infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,502 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

482 Commits (5955397882e4ceaa951fa12ee793f49c007bf58a)

Author SHA1 Message Date
James Lee 90ae5c1178 Add PhpEXE support to RateMyPet module 2012-10-12 04:53:01 -05:00
James Lee 13a5892e95 Add a mixin for uploading/executing bins with PHP 
And use it in three modules that had copy-paste versions of the same
idea.
 2012-10-12 02:57:41 -05:00
sinn3r c094508119 Support Python payload 
Pretty sure if the app is run on Unix/Apache, or supports perl and
ruby, chances are python works too.
 2012-10-08 22:17:11 -05:00
sinn3r 06e2994b7e connectiontype to find and python payload support 2012-10-08 15:13:27 -05:00
sinn3r 04aa69192d Dang typo 2012-10-08 13:35:13 -05:00
sinn3r 8ff4442f9e Add PhpTax pfilez exec module 
This module exploits a vuln found in PhpTax.  When generating a
PDF, the icondrawpng() function in drawimage.php does not
properly handle the pfilez parameter, which will be used in a
exec() statement, and results in arbitrary code execution.
 2012-10-08 12:46:56 -05:00
HD Moore 3ade5a07e7 Add exploit for phpmyadmin backdoor 2012-09-25 10:47:53 -05:00
sinn3r 1111de0197 Add OSVDB reference 2012-09-25 01:19:58 -05:00
sinn3r 98f4190288 Add Auxilium RateMyPet module 2012-09-24 10:16:11 -05:00
James Lee caf7619b86 Remove extra comma, fixes syntax errors in 1.8 
Thanks, Kanedaaa, for reporting
 2012-09-13 12:07:34 -05:00
sinn3r 71a0db9ae5 Make sure the user has a 'myAccount' page 2012-09-13 10:33:43 -05:00
sinn3r 658502d5ad Add OSVDB-82978 
This module exploits a vuln in qdPM - a web-based project
management software. The user profile's photo upload feature can
be abused to upload any arbitrary file onto the victim server
machine, which allows remote code execution. However, note in
order to use this module, the attacker must have a valid cred
to sign.
 2012-09-13 10:01:08 -05:00
sinn3r bd596a3f39 Merge branch 'sflog_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sflog_upload_exec 2012-09-06 18:40:19 -05:00
sinn3r b4270bb480 Add OSVDB-83767: SFlog Upload Exec Module 
This module exploits multiiple flaws in SFlog!. By default, the
CMS has a default admin cred of "admin:secret", which can be
abused to access admin features such as blog management.  Through
the management interface, we can upload a backdoor that's accessible
by any remote user, and then we gain code execution.
 2012-09-06 18:30:45 -05:00
jvazquez-r7 fc1c1c93ba ZDI references fixed 2012-09-07 00:50:07 +02:00
jvazquez-r7 65681dc3b6 added osvdb reference 2012-09-06 13:56:52 +02:00
jvazquez-r7 b4113a2a38 hp_site_scope_uploadfileshandler is now multiplatform 2012-09-06 12:54:51 +02:00
Tod Beardsley 9531c95627 Adding BID 2012-09-05 15:04:05 -05:00
sinn3r 99009da567 Merge branch 'mobilecartly_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mobilecartly_upload_exec 2012-09-04 14:32:23 -05:00
sinn3r e926bc16ba Add MobileCartly 1.0 module 2012-09-04 14:23:16 -05:00
jvazquez-r7 4a92cc4641 jboss_invoke_deploy module cleanup 2012-09-04 18:49:11 +02:00
h0ng10 2b6aa6bbdb Added Exploit for deployfilerepository via JMX 2012-09-03 13:50:16 -04:00
jvazquez-r7 4fd9f88304 avoid the redefinition of Module.target_host 2012-08-30 14:45:14 +02:00
sinn3r 7ddcc787bd Merge branch 'jboss-exploits-revision2' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-exploits-revision2 2012-08-21 14:37:09 -05:00
h0ng10 c6b9121f8b Added support for CVE-2010-0738 2012-08-15 15:47:44 -04:00
h0ng10 6965431389 Added support for CVE-2010-0738, msftidy 2012-08-15 15:47:14 -04:00
h0ng10 e5498e3e1d Added fix for CVE-2010-0738, corrections 2012-08-15 15:46:34 -04:00
Tod Beardsley 0e4e7dc903 Indentation fix 2012-08-14 12:27:27 -05:00
Tod Beardsley 6597d25726 Shortening an over-200 long line for readability 
It's a contrived fix, but scrolling over is a hassle. This comes up a
lot in long regexes, not sure the best way to address these.
 2012-08-14 12:27:27 -05:00
jvazquez-r7 d6b28dc44d ranking changed plus on_new_session handler added 2012-08-13 19:29:13 +02:00
jvazquez-r7 468030786f small fixes, mainly check res agains nil, res.code and use send_request_cgi 2012-08-13 18:57:59 +02:00
bcoles 8bb3181f68 Add TestLink v1.9.3 arbitrary file upload module 2012-08-13 16:30:10 +09:30
sinn3r b46fb260a6 Comply with msftidy 
*Knock, knock!*  Who's there? Me, the msftidy nazi!
 2012-08-07 15:59:01 -05:00
Steve Tornio b646dcc87f add osvdb ref 2012-08-05 09:02:32 -05:00
Tod Beardsley d5b165abbb Msftidy.rb cleanup on recent modules. 
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
 2012-08-04 12:18:00 -05:00
h0ng10 8872ea693c real support for cve-2010-0738/verb bypass 2012-08-03 14:22:40 -04:00
h0ng10 52b1919315 Additional cleanups, verb tampering 2012-08-02 17:33:17 -04:00
sinn3r 9815faec37 Add OSVDB-83822 2012-07-31 13:31:06 -05:00
h0ng10 36be7cd9c4 removed unnecessary cleanup 2012-07-27 16:32:08 -04:00
sinn3r d67234bd03 Better regex and email format correction 2012-07-27 01:14:32 -05:00
sinn3r 2939e3918e Rename file 2012-07-27 01:06:57 -05:00
bcoles cec15aa204 Added CuteFlow v2.11.2 Arbitrary File Upload 
- modules/exploits/multi/http/cuteflow_2.11.2_upload_exec.rb
 2012-07-27 12:30:20 +09:30
HD Moore b133428bc1 Better error handling in two web app modules 2012-07-15 21:56:00 -05:00
jvazquez-r7 6c8ee443c8 datastore cleanup according to sinn3r 2012-07-12 09:31:22 +02:00
h0ng10 87f5002516 added datastore cleanup 2012-07-11 12:56:23 -04:00
h0ng10 0d38a7e45f switched to Rex::Text.encode_base64() 2012-07-11 12:52:09 -04:00
h0ng10 61ec07a10c additional targets, meterpreter, bugfixes 2012-07-10 13:33:28 -04:00
sinn3r e2a2789f78 Support Ruby 1.8 syntax. Thanks M M. 2012-07-02 14:15:14 -05:00
sinn3r cf9a6d58cc Update missing OSVDB ref 2012-06-28 00:44:01 -05:00
sinn3r e605a35433 Make sure the check func is always returning the same data type 2012-06-27 17:07:55 -05:00
sinn3r cb1af5ab79 Final cleanup 2012-06-27 16:57:04 -05:00
jvazquez-r7 73360dfae3 minor fixes 2012-06-27 23:38:52 +02:00
jvazquez-r7 245205c6c9 changes on openfire_auth_bypass 2012-06-27 23:15:40 +02:00
jvazquez-r7 6ec990ed85 Merge branch 'Openfire-auth-bypass' of https://github.com/h0ng10/metasploit-framework into h0ng10-Openfire-auth-bypass 2012-06-27 23:09:26 +02:00
h0ng10 6cc8390da9 Module rewrite, included Java support, direct upload, plugin deletion 2012-06-26 11:56:44 -04:00
HD Moore e31a09203d Take into account an integer-normalized datastore 2012-06-24 22:59:14 -05:00
h0ng10 65197e79e2 added Exploit for CVE-2008-6508 (Openfire Auth bypass) 2012-06-24 07:35:38 -04:00
HD Moore d40e39b71b Additional exploit fail_with() changes to remove raise calls 2012-06-19 19:43:41 -05:00
HD Moore fb7f6b49f0 This mega-diff adds better error classification to existing modules 2012-06-19 12:59:15 -05:00
sinn3r a631e1fef1 Change the default state to make it work on Metasploitable by default 2012-06-13 00:43:59 -05:00
sinn3r 597726d433 Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection 2012-06-13 00:40:02 -05:00
Jeff Jarmoc bbfe0f8f49 " is 0x22, duh. 2012-06-12 20:00:28 -05:00
Jeff Jarmoc 12a28bd519 Fixed ruby 1.9 String Indexing issue, using Rex::Text.uri_encode 2012-06-12 14:59:06 -05:00
sinn3r c3c9051014 Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection 2012-06-11 11:15:15 -05:00
jvazquez-r7 02a5dff51f struts_code_exec_exception_delegator_on_new_session: on_new_session modified 2012-06-11 12:07:38 +02:00
Michael Schierl b4d33fb85a Add ARCH_JAVA support to struts_code_exec_exception_delegator 2012-06-09 21:53:43 +02:00
sinn3r a709fe1fe3 Fix regex escaping thanks to w3bd3vil 2012-06-07 16:00:59 -05:00
sinn3r a071d2805e Fix the rest of possible nil res bugs I've found 2012-06-04 14:56:27 -05:00
jvazquez-r7 b53a1396fc Use of TARGETURI 2012-06-03 22:36:23 +02:00
jvazquez-r7 659b030269 Verbose messages cleanup 2012-06-03 22:29:31 +02:00
jvazquez-r7 34f42bab17 Fix typo in the URI param 2012-06-03 22:14:13 +02:00
jvazquez-r7 efe4136e5b Added module for CVE-2012-0391 2012-06-03 22:08:31 +02:00
sinn3r 1817942aae Merge branch 'logcms_writeinfo' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-logcms_writeinfo 2012-06-02 17:43:51 -05:00
sinn3r 7bb36bfbde Fix typo thanks to juan 2012-06-02 16:57:53 -05:00
sinn3r 7e318e9787 Merge branch 'logcms_writeinfo' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-logcms_writeinfo 2012-06-02 14:14:56 -05:00
Christian Mehlmauer 3752c10ccf Adding FireFart's RPORT(80) cleanup 
This was tested by creating a resource script to load every changed
module and displaying the options, like so:

````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````

...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.

Thanks FireFart!

Squashed commit of the following:

commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Fri May 25 22:09:42 2012 +0200

    Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
 2012-06-02 09:53:19 -05:00
sinn3r 59468846e3 Change filename 2012-06-02 01:51:20 -05:00
sinn3r 522991f351 Correct name 2012-06-02 01:49:43 -05:00
sinn3r 7fd3644b8b Add CVE-2011-4825 module 2012-06-01 18:45:44 -05:00
James Lee 4681ed1c1e Whitespace, thanks msftidy.rb! 2012-05-31 18:18:27 -06:00
Steve Tornio 5105c1a4df add osvdb ref 2012-05-31 08:49:58 -05:00
Tod Beardsley 7e6c2f340e Minor updates; added BID, fixed grammar 
Modules should not refer to themselves in the first person unless they
are looking for Sarah Connor.
 2012-05-30 16:16:41 -05:00
sinn3r 54e14014c3 Merge pull request #428 from wchen-r7/php_volunteer 
Add PHP Volunteer Management System exploit
 2012-05-30 09:33:32 -07:00
sinn3r 59ea8c9ab9 Print IP/Port for each message 2012-05-30 11:30:55 -05:00
sinn3r 43dffbe996 If we don't get a new file, we assume the upload failed. This is 
possible when we actually don't have WRITE permission to the
'uploads/' directory.
 2012-05-30 11:26:06 -05:00
sinn3r efdcda55ef Don't really care about the return value for the last send_request_raw 2012-05-30 11:00:31 -05:00
sinn3r 13ba51db34 Allow the login() function to be a little more verbose for debugging purposes 2012-05-30 10:56:59 -05:00
sinn3r b81315790d Add PHP Volunteer Management System exploit 2012-05-30 10:38:45 -05:00
sinn3r ac0d22453a Merge pull request #414 from wchen-r7/apprain 
Add CVE-2012-1153
 2012-05-23 16:34:30 -07:00
sinn3r 8d837f5d20 Module description update. TARGETURI description update. 2012-05-23 18:33:32 -05:00
sinn3r fab3bfcea1 Add CVE-2012-1153 2012-05-23 17:50:13 -05:00
Tod Beardsley 5dd866ed4a Fixed print_status to include rhost:rport 
Also don't let the failed user:pass be a mystery to the user.
 2012-05-21 11:11:34 -05:00
Tod Beardsley 1fc7597a56 Msftidy fixes. 
Fixed up activecollab_chat, batik_svg_java, and foxit_reader_launch

All whitespace fixes.
 2012-05-21 10:59:52 -05:00
Steve Tornio ba2787df8a add osvdb ref 2012-05-20 07:13:56 -05:00
sinn3r 964a6af423 Add Active Collab chat module PHP injection exploit, by mr_me 2012-05-19 02:06:30 -05:00
Jeff Jarmoc c2c160f86c randomizes options from equivilants 2012-05-11 11:31:26 -05:00
sinn3r 2b13330483 Merge pull request #376 from wchen-r7/wikkawiki 
Add CVE-2011-4449
 2012-05-10 10:13:56 -07:00
sinn3r 6e8c3ad1e3 It's "inject", not "upload"... because technically that's what really happens. 2012-05-10 12:06:02 -05:00
sinn3r c69e34d407 Update description 2012-05-10 12:02:55 -05:00
sinn3r 86c3ad5e0c Add CVE-2011-4449 2012-05-10 11:57:40 -05:00
Jeff Jarmoc e1156834b9 Lots of encoding randomizations for php_cgi_arg_injection 2012-05-09 14:13:21 -05:00
Jeff Jarmoc 4909d8073a Added lots or encoding randomness 2012-05-09 11:01:15 -05:00
Steve Tornio cef2da6110 add osvdb ref 2012-05-05 10:13:42 -05:00
James Lee 18a44148dc Randomize case for ini true/false values 2012-05-04 17:32:32 -06:00
HD Moore 423437c620 Woops, small typo in disable_functions 2012-05-04 12:17:41 -05:00
HD Moore c6b39e8e5c Add additional definitions to disable safe_mode, open_basedir, suhosin. (thanks @i0n1c) 2012-05-04 12:15:46 -05:00
HD Moore 2ce3558bb4 Bump the rank 2012-05-04 10:19:37 -05:00
HD Moore bed4846763 A little more module cleanup 2012-05-04 10:06:18 -05:00
HD Moore d668e2321d Rename this to a more suitable location 2012-05-04 09:59:40 -05:00
sinn3r 5bebd01eb0 Tabs vs spaces war round 2 2012-04-24 16:06:08 -05:00
sinn3r bc42375565 Fix spaces to proper hard tabs. Not very fun to do. 2012-04-24 16:03:41 -05:00
Chris John Riley f4f1ec70bc Altered regex to detect Jetty hosts 
Added in detection for 401 Authentication responses
Added alternative REST based run method (seen in Axis2 1.1.1)
Added check to prevent // from appearing at the start of the URI (causes issues on Jetty hosts)

There should be a default method for URI to prevent double / from appearing at the start of the path (can cause unknown issues).
 2012-04-15 15:13:21 +02:00
andurin 4e955e5870 replace spaces with tabs 2012-04-06 10:45:10 -05:00
andurin 67e6c7b850 tomcat_mgr_deploy may report successful creds 
Using following code for 'check' as 'exploit':
               report_auth_info(
                       :host   => rhost,
                       :port   => rport,
                       :sname  => (ssl ? "https" : "http"),
                       :user   => datastore['BasicAuthUser'],
                       :pass   => datastore['BasicAuthPass'],
                       :proof  => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
                       :active => true
               )

Resulting in:

Credentials
===========

host           port  user    pass    type      active?
----           ----  ----    ----    ----      -------
192.168.x.xxx  8080  tomcat  s3cret  password  true
 2012-04-06 10:45:10 -05:00
Tod Beardsley 14e3cd75dc Revert "tomcat_mgr_deploy may report successful creds" 
This reverts commit 937f8f035a.
 2012-04-05 16:17:06 -05:00
andurin 937f8f035a tomcat_mgr_deploy may report successful creds 2012-04-05 11:09:56 +02:00
Tod Beardsley 2f3bbdc00c Sed replacement of exploit-db links with EDB refs 
This is the result of:

find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/\([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
 2012-03-21 16:43:21 -05:00
Tod Beardsley 23c9c51014 Fixing CVE format on sit_file_upload. 2012-03-21 09:59:20 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
sinn3r 7c77fe20cc Some variables don't need to be in a double-quote. 2012-03-17 20:37:42 -05:00
Tod Beardsley e3f2610985 Msftidy run through on the easy stuff. 
Still have some hits, but that requires a little more code contortion to
fix.
 2012-03-15 17:06:20 -05:00
Tod Beardsley 9144c33345 MSFTidy check for capitalization in modules 
And also fixes up a dozen or so failing modules.
 2012-03-15 16:38:12 -05:00
sinn3r 5250b179c8 Add CVE and OSVDB ref 2012-03-15 04:40:27 -05:00
James Lee 8d93e3ad44 Actually use the password we were given... 2012-03-08 10:17:39 -07:00
James Lee 02ea38516f Add a check method for tomcat_mgr_deploy 2012-03-06 23:22:44 -07:00
sinn3r 22a12a6dfc Add Lotus CMS exploit (OSVDB-75095) 2012-03-06 11:36:28 -06:00
James Lee 464cf7f65f Normalize service names 
Downcases lots and standardizes a few.  Notably, modules that reported a
service name of "TNS" are now "oracle".  Modules that report http
now check for SSL and report https instead.

[Fixes #6437]
 2012-02-21 22:59:20 -07:00
HD Moore 4932a9ca25 Dont dump an HTML document to the console 2012-02-21 23:45:25 -06:00
Tod Beardsley 4a631e463c Module title normalization 
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/

The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
 2012-02-21 11:07:44 -06:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
HD Moore af56807668 Cleanup the titles of many exploit modules 2012-02-20 19:25:55 -06:00
sinn3r 5bb9afe789 Correct disclosure date format 2012-02-16 18:15:51 -06:00
Joshua J. Drake 01a6b02c3e Add exploit for CVE-2012-0209, thx eromang! 2012-02-16 03:10:55 -06:00
Joshua J. Drake d2444e1cf6 fix a few typos 2012-02-16 03:10:22 -06:00
Tod Beardsley 829040d527 A bunch of msftidy fixes, no functional changes. 2012-02-10 19:44:03 -06:00
Jonathan Cran c3bd151197 add a ranking 2012-01-31 20:43:32 -06:00
Steve Tornio e392958d90 add osvdb ref 2012-01-31 07:06:33 -06:00
sinn3r bfd4734cbf Forgot to add CMD as a datastore option, here it is 2012-01-30 17:34:58 -06:00
sinn3r 08134ad600 Add Exploit-DB reference 2012-01-30 16:17:25 -06:00
sinn3r f3c340a9ab Add vBSEO proc_deutf() Remote Code Execution (Feature #6307) 2012-01-30 16:15:27 -06:00
sinn3r 9e5d2ff60e Improve URI, plus some other minor changes. 2012-01-19 13:26:25 -06:00
joernchen of Phenoelit 2199cd18d7 fine tuning thx to sinn3r 2012-01-19 19:50:30 +01:00
joernchen of Phenoelit df9380500a disclosure date added 2012-01-19 19:19:53 +01:00
joernchen of Phenoelit 197eb16f72 gitorious remote command exec exploit 2012-01-19 11:36:08 +01:00
Tod Beardsley 7e25f9a6cc Death to unicode 
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.

Also adds a check in msftidy for stray unicode.
 2012-01-10 14:54:55 -06:00
Tod Beardsley e7d7302644 Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a viewer has a Unicode-capable terminal. 2012-01-09 11:22:44 -06:00
sinn3r 243dbe50f0 Correct author name. Unfortunately not all editors can print unicode correctly. 2012-01-07 15:18:25 -06:00
sinn3r 4e858aba89 Add CVE-2012-0262 Op5 welcome.php Remote Code Execution 2012-01-07 15:13:45 -06:00
sinn3r 4645c1c2b9 Add CVE-2012-0261 Op5 license.php Remote Code Execution 2012-01-07 15:12:49 -06:00
sinn3r d484e18300 Add e-mail for tecr0c 2011-12-29 11:14:15 -06:00
sinn3r b5b2c57b9f Correct e-mail format 2011-12-29 10:57:00 -06:00
Steve Tornio a00dad32fe Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2011-12-29 07:50:33 -06:00
Steve Tornio 27d1601028 add osvdb ref 2011-12-29 07:49:16 -06:00
Tod Beardsley 0e3370f1fe Grammar and spelling on splunk and oracle exploits 2011-12-28 13:42:56 -06:00
sinn3r 101eba6aa5 Add CVE-2011-3587 Plone/Zope Remote CMD Injection (Feature #6151) 2011-12-27 00:59:26 -06:00
sinn3r b5b24a1fbf Add a check. I decided not to try to login in the check function in order to remain non-malicious. 
However, this decision doesn't represent how modules should write their own check.
 2011-12-22 13:16:54 -06:00
sinn3r 262fe75e0a Add CVE-2011-4642 - Splunk Remote Code Execution (Feature #6129) 2011-12-22 13:04:37 -06:00
Steve Tornio 85caabbf5d add osvdb ref 2011-12-14 07:19:34 -06:00
HD Moore cb456337a0 Handle invalid http responses better, see #6113 2011-12-13 19:54:10 -06:00
sinn3r d87d8d5799 Add CVE-2011-4453 (PmWiki Remote code exeuction - Feature #6103) 2011-12-13 11:45:24 -06:00
sinn3r 32c8301c19 Add feature #6082 (Traq 2.3 Auth bypass remote code execution) 2011-12-12 15:45:19 -06:00
sinn3r e043fb52c2 Incrase timeout 2011-12-08 11:21:03 -06:00
sinn3r 5afba20c21 Merge pull request #43 from jduck/master 
Clear up how to use native payloads for tomcat_mgr_deploy
 2011-12-06 23:01:53 -08:00
sinn3r edec6b98ee Add feature #6067 Family Connections CMS 2.7.1 exploit 2011-12-07 00:00:56 -06:00
Joshua J. Drake ac7edc268a Add some more clear documentation for selecting payloads for this module. 2011-12-05 00:35:11 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
David Maloney 4a22df4014 Fix to the axis2 Deployer exploit to add Default Target 2011-11-22 10:27:38 -08:00
David Maloney 30d1451159 Consolidation of the Axis2 Deployer Exploits 
Fixes #5276
 2011-11-22 08:47:53 -08:00
sinn3r 41d746a07a Add Support Incident Tracker (Feature #5964) by Juan 2011-11-12 12:36:21 -06:00
Wei Chen e767214411 Fix: whitespaces, svn propset, author e-mail format 
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-06 22:02:26 +00:00
Wei Chen 0dff3f3e52 Add #5682 (phpscheduleit module). Thx Juan. 
git-svn-id: file:///home/svn/framework3/trunk@14073 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-26 18:06:12 +00:00
Will Vandevanter a0d8a08851 java meterpreter should be used when the target is set to automatic 
git-svn-id: file:///home/svn/framework3/trunk@14068 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 20:02:09 +00:00
Wei Chen 2b46420b36 check nil 
git-svn-id: file:///home/svn/framework3/trunk@14062 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 16:19:55 +00:00
Wei Chen 7ba5a8ec4e Module is busted when it loads, restoring to the original method. Mixin should not be loaded into an exploit 
git-svn-id: file:///home/svn/framework3/trunk@14061 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 16:04:33 +00:00
Wei Chen 9cb54e37c5 Handle payloads better, also add a cleanup routine specifically for php/exec 
git-svn-id: file:///home/svn/framework3/trunk@14060 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 05:25:39 +00:00
Wei Chen 2da07d4963 Fix bug #5834 (uri being nil in print_good) 
git-svn-id: file:///home/svn/framework3/trunk@14057 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 00:40:03 +00:00
Wei Chen 3da8bb8b69 Add feature #5820 by mr_me and tecr0c 
git-svn-id: file:///home/svn/framework3/trunk@14055 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-24 23:22:32 +00:00
Joshua Drake 62c8c6ea9f big msftidy pass, ping me if there are issues 
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-23 11:56:13 +00:00
Wei Chen 975cc52bac Fix spelling errors 
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-18 00:54:05 +00:00
Tod Beardsley 94eb3ac14c Deleting a puts statement. 
git-svn-id: file:///home/svn/framework3/trunk@13968 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-17 03:52:10 +00:00
Tod Beardsley 30ac88694f More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster. 
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-17 02:58:53 +00:00
Tod Beardsley 020abd926b A handful of rankings changes, also converting whitespace. 
git-svn-id: file:///home/svn/framework3/trunk@13941 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 22:58:20 +00:00
Wei Chen 14d7db1641 Add disclosure dates to all the exploit modules that didn't have one 
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 21:09:17 +00:00
Wei Chen f2d328d969 cmd exec module should receive ExcellentRanking 
git-svn-id: file:///home/svn/framework3/trunk@13935 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 20:10:53 +00:00
HD Moore 142ae9288b Fix title 
git-svn-id: file:///home/svn/framework3/trunk@13933 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 19:56:57 +00:00
Wei Chen 262b3bbe00 Use Rex to encode payload to base64 
git-svn-id: file:///home/svn/framework3/trunk@13846 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-09 20:31:51 +00:00
Wei Chen 98157272fd Fix indentation for exploit description 
git-svn-id: file:///home/svn/framework3/trunk@13843 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-09 06:12:54 +00:00
Wei Chen d1b1b26d01 Add Feature #5499 (Snortreport module) 
git-svn-id: file:///home/svn/framework3/trunk@13842 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-09 06:10:18 +00:00
Wei Chen 44ac9d67e0 svn propset 
git-svn-id: file:///home/svn/framework3/trunk@13831 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-07 17:45:15 +00:00
Steve Tornio 9ec92ee603 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@13830 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-07 15:37:54 +00:00
HD Moore 9862987f45 Add a new module from joernchen 
git-svn-id: file:///home/svn/framework3/trunk@13829 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-07 15:30:24 +00:00
Wei Chen 612cdc8c73 No need to check if version is 'unknown' if nothing else (other than default) is assigned to it 
git-svn-id: file:///home/svn/framework3/trunk@13799 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-27 19:12:31 +00:00
Wei Chen 8bfdebeaf3 Handle the return value for send_request during the early stage 
git-svn-id: file:///home/svn/framework3/trunk@13791 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-25 19:28:15 +00:00
Wei Chen db79d21f75 Apply patch for non-default logins by jabra 
git-svn-id: file:///home/svn/framework3/trunk@13778 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-23 02:48:48 +00:00
Jonathan Cran 064255e910 fixup the payload encoding, per joernchen's comment in the #metasploit channel. 
git-svn-id: file:///home/svn/framework3/trunk@13747 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-17 17:48:51 +00:00
Mario Ceballos 6f28911d3d added patch from joshua taylor. 
git-svn-id: file:///home/svn/framework3/trunk@13698 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-06 19:58:40 +00:00
Joshua Drake 496170eac1 aDjUsT tHe CaSe 
git-svn-id: file:///home/svn/framework3/trunk@13644 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-26 23:46:49 +00:00
David Rude c78ba0e4d5 hehe remove debugging put call 
git-svn-id: file:///home/svn/framework3/trunk@13586 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-19 05:59:32 +00:00
David Rude 63e2b759e7 require the URI option 
git-svn-id: file:///home/svn/framework3/trunk@13585 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-19 05:54:58 +00:00
David Rude 402ca57bb4 Adds Struts2 Remote Code Execution exploit CVE-2010-1870 
git-svn-id: file:///home/svn/framework3/trunk@13584 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-19 05:52:09 +00:00
Steve Tornio 28177fd255 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@13505 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-10 02:54:56 +00:00
HD Moore f1afbacb2a Cron'd 
git-svn-id: file:///home/svn/framework3/trunk@13485 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-04 17:36:01 +00:00
Wei Chen f47a2c7565 Format dictatorship round 2: Fix author e-mail format for all exploit modules 
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-22 20:17:58 +00:00
Wei Chen d13654740a Update some jboss modules' metadata associated with CVE-2010-0738 
git-svn-id: file:///home/svn/framework3/trunk@13204 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-18 05:18:25 +00:00
James Lee c412a836ed add VERBOSE option to all modules and vprint_* methods to use it 
git-svn-id: file:///home/svn/framework3/trunk@13183 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-15 15:33:35 +00:00
HD Moore eea05fcaaa Correct the parent class name 
git-svn-id: file:///home/svn/framework3/trunk@12930 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-12 19:31:38 +00:00
HD Moore 7f3e2d182d Fix Axis2 to inherit from the correct class, prevent a stack trace when a non-Remote exploit has the cleanup method called. 
git-svn-id: file:///home/svn/framework3/trunk@12928 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-12 18:32:27 +00:00
David Rude a8b6c43636 reverting the disclosure dates for now need to clean up the patch 
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-04 20:43:19 +00:00
David Rude 3b7ea08f6a Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy 
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-04 19:17:31 +00:00
David Rude 3b5cf3826a Added TheLightCosines OpenSSL ChangeCipherSpec DoS aux module 
git-svn-id: file:///home/svn/framework3/trunk@12538 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-04 19:08:28 +00:00
Steve Tornio 319b4993a4 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@12397 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-21 19:38:42 +00:00
David Rude 0f9a232025 Added Spreecommerce Remote Code Execution exploit module - thanks joernchen 
git-svn-id: file:///home/svn/framework3/trunk@12392 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-21 16:57:17 +00:00
Joshua Drake f0673cb1ac Tweak to work with FreeBSD, thx for the patch! 
git-svn-id: file:///home/svn/framework3/trunk@12224 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-03 17:40:45 +00:00
David Rude c5ce597483 removing coldfusion until some general code fixes can be applied 
git-svn-id: file:///home/svn/framework3/trunk@11995 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 21:41:47 +00:00
Mario Ceballos dfd2df6b47 puts this in the appropiate place 
git-svn-id: file:///home/svn/framework3/trunk@11987 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 10:22:07 +00:00
Joshua Drake 1604b5616f apply some more changes from Konrads 
git-svn-id: file:///home/svn/framework3/trunk@11533 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-10 14:34:24 +00:00
Joshua Drake 9ef757bf17 Fixes #3387, add the PACKAGE option to allow 3.2 
git-svn-id: file:///home/svn/framework3/trunk@11518 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-08 04:11:01 +00:00
James Lee dd6afdc74c make these titles a little clearer 
git-svn-id: file:///home/svn/framework3/trunk@11330 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-14 17:26:44 +00:00
Joshua Drake 26a9fe6fc7 add some missing CVE references 
git-svn-id: file:///home/svn/framework3/trunk@11180 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-30 20:19:18 +00:00
Joshua Drake d5835fe7b0 remove commented out REST portion 
git-svn-id: file:///home/svn/framework3/trunk@11179 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-30 19:11:42 +00:00
Joshua Drake 98e8ec4cc9 add REST version of axis2 deployer 
git-svn-id: file:///home/svn/framework3/trunk@11178 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-30 18:17:33 +00:00
Joshua Drake e9faf75503 fix some more titles with periods 
git-svn-id: file:///home/svn/framework3/trunk@11127 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-24 19:35:38 +00:00
Joshua Drake 2fe78ec685 double grammar fail 
git-svn-id: file:///home/svn/framework3/trunk@11053 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-16 20:23:11 +00:00
Joshua Drake f4d2af3e73 fix typo 
git-svn-id: file:///home/svn/framework3/trunk@11052 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-16 20:17:25 +00:00
Joshua Drake 25611afb6c add sap businessobject modules from jabra, woot! 
git-svn-id: file:///home/svn/framework3/trunk@11046 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-15 05:12:48 +00:00
Joshua Drake 4a5bee45c5 style compliance fixes 
git-svn-id: file:///home/svn/framework3/trunk@11015 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-12 23:14:46 +00:00
Mario Ceballos 2aca76ef66 added exploit module freenas_exec_raw.rb. php/meterpreter ftw. 
git-svn-id: file:///home/svn/framework3/trunk@11014 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-12 23:02:28 +00:00
James Lee 326dc42bca add EncodedPayload#encoded_exe, encoded_jar, and encoded_war. simplifies exploits that need java and native payloads. see #406 and #3009 
git-svn-id: file:///home/svn/framework3/trunk@10999 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-11 23:01:35 +00:00
Joshua Drake 1f235a8c9b remove 64-bit targets since we dont have an x86_64 linux exe generator 
git-svn-id: file:///home/svn/framework3/trunk@10833 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-27 17:21:54 +00:00
Joshua Drake be841a4810 check for failed serverinfo result 
git-svn-id: file:///home/svn/framework3/trunk@10788 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-22 21:32:12 +00:00
James Lee 3b2c43fac4 get rid of the redundant second java target 
git-svn-id: file:///home/svn/framework3/trunk@10785 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-22 20:07:18 +00:00
James Lee f33d7cc670 revamp java payloads and make shells work with tomcat_mgr_deploy. tested java_trusted_chain and java_tester to verify that this doesn't break other java payload usage. see #3009 and #2973, meterpreter doesn't work yet, so not marking resolved. 
git-svn-id: file:///home/svn/framework3/trunk@10781 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-22 10:19:51 +00:00
Joshua Drake c6f1fa716d add a java target, fixes #2973 
git-svn-id: file:///home/svn/framework3/trunk@10755 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-19 22:36:59 +00:00
Joshua Drake 771ea5862c fix typo 
git-svn-id: file:///home/svn/framework3/trunk@10754 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-19 22:24:33 +00:00
Joshua Drake 1935f2007f fix exe generation for auto-targetting 
git-svn-id: file:///home/svn/framework3/trunk@10753 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-19 22:21:19 +00:00
Joshua Drake 042e71c357 add ports/refs for ZDI-10-214 
git-svn-id: file:///home/svn/framework3/trunk@10747 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-19 14:28:52 +00:00
Joshua Drake b49e81300a fix auto-target exe generation 
git-svn-id: file:///home/svn/framework3/trunk@10688 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-14 21:26:05 +00:00
Joshua Drake 279c604015 missed a couple exe generater includes 
git-svn-id: file:///home/svn/framework3/trunk@10504 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-28 16:19:50 +00:00
Joshua Drake bd1eeb3722 rework to_jsp_war a bit, fix uses, default msfencode -t war to x86/win32 
git-svn-id: file:///home/svn/framework3/trunk@10397 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-20 15:59:46 +00:00
Joshua Drake 4590844871 tons of indentation fixes, some other style tweaks 
git-svn-id: file:///home/svn/framework3/trunk@10394 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-20 08:06:27 +00:00
Joshua Drake d540818f01 split http exploit mixin into http/server and http/client 
git-svn-id: file:///home/svn/framework3/trunk@9971 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-07 06:59:16 +00:00
Joshua Drake 2f384cde82 add alias for calling Msf::Exploit regenerate_payload explicitly -- fixes #2312 
git-svn-id: file:///home/svn/framework3/trunk@9950 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-03 15:14:34 +00:00
Joshua Drake 16ff17c9d1 add more http fingerprints -- thx mc 
git-svn-id: file:///home/svn/framework3/trunk@9797 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-12 23:25:31 +00:00
Joshua Drake 663b863b6d http fingerprint checking update 
git-svn-id: file:///home/svn/framework3/trunk@9719 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-07 17:38:59 +00:00
Joshua Drake a3d901a6b9 various minor fixes, some added fingerprinting 
git-svn-id: file:///home/svn/framework3/trunk@9671 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-03 06:21:31 +00:00
Joshua Drake 7d945ed9dc add lots of disclosure dates from OSVDB 
git-svn-id: file:///home/svn/framework3/trunk@9669 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-03 03:13:45 +00:00
Joshua Drake 0882838491 ensure binary mode when opening files, whitespace fixes 
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-01 23:33:07 +00:00
Joshua Drake 93b09648c7 add additional CVE reference, cleanup references 
git-svn-id: file:///home/svn/framework3/trunk@9642 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-01 19:42:11 +00:00
Joshua Drake 12fbdcd878 add http_fingerprint calls to modules that use various headers 
git-svn-id: file:///home/svn/framework3/trunk@9627 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-25 20:53:12 +00:00
Joshua Drake 48994d234a oops, remove java from platform list 
git-svn-id: file:///home/svn/framework3/trunk@9609 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-24 16:38:24 +00:00