sinn3r
5108e8ef1c
Correct tab
2013-02-19 11:44:41 -06:00
sinn3r
b2664e04fb
Merge branch 'bigant_server_dupf_upload' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-bigant_server_dupf_upload
2013-02-19 11:42:04 -06:00
sinn3r
9813c815ef
Minor changes
2013-02-19 11:40:06 -06:00
sinn3r
553d7abe43
Merge branch 'bigant_server_sch_dupf_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-bigant_server_sch_dupf_bof
2013-02-19 11:26:47 -06:00
jvazquez-r7
416a7aeaa3
make msftidy happy for s4u_persistence
2013-02-18 15:23:06 +01:00
jvazquez-r7
be0feecf8f
Merge branch 's4u_persistence' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-s4u_persistence
2013-02-18 15:22:37 +01:00
Thomas McCarthy
25f8a7dcb9
Fix expire tag logic and slight clean up
...
Was a dumbass again and didn't fully understand how Optints worked when left blank at run time. If not 0 the expire tag will be inserted now. Also made it print the xpath if used because I believe it will be of value to the user for trouble shooting.
2013-02-17 22:35:52 -05:00
jvazquez-r7
322fa53d49
fix typo
2013-02-17 20:29:41 +01:00
jvazquez-r7
31a3a374c3
Added module for CVE-2012-6274
2013-02-17 20:25:39 +01:00
jvazquez-r7
1a2a0bc38e
Added module for CVE-2012-6275
2013-02-17 20:21:45 +01:00
Thomas McCarthy
a8d574e4ce
Updated one print_status
2013-02-17 14:08:33 -05:00
m-1-k-3
3ab5585107
make msftidy happy
2013-02-16 20:49:32 +01:00
m-1-k-3
121a736e28
initial commit
2013-02-16 20:42:02 +01:00
jvazquez-r7
6b1bb9e1e8
Added module for OSVDB 90222
2013-02-16 13:11:46 +01:00
jvazquez-r7
221ce22f53
make msftidy happy
2013-02-15 19:01:58 +01:00
Jeff Jarmoc
ade2c9ef56
msftidy - fix line endings.
2013-02-14 11:42:02 -06:00
Jeff Jarmoc
4c90cacffe
Send iframe when URIPATH isnt '/'
2013-02-14 11:23:08 -06:00
Jeff Jarmoc
947aa24d44
MS13-009 / CVE-2013-0025 ie_slayout_uaf.rb by Scott Bell
2013-02-14 11:18:19 -06:00
Thomas McCarthy
7b2c1afadb
I'm an idiot, fix logon xpath
2013-02-14 09:16:47 -05:00
smilingraccoon
e78cbdd14d
missed one line
2013-02-13 18:17:38 -05:00
smilingraccoon
bbf8fe0213
Use Post::File methods and fail_with
2013-02-13 18:10:05 -05:00
sinn3r
4074a12fd7
Randomize some gadgets
2013-02-13 14:12:52 -06:00
jvazquez-r7
f58cc6a2e0
more fix version info
2013-02-12 18:51:04 +01:00
jvazquez-r7
96b1cb3cfb
fix version info
2013-02-12 18:50:36 +01:00
jvazquez-r7
69267b82b0
Make stable #1318 foxit reader exploit
2013-02-12 18:44:19 +01:00
Tod Beardsley
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
jvazquez-r7
9040fcd5ae
Merge branch 'darkoperator-post2localexploit' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-post2localexploit
2013-02-12 01:52:05 +01:00
jvazquez-r7
42a6d96ff4
using Post::File methods plus little more cleanup
2013-02-12 01:33:07 +01:00
jvazquez-r7
97edbb7868
using always a vbs file to drop exe
2013-02-12 00:58:26 +01:00
Carlos Perez
5edb138a8f
fixed nil issue
2013-02-11 11:51:33 -04:00
smilingraccoon
3a499b1a6d
added s4u_persistence.rb
2013-02-10 14:22:36 -05:00
jvazquez-r7
17b349ab50
added crash to comments
2013-02-09 17:49:57 +01:00
jvazquez-r7
5b576c1ed0
fix ident and make happy msftidy
2013-02-09 17:40:45 +01:00
Carlos Perez
fea84cad10
Fix additional typos per recomendation
2013-02-08 14:47:16 -04:00
James Lee
5b3b0a8b6d
Merge branch 'dmaloney-r7-http/auth_methods' into rapid7
2013-02-08 12:45:35 -06:00
Carlos Perez
b8f0a94c3f
Fixed typos mentioned by Egypt
2013-02-08 14:42:10 -04:00
jvazquez-r7
98457c0a4d
Merge branch 'sonicwall_gms' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-sonicwall_gms
2013-02-08 19:18:57 +01:00
James Lee
9b6f2fcd1d
Use the install path to tell us the separator
...
Fixes the java target on windows victims
2013-02-08 12:10:42 -06:00
James Lee
5b398076ae
Couple of fixes for windows
...
* Catch IOError when chmod doesn't exist (i.e. Windows)
* Proper escaping for paths
2013-02-08 11:52:50 -06:00
James Lee
071df7241b
Merge branch 'rapid7' into sonicwall_gms
...
Conflicts:
modules/exploits/multi/http/sonicwall_gms_upload.rb
Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
James Lee
1f9a09d5dd
Add a method to upload and exec in one step
2013-02-07 21:09:32 -06:00
sinn3r
0ad548a777
I expect people to know what a share is.
2013-02-07 19:16:44 -06:00
sinn3r
9415e55211
Merge branch 'feature/rm5455-patch-smb_relay' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm5455-patch-smb_relay
2013-02-07 19:12:58 -06:00
Carlos Perez
c131b7ef0e
Added exception handing and return checking as requested by Sinn3r
2013-02-07 21:06:05 -04:00
Carlos Perez
19e989dff9
Initial commit fo the migrated module
2013-02-07 19:11:44 -04:00
James Lee
13d1045989
Works for java and native linux targets
2013-02-07 16:56:38 -06:00
James Lee
b6c6397da3
typo
2013-02-06 19:21:20 -06:00
James Lee
1095fe198b
Merge branch 'rapid7' into dmaloney-r7-http/auth_methods
2013-02-06 16:57:50 -06:00
sinn3r
0186e290d3
Merge branch 'ovftool_format_string_fileformat' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_fileformat
2013-02-05 15:13:51 -06:00
sinn3r
b706af54a0
Merge branch 'ovftool_format_string_browser' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_browser
2013-02-05 15:12:24 -06:00
HD Moore
80a8bab02f
Correct the CVE reference
2013-02-05 10:37:24 -06:00
sinn3r
42912bf286
Merge branch 'jjarmoc-rails_methods' of github.com:jjarmoc/metasploit-framework into jjarmoc-jjarmoc-rails_methods
2013-02-04 16:50:01 -06:00
David Maloney
44d4e298dc
Attempting to cleanup winrm auth
2013-02-04 15:48:31 -06:00
Jeff Jarmoc
9b30e354ea
Updates HTTP_METHOD option to use OptEnum.
2013-02-04 15:32:36 -06:00
sinn3r
45db43d2b3
Merge branch 'msftidy/no-twitter-handles' of github.com:todb-r7/metasploit-framework into todb-r7-msftidy/no-twitter-handles
2013-02-04 14:21:40 -06:00
David Maloney
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
David Maloney
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
David Maloney
2c3de43f4b
datastore opts cleanup
...
cleanuo digestauth datastore options in modules
2013-02-04 12:10:44 -06:00
jvazquez-r7
9ce5f39bc6
added migrate as initial script
2013-02-04 16:42:56 +01:00
jvazquez-r7
e0d4bb5799
Added module for cve-2012-3569, browser version
2013-02-04 16:37:42 +01:00
jvazquez-r7
135718a97b
Added module for cve-2012-3569, fileformat version
2013-02-04 16:36:33 +01:00
HD Moore
4c8811bb8a
Add a debug target
2013-02-03 23:24:44 -06:00
HD Moore
191eed88bc
Fix liberal matching expression on target
2013-02-03 21:50:03 -06:00
HD Moore
9379c68e51
Fix typo, auto-fingerprint, unconnected sockets
2013-02-03 21:23:05 -06:00
HD Moore
42c8a2d265
Add VU and blog references
2013-02-03 18:17:51 -06:00
HD Moore
c24da99104
Update authors, add Richard (thanks!)
2013-02-03 18:13:28 -06:00
HD Moore
9e491f0b1c
Add a fingerprint string and more comments
2013-02-03 18:03:32 -06:00
HD Moore
1f227243b8
Make it clear BadChars are ignored
2013-02-03 17:54:25 -06:00
HD Moore
214a60aa01
iFix spacing
2013-02-03 17:52:33 -06:00
HD Moore
94953d0450
Fix idents from copypasta
2013-02-03 17:48:13 -06:00
HD Moore
975230c9e7
Add the first module for unique_service_name()
2013-02-03 17:46:20 -06:00
RageLtMan
ffb88baf4a
initial module import from SV rev_ssl branch
2013-02-03 15:06:24 -05:00
Tod Beardsley
e8def29b4f
Dropping all twitter handles
...
Also adds "pbot" as an accepted lowercase word. This will come up pretty
routinley for functions and stuff.
2013-02-01 16:33:52 -06:00
sinn3r
027ba28e70
Merge branch 'jvazquez-r7-datalife_template'
2013-02-01 16:27:18 -06:00
HD Moore
a63cf6977c
Fix 1.8 support
2013-02-01 14:39:32 -06:00
jvazquez-r7
bf7bb9952e
added template stuff improve
2013-02-01 11:53:42 +01:00
sinn3r
de8572d934
Use normalize_uri for URI
2013-01-31 16:57:48 -06:00
jvazquez-r7
70b252dc7b
Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2
2013-01-31 22:32:50 +01:00
sinn3r
1a01d6d033
Fix scrutinizer checks
2013-01-31 14:48:54 -06:00
egypt
5332e80ae9
Fix errant use of .to_s instead of .path
2013-01-31 14:18:42 -06:00
jvazquez-r7
b2ce9302c6
uri normalization in the old way
2013-01-31 16:59:49 +01:00
jvazquez-r7
365e1b0557
added module for cve-2013-1412
2013-01-31 16:09:14 +01:00
sinn3r
4de5e475c3
Fix check
2013-01-31 02:15:50 -06:00
sinn3r
66ca906bfb
This is a string, not a variable
2013-01-31 01:56:05 -06:00
sinn3r
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
sinn3r
ec0db66fcb
Merge branch 'patch-2' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-2
2013-01-30 12:36:53 -06:00
sinn3r
09fd224763
Merge branch 'patch-1' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-1
2013-01-30 12:33:40 -06:00
Tod Beardsley
aaf18f0257
EOL whitespace, yo.
2013-01-29 14:22:30 -06:00
lmercer
deb9385181
Patch for smb_relay.rb to allow the share written to, to be defined in an option
...
As described in Redmine Feature #5455
2013-01-29 15:19:35 -05:00
Tod Beardsley
6002e35460
Merge pull request #1397 from wchen-r7/target_uri_fix
...
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
Jeff Jarmoc
55600ce276
Update modules/exploits/multi/http/rails_xml_yaml_code_exec.rb
...
Remove unecessary include. Tested against rails 3.2.10.
2013-01-29 11:46:02 -06:00
Jeff Jarmoc
929814dabf
Update modules/exploits/multi/http/rails_json_yaml_code_exec.rb
...
Removes unnecessary include. Tested on 3.0.19 and 2.3.15.
2013-01-29 11:04:20 -06:00
Tod Beardsley
38785015e1
Missing period in description
2013-01-28 23:08:53 -06:00
James Lee
464d048eca
Remove debugging print
2013-01-28 22:25:57 -06:00
James Lee
dc19968555
Minor cleanups
2013-01-28 22:21:03 -06:00
James Lee
c0757ce905
Add support for 2.x
2013-01-28 21:41:15 -06:00
James Lee
92c736a6a9
Move fork stuff out of exploit into payload mixin
...
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
James Lee
ee2579607a
Working against 3.0.19
2013-01-28 21:05:14 -06:00
sinn3r
690ef85ac1
Fix trailing slash problem
...
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.
Related to: [SeeRM: #7727 ]
2013-01-28 13:19:31 -06:00
James Lee
044fefd02a
Initial support for Java target
...
Still some debugging junk, needs some more love.
2013-01-28 00:02:26 -06:00
sinn3r
49aac302e6
normalize_uri() breaks URI parsing
...
Please see: http://dev.metasploit.com/redmine/issues/7727
2013-01-26 22:57:01 -06:00
jvazquez-r7
3faf4b3aca
adding sinn3r as author
2013-01-24 18:13:30 +01:00
jvazquez-r7
f1f8782a5d
Merge branch 'payload_inject.rb' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-payload_inject.rb
2013-01-24 18:13:00 +01:00
sinn3r
2cedcad810
Check PID
2013-01-24 10:46:23 -06:00
jvazquez-r7
1bccc410a3
Merge branch 'module-movabletype_upgrade_exec' of https://github.com/kacpern/metasploit-framework into kacpern-module-movabletype_upgrade_exec
2013-01-24 15:02:48 +01:00
Kacper Nowak
ba41ee9c83
- applied all the changes from #1363
...
- some extra escaping for the sake of it
- removed the timeout in http_send_raw
2013-01-24 13:15:42 +00:00
jvazquez-r7
96d0b13de2
Merge branch 'excellentrankings' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-excellentrankings
2013-01-24 13:00:01 +01:00
sinn3r
3146b7ce77
Change default target
...
ExcellentRanking requires the module to auto-target. If the payload
is universal, that works too.
2013-01-23 23:40:47 -06:00
sinn3r
0c0f4a3e66
Lower ranking because they cannot auto-target
...
In order to be qualified as ExcellentRanking, auto-target is a must,
or the module has to default to a payload that's universal for
multiple platforms. Otherwise you're wasting time in Pro.
2013-01-23 23:35:31 -06:00
sinn3r
75f3a62ac4
Explain why we need this empty on_new_session
2013-01-23 16:43:36 -06:00
sinn3r
9c3e9f798f
Lower the ranking, because it cannot auto-target.
...
When it's excellent, Pro will fire this first, and that will only
generate more traffic than actually popping a shell.
2013-01-23 16:39:24 -06:00
sinn3r
53599e4c45
It's better to have a version # in the title, easier to find
2013-01-23 16:32:57 -06:00
sinn3r
d1736b8880
Merge branch 'sonicwall_upload' of github.com:julianvilas/metasploit-framework into julianvilas-sonicwall_upload
2013-01-23 16:32:06 -06:00
sinn3r
ad108900d5
Why yes I know it's a module
2013-01-23 16:23:41 -06:00
sinn3r
22f7619892
Improve Carlos' payload injection module - See #1201
...
Lots of changes, mainly:
* Description update
* Avoid accessing protected methods
* More careful exception & return value handling
2013-01-23 16:15:14 -06:00
sinn3r
e93b7ffcaf
Add Carlos Perez's payload injection module
...
See #1201
2013-01-23 14:07:48 -06:00
sinn3r
f50c7ea551
A version number helps deciding which exploit to use
2013-01-23 11:43:39 -06:00
sinn3r
a1f8da9ff6
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-01-23 11:41:35 -06:00
sinn3r
ca144b9e84
msftidy fix
2013-01-23 11:40:12 -06:00
jvazquez-r7
dd0fdac73c
fix indent
2013-01-23 18:19:14 +01:00
Kacper Nowak
c47392f5d1
normalize_uri and path fix
2013-01-23 16:57:30 +00:00
Kacper Nowak
ff875d04e0
- RPATH changed to TARGETURI
...
- both CVE numbers referenced
- sightly changed exception handling
2013-01-23 16:50:35 +00:00
booboule
8bcf4a86ef
Update modules/exploits/multi/browser/java_jre17_method_handle.rb
...
Wrong reference type (URL instead of OSVDB)
2013-01-23 17:14:53 +01:00
Kacper Nowak
a3fa7cc6bc
adjusted disclosure date
2013-01-23 12:49:08 +00:00
jvazquez-r7
e78174297e
assuring stdapi loads on meterpreter
2013-01-23 12:44:55 +01:00
Kacper Nowak
5d6ca30422
removed spaces at EOL
2013-01-23 10:33:55 +00:00
Kacper Nowak
17d1c9f996
- expanded description
...
- updated references
2013-01-23 10:29:11 +00:00
jvazquez-r7
9c9a0d1664
Added module for cve-2012-0432
2013-01-23 10:51:29 +01:00
sinn3r
8819059499
Merge branch 'zoneminder_packagecontrol_exec' of github.com:bcoles/metasploit-framework into bcoles-zoneminder_packagecontrol_exec
2013-01-22 14:41:40 -06:00
jvazquez-r7
807bd6e88a
Merge branch 'java_jre17_glassfish_averagerangestatisticimpl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_glassfish_averagerangestatisticimpl
2013-01-22 15:33:39 +01:00
jvazquez-r7
c498930644
Merge branch 'java_jre17_method_handle' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_method_handle
2013-01-22 15:33:07 +01:00
Kacper Nowak
8a59c7b8fb
removed extra print_status() calls
2013-01-22 12:31:40 +00:00
bcoles
970591a85f
Add ZoneMinder arbitrary command execution exploit
2013-01-22 22:56:50 +10:30
Kacper Nowak
08a5f467b1
added URL for developer site
2013-01-22 12:14:38 +00:00
Kacper Nowak
cd29a88c18
added Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
2013-01-22 11:58:24 +00:00
Julian Vilas
eb92070df8
added module for CVE-2013-1359
2013-01-22 01:54:41 +01:00
jvazquez-r7
967c04e727
finally it doesn't use FileDropper atm
2013-01-20 19:54:24 +01:00
jvazquez-r7
76edbb9e1c
Merge branch 'module-jenkins-script-console' of https://github.com/zeroSteiner/metasploit-framework into zeroSteiner-module-jenkins-script-console
2013-01-20 19:53:44 +01:00
jvazquez-r7
9769efbf01
references and date updated
2013-01-20 17:38:37 +01:00
bcoles
dc318c5aed
update php_charts_exec metadata
2013-01-21 02:12:42 +10:30
bcoles
f975a42571
move and update php_charts_exec metadata
2013-01-21 02:10:48 +10:30
bcoles
6ae72e4d63
Add PHP-Charts v1.0 PHP Code Execution Exploit
2013-01-20 23:51:17 +10:30
jvazquez-r7
aed71f8446
linux stager plus little cleanup
2013-01-20 13:42:02 +01:00
Spencer McIntyre
6b40011a6f
use target_uri and normalize_uri as well as fix a cookie problem
2013-01-19 19:10:56 -05:00
Spencer McIntyre
9f7aafccdf
add module to execute commands via Jenkins Script Console
2013-01-18 14:56:52 -05:00
jvazquez-r7
3465aa00bd
title updated
2013-01-18 18:42:27 +01:00
jvazquez-r7
ef16a7fd24
cleanup
2013-01-17 21:45:13 +01:00
jvazquez-r7
670b4e8e06
cleanup
2013-01-17 21:39:41 +01:00
jvazquez-r7
78279a0397
Added new module for cve-2012-5076
2013-01-17 21:27:47 +01:00
jvazquez-r7
d0b9808fc7
Added module for CVE-2012-5088
2013-01-17 21:14:49 +01:00
jvazquez-r7
51ba500b9f
msftidy compliant
2013-01-16 12:28:09 +01:00
jvazquez-r7
49b36710c4
Merge branch 'freesshd_authbypass_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-freesshd_authbypass_update
2013-01-16 12:27:42 +01:00
jvazquez-r7
f6d34b52a5
Merge branch 'verb_auth_bypass_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-verb_auth_bypass_update
2013-01-16 12:19:49 +01:00
jvazquez-r7
2348a0b066
final cleanup and testing
2013-01-16 11:55:14 +01:00
jvazquez-r7
b43242d131
Merge branch 'module-nagios3_history_cgi' of https://github.com/jselvi/metasploit-framework into jselvi-module-nagios3_history_cgi
2013-01-16 11:54:51 +01:00
sinn3r
0f24671cf7
Changes how the usernames are loaded.
...
Allows usernames to be loaded as a file (wordlist), that way the
it's much easier to manage. It defaults to unix_users.txt,
because these usernames are common in any SSH hosts out there.
If the user only wants to try a specific user (which is better,
because you reduce traffic noise that way), then he/she can set
the USERNAME option, and that should be the only one tried --
similar to how AuthBrute behaves.
I also fixed the regex in check().
2013-01-16 02:14:52 -06:00
Jose Selvi
064ea63a72
Fixes
2013-01-16 05:22:43 +01:00
sinn3r
b3291c0329
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2013-01-15 14:10:47 -06:00
sinn3r
b5167e7695
Merge branch 'add_bap_to_itms_overflow' of github.com:jvennix-r7/metasploit-framework into jvennix-r7-add_bap_to_itms_overflow
2013-01-15 12:25:07 -06:00
Jose Selvi
18f81fd6f4
Nagios3 history.cgi exploit
2013-01-15 15:32:32 +01:00
sinn3r
04b35a38ff
Update MSB ref
2013-01-14 14:59:32 -06:00
jvazquez-r7
c6c59ace46
final cleanup
2013-01-14 20:53:19 +01:00
jvazquez-r7
5ecb0701ea
Merge branch 'freesshd_authbypass' of https://github.com/danielemartini/metasploit-framework into danielemartini-freesshd_authbypass
2013-01-14 20:52:45 +01:00
joe
771fc07264
Change :vuln_test to :os_name for checking OS.
2013-01-14 02:17:40 -06:00
joe
efcdb1097c
Add BAP options to itms_overflow module.
2013-01-14 01:42:58 -06:00
Daniele Martini
04fe1dae11
Added module for Freesshd Authentication Bypass (CVE-2012-6066)
...
This module works against FreeSSHD <= 1.2.6. Tested against
password and public key authentication methods. It will generate
a random key and password.
To use it you need to know a valid username. The module contains
a basic bruteforce methods, so you can specify more than one to try.
2013-01-13 17:08:04 +01:00
Spencer McIntyre
b178ce1895
allow the mixin to auto detect an available decoder binary
2013-01-12 17:31:11 -05:00
kernelsmith
0b130e49e7
Squashed commit of the following:
...
commit 1beebe758c32a277e0a77f7d1011a56fda707732
Author: kernelsmith <kernelsmith@kernelsmith>
Date: Fri Jan 11 17:55:27 2013 -0600
fixes missing word in descript. of rails exploit
simple omission fix in description
[Closes #1295 ]
2013-01-11 19:02:06 -06:00
sinn3r
4adf429c31
Adds one more ref
2013-01-11 01:33:26 -06:00
sinn3r
23ef8280be
Merge branch 'java_0day_refs' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-java_0day_refs
...
Conflicts:
modules/exploits/multi/browser/java_jre17_jmxbean.rb
2013-01-11 01:33:11 -06:00
HD Moore
6471a70053
Pass the X-HTTP-Method-Override parameter for compat
2013-01-10 20:27:13 -06:00
sinn3r
e709811c5a
CVE update
2013-01-10 19:51:04 -06:00
jvazquez-r7
2c05af721c
module also updated with refs
2013-01-11 00:57:05 +01:00
HD Moore
9c652d1d55
Add a note about ruby 1.9 requirements
2013-01-10 17:10:03 -06:00
jvazquez-r7
ea000d6ee0
updated authors
2013-01-10 20:48:54 +01:00
jvazquez-r7
876d889d82
added exploit for j7u10 0day
2013-01-10 20:30:43 +01:00
Bouke van der Bijl
3b491ab998
Change charlisome in the list of authors to charliesome
2013-01-10 16:12:07 +01:00
HD Moore
42ea64c21b
Merge in Rails2 support now that its in master
2013-01-10 02:14:08 -06:00
HD Moore
0b74f98946
Rescue errors and update credits
2013-01-10 01:06:46 -06:00
HD Moore
1e94b090e7
The __END__ trick is no longer needed
2013-01-10 00:29:11 -06:00
HD Moore
acabc14ec3
This restores functionality across all rails 3.x
2013-01-10 00:28:12 -06:00
HD Moore
0e92de8f61
This works against a wider range of RoR 3.x targets
2013-01-10 00:10:26 -06:00
HD Moore
5e7a4f154e
Fix platform/arch
2013-01-09 23:24:37 -06:00
HD Moore
e15c731651
Clarify credit
2013-01-09 23:22:40 -06:00
HD Moore
4c1e501ed0
Exploit for CVE-2013-0156 and new ruby-platform modules
2013-01-09 23:10:13 -06:00
jvazquez-r7
ad3ca3a6bb
regex to check version fixed
2013-01-09 23:48:55 +01:00
jvazquez-r7
5901058a61
Merge branch 'ms11_081' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms11_081
2013-01-09 23:24:14 +01:00
sinn3r
fe8b9c24cf
Merge branch 'jvazquez-r7-honeywell_tema_exec'
2013-01-09 16:08:19 -06:00
sinn3r
f3b88d34c1
Add MS11-081
2013-01-09 15:52:33 -06:00
jvazquez-r7
52157b9124
extplorer_upload_exec cleanup
2013-01-09 19:45:17 +01:00
jvazquez-r7
8f91352c4a
Merge branch 'extplorer_upload_exec' of https://github.com/bcoles/metasploit-framework into bcoles-extplorer_upload_exec
2013-01-09 19:44:43 +01:00
jvazquez-r7
7a1a9985d5
Merge branch 'mysql_login_exceptions' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mysql_login_exceptions
2013-01-09 18:21:03 +01:00
Spencer McIntyre
d79a3c8e6b
list valid DECODER values and add the sshexec module
2013-01-09 10:27:22 -05:00
jvazquez-r7
736f8db6c0
Deleting from browser autopwn
2013-01-09 09:58:20 +01:00
jvazquez-r7
377905be7f
Avoid FileDropper in this case
2013-01-09 09:15:38 +01:00
jvazquez-r7
52982c0785
Added BrowserAutopwn info
2013-01-08 19:53:34 +01:00
jvazquez-r7
0e475dfce1
improvements and testing
2013-01-08 19:43:58 +01:00
jvazquez-r7
b2575f0526
Added module for OSVDB 76681
2013-01-08 17:46:31 +01:00
sinn3r
2a1ab2c99a
Improve the module
2013-01-07 19:03:58 -06:00
sinn3r
1d3c1ec7fc
Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master
2013-01-07 19:03:35 -06:00
Charlie Eriksen
4e0fca6d0f
Adding DB error handling
...
As per sinn3r's suggestion, adding handling for the most common MySQL
errors.
Also adding HostNotPrivileged, which I encountered during my testing.
2013-01-07 23:52:13 +00:00
sinn3r
5bc1066c69
Change how modules use the mysql login functions
2013-01-07 16:12:10 -06:00
sinn3r
a59c474e3e
Merge branch 'jvazquez-r7-ibm_cognos_tm1admsd_bof'
2013-01-07 13:34:52 -06:00
Tod Beardsley
36adf86184
Various and sundry fixes for normalize_uri
2013-01-07 12:02:08 -06:00
Tod Beardsley
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Charlie Eriksen
a8df3d71ff
Changes based on Sinn3r's feedback
...
A bucket-load of changes!
- Added a fallback for if there is no Set-Cookie header
- Added a check if the cookie we produce is simply empty, meaning we
failed something :(
- Removed use of flatten. Though I may look into making that extraction
better
- Changed cgi requests to use vars_(post|get)
- Clarified a few status prints
- A few EOL space fixes
2013-01-06 12:34:27 +00:00
Charlie Eriksen
a5113f0da4
Adding a check function
...
Because it makes sense. The non-vulnerable versions doesn't have
/libs/pdf.php.
So pretty simple.
2013-01-05 18:37:29 +00:00
Charlie Eriksen
ae72022777
Improvement for CVE 2012-4915
...
Made two tiny improvements based on Meatballs' points
- Added handling for 127.0.0.1 as DB_HOST
- Added a note in the description about it changing the pasword
2013-01-05 18:23:00 +00:00
Charlie Eriksen
25cadf8b87
Adding exploit for CVE 2012-4915
...
Initial commit.
Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00
jvazquez-r7
883b3446f3
license text
2013-01-05 08:03:25 +01:00
jvazquez-r7
0a13f01f23
Added module for ZDI-12-101
2013-01-05 07:40:32 +01:00
Christian Mehlmauer
6654faf55e
Msftidy fixes
2013-01-04 09:29:34 +01:00
sinn3r
b50e040e69
Fix e-mail format, and the extra comma
2013-01-04 01:11:40 -06:00
sinn3r
6d4abe947d
Merge branch 'id_revision' of github.com:FireFart/metasploit-framework into FireFart-id_revision
2013-01-04 00:23:03 -06:00
sinn3r
38de5d63d8
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-01-03 17:49:24 -06:00
Christian Mehlmauer
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
sinn3r
b061a0f9c1
Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof
2013-01-03 17:45:24 -06:00
Christian Mehlmauer
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
jvazquez-r7
a0b4045b4b
trying to fix the variable offset length
2013-01-04 00:25:34 +01:00
sinn3r
724fa62019
Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof
2013-01-03 15:35:29 -06:00
sinn3r
6fd35482cc
This exploit should be in browser auto pwn
2013-01-03 14:45:00 -06:00
jvazquez-r7
9cea2d9af9
reference updated
2013-01-03 19:39:18 +01:00
jvazquez-r7
45808a3a44
Added module for ZDI-11-350
2013-01-03 19:17:45 +01:00
sinn3r
06b937ec11
Implements WTFUzz's no-spray technique
...
Do not try to bend the spoon, that is impossible. Instead, only
try to realize the truth: there is no spoon.
2013-01-03 11:57:47 -06:00
sinn3r
c86c6f1ba0
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2013-01-02 17:26:42 -06:00
jvazquez-r7
758edd7aed
make msftidy happy
2013-01-03 00:02:03 +01:00
Charlie Eriksen
97253d46a1
Multiple change for Juan
...
Incooperated changes as per Juan's suggestions.
- Removed redundant space option for the payload
- Doing the uri more intelligently
- Detecting allow_url_include being disabled and reporting it
- Moved to unix/webapp
- Removed redundant handler call
- Adding to description that this requires allow_url_include to be
enabled
2013-01-02 21:19:06 +00:00
Charlie Eriksen
78c6d04b31
Fixing from crlf to lf
...
By accident the line endings changed to crlf.
Mihi pointed out that the last diff was funky because the commit by
accident had crlf rather than the lf from the initial commits.
Also adding an email, as per the HACKING guide and since hdm pointed out
the usefulness of it.
2013-01-02 20:14:09 +00:00
Charlie Eriksen
ef3f15e881
Adding a PLUGINSPATH option
...
Adding a PUGINSPATH option as per FireFart's comment.
Because the path to plugins(and wp-content) can be changed, I've added a
PLUGINSPATH options.
This allows for targeting of sites where either folder has been moved,
by specifying the relative path to where all plugins are stored.
2013-01-02 18:56:49 +00:00
Charlie Eriksen
6fb2130265
Adding a damn space
...
It suddenly jumped at me that there was a missing space in the module
info. Couldn't unsee.
2013-01-01 23:40:01 +00:00
Charlie Eriksen
4ba5b45ad3
Fixed the check
...
Turns out the export returns a 500 by default. Fixing.
2013-01-01 23:15:10 +00:00
Charlie Eriksen
dd0482cb9d
Code style fix!
...
Now variable names are in-line with the coding guidelines!
2013-01-01 23:01:14 +00:00
Charlie Eriksen
2fe2d5d3dd
Adding exploit for OSVDB 87353
...
Adding an exploit for OSVDB 87353, which allows for a remote file
inclusion in the Advanced Custom Fields plugin for Wordpress. and shell
given that url include is enabled in the php installation.
2013-01-01 22:52:55 +00:00
sinn3r
38157b86a9
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-31 11:15:44 -06:00
sinn3r
f7543e18fe
Your def of commit apparently is a little different than mine, git.
2012-12-31 00:35:13 -06:00
sinn3r
2b3f7c4430
Module rename
...
Sorry, Tod, this must be done.
2012-12-31 00:29:19 -06:00
sinn3r
5703274bc4
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-30 20:34:57 -06:00
sinn3r
1084334d5e
Randomness
2012-12-30 20:34:14 -06:00
sinn3r
7cb42a5eb4
Add BID ref
2012-12-30 18:14:22 -06:00
sinn3r
cc52e2c533
Where's Juan's name?
2012-12-30 12:58:16 -06:00
jvazquez-r7
14f21c0a29
using the rop as expected
2012-12-30 16:13:48 +01:00
jvazquez-r7
eed5a74f32
description updated and reference added
2012-12-30 16:08:01 +01:00
bcoles
8e543cf5f5
Add eXtplorer v2.1 auth bypass exploit module
2012-12-30 23:51:41 +10:30
Christian Mehlmauer
f7d6594314
re-deleted comma
2012-12-30 13:39:14 +01:00
jvazquez-r7
6be8ed6168
readd fix for #1219
2012-12-30 13:25:42 +01:00
jvazquez-r7
cd58cc73d9
fixed rop chain for w2003
2012-12-30 13:12:55 +01:00
Christian Mehlmauer
cab84b5c27
Fix for issue #1219
2012-12-30 13:02:13 +01:00
Christian Mehlmauer
dcf018c339
Comma
2012-12-30 12:54:44 +01:00
Christian Mehlmauer
14d197eeb2
Added Windows Server 2003
2012-12-30 11:35:29 +01:00
jvazquez-r7
6cb9106218
Added module for CVE-2012-4792
2012-12-30 01:46:56 +01:00
sinn3r
eb2037bdba
Merge branch 'inotes_dwa85w_bof' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-inotes_dwa85w_bof
2012-12-28 12:16:06 -06:00
jvazquez-r7
9ffb0dcf79
switch to some random data
2012-12-28 12:48:36 +01:00
jvazquez-r7
8f62cd5561
swith to some random data
2012-12-28 12:47:20 +01:00
jvazquez-r7
af61438b0b
added module for zdi-12-132
2012-12-28 11:45:32 +01:00
jvazquez-r7
8ea5c993a2
added module for zdi-12-134
2012-12-28 11:44:30 +01:00
sinn3r
771460fa4c
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-26 11:35:52 -06:00
sinn3r
d2dc7ebc2d
Merge branch 'feature/windows-postgres-payload-dll' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/windows-postgres-payload-dll
2012-12-26 11:18:21 -06:00
sinn3r
8223df375d
Avoid making the title sound too generic.
2012-12-26 11:15:37 -06:00
sinn3r
0b2ea3e55e
Fix weird tabs vs spaces prob
2012-12-26 11:14:48 -06:00
jvazquez-r7
e895ccb6b1
added random string functions
2012-12-25 18:13:02 +01:00
jvazquez-r7
fec989026f
Added module for CVE-2012-5691
2012-12-25 18:05:10 +01:00
sinn3r
2682908ff2
Small corrections here and there
2012-12-24 18:20:46 -06:00
sinn3r
6a3bf6a2a6
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-24 17:57:02 -06:00
sinn3r
38f0886058
James has more modules that need to be updated.
...
e-mail update.
2012-12-24 17:51:58 -06:00
jvazquez-r7
5b8492fc0d
module cleanup by juan
2012-12-24 23:26:40 +01:00
jvazquez-r7
ac6f34dc09
module name renamed
2012-12-24 23:26:06 +01:00
jvazquez-r7
bf036c97ad
added initial submission from james fitts
2012-12-24 23:25:25 +01:00
jvazquez-r7
7173c9b598
update james email address
2012-12-24 22:46:47 +01:00
sinn3r
d69e506221
Final changes
2012-12-24 15:08:52 -06:00
sinn3r
3d27397429
This error will still show even if we get a shell
2012-12-24 15:06:15 -06:00
jvazquez-r7
0950240d9a
module cleanup by juan
2012-12-24 18:59:45 +01:00
jvazquez-r7
9020c96373
module renamed
2012-12-24 18:59:25 +01:00
jvazquez-r7
09568f255e
Submission by James Fitts
2012-12-24 18:58:53 +01:00
sinn3r
076c8aa995
Merge branch 'nullbind-mssql_linkcrawler'
2012-12-24 11:14:28 -06:00
sinn3r
677b9718da
Finalizing module
2012-12-24 11:13:51 -06:00
jvazquez-r7
4c897c5181
added module for ZDI-12-154
2012-12-24 16:23:19 +01:00
sinn3r
d2e3e5defb
Merge branch 'jlee-r7-cleanup/post-windows-services'
2012-12-22 13:29:48 -06:00
jvazquez-r7
e15cf9f288
Merge branch 'netwin_surgeftp_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-netwin_surgeftp_exec
2012-12-22 15:50:07 +01:00
sinn3r
d97a63a94c
Make changes based on juan and egypt's feedback
2012-12-22 02:35:22 -06:00
James Lee
20cc2fa38d
Make Windows postgres_payload more generic
...
* Adds Exploit::EXE to windows/postgres/postgres_payload. This gives us
the ability to use generate_payload_dll() which generates a generic dll
that spawns rundll32 and runs the shellcode in that process. This is
basically what the linux version accomplishes by compiling the .so on
the fly. On major advantage of this is that the resulting DLL will
work on pretty much any version of postgres
* Adds Exploit::FileDropper to windows version as well. This gives us
the ability to delete the dll via the resulting session, which works
because the template dll contains code to shove the shellcode into a
new rundll32 process and exit, thus leaving the file closed after
Postgres calls FreeLibrary.
* Adds pre-auth fingerprints for 9.1.5 and 9.1.6 on Ubuntu and 9.2.1 on
Windows
* Adds a check method to both Windows and Linux versions that simply
makes sure that the given credentials work against the target service.
* Replaces the version-specific lo_create method with a generic
technique that works on both 9.x and 8.x
* Fixes a bug when targeting 9.x; "language C" in the UDF creation query
gets downcased and subsequently causes postgres to error out before
opening the DLL
* Cleans up lots of rdoc in Exploit::Postgres
2012-12-22 00:30:09 -06:00
sinn3r
9b768a2c62
Merge branch 'cleanup/post-windows-services' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-cleanup/post-windows-services
2012-12-21 23:42:17 -06:00
sinn3r
49248c79d6
Oops, didn't mean to keep these lines
2012-12-21 22:22:58 -06:00
sinn3r
9af8c9b457
Small corrections
2012-12-21 18:52:40 -06:00
sinn3r
ca72132fc0
Add a check
2012-12-21 16:23:31 -06:00
sinn3r
1323081bce
msftidy cleanup
2012-12-21 16:11:16 -06:00
sinn3r
529a3c9a63
Add Netwin SurgeFTP module
2012-12-21 16:10:27 -06:00
jvazquez-r7
d5f08a2405
Added module for CVE-2012-6329 for foswiki
2012-12-21 22:08:08 +01:00
jvazquez-r7
02782258eb
fix eol for ms12_004_midi
2012-12-21 21:01:39 +01:00
jvazquez-r7
ff4b959c04
Merge branch 'ms12_004_leaky_icky' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms12_004_leaky_icky
2012-12-21 21:01:05 +01:00
sinn3r
115ad9ae33
Small corrections
2012-12-21 12:56:44 -06:00
sinn3r
3c398d0e62
Final cleanup
2012-12-21 10:46:36 -06:00
sinn3r
4c58991c89
Cleanup ROP a little
2012-12-21 10:35:28 -06:00
sinn3r
e95f0267c6
Update for some leaky icky
2012-12-21 10:03:38 -06:00
jvazquez-r7
76cad3dd4c
Added module for CVE-2012-6329
2012-12-21 11:30:04 +01:00
HD Moore
b3c0c6175d
FixRM #3398 by removing double user-agent headers
2012-12-20 14:45:18 -06:00
sput-nick
4595a96ece
updated CVE and OSVDB wikka_spam_exec references
2012-12-19 16:42:47 -05:00
jvazquez-r7
f820ffb32d
update authors
2012-12-18 23:57:29 +01:00
jvazquez-r7
8a07d2e53d
Added module for ZDI-12-168
2012-12-18 23:48:53 +01:00
sinn3r
0344c568fd
Merge branch 'smb_fixes' of git://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-smb_fixes
2012-12-18 11:38:14 -06:00
Garret Picchioni
fa42d0c7fe
Fixed minor spelling errors
2012-12-17 15:18:08 -07:00
sinn3r
88f02e0016
Merge branch 'jvazquez-r7-crystal_reports_printcontrol'
2012-12-17 13:52:11 -06:00
sinn3r
9198e0dc05
Merge branch 'crystal_reports_printcontrol' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-crystal_reports_printcontrol
2012-12-17 13:40:41 -06:00
Tod Beardsley
10511e8281
Merge remote branch 'origin/bug/fix-double-slashes'
...
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
jvazquez-r7
3ed36bd66a
trying to fix stability issues on w7
2012-12-17 19:17:36 +01:00
sinn3r
37ce92afb1
Merge branch 'crystal_reports_printcontrol' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-crystal_reports_printcontrol
2012-12-16 16:15:24 -06:00
jvazquez-r7
bce7d48931
comment updated
2012-12-14 23:55:12 +01:00
jvazquez-r7
0a0b26dc2c
after study the crash after the overflow...
2012-12-14 23:54:44 +01:00
sinn3r
53a2fda608
Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler
2012-12-14 15:23:25 -06:00
sinn3r
12472756aa
Merge branch 'master' into bug/safari-metadata-version
2012-12-14 12:52:18 -06:00
jvazquez-r7
3e3f35419b
Added module for CVE-2010-2590
2012-12-14 12:50:29 +01:00
joe
eb972eaf0a
Add a maxver for the safari_metadata_archive exploit.
...
* Apple Security Update 2006-001 (http://support.apple.com/kb/TA23971 )
* Update applied to 10.4.5, where safari 2.0.3 is default browser.
* Because update did not bump Safari version, not all 2.0.3 browsers will be affected.
2012-12-14 02:17:25 -06:00
sinn3r
d2885d9045
Correct US Cert references
2012-12-13 14:19:53 -06:00
nullbind
67829756f8
fixed errors
2012-12-12 17:45:02 -06:00
Tod Beardsley
e762ca0d9b
Merge remote branch 'jlee-r7/midnitesnake-postgres_payload'
2012-12-12 15:30:56 -06:00
sinn3r
a69a4fbbce
Extra spaces, be gone.
2012-12-12 14:38:00 -06:00
sinn3r
3a481c8e42
Merge branch 'feature/winrm_compat_mode' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/winrm_compat_mode
2012-12-12 14:31:04 -06:00
David Maloney
5856874cea
Login check fixes for exploit
2012-12-12 14:18:41 -06:00
sinn3r
b465d20d61
Merge branch 'feature/winrm_compat_mode' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/winrm_compat_mode
2012-12-12 11:59:23 -06:00
David Maloney
5e8b9a20a4
Fix boneheaded mistake
2012-12-12 09:18:03 -06:00
sinn3r
3f4efea879
No twitter name, please.
2012-12-11 14:52:39 -06:00
sinn3r
343a785420
Add OSVDB references
2012-12-11 12:47:08 -06:00
jvazquez-r7
2eb4de815d
added c# code by Nicolas Gregoire
2012-12-11 16:33:41 +01:00
jvazquez-r7
44633c4f5b
deleted incorrect cve ref
2012-12-11 12:16:47 +01:00
jvazquez-r7
fdb457d82b
Merge branch 'refs_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-refs_update
2012-12-11 12:16:06 +01:00
sinn3r
b315a4eee4
Grammar
2012-12-11 00:19:15 -06:00
jvazquez-r7
e3a126aa75
Added module for ZDI-10-174
2012-12-11 01:37:44 +01:00
sinn3r
31e2a164a9
MySQL file priv gets a ref from OSVDB
2012-12-10 12:15:44 -06:00
sinn3r
f5193b595c
Update references
2012-12-10 11:42:21 -06:00
David Maloney
e448431c8a
Add 32bit comapt mode for 64 bit targets on wirnm
...
When a 32 bit payload is selected for an x64 target using the powershell
2.0 method,
it will try to invoke the 32bit version of pwoershell to sue instead
allowing us to still get a session even with the wrong payload arch
2012-12-10 11:39:24 -06:00
Tod Beardsley
7ea188e02d
Merge pull request #1147 from wchen-r7/cve_text_consistency
...
Change CVE text format
2012-12-09 14:48:08 -08:00
sinn3r
23d0ffa3ab
Dang it, grammar fail.
2012-12-09 01:39:24 -06:00
sinn3r
64a8b59ff9
Change CVE forma
...
Although the original text should work perfectly, for better
consistency, it's best to remove the "CVE" part. This may not
be a big deal in framework, but stands out a lot in Pro.
2012-12-09 01:09:21 -06:00
sinn3r
811bc49bfd
Merge branch 'bug/rm7593-flash-otf' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/rm7593-flash-otf
2012-12-08 17:16:14 -06:00
jvazquez-r7
d921c6f6e9
bid reference added
2012-12-08 15:09:32 +01:00
jvazquez-r7
080e45045b
Merge branch 'nagios_graph_explorer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-nagios_graph_explorer
2012-12-08 15:08:57 +01:00
sinn3r
60feba164d
Add OSVDB
2012-12-07 23:18:02 -06:00
sinn3r
15661b82bc
Add Nagios Network Monitor Graph Explorer module
2012-12-07 23:16:25 -06:00
sinn3r
e989142d9d
Merge branch 'freefloat' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-freefloat
2012-12-07 14:48:01 -06:00
sinn3r
78b4233b56
Final changes
2012-12-07 14:44:41 -06:00
jvazquez-r7
bae5442ca6
working...
2012-12-07 21:38:17 +01:00
sinn3r
901ef5060c
Merge branch 'maxthon' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-maxthon
2012-12-07 13:52:23 -06:00
sinn3r
3f1cfcc184
More changes
2012-12-07 13:47:07 -06:00
jvazquez-r7
1aaecbcf0c
cleanup and user agent check
2012-12-07 20:38:08 +01:00
sinn3r
a1336c7b5a
Some more changes
2012-12-07 13:32:44 -06:00
sinn3r
403ac1dc37
I would do anything for a cake.
2012-12-07 13:15:27 -06:00
sinn3r
9838a2c75f
This never works for us. Gonna ditch it.
2012-12-07 13:02:26 -06:00
jvazquez-r7
b0be8dc4df
history exploit cleanup
2012-12-07 19:23:00 +01:00
sinn3r
38f2348c33
First changes
2012-12-07 11:27:09 -06:00
sinn3r
a872362a65
Merge branch 'maxthon3' of git://github.com/malerisch/metasploit-framework into maxthon
2012-12-07 11:17:15 -06:00
sinn3r
2260e4b471
Switch to manual payload selection, because we don't auto-detect
2012-12-07 11:07:11 -06:00
James Lee
8812285678
Move print of my_target.name to after nil check
...
Avoids
"Exception handling request: undefined method `name' for nil:NilClass"
when we don't have a target for the connecting browser.
[FixRM #7593 ]
2012-12-07 11:00:24 -06:00
sinn3r
c08ee695a9
Merge branch 'splunk_upload_app_exec_cleanup' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-splunk_upload_app_exec_cleanup
2012-12-07 10:46:28 -06:00
sinn3r
fafdcbaae1
Vuln discovered by Rich.
...
See: https://twitter.com/webstersprodigy/status/277087755073380353
2012-12-07 10:42:45 -06:00
jvazquez-r7
e5cc950fe1
fix identation
2012-12-07 11:57:11 +01:00
jvazquez-r7
133ad04452
Cleanup of #1062
2012-12-07 11:55:48 +01:00
sinn3r
cddda9eab7
Merge branch 'master' into nullbind-mssql_linkcrawler
2012-12-06 23:51:06 -06:00
sinn3r
88c97cd2b5
Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler
2012-12-06 18:08:13 -06:00
sinn3r
bf47eaaa41
Remove code that's commented out. Clearly not needed anymore.
2012-12-06 12:57:41 -06:00
sinn3r
0ea5c781c1
Tabs and spaces don't mix
2012-12-06 12:53:22 -06:00
sinn3r
37f9cff25a
Merge branch 'ibm_director_cim_dllinject' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ibm_director_cim_dllinject
2012-12-06 12:36:48 -06:00
jvazquez-r7
fd20998f40
using the primer callback as pointed by egypt
2012-12-06 18:59:46 +01:00
sinn3r
817a7749c1
Merge branch 'ibm_director_cim_dllinject' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ibm_director_cim_dllinject
2012-12-06 11:35:09 -06:00
jvazquez-r7
8e21d9e235
fix source_address param
2012-12-06 18:34:22 +01:00
sinn3r
1fb05c0baf
Merge branch 'ibm_director_cim_dllinject' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ibm_director_cim_dllinject
2012-12-06 11:34:19 -06:00
Tod Beardsley
215017e17c
Merge remote branch 'wchen-r7/better_tectia_ssh'
2012-12-06 11:01:36 -06:00
sinn3r
06927345e5
If message becomes nil, we should force a to_s for the regex
...
next_message can be nil sometimes if packet is nil (see net/ssh's
poll_message source)
2012-12-06 10:44:16 -06:00
jvazquez-r7
fc8b08f10f
trailing comma
2012-12-06 17:32:58 +01:00
jvazquez-r7
532afc2919
Added module for CVE-2009-0880
2012-12-06 16:43:07 +01:00
jvazquez-r7
6d3d4c1d84
Added support for FileDropper
2012-12-06 12:03:17 +01:00
sinn3r
18f4df0a38
Fix weird indent prob
2012-12-06 03:58:16 -06:00
sinn3r
a90ed82413
Correct CVE format
2012-12-06 03:57:46 -06:00
sinn3r
2b96c4e2a5
Add Kingcope's MySQL 'Stuxnet' technique exploit
...
Because why not. One more trick to a pentest + coverage = better.
2012-12-06 03:56:23 -06:00
sinn3r
530332b176
Apply evil-e's fix when port isn't 22
...
See #1130
2012-12-05 21:42:53 -06:00
sinn3r
32c5f12912
Hmm, I should change the target name
2012-12-05 21:38:31 -06:00
sinn3r
d3c1fa842a
Lots of improvements
...
Keyboard-interactive method isn't required to exploit Tectia SSH.
So this update will just go straight to password method. There's
also improvements for the check() method: Not only does it check
the SSH version (banner), it will also check and see if the server
is using password method to auth.
2012-12-05 21:34:33 -06:00
malerisch
5e28563e4e
Advisories URLs changed
2012-12-05 14:33:25 -08:00
sinn3r
49999a56ea
Added CVE & vendor advisory information
2012-12-05 10:13:44 -06:00
jvazquez-r7
dd1d60293c
Merge branch 'indesign_server' of https://github.com/h0ng10/metasploit-framework into h0ng10-indesign_server
2012-12-05 15:27:25 +01:00
sinn3r
b85919266d
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-12-04 15:55:08 -06:00
jvazquez-r7
2cca857f6f
added support for Mac OS X
2012-12-04 22:04:21 +01:00
jvazquez-r7
9d8f0f94f6
added support for Mac OS X
2012-12-04 22:03:58 +01:00
jvazquez-r7
5548bebb16
embeding payload on the c# script
2012-12-04 17:44:55 +01:00
sinn3r
e6c6133c90
must be password authentication
2012-12-04 09:56:51 -06:00
sinn3r
2467183c4f
"Appears" is better
...
"Appears" is a more accureate way describing how much we think the
host is vulnerable.
2012-12-04 09:28:05 -06:00
sinn3r
b5e7009283
Since we have included Tcp for check(), we don't need to reg rhost
2012-12-04 09:25:24 -06:00
sinn3r
3c59c2d5c0
This extra space must die.
2012-12-03 21:09:07 -06:00
sinn3r
211a1674f5
Add kingcope's Tectia SSH 0day
2012-12-03 21:07:32 -06:00
h0ng10
752907d5f0
exploit for OSVDB-87548
2012-12-03 19:01:40 -05:00
jvazquez-r7
3f3bdb8473
my editor...
2012-12-03 21:45:26 +01:00
jvazquez-r7
8a9ad4253a
comment about the original discoverer updated
2012-12-03 21:44:35 +01:00
jvazquez-r7
2cb824d62d
Added module for CVE-2012-5357
2012-12-03 20:12:02 +01:00
James Lee
bc63ee9c46
Merge branch 'jvazquez-r7-file_dropper_support_local' into rapid7
2012-11-30 13:43:02 -06:00
sinn3r
9d52048d7f
Forgot to remove this after badchar analysis
2012-11-30 02:17:08 -06:00
sinn3r
37f731fe7d
Add OSVDB-80896 BlazeVideo HDTV Player Pro 6.6 Buffer Overflow
2012-11-30 02:14:22 -06:00
HD Moore
93a69ea62e
Fix instances of invalid lower-case datastore use
2012-11-29 00:05:36 -06:00
HD Moore
8b3d200986
Add a check for nil
2012-11-28 23:50:29 -06:00
Alexandre Maloteaux
c0c3dff4e6
Several fixes for smb, mainly win 8 compatibility
2012-11-28 22:49:40 +01:00
jvazquez-r7
17518f035c
support for local exploits on file_dropper
2012-11-28 22:17:27 +01:00
sinn3r
b2f906e83e
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-11-28 15:10:51 -06:00
sinn3r
b764110e6e
Use PhpEXE to be able to support PHP and Linux native payloads
2012-11-28 15:06:39 -06:00
jvazquez-r7
85ed074674
Final cleanup on always_install_elevated
2012-11-28 21:50:08 +01:00
jvazquez-r7
fd1557b6d2
Merge branch 'msi_elevated' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-msi_elevated
2012-11-28 21:49:36 +01:00
sinn3r
fd2296317d
Strip the credential dumping stuff (making it auxiliary)
...
Also a little description update
2012-11-28 14:27:01 -06:00
sinn3r
6b524ff22a
Merge branch 'eaton_network_shutdown' of git://github.com/h0ng10/metasploit-framework into h0ng10-eaton_network_shutdown
2012-11-28 11:22:36 -06:00
Meatballs1
7fea0d4af6
Add initial auto run script
2012-11-28 16:38:31 +00:00
Meatballs1
a3fbf276f9
Reinstated cleanup
2012-11-28 11:23:08 +00:00
Meatballs1
b5b47152fc
Changed to static msi filename
2012-11-28 11:21:02 +00:00
h0ng10
897ae102d4
fixed msftidy.rb complains
2012-11-28 01:22:19 -05:00
h0ng10
7109d63f36
Code clean up, thanks to Brandon Perry
2012-11-28 01:20:41 -05:00
Meatballs1
76f7abe5b6
Little tidy up
2012-11-27 23:58:58 +00:00
Meatballs1
81c2182424
Msftidy
2012-11-27 23:33:07 +00:00
Meatballs1
9741d55724
Moved to agnostic post module commands
2012-11-27 23:26:19 +00:00
Meatballs1
6fe378b594
Minor changes to description
2012-11-27 20:56:52 +00:00
Meatballs1
d067b040a0
Minor changes to description
2012-11-27 20:55:36 +00:00
Meatballs1
7727f3d6e8
Msftidy
2012-11-27 18:31:54 +00:00
Meatballs1
889c8ac12d
Add build instructions and removed binary
2012-11-27 18:18:20 +00:00
Meatballs1
bc9065ad42
Move MSI source and binary location
2012-11-27 18:12:49 +00:00
h0ng10
4ef0d8699a
added exploit for OSVDB 83199
2012-11-27 12:29:10 -05:00
James Lee
17d8d3692b
Merge branch 'rapid7' into midnitesnake-postgres_payload
2012-11-27 11:14:54 -06:00
sinn3r
b395f8f96d
Only XP for target coverage
2012-11-27 10:48:20 -06:00
sinn3r
2e71fc740e
No badchars, then no need to have the key
2012-11-27 10:46:20 -06:00
jvazquez-r7
8c53b275c6
Added module for cve-2012-3753
2012-11-27 12:10:00 +01:00
Tod Beardsley
f1fedee63b
EOL space, deleted
2012-11-26 14:19:40 -06:00
jvazquez-r7
36e2a4fddc
Merge branch 'splunk_nil_cookie' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-splunk_nil_cookie
2012-11-26 19:18:32 +01:00
sinn3r
9c3be383d0
The 'Set-Cookie' header should be checked before accessing it
2012-11-26 12:06:43 -06:00
malerisch
6dfda6da37
Added Maxthon3 Cross Context Scripting (XCS) exploits for Win
2012-11-24 15:53:58 -08:00
sinn3r
e9256de6f6
Merge branch 'jvazquez-r7-apple_quicktime_texml_font_table'
2012-11-23 18:53:31 -06:00
sinn3r
89ddedf773
If no badchars, no need to specify.
2012-11-23 18:46:50 -06:00
jvazquez-r7
4c9b8d4567
targets updated
2012-11-23 18:48:59 +01:00
HD Moore
d4e873df07
Fix bad reference (thanks Daniel Moeller)
2012-11-22 23:51:57 -06:00
jvazquez-r7
52ff38ad8a
add module for cve-2012-3752
2012-11-22 19:56:12 +01:00
Meatballs1
579126c777
Remove redundant sleep
2012-11-22 10:44:41 +00:00
Meatballs1
021e0f37e9
Cleanup s
2012-11-22 10:34:05 +00:00
Meatballs1
7936fce7cf
Remove auto migrate - we probably dont want to migrate away from a SYSTEM process.
2012-11-22 10:29:58 +00:00
Meatballs1
128eafe22c
Changed to Local Exploit
2012-11-22 10:26:23 +00:00
sinn3r
007dcd2dcb
Module is good, except with a little grammar error
2012-11-21 10:30:28 -06:00
jvazquez-r7
04aae008ca
fix to use pseudorandom exe name
2012-11-21 09:56:20 +01:00
jvazquez-r7
14cba22e64
changes requested by egypt
2012-11-21 09:46:22 +01:00
jvazquez-r7
99d32191c5
Added module for OSVDB 87334
2012-11-20 23:15:21 +01:00
Tod Beardsley
6b4c131cf5
Avoiding a future conflict with release
2012-11-20 13:24:19 -06:00
jvazquez-r7
959ea1f0c5
final cleanup
2012-11-20 12:52:00 +01:00
jvazquez-r7
b002996708
Merge branch 'narcissus' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-narcissus
2012-11-20 12:49:15 +01:00
sinn3r
edaa66094c
Merge branch 'jlee-r7-feature/automatic-fs-cleanup'
2012-11-19 16:13:08 -06:00
sinn3r
a93fbfea32
Add Narcissus module (OSVDB-87410)
2012-11-19 15:12:57 -06:00
nullbind
dc93bd7215
removed redundant file
2012-11-19 14:27:08 -06:00
jvazquez-r7
35b3bf4aa5
back to the original Brute mixin
2012-11-19 14:13:49 +01:00
jvazquez-r7
24fe043960
Merge branch 'samba' of https://github.com/mephos/metasploit-framework into mephos-samba
2012-11-19 14:13:15 +01:00
sinn3r
f4aa84956c
Add technet reference
2012-11-17 01:24:12 -06:00
sinn3r
d4749ff009
Merge branch 'feature/automatic-fs-cleanup' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/automatic-fs-cleanup
2012-11-16 19:02:46 -06:00
James Lee
591b085858
Add support for shell sessions in FileDropper
2012-11-16 15:51:54 -06:00
sinn3r
f784ea65af
Merge branch 'master' into ms12-005_mod
2012-11-16 11:59:41 -06:00
sinn3r
8375bb8390
Merge branch 'bypassuac_admincheck' of git://github.com/mubix/metasploit-framework into mubix-bypassuac_admincheck
2012-11-16 11:29:09 -06:00
sinn3r
8930d618e3
Merge branch 'invision_pboard_cleanup' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-invision_pboard_cleanup
2012-11-16 11:24:04 -06:00
jvazquez-r7
e8fe6031e9
Let default timeout for send_request_cgi
2012-11-16 18:09:47 +01:00
jvazquez-r7
51f238ec38
up to date
2012-11-16 16:03:09 +01:00
James Lee
83708a5a48
Add a FileDropper mixin for recording cleanup targets
...
Doesn't cover shell sessions yet, so needs a bit more work
2012-11-15 17:52:10 -06:00
David Maloney
de016780b8
Rename the PAYLOAD_TYPE datastore option
...
This datastore option conflicts with a reserved option in Pro causing
this module to fail in Pro.
2012-11-15 14:42:31 -06:00
Rob Fuller
e18acf2103
remove debugging code
2012-11-14 23:56:32 -05:00
Rob Fuller
7d41f1f9a0
add admin already and admin group checks
2012-11-14 23:54:01 -05:00
jvazquez-r7
09ec7dea95
fix check function after speak with egix
2012-11-15 01:34:17 +01:00
jvazquez-r7
3ba3e906d7
added improvements by egix
2012-11-15 01:20:32 +01:00
sinn3r
af8ac2fbf6
There's a bug here, can you tell?
...
Need to be aware of what happens when no version is captured.
2012-11-14 11:54:59 -06:00
jvazquez-r7
88ea347e40
added cookie prefix check
2012-11-14 16:20:40 +01:00
sinn3r
1546aa6a10
No need to repeat the default values
2012-11-13 18:38:17 -06:00
sinn3r
9054fafb15
Not sure why paths were repeated, but no more.
2012-11-13 18:32:32 -06:00
sinn3r
4675cd873b
Merge branch 'client_system_analyzer_upload' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-client_system_analyzer_upload
2012-11-13 11:21:23 -06:00
James Lee
bbb2f69b55
Add missing require for PhpExe
2012-11-13 10:17:42 -06:00
sinn3r
7d317e7863
Use PhpEXE, and a check() function
...
Uses the PhpEXE mixin for the payload. And then in the future
we can modify PhpEXE again to allow it to be space-free (problem
being a space is required when you use a function). Also, this
commit has a new check function.
2012-11-13 01:41:26 -06:00
sinn3r
162b5a391a
Merge branch 'invision_pboard_unserialize_exec' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-invision_pboard_unserialize_exec
2012-11-13 00:40:30 -06:00
jvazquez-r7
8e7a748805
thins in place...
2012-11-11 20:19:20 +01:00
jvazquez-r7
5076198ba2
fixing bperry comments
2012-11-11 20:18:19 +01:00
jvazquez-r7
c4f10a1d53
added bid reference
2012-11-11 17:48:57 +01:00
jvazquez-r7
9d3c068da0
added linux target
2012-11-11 17:28:48 +01:00
jvazquez-r7
8619c5291b
Added module for CVE-2012-5076
2012-11-11 17:05:51 +01:00
jvazquez-r7
42dd1ee3ff
added module for CVE-2012-5692
2012-11-10 11:35:21 +01:00
Chris John Riley
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
jvazquez-r7
21693831ae
Added module for ZDI-11-018
2012-11-08 17:32:42 +01:00
HD Moore
36066f8c78
Catch a few stragglers for double slash
2012-11-08 07:21:37 -06:00
HD Moore
4d2147f392
Adds normalize_uri() and fixes double-slash typos
2012-11-08 07:16:51 -06:00
James Lee
ac1b60e6db
Remove debug load
2012-11-07 20:00:41 -06:00
David Maloney
208e706307
Module title fixes
2012-11-07 10:33:14 -06:00
James Lee
34bc92584b
Refactor WindowsServices
...
* Pulls common code up from several methods into #open_sc_manager
* Deprecates the name Windows::WindowsServices in favor of
Windows::Services. The platform is already clear from the namespace.
* Makes the post/test/services test module actually work
[See #1007 ]
[See #1012 ]
2012-11-06 17:30:04 -06:00
jvazquez-r7
9166d12179
Merge branch 'WinRM_piecemeal' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal
2012-11-05 23:08:59 +01:00
Tod Beardsley
70d53b4e2d
Merge remote branch 'jvazquez-r7/emc_networker_format_string'
2012-11-05 16:03:56 -06:00
jvazquez-r7
77b1e9e648
added comment about ropdb
2012-11-05 23:02:23 +01:00
Tod Beardsley
e385aad9e5
Merge remote branch 'jvazquez-r7/emc_networker_format_string'
2012-11-05 16:02:18 -06:00
David Maloney
9d5ab5a66f
Stupid typing error
2012-11-05 15:41:47 -06:00
David Maloney
314026ed0e
Some error checking and fixups
2012-11-05 13:29:57 -06:00
nullbind
0246e921c5
style, ref, desc, and author updates
2012-11-05 12:45:54 -06:00
David Maloney
7c141e11c4
Hopefully final touches
...
Some smftidy cleanup, and added a method to check that the payload is
the correct arch when using the powershell method
2012-11-05 10:06:57 -06:00
jvazquez-r7
04668c7d61
fix response codes check to avoid second tries to fail
2012-11-05 09:26:26 +01:00
David Maloney
25a6e983a1
Remove the older modules
2012-11-04 14:48:34 -06:00
David Maloney
fca8208171
Some minor code cleanup
2012-11-04 14:45:15 -06:00
David Maloney
f69ccc779f
Unified smarter module
2012-11-04 13:14:02 -06:00
David Maloney
c30ada5eac
Adds temp vbs mod and tweaked decoder stub
2012-11-04 12:49:15 -06:00
jvazquez-r7
88c99161b4
added universal target
2012-11-03 18:52:07 +01:00
jvazquez-r7
b8eea1007f
Added module for CVE-2012-2288 EMC Networker Format String
2012-11-03 18:17:12 +01:00
sinn3r
d4fc99e40c
Merge branch 'ms10_104_100_continue_support' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ms10_104_100_continue_support
2012-11-02 15:16:35 -05:00
David Maloney
ffca972075
Opps mispalced line
2012-11-02 09:34:32 -05:00
David Maloney
355bdbfa39
Add check for propper powershell version
2012-11-02 09:33:28 -05:00