Commit Graph

326 Commits (4fe407d7ee98ec9888c7cf102ad8455a507fffee)

Author SHA1 Message Date
Matt Andreko f96baa7e7e Code Review Feedback
made the CLIENTVERSION always include the "SSH-2.0-OpenSSH_5.1p1 " to trigger DoS
2013-04-08 10:58:35 -04:00
Matt Andreko 4c8e19ad1a Added reference
Removed final debug print statement
2013-04-08 08:28:53 -04:00
James Lee 9086c53751 Not an HttpClient, so doesn't have normalize_uri
[FixRM #7851]
2013-03-28 13:16:21 -05:00
Matt Andreko fd5bd52e6d Added some error handling if the connection dies. 2013-03-18 17:26:40 -04:00
Matt Andreko 66dcbca562 Sysax Multi-Server SSHD DoS
This exploit affects Sysax Multi-Server version 6.10. It causes a
Denial of Service by sending a specially crafted Key Exchange, which
causes the service to crash.
2013-03-18 17:16:12 -04:00
jvazquez-r7 02f90b5bbd cleanup for dopewars 2013-03-14 15:53:19 +01:00
jvazquez-r7 4d9f2bbb06 Merge branch 'master' of https://github.com/dougsko/metasploit-framework into dougsko-master 2013-03-14 15:51:47 +01:00
James Lee 2f11796dfa Fix typo
[SeeRM #7800]
2013-03-13 16:10:20 -05:00
Doug P 22133ba8ff removed version number 2013-03-12 16:36:14 -04:00
Doug P 70da739666 fixed errors in dopewars.rb shown by msftidy 2013-03-12 15:47:31 -04:00
Doug P c8c50a6407 cleaned up dopewars module 2013-03-12 12:56:12 -04:00
doug a199c397e4 ... 2013-03-11 17:09:17 -04:00
doug 4d6e19b40b small edits to dopewars.rb 2013-03-11 17:07:05 -04:00
doug 0e607f8252 added dopewars module 2013-03-11 16:52:49 -04:00
James Lee 2160718250 Fix file header comment
[See #1555]
2013-03-07 17:53:19 -06:00
jvazquez-r7 781132b1cf cleanup for openssl_aesni 2013-03-05 22:41:16 +01:00
Wolfgang Ettlinger 867875b445 Beautified OpenSSL-AESNI module
Modifed the CVE-2012-2686 module to follow
suggestions by @jvazquez-r7:
* Added description for all fields in the
  SSL packets
* MAX_TRIES now required
* use get_once instead of timeout
2013-03-04 19:09:50 +01:00
Wolfgang Ettlinger e7015985e7 Added CVE-2012-2686
Added Module for a DoS issue in OpenSSL (pre 1.0.1d). Can be exploited
with services that use TLS >= 1.1 and AES-NI. Because of improper
length computation, an integer underflow occurs leading to a
segmentation fault. This module brute-forces serveral encrypted
messages - when the decrypted message coincidentally specifies a
certain value for the size, the integer underflow occurs. Though this
could be accomplished more effectively (e.g. implementing or
maninpulating and TLS implementation), this module still does what it
should do.
2013-02-27 22:57:53 +01:00
sinn3r 92093cd7d8 There's no HttpClient, so it shouldn't be using normalize_uri 2013-02-19 15:04:18 -06:00
sinn3r c174e6a208 Correctly use normalize_uri()
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Christian Mehlmauer e4a6669927 msftidy: remove $Revision$ 2013-01-03 01:05:45 +01:00
Christian Mehlmauer 4d8a2a0885 msftidy: remove $Revision$ 2013-01-03 01:01:18 +01:00
Christian Mehlmauer 95948b9d7c msftidy: remove $Revision$ 2013-01-03 00:58:09 +01:00
Christian Mehlmauer ca890369b1 msftidy: remove $Id$ 2013-01-03 00:54:48 +01:00
T0X1C-1 1714fa21b1 adjusted DOS part to use HttpClient 2012-12-17 15:46:39 +01:00
T0X1C-1 a48c14124b added CHECK functionality to the existing module 2012-12-13 16:54:50 +01:00
sinn3r 64a8b59ff9 Change CVE forma
Although the original text should work perfectly, for better
consistency, it's best to remove the "CVE" part. This may not
be a big deal in framework, but stands out a lot in Pro.
2012-12-09 01:09:21 -06:00
HD Moore 93a69ea62e Fix instances of invalid lower-case datastore use 2012-11-29 00:05:36 -06:00
Tod Beardsley 6b4c131cf5 Avoiding a future conflict with release 2012-11-20 13:24:19 -06:00
jvazquez-r7 e8fe6031e9 Let default timeout for send_request_cgi 2012-11-16 18:09:47 +01:00
jvazquez-r7 51f238ec38 up to date 2012-11-16 16:03:09 +01:00
Chris John Riley f88ec5cbc8 Add normalize_uri to modules that may have
been missed by PULL 1045.

Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)

ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
sinn3r 2c4273e478 Correct some modules with res nil 2012-10-29 04:41:30 -05:00
Michael Schierl 910644400d References EDB cleanup
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
Michael Schierl 39e81d3e53 Arch/Platform cleanup: aux modules need neither 2012-10-22 20:28:02 +02:00
David Maloney f75ff8987c updated all my authour refs to use an alias 2012-09-19 21:46:14 -05:00
sinn3r 9d97dc8327 Add Metasploit blogs as references, because they're useful. 2012-09-03 15:57:27 -05:00
sinn3r b46fb260a6 Comply with msftidy
*Knock, knock!*  Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
sinn3r e5dd6fc672 Update milw0rm references.
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links.  Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
HD Moore e31a09203d Take into account an integer-normalized datastore 2012-06-24 22:59:14 -05:00
HD Moore c388cba421 Fix up modules calling report_vuln() to use new syntax 2012-06-17 23:39:20 -05:00
sinn3r 3f0431cf51 Massive whitespace destruction
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
sinn3r b282901b08 Correct emails for aux and exploit modules 2012-06-04 21:58:01 -05:00
sinn3r 0fcc53b0a2 Handle nil for get_once 2012-06-04 15:31:10 -05:00
Christian Mehlmauer 6ae17db7d3 Adding FireFart's hashcollision DoS module
Have some minor edits below, looks like it all works now though.

Squashed commit of the following:

commit b7befd4889f12105f36794b1caca316d1691b335
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Jun 1 14:31:32 2012 -0500

    Removing ord in favor of unpack.

    Also renaming a 'character' variable to 'c' rather than 'i' which is
    easy to mistake for an Integer counter variable.

commit e80f6a5622df2136bc3557b2385822ba077e6469
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Jun 1 14:24:41 2012 -0500

    Cleaning up print msgs

commit 5fd65ed54cb47834dc646fdca8f047fca4b74953
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Jun 1 14:19:10 2012 -0500

    Clean up hashcollision_dos description

    Caps, mostly. One sentence I still don't get but it's not really a show
    stopper.

commit bec0ee43dc9078d34a328eb416970cdc446e6430
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Thu May 24 19:11:32 2012 +0200

    Removed RPORT, ruby 1.8 safe, no case insensitive check, error handling

commit 20793f0dfd9103c4d7067a71e81212b48318d183
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Tue May 22 23:11:53 2012 +0200

    Hashcollision Script (again)
2012-06-01 14:51:11 -05:00
Tod Beardsley 4772c1258e Removing hashcollision_dos module due to license violation
The description text is a copy-paste of
http://www.ocert.org/advisories/ocert-2011-003.html , which has a
specific creative commons liscence prohibiting derivative works.

Since I have no idea what else in this module is a license violating,
I'm pulling it completely. I suspect a lot, though -- there are weird
all-caps methods in the module that look like copy-pastes as well.

Next time, please contribute original work, or at least work that is not
encumbered by restrictive licensing.
2012-05-21 11:28:58 -05:00
Tod Beardsley eea20e773b Capitalization fixups on hashcollision_dos 2012-05-21 11:06:18 -05:00
sinn3r 8428d16db3 Format correction 2012-05-15 19:21:16 -05:00
Christian Mehlmauer 19e32c210a Added more references 2012-05-15 23:59:30 +02:00
Christian Mehlmauer 46e58f8618 Ruby naming style 2012-05-15 23:53:33 +02:00
Christian Mehlmauer 5f0075e24f Revert API change 2012-05-15 23:28:51 +02:00
Christian Mehlmauer b298597218 Switched to Http Library, Code formatting issues 2012-05-15 19:43:28 +02:00
Christian Mehlmauer dc10fac885 Ported my Hashcollision Script to Ruby 2012-05-13 20:59:42 +02:00
sinn3r f77efbf89e Change the rest of print_* 2012-04-25 14:24:17 -05:00
Tod Beardsley 9c8e6ac9da Ruby 1.8 compat for the SCADA modules.
But really, you should be using Ruby 1.9 by now.
2012-04-05 17:05:03 -05:00
Tod Beardsley 14d9953634 Adding DigitalBond SCADA modules 2012-04-05 12:35:48 -05:00
Tod Beardsley 2f3bbdc00c Sed replacement of exploit-db links with EDB refs
This is the result of:

find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/\([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
Tod Beardsley 8f17cc3f5c MS12-020 not MS12-002 2012-03-21 13:58:18 -05:00
Tod Beardsley 4391c24d2f Trivial touchups on RDP DoS module.
Dropping a line about what it can't do, adding freenode comment.
2012-03-19 14:27:27 -05:00
sinn3r 3a851ef2c2 Fix typo 2012-03-19 13:20:59 -05:00
sinn3r 3d72d52625 Add reporting to MS12-020 2012-03-19 13:18:51 -05:00
sinn3r fa4504e1f6 Let's make this clear, it's just a DoS 2012-03-19 13:00:29 -05:00
sinn3r 13f16daca7 Actually, that date is way off. Corrected. 2012-03-19 12:58:52 -05:00
sinn3r d8be328b89 Ported Daniel/Alex/jduck's MS12-020 PoC as a Metasploit module 2012-03-19 12:53:34 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
HD Moore af56807668 Cleanup the titles of many exploit modules 2012-02-20 19:25:55 -06:00
Tod Beardsley f6a6963726 Msftidy run over the recent changed+added modules 2012-01-24 15:52:41 -06:00
sinn3r be906023dc one register_options() should be fine. 2012-01-20 13:02:54 -06:00
sinn3r d6566aa818 Add CVE-2011-4050 7-Technologies IGSS 9 IGSSdataServer.exe DoS module (Feature #6267) 2012-01-20 12:57:13 -06:00
sinn3r b202c29153 Correct e-mail format 2011-12-29 11:27:10 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
sinn3r b7950a752e Add feature #4929 (MS09-053) 2011-11-26 13:30:35 -06:00
James Lee 67120d4263 msftidy on aux modules, see #5749 2011-11-20 13:12:07 +11:00
Tod Beardsley a5ef33305f Fixes #5609, thanks David!
git-svn-id: file:///home/svn/framework3/trunk@14052 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 21:57:42 +00:00
Joshua Drake 62c8c6ea9f big msftidy pass, ping me if there are issues
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
Wei Chen 975cc52bac Fix spelling errors
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 00:54:05 +00:00
Tod Beardsley c336d063da Mostly file format (unix linefeeds) and File.open() calls using binary. Fixed ranking for mozilla_nstreerange and disclosure and BID # for tugzip.
git-svn-id: file:///home/svn/framework3/trunk@13971 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 04:20:53 +00:00
Tod Beardsley 30ac88694f More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster.
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:58:53 +00:00
Tod Beardsley e9461c766e Msftidy run against a bunch of whitespace violations, a few line too longs.
git-svn-id: file:///home/svn/framework3/trunk@13962 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:42:01 +00:00
Tod Beardsley f0ee05eece Moving dos modules to manual ranking.
git-svn-id: file:///home/svn/framework3/trunk@13940 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 22:20:04 +00:00
Tod Beardsley c45add4199 Moving an old unnamed Microsoft exploit to the proper named exploit.
git-svn-id: file:///home/svn/framework3/trunk@13939 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 22:16:13 +00:00
HD Moore 0ff7f17cba Cosmetic module and service name fixes
git-svn-id: file:///home/svn/framework3/trunk@13917 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 00:52:15 +00:00
Wei Chen 8f2c87fb5e Add Beckhoff TwinCAT SCADA PLC dos module (Feature #5524)
git-svn-id: file:///home/svn/framework3/trunk@13865 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 23:41:15 +00:00
David Rude 4d850c1ee6 Adds Apache Range DoS aka Apache Killer
git-svn-id: file:///home/svn/framework3/trunk@13781 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-23 16:38:35 +00:00
Wei Chen 835c5938d5 Fix typo. Thx mubix for spotting it.
git-svn-id: file:///home/svn/framework3/trunk@13687 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-03 04:39:47 +00:00
HD Moore e4f74b75f8 Add a module for the rsyslog DoS (not triggerable on many platforms)
git-svn-id: file:///home/svn/framework3/trunk@13681 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-02 15:55:54 +00:00
Tod Beardsley df52bfaa4f Ensure that we check for pcaprub before doing much anything else for those modules that actually require it. In some cases, that means moving open_pcap() up to be the first method call, in others, insert check_pcaprub_loaded first. Also removes a few cases of redundant checking (the Capture mixin does all this already anyway).
git-svn-id: file:///home/svn/framework3/trunk@13381 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 20:21:47 +00:00
Tod Beardsley b22ca615c7 Fixes #5038, missed a couple mentions of Racket. Excised now for sure.
git-svn-id: file:///home/svn/framework3/trunk@13371 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 17:44:36 +00:00
Tod Beardsley c54e18d757 Fixes #5038. Removes all instances of Racket objects, as far as I can tell. If I missed any through my mighty grep -ril racket . statement, please reopen!
git-svn-id: file:///home/svn/framework3/trunk@13342 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-26 01:29:21 +00:00
Wei Chen 5fdf482a8b Add MSB reference
git-svn-id: file:///home/svn/framework3/trunk@13331 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-24 19:50:56 +00:00
Wei Chen e115e78f8d Fix CVE
git-svn-id: file:///home/svn/framework3/trunk@13327 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-24 19:20:02 +00:00
Wei Chen 410d124ec5 Change name for consistency
git-svn-id: file:///home/svn/framework3/trunk@13294 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 05:56:04 +00:00
Wei Chen 465f3f2739 Update metadata
git-svn-id: file:///home/svn/framework3/trunk@13293 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 05:45:46 +00:00
Steve Tornio 46451acec5 add/fix some cve and osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@13270 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-21 01:10:40 +00:00
Wei Chen 0fd6c8880e Added DoS module for kaillera, and a new 'games' folder under windows
git-svn-id: file:///home/svn/framework3/trunk@13118 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-07 19:33:55 +00:00
Steve Tornio 7e02e7abd6 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@13038 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-27 11:43:54 +00:00
Joshua Drake 2e4fd81740 add CVE-2011-0657 DoS module
git-svn-id: file:///home/svn/framework3/trunk@13037 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-27 01:17:07 +00:00
HD Moore e2e27341be Rename this thing
git-svn-id: file:///home/svn/framework3/trunk@12668 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-19 19:50:11 +00:00