Commit Graph

1198 Commits (4b37cc72438c83c8826af8c3ba6c7f0b76b7be7c)

Author SHA1 Message Date
William Vu 2aed8a3aea Update modules to use new ZDI reference 2013-10-21 15:13:46 -05:00
jvazquez-r7 10a4ff41de Delete Content-Length duplicate header 2013-10-21 15:11:37 -05:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Tod Beardsley ed0b84b7f7
Another round of re-splatting. 2013-10-15 14:14:15 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat
[SeeRM #8496]
2013-10-15 13:51:57 -05:00
William Vu eab90e1a2e Land #2491, missing platform info update 2013-10-14 10:38:25 -05:00
jvazquez-r7 0b93996b05 Clean and add Automatic target 2013-10-11 13:19:10 -05:00
Meatballs 9ca9b4ab29
Merge branch 'master' into data_dir
Conflicts:
	lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
bcoles 276ea22db3 Add VMware Hyperic HQ Groovy Script-Console Java Execution 2013-10-11 05:07:23 +10:30
Winterspite 0acb170ee8 Bug #8419 - Added platform info missing on exploits 2013-10-08 22:41:50 -04:00
Tod Beardsley 8b9ac746db
Land #2481, deprecate linksys cmd exec module 2013-10-07 20:44:04 -05:00
joev 4ba001d6dd Put my short name to prevent conflicts. 2013-10-07 14:10:47 -05:00
joev ec6516d87c Deprecate misnamed module.
* Renames to a linux linksys module.
2013-10-07 14:06:13 -05:00
Tod Beardsley 4266b88a20
Move author name to just 'joev'
[See #2476]
2013-10-07 12:50:04 -05:00
jvazquez-r7 113f89e40f First set of fixes for gestioip_exec 2013-10-04 13:29:27 -05:00
James Lee 68ee692c19 Standardize prints, clean up whitespace/warnings 2013-10-04 11:58:21 -05:00
Tod Beardsley 9b79bb99e0 Add references, correct disclosure date 2013-10-04 09:59:26 -05:00
Tod Beardsley ab786d1466 Imply authentication when a password is set 2013-10-04 09:54:04 -05:00
Brandon Perry 0112d6253c add gestio ip module 2013-10-04 06:39:30 -07:00
Meatballs c460f943f7
Merge branch 'master' into data_dir
Conflicts:
	modules/exploits/windows/local/always_install_elevated.rb
	plugins/sounds.rb
	scripts/meterpreter/powerdump.rb
	scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
sinn3r 7118f7dc4c Land #2422 - rm methods peer & rport
Because they're already defined in the HttpClient mixin
2013-09-30 16:01:59 -05:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
jvazquez-r7 b618c40ceb Fix English 2013-09-26 09:00:41 -05:00
FireFart 84ec2cbf11 remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient 2013-09-25 23:42:44 +02:00
jvazquez-r7 ff610dc752 Add vulnerability discoverer as author 2013-09-25 12:45:54 -05:00
jvazquez-r7 5c88ad41a8 Beautify nodejs_js_yaml_load_code_exec metadata 2013-09-25 12:44:34 -05:00
joev 99e46d2cdb Merge branch 'master' into cve-2013-4660_js_yaml_code_exec
Conflicts:
	modules/exploits/multi/handler.rb
2013-09-25 00:32:56 -05:00
Tod Beardsley 93486a627d Whoops on trailing commas 2013-09-24 15:14:11 -05:00
Tod Beardsley 3906d4a2ca Fix caps that throw msftidy warnings 2013-09-24 13:03:16 -05:00
Tod Beardsley c547e84fa7 Prefer Ruby style for single word collections
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.

This change converts all Payloads to this format if there is more than
one payload to choose from.

It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.

See:
  https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
Tod Beardsley 4bff8f2cdc Update descriptions for clarity. 2013-09-23 13:48:23 -05:00
Joe Vennix a08d195308 Add Node.js as a platform.
* Fix some whitespace issues in platform.rb
2013-09-20 18:14:01 -05:00
Joe Vennix 49f15fbea4 Removes PayloadType from exploit module. 2013-09-20 18:01:55 -05:00
jvazquez-r7 29649b9a04 Land #2388, @dummys's exploit for CVE-2013-5696 2013-09-20 13:03:01 -05:00
jvazquez-r7 8922d0fc7f Fix small bugs on glpi_install_rce 2013-09-20 13:01:41 -05:00
jvazquez-r7 b24ae6e80c Clean glpi_install_rce 2013-09-20 12:58:23 -05:00
dummys 032b9115a0 removed the old exploit 2013-09-20 10:53:52 +02:00
dummys 187ab16467 many change in the code and replace at the correct place the module 2013-09-20 10:45:10 +02:00
sinn3r 8d70a9d893 Add more refs 2013-09-19 22:05:23 -05:00
Joe Vennix 137b3bc6ea Fix whitespace issues. 2013-09-19 17:29:11 -05:00
Joe Vennix bd96c6c093 Adds module for CVE-2013-3568. 2013-09-19 17:26:30 -05:00
dummys 08c7b49be0 corrected too much if 2013-09-19 21:47:01 +02:00
dummys 862a8fb8aa corrected indentation bug again 2013-09-19 20:27:23 +02:00
dummys ce8e94b5fe corrected indentation bug 2013-09-19 20:14:07 +02:00
dummys f9617e351d corrected Integer() 2013-09-19 16:04:20 +02:00
dummys bc57c9c6ec corrected some codes requested by Meatballs 2013-09-18 17:55:36 +02:00
dummys 3366c3aa77 CVE-2013-5696 RCE for GLPI 2013-09-18 16:11:32 +02:00
Joe Vennix 5fc724bced Kill explanatory comment. 2013-09-16 21:34:38 -05:00
Joe Vennix 2c47e56d90 Adds module for yaml code exec. 2013-09-16 21:33:57 -05:00
Joe Vennix e1e1cab797 Module gets me a shell, yay 2013-09-16 13:37:16 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
Vlatko Kosturjak b702a0d353 Fix "A payload has not been selected."
Since platform definition is missing, exploitation fails.
2013-08-28 12:53:08 +02:00
Tod Beardsley ca313806ae Trivial grammar and word choice fixes for modules 2013-08-19 13:24:42 -05:00
Steve Tornio 0037ccceed add osvdb ref for openx backdoor 2013-08-18 06:34:50 -05:00
jvazquez-r7 1a3b4eebdb Fix directory name on ruby 2013-08-15 22:54:31 -05:00
jvazquez-r7 795ad70eab Change directory names 2013-08-15 22:52:42 -05:00
jvazquez-r7 c5c2aebf15 Update references 2013-08-15 22:04:15 -05:00
jvazquez-r7 cc5804f5f3 Add Port for OSVDB 96277 2013-08-15 18:34:51 -05:00
sinn3r 462ccc3d36 Missed these little devils 2013-08-15 16:50:13 -05:00
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
Tod Beardsley 6c0b067d7c Land #2163, known secret session cookie for RoR
From @joernchen, leverages an infoleak to gain a shell on rails
applications. There is no patch, since you are expected to keep your
secrets, well, secret.
2013-08-09 12:30:37 -05:00
Tod Beardsley 969b380d71 More explicit title, grammar check on description 2013-08-09 12:27:45 -05:00
Tod Beardsley 13ea8aaaad VALIDATE_COOKIE better grammar on fail message 2013-08-09 12:26:12 -05:00
Tod Beardsley 94e7164b01 Allow user to choose to validate the cookie or not 2013-08-09 12:22:28 -05:00
joernchen of Phenoelit 376c37d4cc Two more fixes, Arch and unneeded include. 2013-08-09 09:23:50 +02:00
Tod Beardsley 155c121cbb More spacing between ends 2013-08-08 16:35:38 -05:00
Tod Beardsley f4fc0ef3fb Moved classes into the Metasploit3 space
I'm just worried about all those naked classes just hanging around in
the top namespace. This shouldn't impact functionality at all.

While most modules don't define their own classes (this is usually the
job of Msf::Exploit and Rex), I can't think of a reason why you
shouldn't (well, aside from reusability). And yet, very rarely do
modules do it. It's not unknown, though -- the drda.rb capture module
defines a bunch of Constants, and the
post/windows/gather/credentials/bulletproof_ftp.rb module defines some
more interesting things.

So, this should be okay, as long as things are defined in the context of
the Metasploit module proper.
2013-08-08 16:22:34 -05:00
Tod Beardsley 4e166f3da4 Adding more blank lines between methods
For readability
2013-08-08 16:20:38 -05:00
jvazquez-r7 4a609504e3 Land #2199, @jlee-r7's exploit for CVE-2013-4211 2013-08-08 14:57:28 -05:00
sinn3r a03d71d60e Land #2181 - More targets for hp_sys_mgmt_exec
Thanks mwulftange!
2013-08-08 13:35:33 -05:00
sinn3r a73f87eaa5 No autodetect. Allow the user to manually select. 2013-08-08 13:34:25 -05:00
James Lee 080ca0b1b1 Use fail_with when failing instead of print_error 2013-08-08 13:12:39 -05:00
James Lee ca7c0defe1 No need to rescue if we're just re-raising 2013-08-07 17:36:07 -05:00
James Lee c808930f15 Add module for CVE-2013-4211, openx backdoor 2013-08-07 17:24:47 -05:00
HD Moore c73e417531 Merge pull request #2171 from frederic/master
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-08-05 18:31:41 -07:00
Tod Beardsley e7206af5b5 OSVDB and comment doc fixes 2013-08-05 09:08:17 -05:00
Markus Wulftange 9955899d9a Minor formal fixes 2013-08-04 08:03:02 +02:00
Markus Wulftange 8cc07cc571 Merge Linux and Windows exploit in multi platform exploit 2013-08-02 18:49:03 +02:00
Frederic Basse 5e1def26aa remove Axis M1011 fingerprint, may not be specific enough to be used automatically. 2013-07-30 09:54:33 +02:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
Frederic Basse 63940d438e add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011 2013-07-30 01:56:10 +02:00
joernchen of Phenoelit ac28dbe734 Minor typo fix 2013-07-28 19:44:44 +02:00
joernchen of Phenoelit 8cdd163150 Module polishing, thanks @todb-r7.
Two test-apps (Rails 3/4) are available for this module. Ping me if you want to use them.
2013-07-28 13:52:27 +02:00
joernchen of Phenoelit 7f3eccd644 Rails 3/4 RCE w/ token 2013-07-26 20:23:18 +02:00
jvazquez-r7 5014919198 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-25 09:02:20 -05:00
jvazquez-r7 7641aa3e63 Delete stop_service calls 2013-07-24 16:35:15 -05:00
jvazquez-r7 8dd7a664b4 Give a chance to FileDropper too 2013-07-24 08:57:43 -05:00
jvazquez-r7 04b9e3a3e6 Add module for CVE-2013-2251 2013-07-24 08:52:02 -05:00
jvazquez-r7 458ac5f289 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-17 15:02:33 -05:00
jvazquez-r7 73fd14a500 Fix [SeeRM #8239] NoMethodError undefined method 2013-07-16 15:59:52 -05:00
jvazquez-r7 c4485b127c Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-04 19:43:38 -05:00
jvazquez-r7 8772cfa998 Add support for PLESK on php_cgi_arg_injection 2013-07-04 08:24:25 -05:00
jvazquez-r7 db00599d44 Move carberp_backdoor_exec to unix webapp exploits foler 2013-06-30 10:00:14 -05:00
Brian Wallace d990c7f21f Dat line 2013-06-29 09:46:36 -07:00
Brian Wallace ec7c9b039a Further refactoring requested 2013-06-29 09:45:22 -07:00
Brian Wallace 8542342ff6 Merge branch 'carberp_backdoor_exec' of git@github.com:bwall/metasploit-framework.git into carberp_backdoor_exec 2013-06-28 22:45:03 -07:00
Brian Wallace b8cada9ab0 Applied some refactoring to decrease line count 2013-06-28 22:44:23 -07:00
(B)rian (Wall)ace 9486364cc4 Added Steven K's email 2013-06-28 15:31:17 -07:00
Brian Wallace fe0e16183c Carberp backdoor eval PoC 2013-06-28 14:47:13 -07:00
jvazquez-r7 3c1af8217b Land #2011, @matthiaskaiser's exploit for cve-2013-2460 2013-06-26 14:35:22 -05:00
jvazquez-r7 81a2d9d1d5 Merge branch 'module_java_jre17_provider_skeleton' of https://github.com/matthiaskaiser/metasploit-framework 2013-06-26 14:32:59 -05:00
jvazquez-r7 4fa789791d Explain Ranking 2013-06-25 13:10:15 -05:00
jvazquez-r7 127300c62d Fix also ruby module 2013-06-25 12:59:42 -05:00
jvazquez-r7 0c306260be Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 09:13:01 -05:00
sinn3r 4df943d1a2 CVE and OSVDB update 2013-06-25 02:06:20 -05:00
jvazquez-r7 e9fccb8dbd Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-24 22:07:48 -05:00
HD Moore 24b7d19ecc Fix target regex and wfsdelay 2013-06-24 14:56:43 -05:00
jvazquez-r7 98fddb6ce1 up to date 2013-06-24 11:57:11 -05:00
jvazquez-r7 f7650a4b18 Fix wrong local variable 2013-06-24 11:35:26 -05:00
Matthias Kaiser 8a96b7f9f2 added Java7u21 RCE module
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
jvazquez-r7 785639148c Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-20 17:18:42 -05:00
William Vu 4cc1f2440d Land #1996, references for several modules 2013-06-20 11:32:55 -05:00
Steve Tornio 322ba27f0f re-order refs 2013-06-20 11:17:23 -05:00
William Vu 22026352e6 Land #1995, OSVDB reference for Gitorious 2013-06-20 10:51:51 -05:00
Steve Tornio 66f4424202 fix formatting 2013-06-20 10:41:14 -05:00
Steve Tornio a3a5dec369 add osvdb ref 94441 2013-06-20 08:03:34 -05:00
Steve Tornio a824a0583e add osvdb ref 89059 2013-06-20 07:34:15 -05:00
Steve Tornio 89f649ab99 add osvdb ref 89026 2013-06-20 07:28:29 -05:00
Steve Tornio 2b55e0e0a6 add osvdb ref 64171 2013-06-20 07:17:22 -05:00
Steve Tornio d19bd7a905 add osvdb 85739, cve 2012-5159, edb 21834 2013-06-20 07:01:59 -05:00
Steve Tornio 6cc7d9ccae add osvdb ref 85446 and edb ref 20500 2013-06-20 06:54:06 -05:00
Steve Tornio ee21120c04 add osvdb ref 85509 2013-06-20 06:47:10 -05:00
Steve Tornio ade970afb8 add osvdb ref 89322 2013-06-20 06:44:22 -05:00
Steve Tornio 42690a5c48 add osvdb ref 77492 2013-06-20 06:38:47 -05:00
Steve Tornio 0dca5ede7e add osvdb ref 78480 2013-06-20 06:07:08 -05:00
Steve Tornio 29bc169507 add osvdb ref 64171 2013-06-20 06:00:05 -05:00
jvazquez-r7 869438cb73 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-19 19:57:40 -05:00
James Lee 81b4efcdb8 Fix requires for PhpEXE
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
jvazquez-r7 fd397db6e0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-18 14:09:33 -05:00
sinn3r b514124997 Land #1979 - OSVDB update 2013-06-18 10:42:09 -05:00
sinn3r fbd16a2f3e Land #1978 - OSVDB update 2013-06-18 10:41:33 -05:00
sinn3r 1e46f7df48 Land #1977 - OSVDB update 2013-06-18 10:40:55 -05:00
Steve Tornio e278ac5061 add osvdb ref 91841 2013-06-18 06:41:30 -05:00
Steve Tornio 404a9f0669 add osvdb ref 89594 2013-06-18 06:25:57 -05:00
Steve Tornio 27158d89c7 add osvdb ref 89105 2013-06-18 06:15:29 -05:00
Steve Tornio 2afc90a8de fix typos 2013-06-18 06:05:45 -05:00
Steve Tornio 2c3181b56b add osvdb ref 90627 2013-06-18 05:59:39 -05:00
jvazquez-r7 de1561363e Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-17 16:43:33 -05:00
William Vu b51349ed77 Land #1968, OSVDB reference for ManageEngine 2013-06-17 10:30:05 -05:00
jvazquez-r7 8fac0aaf6b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-17 08:24:39 -05:00
Steve Tornio e37a0b871f add osvdb ref 86562 2013-06-17 06:04:54 -05:00
Steve Tornio 6e57ecab59 add osvdb ref 79246 and edb ref 18492 2013-06-17 05:58:00 -05:00
Steve Tornio e17ccdda3a add osvdb ref 68662 2013-06-16 18:11:13 -05:00
jvazquez-r7 11bf17b0d6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-15 11:55:22 -05:00
William Vu 0cf2751ec1 Land #1965, OSVDB reference for pBot 2013-06-15 07:39:25 -05:00
Steve Tornio d35dd73328 add osvdb ref 84913 2013-06-15 07:30:23 -05:00
William Vu 638175a6be Land #1964, OSVDB reference for StorageWorks 2013-06-15 07:27:43 -05:00
Steve Tornio 0c6157694f add osvdb ref 82087 2013-06-15 07:22:32 -05:00
Steve Tornio 6e8b844954 add osvdb ref 89611 2013-06-15 07:12:44 -05:00