42 +02:00
5b13b7d1d9
Extracted common AFP functionality to mixin
2012-03-13 09:56:03 +02:00
1cf25e58d5
merge description change
2012-03-12 17:22:01 -05:00
7d95132eab
Use a cleaner way to calculate JRE ROP's NEG value
2012-03-11 17:27:47 -05:00
6c19466de8
Change output style
2012-03-11 13:59:18 -05:00
25a1552fbd
Dynamic VirtualProtect dwSize. Change output style.
2012-03-11 13:49:46 -05:00
b0e7c048c9
This module fits the GoodRanking description
2012-03-10 00:50:41 -06:00
1d5bad469c
Add Windows 7 SP1 target
2012-03-10 00:11:25 -06:00
1ae779157d
Disable Nops so we don't get an ugly crash after getting a shell
2012-03-08 18:56:58 -06:00
1e4d4a5ba0
Removing EncoderType from flash module
...
Also not very useful
2012-03-08 16:57:41 -06:00
302a42a495
Fixing up print statements
...
Dropping the ROP prints since they're not all that useful.
2012-03-08 16:56:44 -06:00
1396fc19bd
Fixup bad merge on flash mp4
2012-03-08 16:52:53 -06:00
cb04e47304
Attempt #2 : there's no cli in get_payload
2012-03-08 16:47:49 -06:00
3563fe1b36
The encoder "issue" was just a misconfig on my side. Also there's no cli in get_payload.
2012-03-08 16:41:32 -06:00
fee2e1eff9
Minor spray size change
2012-03-08 16:19:51 -06:00
12395c719f
Remove debugging code
2012-03-08 16:16:42 -06:00
87274987c1
Remove the now obsolete text about SWF_PLAYER
2012-03-08 16:16:13 -06:00
181fdb7365
A small title change
2012-03-08 16:10:16 -06:00
1271368b6f
Redirect to a trailing slash to make sure relative resources load
...
properly
2012-03-08 15:37:06 -06:00
b0db18674c
Test out new player code
2012-03-08 15:05:12 -06:00
eb847a3dfb
Add a nicer prefix to the target selection message
2012-03-08 13:46:14 -06:00
5b566b43b4
Catching an update from @hdmoore-r7
...
wrt the nuclear option.
2012-03-08 12:08:39 -06:00
edb3f19c12
A little more padding for Win Vista target
2012-03-08 12:04:04 -06:00
18962e1180
Checking in the new Flash exploit to the release
...
Using the checkout master directly:
git checkout master external/source/exploits/CVE-2012-0754/Exploit.as
git checkout master
modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
2012-03-08 11:55:01 -06:00
86fc45810b
Remove the resource during cleanup
2012-03-07 23:04:53 -06:00
b4e0daf3ca
Small tweaks to the adobe mp4 exploit
2012-03-07 22:53:47 -06:00
8d93e3ad44
Actually use the password we were given...
2012-03-08 10:17:39 -07:00
9ece7b08fc
Add vendor's advisory as a reference
2012-03-08 00:46:34 -06:00
5f92bff697
Make sure no encoder will break the exploit again
2012-03-08 00:44:57 -06:00
2e94b97c82
Fix description
2012-03-07 23:59:51 -06:00
57376a976d
Fixes descriptions on new modules.
...
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:18:47 -06:00
d9788db7bb
Merge pull request #222 from jduck/master
...
Fixes #6483
2012-03-07 18:11:48 -08:00
0550b77522
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-03-07 20:04:04 -06:00
3b4ed13aee
Fix typo
2012-03-07 20:03:46 -06:00
33460b6bf4
Fixups on the Adobe Flash exploit description
...
Massaged the lines about the phishing campagin use in the wild.
2012-03-07 19:37:49 -06:00
c76f43c066
Add CVE-2012-0754: Adobe Flash Player MP4 cprt overflow
2012-03-07 19:24:00 -06:00
sinn3r
James Lee
Tod Beardsley
0a2940
Michael Schierl
HD Moore
juan
sinn3r
Carsten Maartmann-Moe
Tod Beardsley
andurin
chap0
Steve Tornio
Willis Vandevanter
corelanc0d3r
Kurtis Miller
Jonathan Cran
Oliver-Tobias Ripka
Patrick Webster
ohdae
Gregory Man
David Maloney
Maciej Kotowicz