jvazquez-r7
bfdefdb338
Land #3023 , @m-1-k-3's module for Linksys WRT120N bof reset password
2014-02-26 09:36:14 -06:00
jvazquez-r7
6ba26bf743
Use normalize_uri
2014-02-26 09:35:42 -06:00
jvazquez-r7
582372ec3e
Do minor cleanup
2014-02-26 09:32:11 -06:00
jvazquez-r7
0531abb691
Land #3026 , @ribeirux DoS module for CVE-2014-0050
2014-02-26 08:53:55 -06:00
jvazquez-r7
449d0d63d1
Do small clean up
2014-02-26 08:52:51 -06:00
Michael Messner
b79197b8ab
feedback included, cleanup, login check
2014-02-26 13:44:36 +01:00
Fr330wn4g3
b81642d8ad
Update total_video_player_131_ini_bof
2014-02-26 11:37:04 +01:00
Fr330wn4g3
a7cacec0c3
Add module for EDB 29799
2014-02-25 23:07:28 +01:00
jvazquez-r7
96ffb1db47
Delete extra comma
2014-02-25 15:29:46 -06:00
jvazquez-r7
cb18639b66
Add small fixes and clean up
2014-02-25 15:25:01 -06:00
jvazquez-r7
1d4b2ea60d
Add module for ZDI-14-015
2014-02-25 15:07:09 -06:00
William Vu
63bbe7bef2
Land #3034 , 302 redirect for http_basic
2014-02-25 13:54:58 -06:00
William Vu
4cc91095de
Fix minor formatting issues
2014-02-25 13:48:37 -06:00
jvazquez-r7
a45c8c2b4a
Land #3029 , @xistence Symantec endpoint exploit
2014-02-25 07:59:35 -06:00
jvazquez-r7
bfe0fdb776
Move module
2014-02-25 07:58:00 -06:00
xistence
ab167baf56
Added randomness instead of payload and xxe keywords
2014-02-25 15:23:10 +07:00
jvazquez-r7
4908d80d6c
Clean up module
2014-02-24 16:00:54 -06:00
kn0
6783e31c67
Used the builtin send_redirect method in Msf::Exploit::Remote::HttpServer instead of creating a redirect inline
2014-02-24 15:59:49 -06:00
ribeirux
ead7cbc692
Author and URI fixed
2014-02-24 22:20:34 +01:00
kn0
f1e71b709c
Added 301 Redirect option to Basic Auth module
2014-02-24 14:59:20 -06:00
William Vu
6f398f374e
Land #3032 , inside_workspace_boundary? typo fix
2014-02-24 14:55:09 -06:00
James Lee
d2945b55c1
Fix typo
...
inside_workspace_boundary() -> inside_workspace_boundary?()
2014-02-24 14:46:08 -06:00
sinn3r
a50b4e88be
Fix msftidy warning: Suspect capitalization in module title: 'encoder'
2014-02-24 11:25:46 -06:00
Michael Messner
2935f4f562
CMD target
2014-02-24 18:12:23 +01:00
jvazquez-r7
c981bbeab9
Land #3011 , @wchen-r7's fix for Dexter exploit
2014-02-24 10:53:10 -06:00
jvazquez-r7
b2d4048f50
Land #3027 , @OJ's fix for ultraminihttp_bof
2014-02-24 10:50:08 -06:00
jvazquez-r7
c9f0885c54
Apply @jlee-r7's feedback
2014-02-24 10:49:13 -06:00
sinn3r
5cdd9a2ff3
Land #2995 - sqlmap minor cleanup, description & file tests
2014-02-24 10:39:01 -06:00
bcoles
a29c6cd2b4
Add SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write
2014-02-25 02:57:25 +10:30
xistence
5485759353
Added Symantec Endpoint Protection Manager RCE
2014-02-24 15:04:37 +07:00
xistence
8e3f70851d
Added Symantec Endpoint Protection Manager RCE
2014-02-24 15:01:13 +07:00
Michael Messner
0126e3fcc8
cleanup
2014-02-23 21:17:32 +01:00
Michael Messner
dbbd080fc1
a first try of the cmd stager, wget in a seperated module included
2014-02-23 20:59:17 +01:00
OJ
fdd0d91817
Updated the Ultra Minit HTTP bof exploit
...
After exploiting this application manually I decided to make this
an MSF exploit, only to find that other people had beaten me to it.
However, the existing exploit was broken in a few ways, and this
commit makes those problems go away. They include:
* Correct use of alpha chars in the buffer leading up to the payload
which results in bad chars being avoided. Bad chars muck with the
offsets because they get expanded.
* Adjustment of the payload so that it runs in another thread instead
of in the thread of the request handler. This prevents the session
from being killed after the hard-coded 60-second timeout that is
baked into the application.
* The handler thread terminates itself so that the process doesn't
crash.
* Extra targets were added based on the machines I had access to.
2014-02-23 21:23:41 +10:00
Meatballs
2f7f344be3
Copy original sleep
2014-02-23 04:53:48 +00:00
Meatballs
6127ff92ce
Fix race condition
...
Wait for Sysprep to ExitProcess before cleaning up the DLLs...
2014-03-03 23:41:25 +00:00
Meatballs
d396be963a
Use new cmd_exec_get_pid
2014-02-28 20:53:13 +00:00
Meatballs
2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
Meatballs
e0fa1d532c
Dont think this works on vista/8
2014-02-26 23:14:17 +00:00
Meatballs
5a7730b495
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
2014-02-25 23:15:47 +00:00
Meatballs
8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
lib/msf/core/post/windows.rb
2014-02-25 22:15:05 +00:00
Meatballs
1f08ad48a4
Fix payload_path method
2014-02-25 22:11:23 +00:00
Meatballs
6687ef80ee
Further bypassuac tidies
...
Dont rescue Exception
Use ReflectiveDLLInjection post mixin
Dont keep retrieving %TEMP% path
2014-02-25 22:03:01 +00:00
David Maloney
23381ea2cb
code tidying
...
break big exploit method up into
smaller methods for better maintainability
2014-02-25 14:07:48 -06:00
ribeirux
8f7f1d0497
Add module for CVE-2014-0050
2014-02-22 14:56:59 +01:00
Michael Messner
ec8e1e3d6f
small fixes
2014-02-21 21:59:45 +01:00
Michael Messner
1384150b7a
make msftidy happy
2014-02-21 21:56:46 +01:00
Michael Messner
c77fc034da
linksys wrt120 admin reset exploit
2014-02-21 21:53:56 +01:00
jvazquez-r7
998fa06912
Land #2998 , @bit4bit's fix for the vtigercrm exploit
2014-02-20 08:36:05 -06:00
jvazquez-r7
0b27cd13e8
Make module work
2014-02-20 08:35:37 -06:00
jvazquez-r7
e75a0ea948
Fix typo
2014-02-19 15:21:02 -06:00
jvazquez-r7
aa07065f67
Land #2959 , reverse powershell payload by @Meatballs1
2014-02-19 15:14:54 -06:00
jvazquez-r7
9fad43da08
Add license information
2014-02-19 15:11:12 -06:00
sinn3r
ed2ac95396
Always replace \ with / for Dexter exploit
...
Fix for the following:
48199fec27 (commitcomment-5419010)
2014-02-19 09:24:07 -06:00
Joe Vennix
50fb9b247e
Restructure some of the exploit methods.
2014-02-19 02:31:22 -06:00
sinn3r
2e7a56b4a7
Land #3001 - SUB Encoder
2014-02-19 01:54:01 -06:00
jvazquez-r7
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
Meatballs
0480ad16aa
No common
2014-02-18 23:09:35 +00:00
William Vu
e7c3b94e60
Land #3006 , @todb-r7's pre-release fixes
2014-02-18 14:15:12 -06:00
Tod Beardsley
721e153c7f
Land #3005 to the fixup-release branch
...
Prefer the intel on #3005 over my own made up 0day guess. Thanks @wvu!
Conflicts:
modules/exploits/windows/fileformat/audiotran_pls_1424.rb
2014-02-18 14:08:54 -06:00
Tod Beardsley
a863d0a526
Pre-release fixes, including msftidy errors.
2014-02-18 14:02:37 -06:00
Michael Messner
3a8de6e124
replaced rhost by peer
2014-02-18 21:01:50 +01:00
William Vu
28dc742bcf
Fix references and disclosure date
2014-02-18 13:59:58 -06:00
jvazquez-r7
4f9ab0b99f
Land #2903 , @Meatballs1 SPN gather post module
2014-02-18 13:53:32 -06:00
jvazquez-r7
4903b05214
Fix tabs
2014-02-18 13:51:40 -06:00
William Vu
c216357815
Land #3000 , audiotran_pls_1424 SEH exploit
2014-02-18 13:27:14 -06:00
Michael Messner
66e2148197
linksys themoon command execution exploit
2014-02-18 19:43:47 +01:00
Michael Messner
4dda7e6bad
linksys themoon command execution exploit
2014-02-18 19:42:50 +01:00
Meatballs
8a68323cf0
Dont keep checking domain
2014-02-18 17:52:34 +00:00
jvazquez-r7
1bc94b8a9d
Merge for retab
2014-02-17 19:19:47 -06:00
Meatballs
e290529841
Sadly this url is dead
2014-02-17 22:07:19 +00:00
Meatballs
6c32848b10
Use correct post methods
2014-02-17 22:03:07 +00:00
Joe Vennix
57449ac719
Adds working shellcode exec local exploit.
2014-02-17 15:31:45 -06:00
Meatballs
83d9a1e7c2
Xp Compat?
2014-02-17 21:28:06 +00:00
Meatballs
5e52e48d16
Gather cached GPO
2014-02-17 20:45:56 +00:00
Philip OKeefe
98958bc7bc
Making audiotran_pls_1424 more readable and adding comments
2014-02-17 13:40:03 -05:00
sinn3r
52ac85be11
Land #2931 - Oracle Forms and Reports RCE
2014-02-17 08:54:23 -06:00
sinn3r
110ffbf342
Indent looks off for this line
2014-02-17 08:53:29 -06:00
sinn3r
632ea05688
100 columns
2014-02-17 08:52:56 -06:00
sinn3r
8da7ba131b
In case people actually don't know what RCE means
2014-02-17 08:51:48 -06:00
sinn3r
73459baefd
Add OSVDB references
2014-02-17 08:50:34 -06:00
Mekanismen
fb7b938f8e
check func fixed
2014-02-17 15:11:56 +01:00
OJ
b2d09ed0d1
Add the NULL byte to the list of valid chars
...
While rare, I guess it is a possibility that the NULL byte can be
used.
2014-02-17 16:40:56 +10:00
xistence
1864089085
removed rport definition
2014-02-17 11:32:24 +07:00
Philip OKeefe
c60ea58257
added audiotran_pls_1424 fileformat for Windows
2014-02-16 16:20:50 -05:00
Mekanismen
e27d98368e
fixed local server issues
2014-02-16 18:26:08 +01:00
Mekanismen
e40b9e5f37
updated and improved
2014-02-16 16:24:39 +01:00
OJ
e134ec4691
Remove '*' from valid file system chars
2014-02-16 23:57:54 +10:00
OJ
a808053c37
Add first pass of optimised sub encoder
...
Full details of the encoder are in the detailed description in the
source itself. But this is effectively an "optimised" SUB encoder
which is similar to the add_sub encoder except it doesn't bother to
use the ADD instructions at all, and it doesn't zero out EAX for
each 4-byte block unless absolutely necessary. This results in
payloads being MUCH smaller (in some cases 30% or more is saved).
2014-02-16 20:12:14 +10:00
Jovany Leandro G.C
74344d6c7e
vtigerolservice.php to vtigerservice.php
...
using direct soap/vtigerolservice.php not work..php need require('config.php');
2014-02-15 20:36:36 -05:00
Matteo Cantoni
8a24da9eea
Module to query Jboss status servlet
2014-02-15 17:46:52 +01:00
Tod Beardsley
f6be574453
Slightly better file checks on sqlmap.py
2014-02-15 09:58:03 -06:00
Tod Beardsley
dacbf55fc1
Minor cleanup of title and desc on sqlmap
2014-02-15 09:55:06 -06:00
Mekanismen
b7d69c168c
bugfix and user supplied local path support
2014-02-15 16:24:59 +01:00
sinn3r
9daffbd484
Land #2973 - Dexter panel (CasinoLoader) SQLi to file upload code exec
2014-02-14 17:16:27 -06:00
sinn3r
48199fec27
Change URL identifier, and make the user choose a target
2014-02-14 17:15:00 -06:00
Meatballs
c39924188a
Clean up
2014-02-14 20:52:04 +00:00
Royce Davis
0e7074c139
Modififed output for smb_enumshares module
2014-02-14 13:39:13 -06:00
Royce Davis
6dc9840064
Modified output for smb_enumshares
2014-02-14 13:12:52 -06:00
jvazquez-r7
b2ea257204
Include Linux::System post mixin
2014-02-14 08:32:21 -06:00
Meatballs1
ad72ecaf84
Handle SPN array
2014-02-14 09:48:23 +00:00
Meatballs1
4b828e5d45
Dont parse empty SPNs
2014-02-14 09:41:37 +00:00
Meatballs1
2c12952112
Moar corrections
2014-02-14 09:37:00 +00:00
Meatballs1
9dd56d32de
Corrections
2014-02-14 09:32:53 +00:00
Meatballs1
7ef68184e1
Handle SPNs differently
2014-02-13 23:24:55 +00:00
Meatballs1
95048b089e
Dont search for made up fields
2014-02-13 22:51:55 +00:00
Russell Sim
ee3f1fc25b
Record successful passwordless access to mongodb
2014-02-14 08:52:17 +11:00
Tod Beardsley
745f313413
Remove @nmonkee as author per twitter convo
2014-02-13 14:41:10 -06:00
Tod Beardsley
371f23b265
Unbreak the URL refs add nmonkee as ref and author
...
While @nmonkee didn't actually contribute to #2942 , he did publish a
python exploit that leverages WebView, so given our policy of being
loose with author credit, I added him.
Also added a ref to @nmonkee's thing.
@jduck @jvennix-r7 if you have a problem with this, please do say so, I
don't think adding @nmonkee in any way diminishes your work, and I don't
want to appear like we're secretly ripping off people's work. I know you
aren't on this or any other module, and I know @nmonkee doesn't think
that either.
2014-02-13 14:19:59 -06:00
Matteo Cantoni
7c860b9553
fix description
2014-02-13 21:11:50 +01:00
jvazquez-r7
61563fb2af
Do minor cleanup
2014-02-13 09:10:04 -06:00
jvazquez-r7
67367092b7
Solve conflicts
2014-02-13 08:42:53 -06:00
William Vu
a4035252d6
Land #1910 , DISCLAIMER for firefox_creds
...
Fixed conflict in Author.
2014-02-12 16:32:08 -06:00
jvazquez-r7
51896bcf74
land #2984 , @wchen-r7's [FixRM #8765 ] NameError uninitialized constant in enum_ad_user_comments
2014-02-12 15:31:54 -06:00
sinn3r
ce2de8f3bf
Different way to write this
2014-02-12 15:08:20 -06:00
Peter Arzamendi
5ef40e3844
Removed bad sets on datastore['USERNAME'] and datastore['PASSWORD']
2014-02-12 13:31:03 -06:00
jvazquez-r7
ff267a64b1
Have into account the Content-Transfer-Encoding header
2014-02-12 12:40:11 -06:00
sinn3r
45d4b1e1fd
Land #2958 - Add options: Applicaiton-Name, Permissions for jar.rb
2014-02-12 11:14:25 -06:00
Peter Arzamendi
2b8a8259f9
Updates to support OWA 2013 and some syntax changes
2014-02-12 09:40:49 -06:00
jvazquez-r7
a59ce95901
Land #2970 , @sgabe exploit for CVE-2010-2343
2014-02-12 08:10:53 -06:00
jvazquez-r7
9845970e12
Use pop#ret to jump over the overwritten seh
2014-02-12 08:10:14 -06:00
sgabe
11513d94f5
Add Juan as author
2014-02-12 12:17:02 +01:00
sgabe
3283880d65
Partially revert "Replace unnecessary NOP sled with random text" to improve reliability.
...
This partially reverts commit 12471660e9
.
2014-02-12 12:09:16 +01:00
xistence
6944c54d13
Added EXTENDED option to smtp_relay
2014-02-12 15:44:53 +07:00
sinn3r
0f620f5aba
Fix Uninitialized Constant RequestError
...
[SeeRM #8765 ] NameError uninitialized constant
2014-02-12 00:23:23 -06:00
sgabe
7195416a04
Increase the size of the NOP sled
2014-02-12 02:35:53 +01:00
sgabe
3f09456ce8
Minor code formatting
2014-02-11 23:53:04 +01:00
sgabe
7fc3511ba9
Remove unnecessary NOPs
2014-02-11 23:48:54 +01:00
sgabe
12471660e9
Replace unnecessary NOP sled with random text
2014-02-11 23:48:04 +01:00
sgabe
184ccb9e1e
Fix payload size
2014-02-11 23:42:58 +01:00
William Vu
c67c0dde8f
Land #2972 , enum_system find/save logs/S[UG]ID
2014-02-11 15:45:27 -06:00
jvazquez-r7
1f0020a61c
Land #2946 , @jlee-r7's optimization of the x86 block_api code
2014-02-11 15:00:00 -06:00
bwall
783e62ea85
Applied changes from @wchen-r7's comments
2014-02-11 10:14:52 -08:00
jvazquez-r7
3717374896
Fix and improve reliability
2014-02-11 10:44:58 -06:00
jvazquez-r7
51df2d8b51
Use the fixed API on the mediawiki exploit
2014-02-11 08:28:58 -06:00
Roberto Soares Espreto
68578c15a3
find command modified
2014-02-11 10:08:12 -02:00
jvazquez-r7
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
Roberto Soares Espreto
f181134ef8
Removed hard tabs
2014-02-10 23:16:04 -02:00
sgabe
e8a3984c85
Fix ROP NOP address and reduce/remove NOPs
2014-02-11 00:29:37 +01:00
Meatballs
39be214413
Dont use quotes and start in a console
2014-02-10 23:15:59 +00:00
William Vu
e6905837eb
Land #2960 , rand_text_alpha for amaya_bdo
2014-02-10 16:44:11 -06:00
bwall
13fadffe7e
Dexter panel (CasinoLoader) SQLi to PHP code exec - Initial
2014-02-10 13:44:30 -08:00
Meatballs
a87f604c98
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-10 21:43:56 +00:00
Roberto Soares Espreto
2e720f8f0f
Post::Linux - Added to search for files with setuid/setgid and logfiles
2014-02-10 19:24:51 -02:00
Tod Beardsley
1236a4eb07
Fixup on description and some option descrips
2014-02-10 14:41:59 -06:00
jvazquez-r7
3d4d5a84b6
Land #2957 , @zeroSteiner's exploit for CVE-2013-3881
2014-02-10 13:59:45 -06:00
jvazquez-r7
502dbb1370
Add references
2014-02-10 13:55:02 -06:00
sinn3r
8a8bc74687
Land #2940 - DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials
2014-02-10 13:49:02 -06:00
sinn3r
306b31eee3
Small changes before merging
2014-02-10 13:47:31 -06:00
sgabe
08b6f74fb4
Add module for CVE-2010-2343
2014-02-10 20:46:09 +01:00
jvazquez-r7
abb03d0bbe
Fixing messages
2014-02-10 13:10:42 -06:00
jvazquez-r7
541bb6134e
Change exploit filename
2014-02-10 13:06:23 -06:00
jvazquez-r7
2e130ce843
Make it work with Reader Sandbox
2014-02-10 13:04:13 -06:00
Tod Beardsley
7c43565ea8
Include missing require for powershell
2014-02-10 11:02:53 -06:00
jvazquez-r7
5672a4dae5
Land #2962 , @Meatballs1 RequiredCmd property for ARCH_CMD win payloads
2014-02-10 09:51:08 -06:00
jvazquez-r7
8ece4a7750
Delete debug print
2014-02-10 08:57:45 -06:00
jvazquez-r7
57320a59f1
Do small clean up for mediawiki_thumb pr
2014-02-10 08:57:09 -06:00
Spencer McIntyre
0ac1acda70
Upgrade toolchain to Visual Studio 2013 v120.
2014-02-10 09:35:07 -05:00
xistence
02fb84db20
Changed dns_amp to avoid false positives
2014-02-10 17:13:06 +07:00
sinn3r
c96116b193
Land #2949 - Add module Kloxo SQLi
2014-02-08 13:45:11 -06:00
Meatballs
6234528c25
Keep it secret keep it safe
2014-02-08 19:29:01 +00:00
Meatballs
9f04e0081d
Stick with command let encoder handle encoding
2014-02-08 19:28:03 +00:00
Meatballs
92f779ed1b
Cant handle space characters either
2014-02-08 19:16:42 +00:00
Meatballs
a42e97395b
Powershell cmd encoder
2014-02-08 19:09:57 +00:00
Meatballs
93b07b0e48
Add missing RequiredCmds
2014-02-08 12:24:49 +00:00
David Maciejak
32c02dd56a
Added some randomness
2014-02-08 11:27:25 +08:00
Meatballs
80814adaf9
Credit where credits due
2014-02-08 01:42:45 +00:00
Meatballs
efe4d6b41a
Tidyup
2014-02-08 01:03:02 +00:00
Meatballs
2d1a0c3a01
Windows CMD love too
2014-02-08 01:00:31 +00:00
Meatballs
dcff06eba1
More verbose failure messages
2014-02-07 23:59:28 +00:00
sinn3r
66cb97305c
Land #2953 - KingScada kxClientDownload.ocx ActiveX Remote Code Exec
2014-02-07 17:41:35 -06:00
sinn3r
bd23fcf4b7
Land #2936 - Windows Command Shell Upgrade (Powershell)
2014-02-07 17:39:06 -06:00
Meatballs
783a986a19
Windows and auto target up and running
2014-02-07 23:26:57 +00:00
Meatballs
a0f47f6b2b
Correct error check logic
2014-02-07 22:06:53 +00:00
Meatballs
443a51bbf5
Undo revert from merge
2014-02-07 21:28:04 +00:00
Meatballs
56359aa99f
Merge changes from other dev machine
2014-02-07 21:22:44 +00:00
Meatballs
a4cc75bf98
Potential .pdf support
2014-02-07 20:37:44 +00:00
Meatballs
e13520d7fb
Handle a blank filename
2014-02-07 20:15:32 +00:00
Meatballs
103780c3da
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-07 20:07:04 +00:00
James Lee
f0fd2f0598
Land #2944 , add platforms to encoders
...
This allows encoders to advertise compatibility with a particular
platform (or more accurately, non-compatibility with everything that
isn't that platform).
See also #2939
2014-02-07 13:38:05 -06:00
sinn3r
63305025aa
Land #2615 - Add Windows Gather Active Directory User Comments
2014-02-07 12:23:43 -06:00
sinn3r
9c76e7fb00
Handle multiple exceptions
2014-02-07 12:23:10 -06:00
sinn3r
40188e1eda
RuntimeError exception should be handled.
2014-02-07 12:16:15 -06:00
jvazquez-r7
c679b1001b
Make pring_warning verbose
2014-02-07 10:23:07 -06:00
grimmlin
2d93b38e2a
Fixed java_signed_applet for Java 7u51
2014-02-07 16:29:50 +01:00
Spencer McIntyre
f686385349
Remove an unnecessary VS file and modify version check.
2014-02-07 08:45:51 -05:00
jvazquez-r7
a18de35fa7
Add module for ZDI-14-011
2014-02-06 18:25:36 -06:00
Spencer McIntyre
cc32c877a9
Add CVE-2013-3881 win32k Null Page exploit
2014-02-06 17:23:38 -05:00
James Lee
4b37cc7243
Land #2927 , PandoraFMS anyterm exploit
2014-02-06 15:22:23 -06:00
James Lee
4236abe282
Better SIGHUP handling
2014-02-06 15:21:54 -06:00
William Vu
19fff3c33e
Land #2942 , @jvennix-r7's Android awesomesauce
...
Also, thanks to @jduck for testing!
2014-02-06 11:53:11 -06:00
Joe Vennix
362e937c8d
Forgot to push local changes.
2014-02-06 11:47:35 -06:00
Joe Vennix
0dc2ec5c4d
Use BrowserExploitServer mixin.
...
This prevents drive-by users on other browsers from ever receiving
the exploit contents.
2014-02-06 11:32:42 -06:00
jvazquez-r7
ac52edabd5
Land #2801 , Land @kicks4kittens IBM Sametime modules
2014-02-06 10:17:03 -06:00
jvazquez-r7
30c325c22e
Make better json check
2014-02-06 10:16:26 -06:00
kicks4kittens
564f9bccc8
Correct print output
...
Printing the room details is the purpose of the module.
Reinstated printing the table in non-verbose mode (users won't know it's there otherwise)
2014-02-05 22:00:02 +01:00
kicks4kittens
445cd7be5a
remove "on {peer}
...
line already includes {peer} info
2014-02-05 21:57:58 +01:00
kicks4kittens
4c0c9101aa
Correct check, reinstate print
...
Corrected JSON check (response is empty, but valid JSON on check success)
Reinstated print to warn user (not only in VERBOSE)
2014-02-05 21:56:56 +01:00
kicks4kittens
60cf68f899
added default SSL
2014-02-05 21:54:02 +01:00
kicks4kittens
3560b41eb2
correct variable name
...
body isn't valid, replaced with res.body and tested
2014-02-05 21:51:55 +01:00
kicks4kittens
38add0ab50
alter print_status
...
Altered print_status to print_good to differentiate when user is online easier
2014-02-05 21:49:39 +01:00
jvazquez-r7
fdb954fdfb
Report credentials
2014-02-05 14:37:33 -06:00
jvazquez-r7
631559a2e8
Add module for Kloco SQLi
2014-02-05 14:18:56 -06:00
James Lee
14aa8ffd5c
Apply blockapi changes to bind_tcp and bind_tcp_rc4
2014-02-04 17:45:18 -06:00
Joe Vennix
553616b6cc
Add URL for browser exploit.
2014-02-04 17:04:06 -06:00
Tod Beardsley
3a6626761b
Land #2945 , obsolete old modules
...
Obsoletes:
modules/auxiliary/admin/scada/igss_exec_17.rb
modules/exploits/windows/http/sap_mgmt_con_osexec_payload.rb
modules/post/windows/gather/resolve_hosts.rb
modules/post/windows/manage/persistence.rb
2014-02-04 15:11:25 -06:00
sinn3r
bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads
2014-02-04 15:06:45 -06:00
sinn3r
89e1bcc0ca
Deprecate modules with date 2013-something
...
These modules had an expiration date of 2013.
2014-02-04 14:49:18 -06:00
jvazquez-r7
80e7ae144b
Use the platform when selecting the payload
2014-02-04 14:34:11 -06:00
Joe Vennix
23fc73924e
Msftidy it up.
2014-02-04 14:24:36 -06:00
James Lee
20b8062220
Apply blockapi changes to reverse_tcp_rc4
2014-02-04 12:30:56 -06:00
James Lee
c70680cf1c
Fix infinite-retry bug
...
Derp, block_api clobbers ecx
2014-02-04 11:59:16 -06:00
William Vu
a58698c177
Land #2922 , multithreaded check command
2014-02-04 11:21:05 -06:00
Meatballs
0a3cb3377f
AppendEncoder
2014-02-04 15:41:10 +00:00
Meatballs
26c506da42
Naming of follow method
2014-02-04 15:25:51 +00:00
James Lee
9c3664bd45
Unify reverse_http and reverse_https
...
This will make copy-pasta less painful in the future. There's still the
problem of reverse_https_proxy being very similar, but the logic in how
it gets generated in the module is more than i want to tackle right now
2014-02-04 09:09:12 -06:00
Meatballs
f5fa3fb5ce
Windows compat, fixed PHP-CLI
2014-02-04 14:27:10 +00:00
Meatballs
64d11e58c2
Use semicolon for win compat
2014-02-04 13:53:33 +00:00
jvazquez-r7
cccf2e4258
Land #2926 , @xistence A10 Networks Loadbalancer dir traversal module
2014-02-04 07:28:51 -06:00
jvazquez-r7
cc09367c62
Change the datastore name option
2014-02-04 07:28:14 -06:00
Joe Vennix
700e09f386
Wording tweak.
2014-02-04 02:55:10 -06:00
Joe Vennix
bbabd72b0e
Whitespace tweaks.
2014-02-04 02:52:52 -06:00
Joe Vennix
eb6a5a4c19
Tweak checks.
2014-02-04 02:49:44 -06:00
Joe Vennix
4923a93974
Tweak description.
2014-02-04 02:47:49 -06:00
Joe Vennix
37479884a5
Add browserautopwn support.
2014-02-04 02:32:12 -06:00
Joe Vennix
eba3a5aab0
More accurate description.
2014-02-04 01:44:39 -06:00
Joe Vennix
177bd35552
Add webview HTTP exploit.
2014-02-04 01:37:09 -06:00
Meatballs
2fd8257c7e
Use bperry's trigger
2014-02-04 00:51:34 +00:00
Meatballs
a8ff6eb429
Refactor send_request_cgi_follow_redirect
2014-02-03 21:49:49 +00:00
Meatballs
83925da2f1
Refactor form_data code
2014-02-03 21:16:58 +00:00
James Lee
f163bc7f7a
Unbreak reverse_https_proxy
...
Broken by #2448 , 063da8a22e
2014-02-03 15:07:59 -06:00
Tod Beardsley
7e2a9a7072
More desc fixes, add a vprint to give a hint
2014-02-03 13:18:52 -06:00
Tod Beardsley
d34020115a
Fix up on apache descs and print_* methods
2014-02-03 13:13:57 -06:00
jvazquez-r7
ffd90a3d38
Add confirmation datastore option
2014-02-03 12:40:58 -06:00
Tod Beardsley
9953821451
Fix desc on Drupal module, some peer prints
2014-02-03 12:16:06 -06:00
Meatballs
08493f2670
Merge remote-tracking branch 'upstream/master' into upgrade_psh
...
Conflicts:
lib/msf/core/post/file.rb
2014-02-03 18:02:09 +00:00
James Lee
be0b9fc2f8
Use the new block_api in windows/reverse_tcp
2014-02-03 11:34:52 -06:00
James Lee
bfc0ac4dd4
Golf a few bytes off of reverse_http(s)
2014-02-03 11:33:55 -06:00
bcoles
9b9b2fab58
Add DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials module
2014-02-04 02:00:11 +10:30
jvazquez-r7
a92256e8d1
Clean a10networks_ax_directory_traversal
2014-02-03 08:41:23 -06:00
xistence
50f860757b
Changes made to pandora_fms_exec module as requested
2014-02-03 14:10:27 +07:00
sinn3r
e54abb4274
Add support for shell session type
2014-02-02 23:37:56 -06:00
sinn3r
ae84e354e8
Be consistent with get_smartermail_creds method's return value
2014-02-02 22:06:14 -06:00
sinn3r
662fbf53b6
Update check_smartermail method
...
Instead of using exception handling to determine the right path,
the new method simply uses the file? method. It's also renamed as
"get_mail_config_path" to properly describe its functionality.
2014-02-02 22:01:38 -06:00
sinn3r
2b2194cee8
Modify prints
2014-02-02 21:58:10 -06:00
Meatballs
67c18d8d2d
I had a problem, then I used regex.
2014-02-02 22:19:54 +00:00
Meatballs
95eb758642
Initial commit
2014-02-02 19:04:38 +00:00
Meatballs
57f4998568
Better failures and handle unconfigured server
2014-02-02 16:26:22 +00:00
Meatballs
9fa9402eb2
Better check and better follow redirect
2014-02-02 16:07:46 +00:00
Meatballs
0d3a40613e
Add auto 30x redirect to send_request_cgi
2014-02-02 15:03:44 +00:00
Meatballs
8b33ef1874
Not html its form-data...
2014-02-02 13:57:29 +00:00
bcoles
62dca111f8
Conform to style
2014-02-02 08:07:18 +10:30
bcoles
e30195348e
Add Windows Gather SmarterMail Password Extraction post module
2014-02-02 05:51:21 +10:30
Meatballs
7ddc6bcfa5
Final tidyup
2014-02-01 01:05:02 +00:00
Meatballs
486a9d5e19
Use msf branded djvu
2014-02-01 00:37:28 +00:00
Meatballs
fd1a507fda
Rename file
2014-02-01 00:27:32 +00:00
Meatballs
700c6545f0
Polished
2014-02-01 00:26:55 +00:00
William Vu
a5bff638c5
Remove EOL spaces
2014-01-31 15:01:03 -06:00
Mekanismen
5a883a4477
updated
2014-01-31 21:59:26 +01:00
Meatballs
7fa1522299
Initial commit
2014-01-31 18:51:18 +00:00
sinn3r
b67ac39a33
Land #2921 - Apache Struts Developer Mode OGNL Execution
2014-01-31 12:06:58 -06:00
sinn3r
60ead5de43
Explain why we flag the vuln as "Appears" instead of vulnerable
2014-01-31 12:05:58 -06:00
jvazquez-r7
2fca2da9f7
Add an vprint message on check
2014-01-31 11:57:20 -06:00
jvazquez-r7
356692f2f5
Land #2923 , @rangercha tomcat deploy module compatible with tomcat8
2014-01-31 10:53:53 -06:00
jvazquez-r7
53c2a737e9
Don't register rport again
2014-01-31 09:42:41 -06:00
jvazquez-r7
452042e757
Land #2925 , @xistence aux module for Support Center Plus traversal
2014-01-31 09:38:01 -06:00
jvazquez-r7
e9f04d9203
Do final cleanup for Support Center Plus module
2014-01-31 09:37:40 -06:00
jvazquez-r7
a010748056
Land #2924 , @xistence's exploit for CVE-2014-1683
2014-01-31 09:20:10 -06:00
jvazquez-r7
710902dc56
Move file location
2014-01-31 09:18:59 -06:00
jvazquez-r7
810605f0b7
Do final cleanup for the skybluecanvas exploit
2014-01-31 09:17:51 -06:00
jvazquez-r7
32c5d77ebd
Land #2918 , @wvu's fix for long argument lists
2014-01-31 08:49:22 -06:00
Mekanismen
f6291eb9a8
updated
2014-01-31 14:33:18 +01:00
xistence
e81a0ed22b
Changes as requested for SupportCenterPlus module
2014-01-31 13:28:45 +07:00
xistence
ffd8f7eee0
Changes as requested in SkyBlue Canvas RCE module
2014-01-31 12:52:48 +07:00
jvazquez-r7
93db1c59af
Do small fixes
2014-01-30 17:16:43 -06:00
jvazquez-r7
9daacf8fb1
Clean exploit method
2014-01-30 16:58:17 -06:00
jvazquez-r7
4458dc80a5
Clean the find_csrf mehtod
2014-01-30 16:39:19 -06:00
jvazquez-r7
697a86aad7
Organize a little bit the code
2014-01-30 16:29:45 -06:00
jvazquez-r7
50317d44d3
Do more easy clean
2014-01-30 16:23:17 -06:00
jvazquez-r7
1a9e6dfb2a
Allow check to detect platform and arch
2014-01-30 15:17:20 -06:00
jvazquez-r7
b2273dce2e
Delete Automatic target
...
It isn't usefull at all, when auto targeting is done, the payload (java platform and arch)
has been already selected.
2014-01-30 15:04:08 -06:00
jvazquez-r7
cebbe71dba
Do easy cleanup of exploit
2014-01-30 14:42:02 -06:00
jvazquez-r7
c336133a8e
Do a first clean related to auto_target
2014-01-30 14:27:20 -06:00
jvazquez-r7
57b8b49744
Clean query_manager
2014-01-30 14:20:02 -06:00
jvazquez-r7
148e51a28b
Clean metadata and use TARGETURI
2014-01-30 14:03:52 -06:00
William Vu
56287e308d
Clean up unused variables
2014-01-30 11:20:21 -06:00
Mekanismen
e7ab77c736
added module for Oracle Forms and Reports
2014-01-30 14:45:17 +01:00
xistence
8ac0ef396e
Added DNS recursion amplification scanner
2014-01-29 14:21:21 +07:00
xistence
d3be54fed6
Added Extended SMTP Open Relay aux module
2014-01-29 13:46:54 +07:00
xistence
9a929e75e4
Added Pandora FMS RCE
2014-01-29 12:46:23 +07:00
xistence
c8296298b3
added A10Networks AX loadbalancer Dir Traversal Auxiliary Module
2014-01-28 16:37:25 +07:00
xistence
32d7f15a5c
added ManageEngine Support Center Plus directory traversal auxiliary module
2014-01-28 15:45:23 +07:00
xistence
bac6e2a3e1
added SkyBlueCanvas CMS 1.1 r248-03 RCE
2014-01-28 11:06:25 +07:00
jvazquez-r7
f766a74150
Land #2920 , @wvu-r7's author metadata update for printer aux modules
2014-01-27 13:02:31 -06:00
William Vu
d19e9307c6
Fix missing colon in :caller_host symbol
...
Good catch, @jvazquez-r7!
2014-01-27 12:43:59 -06:00
jvazquez-r7
0dbaeb6742
Add Matteo's email
2014-01-27 08:40:44 -06:00
jvazquez-r7
f086655075
Land #2913 , @bcoles Exploit for Simple E-Document
2014-01-27 08:09:45 -06:00
jvazquez-r7
861126fdbd
Clean exploit code
2014-01-27 08:09:18 -06:00
RangerCha
a49473181c
Added new module. Abuses tomcat manager upload page. Tested on tomcat 5.5.36, 6.0.37, 7.0.50, 8.0.0rc10
2014-01-27 09:04:59 -05:00
sinn3r
f471f50092
ms08_067_check.rb is deprecated.
...
[SeeRM #8755 ]
2014-01-26 12:22:13 -06:00
jvazquez-r7
8fe74629fe
Allow send_request_cgi to take care of the uri encoding
2014-01-26 00:06:41 -06:00
jvazquez-r7
37adf1251c
Delete privileged flag because is configuration dependant
2014-01-25 18:25:31 -06:00
jvazquez-r7
038cb7a981
Add module for CVE-2012-0394
2014-01-25 18:17:01 -06:00
William Vu
52371be52a
Clarify why contributors are listed as authors
...
Also adding @mcantoni to the list of authors. Sorry we missed you!
Dear contributors,
Even though we weren't able to use your code, we absolutely appreciate
that you wrote it. That's why we're listing you as authors. Thanks!!!
https://dev.metasploit.com/redmine/issues/6034
https://dev.metasploit.com/redmine/issues/5217
https://dev.metasploit.com/redmine/issues/6864
2014-01-25 18:02:17 -06:00
sinn3r
cc4dea7d49
Was playing with ms08_067 check and realized I forgot this print
2014-01-25 16:15:52 -06:00
Matteo Cantoni
f18fef1864
Module to HP LaserJet Printer SNMP Enumeration
2014-01-25 15:48:13 +01:00
William Vu
eaeb2af97f
Use opts hash for h323_version
...
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:32:37 -06:00
William Vu
7c5229e2eb
Use opts hash for glassfish_deployer
...
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:17:02 -06:00
William Vu
47b9bfaffc
Use opts hash for adobe_pdf_embedded_exe
...
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:16:53 -06:00
sinn3r
a7fa4e312b
This module fails to load due to the missing end
2014-01-24 17:56:47 -06:00
jvazquez-r7
9db295769d
Land #2905 , @wchen-r7's update of exploit checks
2014-01-24 16:49:33 -06:00
sinn3r
f7ecae3f75
Land #2909 - Drupal OpenID External Entity Injection
2014-01-24 15:03:07 -06:00
sinn3r
c8e2301111
Be more informative about why CheckCode::Unknown
...
This is just kind of personal preference here. In case users wonder
why Unknown.
2014-01-24 15:01:52 -06:00
sinn3r
cdc425e4eb
Update some checks
2014-01-24 12:08:23 -06:00
Tod Beardsley
82bf02910d
Land #2911 , correct author name for PJL credit
2014-01-24 11:00:12 -06:00
jvazquez-r7
fdaa172cc5
Land #2896 , @wchen-r7's check's normalization for auxiliary modules
2014-01-24 08:53:53 -06:00
jvazquez-r7
e8b591ef54
Delete registering of check on bailiwicked modules
2014-01-24 08:47:04 -06:00
sgabe
16b8b58a84
Fix the dwSize parameter
2014-01-24 11:38:57 +01:00
sgabe
8f6dcd7545
Add some randomization to the ROP chain
2014-01-24 10:28:59 +01:00
bcoles
32d6032893
Add Simple E-Document Arbitrary File Upload module
2014-01-24 19:19:25 +10:30
sinn3r
9ba72ffc71
Remove check support
...
Actually, you can't support check because in check mode the module
doesn't know the IP
2014-01-23 21:30:11 -06:00
sinn3r
dc52d00be6
Modify vmware_http_login to work with check
2014-01-23 21:27:36 -06:00
jvazquez-r7
cf17bf2e72
Small fix
2014-01-23 19:34:50 -06:00
jvazquez-r7
43de7eb74f
Use REXML
2014-01-23 19:32:42 -06:00
William Vu
a67068f019
Correct author name
...
Was using the name quoted in Redmine. Technically, the author is Myo Soe
of the YGN Ethical Hacker Group (YEHG).
2014-01-23 19:09:20 -06:00
jvazquez-r7
5a59e3d4e4
Fix typo
2014-01-23 18:53:58 -06:00
jvazquez-r7
f529eb1d4b
Clean code
2014-01-23 18:51:24 -06:00
sgabe
021aa77f5f
Add module for BID-46926
2014-01-24 01:48:21 +01:00
jvazquez-r7
8e17d38c77
Add check method
2014-01-23 18:30:18 -06:00
Meatballs
09b70d1574
Remove max search
2014-01-24 00:27:46 +00:00
Meatballs
0a15e07473
Merge remote-tracking branch 'upstream/master' into service_principle_name
2014-01-24 00:26:52 +00:00
Meatballs
5880f7ebf2
Remove max search
2014-01-24 00:25:03 +00:00
Meatballs
f6054e6581
Merge remote-tracking branch 'upstream/master' into enum_ad_users
2014-01-24 00:24:31 +00:00
jvazquez-r7
b0deb45fad
Add Drupal advisory as reference
2014-01-23 18:10:57 -06:00
jvazquez-r7
6d0d7eda10
Delete garbage comment
2014-01-23 18:09:05 -06:00
jvazquez-r7
72b72effa6
Add module for CVE-2012-4554
2014-01-23 18:04:31 -06:00
Meatballs1
982795ee5d
Merge pull request #32 from todb-r7/saner-ifs-pr1473
...
Clean up the if.nils?
2014-01-23 15:50:25 -08:00
Meatballs
790e4d7559
Move options to mixin
2014-01-23 23:47:46 +00:00
Tod Beardsley
e066d86d41
Clean up the if.nils?
2014-01-23 17:36:10 -06:00
sinn3r
7faa41dac0
Change Unknown to Safe because it's just a banner check
2014-01-23 15:36:19 -06:00
sinn3r
81a3b2934e
Fix prints
2014-01-23 15:33:24 -06:00
sinn3r
f5a935a186
Support check for bailiwicked_host
2014-01-23 15:31:37 -06:00
sinn3r
8d411d2037
Fix bailiwicked_domain to allow support of check()
2014-01-23 15:29:40 -06:00
sinn3r
c403c521b3
Change check code
2014-01-23 11:03:40 -06:00
sinn3r
0a10c1297c
Address nil
2014-01-23 11:00:28 -06:00
sinn3r
333229ea7e
Throw Unknown if connection times out
2014-01-23 10:54:45 -06:00
Meatballs
6e8b6732c2
Merge remote-tracking branch 'upstream/master' into service_principle_name
2014-01-22 21:50:10 +00:00
Meatballs
c109a32165
Merge remote-tracking branch 'upstream/master' into enum_ad_users
2014-01-22 21:48:34 +00:00
sinn3r
7f560a4b41
Oops, I broke this module
2014-01-22 11:23:18 -06:00
sinn3r
c83053ba9b
Progress
2014-01-22 11:20:10 -06:00