infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
42,112 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

150 Commits (494711ee6517b2125c889b354d851f067822b2c1)

Author SHA1 Message Date
HD Moore 25e0f888dd Initial commit of R7-2015-08 coverage 2015-07-08 13:42:11 -05:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil 
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
 2015-01-02 13:29:17 -06:00
Tod Beardsley d3050de862
Remove references to Redmine in code 
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
 2014-12-19 17:27:08 -06:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Mark Schloesser 9e9954e831 fix placeholder to show the firmware version I used 2014-11-19 21:23:39 +01:00
Mark Schloesser a718e6f83e add exploit for r7-2014-18 / CVE-2014-4880 2014-11-19 21:07:02 +01:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
Tod Beardsley 4fbab43f27
Release fixes, all titles and descs 2014-10-01 14:26:09 -05:00
jvazquez-r7 f2cfbebbfb Add module for ZDI-14-305 2014-09-24 00:22:16 -05:00
William Vu ff6c8bd5de
Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
Spencer McIntyre 748589f56a Make cmdstager flavor explicit or from info 
Every module that uses cmdstager either passes the flavor
as an option to the execute_cmdstager function or relies
on the module / target info now.
 2014-06-28 17:40:49 -04:00
HD Moore 3868348045 Fix incorrect use of sock.get that leads to indefinite hang 2014-06-28 15:48:58 -05:00
jvazquez-r7 d47994e009 Update modules to use the new generic CMDstager mixin 2014-06-27 08:34:55 -04:00
sinn3r cdc425e4eb Update some checks 2014-01-24 12:08:23 -06:00
sinn3r 646f7835a3 Saving progress 2014-01-21 17:14:55 -06:00
jvazquez-r7 272fe5ddfd Delete debug comments 2014-01-16 16:12:12 -06:00
jvazquez-r7 8213eed49f Delete Netgear N150 target, ist's a Netgear DGN1000 model 2014-01-16 15:14:31 -06:00
jvazquez-r7 139119d32c Add Manual targets to sercomm_exec 2014-01-16 12:44:26 -06:00
jvazquez-r7 0922aef8d1 Update module description 2014-01-16 11:16:11 -06:00
Matt Andreko b7b1ddf1e8 Sercomm Exploit module fixes 
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
 2014-01-13 16:58:32 -05:00
jvazquez-r7 24c57b34a7 Have into account endianess 2014-01-13 15:04:23 -06:00
Tod Beardsley 671027a126
Pre-release title/desc fixes 2014-01-13 13:57:34 -06:00
jvazquez-r7 9d14dd59eb Delete parentheses 2014-01-09 15:17:13 -06:00
Matt Andreko 40d2299ab4 Added tested device 2014-01-09 10:46:14 -05:00
Matt Andreko c50f7697a5 Merge branch 'review_2823' of https://github.com/jvazquez-r7/metasploit-framework into sercomm_exec 2014-01-09 10:39:12 -05:00
jvazquez-r7 bbaaecd648 Delete commas 2014-01-09 08:01:11 -06:00
jvazquez-r7 5e510dc64c Add minor fixes, mainly formatting 2014-01-09 07:51:42 -06:00
Matt Andreko ed6723655d Code Review Feedback 
Fixed some handling of errors and invalid hosts
 2014-01-09 08:44:01 -05:00
Matt Andreko d2458bcd2a Code Review Feedback 
Migrated the Sercomm module to use the CmdStager mixin to provide
uploading of the ELF binary.
Modified the CmdStagerEcho mixin to allow bypass of the "-en " since in
this case, the device messed up when it was used, and would actually
write the "-en " to the file, from some flaky busybox version of "echo".
 2014-01-08 22:21:32 -05:00
William Vu 2aed8a3aea Update modules to use new ZDI reference 2013-10-21 15:13:46 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
Tod Beardsley c547e84fa7 Prefer Ruby style for single word collections 
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.

This change converts all Payloads to this format if there is more than
one payload to choose from.

It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.

See:
  https://github.com/bbatsov/ruby-style-guide#collections
 2013-09-24 12:33:31 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
jvazquez-r7 f2e5092fd5 Add module for ZDI-13-179 2013-08-10 18:44:33 -05:00
James Lee 3009bdb57e Add a few more references for those without 2013-05-16 14:32:02 -05:00
jvazquez-r7 7e5d4bc893 Landing #1614, @jwpari nagios nrpe exploit 2013-04-11 17:53:52 +02:00
jvazquez-r7 08ba2c70d3 update title and descr for mongod_native_helper 2013-04-01 21:44:08 +02:00
jvazquez-r7 81bca2c45a cleanup for mongod_native_helper 2013-04-01 21:35:34 +02:00
agix cc598bf977 Resolv a problem with mmap64 libc function and its unknown last argument 2013-04-01 17:38:09 +02:00
agix 6b639ad2ee add memcpy to the ropchain due to the zeroed mmap function under ubuntu 2013-04-01 14:13:19 +02:00
agix baf1ce22b3 increase mmap RWX size 2013-03-31 21:04:39 +02:00
agix 4a683ec9a4 Fix msftidy WARNING 2013-03-28 13:36:35 +01:00
agix 69fb465293 Put gadgets in Target 2013-03-28 11:15:13 +01:00
agix dee5835eab Create mongod_native_helper.rb 
metasploit exploit module for CVE-2013-1892
 2013-03-28 03:10:38 +01:00
jvazquez-r7 cd58a6e1a1 cleanup for nagios_nrpe_arguments 2013-03-20 19:22:48 +01:00
Joel Parish 21e9f7dbd2 Added module for CVE-2013-1362 
Module exploits a shell code metacharacter escaping vulnerability in
poorly configured Nagios Remote Plugin Executor installations.
 2013-03-19 01:43:46 -07:00
James Lee 2160718250 Fix file header comment 
[See #1555]
 2013-03-07 17:53:19 -06:00
sinn3r f50c7ea551 A version number helps deciding which exploit to use 2013-01-23 11:43:39 -06:00
sinn3r ca144b9e84 msftidy fix 2013-01-23 11:40:12 -06:00
jvazquez-r7 dd0fdac73c fix indent 2013-01-23 18:19:14 +01:00
jvazquez-r7 9c9a0d1664 Added module for cve-2012-0432 2013-01-23 10:51:29 +01:00
Christian Mehlmauer 8f2dd8e2ce msftidy: Remove $Revision$ 2013-01-04 00:48:10 +01:00
Christian Mehlmauer 25aaf7a676 msftidy: Remove $Id$ 2013-01-04 00:41:44 +01:00
Michael Schierl 910644400d References EDB cleanup 
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
 2012-10-23 21:02:09 +02:00
Ramon de C Valle 11f82de098 Update author information 2012-09-19 14:00:51 -03:00
jvazquez-r7 261a17d28a Added module for CVE-2009-4498 2012-08-23 18:29:39 +02:00
sinn3r a228e42630 Add new target thanks for cabetux 2012-08-15 16:06:09 -05:00
sinn3r e5dd6fc672 Update milw0rm references. 
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links.  Change to exploit-db instead.
 2012-06-28 14:27:12 -05:00
Tod Beardsley 2f3bbdc00c Sed replacement of exploit-db links with EDB refs 
This is the result of:

find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/\([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
 2012-03-21 16:43:21 -05:00
sinn3r cdd7a16603 Apply egypt's fix for "\n" 2012-03-19 10:19:10 -05:00
Tod Beardsley 9144c33345 MSFTidy check for capitalization in modules 
And also fixes up a dozen or so failing modules.
 2012-03-15 16:38:12 -05:00
Steve Tornio ef4cdb516d add osvdb ref 2012-02-26 07:13:13 -06:00
sinn3r 7281a0ebdd Add CVE-2011-0923: HP Data Protector CMD_EXEC module (submitted by wireghoul) 2012-02-24 12:06:47 -06:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
Wei Chen e767214411 Fix: whitespaces, svn propset, author e-mail format 
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-06 22:02:26 +00:00
Tod Beardsley 3c36b0c975 Msftidy: knocking out all those trailing spaces. Screw those guys. 
git-svn-id: file:///home/svn/framework3/trunk@13967 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-17 03:49:49 +00:00
Wei Chen 14d7db1641 Add disclosure dates to all the exploit modules that didn't have one 
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 21:09:17 +00:00
Wei Chen f47a2c7565 Format dictatorship round 2: Fix author e-mail format for all exploit modules 
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-22 20:17:58 +00:00
Wei Chen 03ac21e5be Updated disclosure date 
git-svn-id: file:///home/svn/framework3/trunk@12387 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-21 04:34:31 +00:00
Steve Tornio cd9b742960 add osvdb refs 
git-svn-id: file:///home/svn/framework3/trunk@12202 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-01 14:00:49 +00:00
James Lee ca21393c4b remove debug print. 
git-svn-id: file:///home/svn/framework3/trunk@12168 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-28 17:30:02 +00:00
James Lee 1096d1c076 add a combined module for exploiting DRb. thanks joernchen! 
git-svn-id: file:///home/svn/framework3/trunk@12161 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-27 20:00:06 +00:00
HD Moore a69278710a Commit an exploit for the Accellion File Transfer appliance default encryption key vulnerability. 
git-svn-id: file:///home/svn/framework3/trunk@11935 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-11 17:37:23 +00:00
Joshua Drake c29bca4fb8 add keywords, oops 
git-svn-id: file:///home/svn/framework3/trunk@11868 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-03 01:04:47 +00:00
Joshua Drake c7f6324fbd add cve-2011-0404 exploit from Evan 
git-svn-id: file:///home/svn/framework3/trunk@11867 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-03 01:04:24 +00:00
Joshua Drake ae04e34cf7 fix some non-full-namespace includes 
git-svn-id: file:///home/svn/framework3/trunk@10617 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-09 06:55:52 +00:00
Joshua Drake 7d945ed9dc add lots of disclosure dates from OSVDB 
git-svn-id: file:///home/svn/framework3/trunk@9669 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-03 03:13:45 +00:00
Joshua Drake 9984b662e0 switch some URL references to US-CERT-VU type 
git-svn-id: file:///home/svn/framework3/trunk@9666 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-03 01:09:32 +00:00
Joshua Drake 0882838491 ensure binary mode when opening files, whitespace fixes 
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-01 23:33:07 +00:00
Tod Beardsley 9d46383040 Fixes #2134. Subs select for sleep in exploit modules. 
git-svn-id: file:///home/svn/framework3/trunk@9583 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-22 19:11:05 +00:00
Joshua Drake 128e0515ef stop perpetuating the ambiguity! 
git-svn-id: file:///home/svn/framework3/trunk@9262 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-09 17:45:00 +00:00
Joshua Drake b4ead057f6 add exploit module for cve-2000-0917 
git-svn-id: file:///home/svn/framework3/trunk@8530 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-17 00:56:28 +00:00
Joshua Drake a996668cfa added payload notes 
git-svn-id: file:///home/svn/framework3/trunk@8511 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-16 00:27:45 +00:00
Joshua Drake 8c59c9cfdc fix typos 
git-svn-id: file:///home/svn/framework3/trunk@8508 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-15 22:42:16 +00:00
Joshua Drake b1ef6075c0 add exploit module for cve-2007-5208 
git-svn-id: file:///home/svn/framework3/trunk@8507 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-15 22:38:50 +00:00
Joshua Drake ff83f1cd2f add ranking to every exploit module, pfew! 
git-svn-id: file:///home/svn/framework3/trunk@7724 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-06 05:50:37 +00:00
HD Moore 5972666f63 See #339. Massive cleanup of author names, make them consistent across modules 
git-svn-id: file:///home/svn/framework3/trunk@7075 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-27 21:30:45 +00:00
HD Moore a5f567e76e Massive OSVDB reference update from Steve Tornio. 
git-svn-id: file:///home/svn/framework3/trunk@6629 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-07 20:20:42 +00:00
HD Moore 1eddbbf332 More references from Steve Tornio 
git-svn-id: file:///home/svn/framework3/trunk@6551 4d416f70-5f16-0410-b530-b9f4589650da
 2009-05-14 19:56:07 +00:00
kris 37c2e301ed replacing defunct framework URL in header comments in most modules and pcap_log 
git-svn-id: file:///home/svn/framework3/trunk@6479 4d416f70-5f16-0410-b530-b9f4589650da
 2009-04-13 14:33:26 +00:00
Ramon de C Valle f124597a56 Code cleanups 
git-svn-id: file:///home/svn/framework3/trunk@5773 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-19 21:03:39 +00:00
HD Moore fd256ec4a1 This massive commit changes the metasploit 3 module format. The new syntax allows for greater scalability and future improvements to the metasploit module loader. This change also makes it easier for users to add new modules, since the class name no longer needs to match the directory structure. 
git-svn-id: file:///home/svn/framework3/trunk@5709 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-02 05:23:59 +00:00
Patrick Webster 1c6a33cb01 Added gld_postfix.rb module 
git-svn-id: file:///home/svn/framework3/trunk@5528 4d416f70-5f16-0410-b530-b9f4589650da
 2008-06-07 02:16:34 +00:00
Ramon de C Valle 5d1bf914bf Added InterBase/Firebird stuff. 
git-svn-id: file:///home/svn/framework3/trunk@5136 4d416f70-5f16-0410-b530-b9f4589650da
 2007-10-04 03:03:13 +00:00
Ramon de C Valle 6462ede937 Fixes #106. Added new single shell_bind_tcp payload module for Linux x86. See #106. 
git-svn-id: file:///home/svn/framework3/trunk@5068 4d416f70-5f16-0410-b530-b9f4589650da
 2007-07-31 02:10:49 +00:00
Ramon de C Valle e4aeff2f71 Added Borland Interbase 2007 Create Request Buffer Overflow exploit module for linux x86 
git-svn-id: file:///home/svn/framework3/trunk@5065 4d416f70-5f16-0410-b530-b9f4589650da
 2007-07-30 01:38:14 +00:00