jvazquez-r7
85ed074674
Final cleanup on always_install_elevated
2012-11-28 21:50:08 +01:00
jvazquez-r7
fd1557b6d2
Merge branch 'msi_elevated' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-msi_elevated
2012-11-28 21:49:36 +01:00
sinn3r
fd2296317d
Strip the credential dumping stuff (making it auxiliary)
...
Also a little description update
2012-11-28 14:27:01 -06:00
sinn3r
6b524ff22a
Merge branch 'eaton_network_shutdown' of git://github.com/h0ng10/metasploit-framework into h0ng10-eaton_network_shutdown
2012-11-28 11:22:36 -06:00
Meatballs1
7fea0d4af6
Add initial auto run script
2012-11-28 16:38:31 +00:00
Meatballs1
a3fbf276f9
Reinstated cleanup
2012-11-28 11:23:08 +00:00
Meatballs1
b5b47152fc
Changed to static msi filename
2012-11-28 11:21:02 +00:00
h0ng10
897ae102d4
fixed msftidy.rb complains
2012-11-28 01:22:19 -05:00
h0ng10
7109d63f36
Code clean up, thanks to Brandon Perry
2012-11-28 01:20:41 -05:00
Meatballs1
76f7abe5b6
Little tidy up
2012-11-27 23:58:58 +00:00
Meatballs1
81c2182424
Msftidy
2012-11-27 23:33:07 +00:00
Meatballs1
9741d55724
Moved to agnostic post module commands
2012-11-27 23:26:19 +00:00
Meatballs1
6fe378b594
Minor changes to description
2012-11-27 20:56:52 +00:00
Meatballs1
d067b040a0
Minor changes to description
2012-11-27 20:55:36 +00:00
Meatballs1
7727f3d6e8
Msftidy
2012-11-27 18:31:54 +00:00
Meatballs1
889c8ac12d
Add build instructions and removed binary
2012-11-27 18:18:20 +00:00
Meatballs1
bc9065ad42
Move MSI source and binary location
2012-11-27 18:12:49 +00:00
h0ng10
4ef0d8699a
added exploit for OSVDB 83199
2012-11-27 12:29:10 -05:00
James Lee
17d8d3692b
Merge branch 'rapid7' into midnitesnake-postgres_payload
2012-11-27 11:14:54 -06:00
sinn3r
b395f8f96d
Only XP for target coverage
2012-11-27 10:48:20 -06:00
sinn3r
2e71fc740e
No badchars, then no need to have the key
2012-11-27 10:46:20 -06:00
jvazquez-r7
8c53b275c6
Added module for cve-2012-3753
2012-11-27 12:10:00 +01:00
Tod Beardsley
f1fedee63b
EOL space, deleted
2012-11-26 14:19:40 -06:00
jvazquez-r7
36e2a4fddc
Merge branch 'splunk_nil_cookie' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-splunk_nil_cookie
2012-11-26 19:18:32 +01:00
sinn3r
9c3be383d0
The 'Set-Cookie' header should be checked before accessing it
2012-11-26 12:06:43 -06:00
malerisch
6dfda6da37
Added Maxthon3 Cross Context Scripting (XCS) exploits for Win
2012-11-24 15:53:58 -08:00
sinn3r
e9256de6f6
Merge branch 'jvazquez-r7-apple_quicktime_texml_font_table'
2012-11-23 18:53:31 -06:00
sinn3r
89ddedf773
If no badchars, no need to specify.
2012-11-23 18:46:50 -06:00
jvazquez-r7
4c9b8d4567
targets updated
2012-11-23 18:48:59 +01:00
HD Moore
d4e873df07
Fix bad reference (thanks Daniel Moeller)
2012-11-22 23:51:57 -06:00
jvazquez-r7
52ff38ad8a
add module for cve-2012-3752
2012-11-22 19:56:12 +01:00
Meatballs1
579126c777
Remove redundant sleep
2012-11-22 10:44:41 +00:00
Meatballs1
021e0f37e9
Cleanup s
2012-11-22 10:34:05 +00:00
Meatballs1
7936fce7cf
Remove auto migrate - we probably dont want to migrate away from a SYSTEM process.
2012-11-22 10:29:58 +00:00
Meatballs1
128eafe22c
Changed to Local Exploit
2012-11-22 10:26:23 +00:00
sinn3r
007dcd2dcb
Module is good, except with a little grammar error
2012-11-21 10:30:28 -06:00
jvazquez-r7
04aae008ca
fix to use pseudorandom exe name
2012-11-21 09:56:20 +01:00
jvazquez-r7
14cba22e64
changes requested by egypt
2012-11-21 09:46:22 +01:00
jvazquez-r7
99d32191c5
Added module for OSVDB 87334
2012-11-20 23:15:21 +01:00
Tod Beardsley
6b4c131cf5
Avoiding a future conflict with release
2012-11-20 13:24:19 -06:00
jvazquez-r7
959ea1f0c5
final cleanup
2012-11-20 12:52:00 +01:00
jvazquez-r7
b002996708
Merge branch 'narcissus' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-narcissus
2012-11-20 12:49:15 +01:00
sinn3r
edaa66094c
Merge branch 'jlee-r7-feature/automatic-fs-cleanup'
2012-11-19 16:13:08 -06:00
sinn3r
a93fbfea32
Add Narcissus module (OSVDB-87410)
2012-11-19 15:12:57 -06:00
nullbind
dc93bd7215
removed redundant file
2012-11-19 14:27:08 -06:00
jvazquez-r7
35b3bf4aa5
back to the original Brute mixin
2012-11-19 14:13:49 +01:00
jvazquez-r7
24fe043960
Merge branch 'samba' of https://github.com/mephos/metasploit-framework into mephos-samba
2012-11-19 14:13:15 +01:00
sinn3r
f4aa84956c
Add technet reference
2012-11-17 01:24:12 -06:00
sinn3r
d4749ff009
Merge branch 'feature/automatic-fs-cleanup' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/automatic-fs-cleanup
2012-11-16 19:02:46 -06:00
James Lee
591b085858
Add support for shell sessions in FileDropper
2012-11-16 15:51:54 -06:00
sinn3r
f784ea65af
Merge branch 'master' into ms12-005_mod
2012-11-16 11:59:41 -06:00
sinn3r
8375bb8390
Merge branch 'bypassuac_admincheck' of git://github.com/mubix/metasploit-framework into mubix-bypassuac_admincheck
2012-11-16 11:29:09 -06:00
sinn3r
8930d618e3
Merge branch 'invision_pboard_cleanup' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-invision_pboard_cleanup
2012-11-16 11:24:04 -06:00
jvazquez-r7
e8fe6031e9
Let default timeout for send_request_cgi
2012-11-16 18:09:47 +01:00
jvazquez-r7
51f238ec38
up to date
2012-11-16 16:03:09 +01:00
James Lee
83708a5a48
Add a FileDropper mixin for recording cleanup targets
...
Doesn't cover shell sessions yet, so needs a bit more work
2012-11-15 17:52:10 -06:00
David Maloney
de016780b8
Rename the PAYLOAD_TYPE datastore option
...
This datastore option conflicts with a reserved option in Pro causing
this module to fail in Pro.
2012-11-15 14:42:31 -06:00
Rob Fuller
e18acf2103
remove debugging code
2012-11-14 23:56:32 -05:00
Rob Fuller
7d41f1f9a0
add admin already and admin group checks
2012-11-14 23:54:01 -05:00
jvazquez-r7
09ec7dea95
fix check function after speak with egix
2012-11-15 01:34:17 +01:00
jvazquez-r7
3ba3e906d7
added improvements by egix
2012-11-15 01:20:32 +01:00
sinn3r
af8ac2fbf6
There's a bug here, can you tell?
...
Need to be aware of what happens when no version is captured.
2012-11-14 11:54:59 -06:00
jvazquez-r7
88ea347e40
added cookie prefix check
2012-11-14 16:20:40 +01:00
sinn3r
1546aa6a10
No need to repeat the default values
2012-11-13 18:38:17 -06:00
sinn3r
9054fafb15
Not sure why paths were repeated, but no more.
2012-11-13 18:32:32 -06:00
sinn3r
4675cd873b
Merge branch 'client_system_analyzer_upload' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-client_system_analyzer_upload
2012-11-13 11:21:23 -06:00
James Lee
bbb2f69b55
Add missing require for PhpExe
2012-11-13 10:17:42 -06:00
sinn3r
7d317e7863
Use PhpEXE, and a check() function
...
Uses the PhpEXE mixin for the payload. And then in the future
we can modify PhpEXE again to allow it to be space-free (problem
being a space is required when you use a function). Also, this
commit has a new check function.
2012-11-13 01:41:26 -06:00
sinn3r
162b5a391a
Merge branch 'invision_pboard_unserialize_exec' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-invision_pboard_unserialize_exec
2012-11-13 00:40:30 -06:00
jvazquez-r7
8e7a748805
thins in place...
2012-11-11 20:19:20 +01:00
jvazquez-r7
5076198ba2
fixing bperry comments
2012-11-11 20:18:19 +01:00
jvazquez-r7
c4f10a1d53
added bid reference
2012-11-11 17:48:57 +01:00
jvazquez-r7
9d3c068da0
added linux target
2012-11-11 17:28:48 +01:00
jvazquez-r7
8619c5291b
Added module for CVE-2012-5076
2012-11-11 17:05:51 +01:00
jvazquez-r7
42dd1ee3ff
added module for CVE-2012-5692
2012-11-10 11:35:21 +01:00
Chris John Riley
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
jvazquez-r7
21693831ae
Added module for ZDI-11-018
2012-11-08 17:32:42 +01:00
HD Moore
36066f8c78
Catch a few stragglers for double slash
2012-11-08 07:21:37 -06:00
HD Moore
4d2147f392
Adds normalize_uri() and fixes double-slash typos
2012-11-08 07:16:51 -06:00
James Lee
ac1b60e6db
Remove debug load
2012-11-07 20:00:41 -06:00
David Maloney
208e706307
Module title fixes
2012-11-07 10:33:14 -06:00
James Lee
34bc92584b
Refactor WindowsServices
...
* Pulls common code up from several methods into #open_sc_manager
* Deprecates the name Windows::WindowsServices in favor of
Windows::Services. The platform is already clear from the namespace.
* Makes the post/test/services test module actually work
[See #1007 ]
[See #1012 ]
2012-11-06 17:30:04 -06:00
jvazquez-r7
9166d12179
Merge branch 'WinRM_piecemeal' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal
2012-11-05 23:08:59 +01:00
Tod Beardsley
70d53b4e2d
Merge remote branch 'jvazquez-r7/emc_networker_format_string'
2012-11-05 16:03:56 -06:00
jvazquez-r7
77b1e9e648
added comment about ropdb
2012-11-05 23:02:23 +01:00
Tod Beardsley
e385aad9e5
Merge remote branch 'jvazquez-r7/emc_networker_format_string'
2012-11-05 16:02:18 -06:00
David Maloney
9d5ab5a66f
Stupid typing error
2012-11-05 15:41:47 -06:00
David Maloney
314026ed0e
Some error checking and fixups
2012-11-05 13:29:57 -06:00
nullbind
0246e921c5
style, ref, desc, and author updates
2012-11-05 12:45:54 -06:00
David Maloney
7c141e11c4
Hopefully final touches
...
Some smftidy cleanup, and added a method to check that the payload is
the correct arch when using the powershell method
2012-11-05 10:06:57 -06:00
jvazquez-r7
04668c7d61
fix response codes check to avoid second tries to fail
2012-11-05 09:26:26 +01:00
David Maloney
25a6e983a1
Remove the older modules
2012-11-04 14:48:34 -06:00
David Maloney
fca8208171
Some minor code cleanup
2012-11-04 14:45:15 -06:00
David Maloney
f69ccc779f
Unified smarter module
2012-11-04 13:14:02 -06:00
David Maloney
c30ada5eac
Adds temp vbs mod and tweaked decoder stub
2012-11-04 12:49:15 -06:00
jvazquez-r7
88c99161b4
added universal target
2012-11-03 18:52:07 +01:00
jvazquez-r7
b8eea1007f
Added module for CVE-2012-2288 EMC Networker Format String
2012-11-03 18:17:12 +01:00
sinn3r
d4fc99e40c
Merge branch 'ms10_104_100_continue_support' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ms10_104_100_continue_support
2012-11-02 15:16:35 -05:00
David Maloney
ffca972075
Opps mispalced line
2012-11-02 09:34:32 -05:00
David Maloney
355bdbfa39
Add check for propper powershell version
2012-11-02 09:33:28 -05:00
nullbind
9158497fb4
msftidy updates
2012-11-01 20:59:37 -05:00
nullbind
8bb95e9f17
msftidy updates
2012-11-01 20:56:52 -05:00
Tod Beardsley
b1b85bee44
Actually require PhpEXE mixin.
2012-11-01 14:53:18 -05:00
David Maloney
f843740fcb
more fixes
2012-11-01 11:59:18 -05:00
jvazquez-r7
22fbfb3601
cleanup
2012-11-01 17:38:04 +01:00
jvazquez-r7
e720769747
Added module for ZDI-12-171
2012-11-01 17:17:45 +01:00
David Maloney
aeb837838f
typo
2012-11-01 11:03:50 -05:00
David Maloney
84c8660c96
Fix targets to be more specific
2012-11-01 11:00:45 -05:00
David Maloney
0eccfaf1bb
Add a disclosure date
2012-11-01 10:24:28 -05:00
David Maloney
59f5d9bc5d
Man i'm rusty at writing for framework
...
Fixes up all sinn3r's findings so far
2012-11-01 08:37:21 -05:00
David Maloney
00b9fb3c90
Switc smart mgirate to post mod as it should be
2012-10-31 17:03:49 -05:00
David Maloney
dd7ab11e38
Minor cleanup
2012-10-31 16:14:34 -05:00
David Maloney
86f6d59d2e
Adding the winrm powershell exploit
...
also adds the smart_migrate meterp script for autorun purposes
2012-10-31 15:46:11 -05:00
m m
e170c1e3e3
typo in centos5 range
2012-10-31 18:28:26 +01:00
m m
f7481b160c
add centos5 target
2012-10-31 18:21:41 +01:00
jvazquez-r7
ef0f415c51
related to #980 adds support for HttpClient
2012-10-31 17:46:57 +01:00
jvazquez-r7
91e6b7cd28
added ie8 target
2012-10-31 11:57:38 +01:00
jvazquez-r7
a3358a471f
Merge branch 'aladdin_bof' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-aladdin_bof
2012-10-31 11:57:20 +01:00
sinn3r
ec8a2955e1
Add OSVDB-86723 Aladdin Knowledge System ChooseFilePath Bof
2012-10-31 03:32:43 -05:00
m m
3e3c518753
remove SessionTypes as per egypt
2012-10-30 17:13:57 +01:00
jvazquez-r7
26808093d8
Merge branch 'nil_res_bug_fixes' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-nil_res_bug_fixes
2012-10-30 16:18:05 +01:00
sagishahar
53c7479d70
Add Windows 8 support
...
Verified with Windows 8 Enterprise Evaluation
2012-10-29 20:12:47 +02:00
m m
3855ba88b1
add meterpreter/command support to samba exploit using ROP
2012-10-29 17:33:00 +01:00
jvazquez-r7
0e3bc7d060
hp operations agent mods: fix use of pattern_create, use ropdb
2012-10-29 15:45:40 +01:00
sinn3r
2c4273e478
Correct some modules with res nil
2012-10-29 04:41:30 -05:00
sinn3r
e9b9c96221
Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler
2012-10-28 18:10:17 -05:00
nullbind
5ce6526125
first official release
2012-10-28 13:49:32 -05:00
jvazquez-r7
19920b3275
update module titles for hp operation agent vulns
2012-10-28 02:38:39 +01:00
sinn3r
4e6b5393c5
Merge branch 'manage_engine_sqli' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-manage_engine_sqli
2012-10-27 18:53:47 -05:00
sinn3r
320a23286a
Merge branch 'warnings' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-warnings
2012-10-27 18:52:34 -05:00
sinn3r
7db7f1bfdf
Merge branch 'turboftp_update' of git://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-turboftp_update
2012-10-27 18:51:41 -05:00
sinn3r
c015372ce0
Merge branch 'hp_operations_agent_coda_8c' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_operations_agent_coda_8c
2012-10-27 18:45:36 -05:00
jvazquez-r7
73deeacd7e
deleted unnecessary http headers according to my tests
2012-10-28 00:52:52 +02:00
jvazquez-r7
b4b1b77a77
deleted unnecessary http headers according to my tests
2012-10-28 00:51:18 +02:00
jvazquez-r7
51bc806014
Added module for CVE-2012-2019
2012-10-27 22:45:37 +02:00
jvazquez-r7
bcb80431d6
Added module for CVE-2012-2020
2012-10-27 22:43:16 +02:00
corelanc0d3r
b48e355a6d
fixed typo and defined badchars
2012-10-24 20:04:54 +02:00
sinn3r
ede5d0f46b
This is meant to be a warning, so we use print_warning
2012-10-24 00:55:54 -05:00
sinn3r
799c22554e
Warn user if a file/permission is being modified during new session
2012-10-24 00:54:17 -05:00
sinn3r
f1423bf0b4
If a message is clearly a warning, then use print_warning
2012-10-24 00:44:53 -05:00
sinn3r
8eb790f62c
Final touchup
2012-10-23 19:46:09 -05:00
sinn3r
f9bb910c3b
Make the check() try SQLI
2012-10-23 19:42:36 -05:00
sinn3r
8c5a73bb7f
Change exception handling
2012-10-23 19:34:12 -05:00
sinn3r
90542547c6
Add auto-target, and some changes to cleanup
2012-10-23 19:07:13 -05:00
Tod Beardsley
be9a954405
Merge remote branch 'jlee-r7/cleanup/post-requires'
2012-10-23 15:08:25 -05:00
Michael Schierl
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
sinn3r
22223d5d81
Better cleanup abilities
2012-10-23 13:58:19 -05:00
Michael Schierl
21f6127e29
Platform windows cleanup
...
Change all Platform 'windows' to 'win', as it internally is an alias
anyway and only causes unnecessary confusion to have two platform names
that mean the same.
2012-10-23 20:33:01 +02:00
James Lee
9c95c7992b
Require's for all the include's
2012-10-23 13:24:05 -05:00
sinn3r
4c41319c7c
Remove unused vars
2012-10-23 12:55:43 -05:00
sinn3r
bef4539915
Update description
2012-10-23 12:47:46 -05:00
sinn3r
3ff888a5c0
Move to 'multi' because it supports windows and linux
2012-10-23 12:41:51 -05:00
sinn3r
5f088fa718
Remove default platform
2012-10-23 12:41:17 -05:00
sinn3r
e05d353e8a
Add Linux support
2012-10-23 12:40:13 -05:00
sinn3r
bc3472a9b9
Randomize variable names
2012-10-23 11:41:53 -05:00
sinn3r
923ffe277d
Write EXE to JSP instead of using a TCPServer
2012-10-23 11:32:09 -05:00
sinn3r
33ce74fe8c
Merge branch 'msftidy-1' of git://github.com/schierlm/metasploit-framework into schierlm-msftidy-1
2012-10-23 02:10:56 -05:00
sinn3r
e5ec51a780
Rename file for consistency
2012-10-23 02:05:55 -05:00
sinn3r
669d22c917
Final improvements
2012-10-23 02:05:08 -05:00
sinn3r
5072156df6
Designed specifically for Windows, so let's move to Windows
...
Plus additional fixes
2012-10-22 23:01:58 -05:00
sinn3r
2484bb02cf
Add the initial version of the module
...
From EDB.
2012-10-22 22:41:30 -05:00
James Lee
b2db3e133d
Rescue when the service is crashed
...
Failed exploit attempts leave the service in a state where the port is
still open but login attmempts reset the connection. Rescue that and
give the user an indication of what's going on.
2012-10-22 17:57:30 -05:00
Rob Fuller
7437d9844b
standardizing author info
2012-10-22 17:01:58 -04:00
Michael Schierl
5b18a34ad4
References cleanup
...
Uppercase MSB, spaces in URLs.
2012-10-22 22:37:01 +02:00
Michael Schierl
f9ac55c221
Infohash key cleanups
...
Replace obvious typos in infohash keys. Note that this *does*
affect the behaviour as those keys have been ignored before.
2012-10-22 21:24:36 +02:00
Michael Schierl
e9f7873afc
Version cleanup
...
Remove all values that are neither 0 nor $Revision$.
2012-10-22 20:57:02 +02:00
Michael Schierl
e769abc868
Platform cleanup: platform should be lowercase
2012-10-22 20:14:39 +02:00
Michael Schierl
657d527f8d
DisclosureDate cleanup: Try parsing all dates
...
Fix all dates unparsable by `Date.strptime(value, '%b %d %Y')`
2012-10-22 20:04:21 +02:00
Michael Schierl
70ac7c8345
Author cleanup: fix unmatched angle brackets
2012-10-22 19:45:27 +02:00
Michael Schierl
d337d5204b
Author cleanup: One module did not have an author
2012-10-22 18:38:18 +02:00
sinn3r
ad9946689e
Update description
2012-10-21 16:40:01 -05:00
sinn3r
1821c11369
Code cleanup
2012-10-21 16:40:01 -05:00
sinn3r
c404b72d08
Doesn't make a lot of sense setting DefaultTarget to an older one
2012-10-21 16:40:01 -05:00
lincoln@corelan.be
c7d12d94b7
turboftp exploit
2012-10-21 16:40:00 -05:00
James Lee
768d2c5921
Go back to old behavior for unknown versions
...
May not be correct, but it's what we used to do, so probably better than
just raising.
Also documents things a bit better.
2012-10-18 16:57:40 -05:00
James Lee
1eccb24bf8
Raise if the version isn't what we expect
...
Also adds some clarifying commentation and adds todb to the list of
authors since he wrote the original module for windows upon which this
one is based.
2012-10-18 15:55:55 -05:00
James Lee
3c5c1cd86e
Remove unnecessary version restrictions
...
Since the payload is now run in the .so constructor, there's no need to
be compatible with a particular Postgres API.
Also:
- report the service
- delete the payload in the payload itself to reduce forensics
footprint
- randomize the created function name instead of abusing
postgres_create_sys_exec
2012-10-18 15:40:27 -05:00
James Lee
0221f75f39
Merge branch 'rapid7' into midnitesnake-postgres_payload
2012-10-18 13:57:25 -05:00
sput-nick
60dc83748c
Update modules/exploits/windows/browser/mozilla_mchannel.rb
2012-10-17 12:25:44 -03:00
James Lee
52feae2dcd
Add missing require
...
[FixRM #7345 ]
2012-10-15 17:18:04 -05:00
Tod Beardsley
9192a01803
All exploits need a disclosure date.
2012-10-15 16:29:12 -05:00
jvazquez-r7
2acfb0537c
Merge branch 'ajaxplorer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ajaxplorer
2012-10-15 08:30:08 +02:00
sinn3r
529f88c66d
Some msftidy fixes
2012-10-14 19:16:54 -05:00
sinn3r
97ac7fa184
Merge branch 'module-wle-service-permissions' of git://github.com/zeroSteiner/metasploit-framework
2012-10-14 18:27:32 -05:00
sinn3r
cedcace1a7
Forgot to change the output variable
...
Because the original script used match()
2012-10-14 11:43:33 -05:00
James Lee
9c6fdbe9d7
Compile a .so instead of being version-specific
...
This makes it possible to use payloads for the appropriate architecture
NOTE: need to test windows and make sure I didn't break it
2012-10-13 15:18:25 -05:00
sinn3r
cc303665e8
Credit
2012-10-13 00:42:44 -05:00
sinn3r
5b2998a121
Add OSVDB-63552 AjaXplorer module (2010)
2012-10-13 00:35:48 -05:00
James Lee
ad1870d819
Merge branch 'rapid7' into midnitesnake-postgres_payload
2012-10-12 14:18:34 -05:00
James Lee
90ae5c1178
Add PhpEXE support to RateMyPet module
2012-10-12 04:53:01 -05:00
James Lee
db12413b09
Convert vcms_upload to use PhpEXE
...
Incidentally adds a Linux x86 target
2012-10-12 04:29:57 -05:00
James Lee
13a5892e95
Add a mixin for uploading/executing bins with PHP
...
And use it in three modules that had copy-paste versions of the same
idea.
2012-10-12 02:57:41 -05:00
Spencer McIntyre
3ab24cdbb9
added exploits/windows/local/service_permissions
2012-10-11 22:42:36 -04:00
James Lee
0adabb1e06
Merge branch 'wchen-r7-projectpier' into rapid7
...
[Closes #889 ]
2012-10-11 18:32:04 -05:00
sinn3r
55c0cda86c
Merge branch 'fix_vprint_reduceright' of git://github.com/kernelsmith/metasploit-framework into kernelsmith-fix_vprint_reduceright
2012-10-11 16:55:52 -05:00
kernelsmith
c911eeece2
change vprint_error to print_error
...
exploits/windows/browser/mozilla_reduceright does not tell you when an
incompatible browser connects like most other browser exploits do
(unless verbose is true). This change just changes the vprint to print
to be more consistent w/other browser exploits
2012-10-11 16:51:17 -05:00
sinn3r
9ea208d129
Oops, overwrote egypt's changes by accident
2012-10-11 16:40:52 -05:00
sinn3r
82eaa322fe
Make cleanup work better
2012-10-11 16:39:54 -05:00
James Lee
3a66a07844
Proposed re-wording of description
...
[See #889 ]
2012-10-11 15:48:04 -05:00
sinn3r
24980e735b
I found an OSVDB ID
2012-10-11 15:28:07 -05:00
sinn3r
55128f5bb3
Make sure res has value before passing it on to exec_php
2012-10-11 14:43:38 -05:00
sinn3r
033a11eff5
Add Project Pier File Upload Vulnerability
2012-10-11 13:47:40 -05:00
sinn3r
1ea73b7bd2
Small description change and favor the use of print_error
2012-10-10 13:37:23 -05:00
jvazquez-r7
f32ce87071
delete comment added by error
2012-10-10 19:32:25 +02:00
jvazquez-r7
13e914d65e
added on_new_session handler to warn users about cleanup
2012-10-10 19:31:38 +02:00
jvazquez-r7
37dc19951b
Added module for ZDI-12-169
2012-10-10 19:14:54 +02:00
HD Moore
22f7c42b85
Merge branch 'master' into feature/updated-mobile
2012-10-09 12:58:19 -05:00
jvazquez-r7
4fa3631e34
avoiding the python support on the barracuda one if cannot be tested
2012-10-09 18:01:23 +02:00
jvazquez-r7
f33411abd1
Merge branch 'python_payload_support' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-python_payload_support
2012-10-09 18:00:44 +02:00
sinn3r
a12aed7ffc
Don't really need these keywords
2012-10-09 00:49:05 -05:00
sinn3r
b657fd31cc
Merge branch 'php_include' of https://github.com/ethicalhack3r/metasploit-framework into ethicalhack3r-php_include
2012-10-09 00:45:46 -05:00
sinn3r
c094508119
Support Python payload
...
Pretty sure if the app is run on Unix/Apache, or supports perl and
ruby, chances are python works too.
2012-10-08 22:17:11 -05:00
jvazquez-r7
b356b403b0
Merge branch 'phptax' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-phptax
2012-10-09 00:10:31 +02:00
sinn3r
06e2994b7e
connectiontype to find and python payload support
2012-10-08 15:13:27 -05:00
sinn3r
abb4bdd408
metadata formatting, and a little res gotcha
2012-10-08 15:00:51 -05:00
sinn3r
04aa69192d
Dang typo
2012-10-08 13:35:13 -05:00
jvazquez-r7
ef9d627e13
Added module for ZDI-12-106
2012-10-08 20:04:01 +02:00
sinn3r
8ff4442f9e
Add PhpTax pfilez exec module
...
This module exploits a vuln found in PhpTax. When generating a
PDF, the icondrawpng() function in drawimage.php does not
properly handle the pfilez parameter, which will be used in a
exec() statement, and results in arbitrary code execution.
2012-10-08 12:46:56 -05:00
sinn3r
e9b70a3a4f
Merge branch 'avaya_winpmd_unihostrouter' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-avaya_winpmd_unihostrouter
2012-10-07 15:35:30 -05:00
jvazquez-r7
0acd9e4eec
Merge branch 'ms10_002_ropdb_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms10_002_ropdb_update
2012-10-07 17:49:45 +02:00
jvazquez-r7
40983460bf
added module for avaya winpmd bof, osvdb 73269
2012-10-07 12:05:13 +02:00
sinn3r
bdb9b75e1e
Use RopDb, and print what target the module has selected.
2012-10-07 01:42:29 -05:00
HD Moore
64f29952dc
Merge branch 'master' into feature/updated-mobile
2012-10-07 00:32:02 -05:00
sinn3r
5b656087b5
Use RopDb in adobe_flash_otf_font, also cleaner code & output
2012-10-06 21:03:41 -05:00
jvazquez-r7
874fe64343
Merge branch 'ms11_050_ropdb_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms11_050_ropdb_update
2012-10-06 14:10:36 +02:00
sinn3r
e02adc1f35
Merge branch 'mubix-bypassuac_uac_check'
2012-10-06 02:09:16 -05:00
sinn3r
33429c37fd
Change print_error to print_debug as a warning
2012-10-06 02:08:19 -05:00
sinn3r
94d5eb7a8c
Use RopDb in MS11-050, and correct autopwninfo
2012-10-06 01:45:40 -05:00
Rob Fuller
55474dd8bf
add simple UAC checks to bypassuac
2012-10-06 00:59:54 -04:00
Rob Fuller
b984d33996
add RunAs ask module
2012-10-06 00:51:44 -04:00
sinn3r
769fa3743e
Explain why the user cannot modify the URIPATH
2012-10-05 17:24:06 -05:00
ethicalhack3r
f4e442bcbd
Added headers support to php_include module
2012-10-05 23:00:38 +02:00
sinn3r
2aa59623d1
Merge branch 'ropdb_for_browsers' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ropdb_for_browsers
2012-10-05 15:43:18 -05:00
sinn3r
21ea77ff8b
Fix spaces
2012-10-05 15:40:37 -05:00
sinn3r
a60851e9d1
Merge branch 'mubix-bypassuac_localport'
2012-10-05 14:28:12 -05:00
sinn3r
6342c270f4
Merge branch 'bypassuac_localport' of https://github.com/mubix/metasploit-framework into mubix-bypassuac_localport
2012-10-05 14:16:16 -05:00
sinn3r
33db3d9610
RopDb for ntr_activex_check_bof.rb
2012-10-05 14:09:59 -05:00
sinn3r
f92843c96e
RopDb for ie_execcommand_uaf.rb
2012-10-05 13:49:17 -05:00
jvazquez-r7
aba69d8438
fix indentation
2012-10-05 20:18:40 +02:00
jvazquez-r7
4c646762a5
Added target debian squeeze
2012-10-05 20:12:09 +02:00
sinn3r
9a53a49625
RopDb for vlc_amv.rb
2012-10-05 12:54:16 -05:00
sinn3r
d9278d82f8
Adopt RopDb for msxml_get_definition_code_exec.rb
2012-10-05 12:20:41 -05:00
sinn3r
6fc8790dd7
Adopt RopDb for ms12_037_same_id.rb
2012-10-05 12:17:19 -05:00
sinn3r
1268614d54
Adopt RopDb for adobe_flash_mp4_cprt.rb
2012-10-05 11:15:53 -05:00
sinn3r
98931e339a
Adopt RopDb for adobe_flash_rtmp.rb
2012-10-05 11:05:19 -05:00
sinn3r
631a06f3bb
Adopt RopDb for adobe_flashplayer_flash10o.rb
2012-10-05 10:55:55 -05:00
Rob Fuller
0ae7756d26
fixed missing > on author
2012-10-05 11:13:40 -04:00
sinn3r
bcc56cb7cc
Merge branch 'bypassuac_localport' of https://github.com/mubix/metasploit-framework into mubix-bypassuac_localport
2012-10-05 01:05:30 -05:00
sinn3r
77438d2fc7
Make URI modification more obvious, and let the user know why
2012-10-04 17:52:04 -05:00
Rob Fuller
8520cbf218
fixes spotted by @jlee-r7
2012-10-04 17:34:35 -04:00
James Lee
ae11c2ffc0
Merge branch 'rapid7' into kernelsmith-update-ms10_042-info
...
[Closes #860 ]
2012-10-04 15:29:32 -05:00
Tod Beardsley
4400cb94b5
Removing trailing spaces
2012-10-04 14:58:53 -05:00
kernelsmith
6ef87d1695
update info to reflect use of webdav
...
ms10_042_helpctr_xss_cmd_exec.rb doesn't tell you that it's going to
use webdav, and it's options dont' have the (Don't change) warning for
SRVPORT and URIPATH. This update fixes all that
2012-10-04 14:09:53 -05:00
Rob Fuller
3f2fe8d5b4
port bypassuac from post module to local exploit
2012-10-04 14:31:23 -04:00
sinn3r
d515b3274d
Apply wfsdelay and apply egypt's suggestions
2012-10-04 00:40:52 -05:00
sinn3r
9dad8b28ee
Merge branch 'qnx_qconn_exec' of https://github.com/bcoles/metasploit-framework into bcoles-qnx_qconn_exec
2012-10-03 22:09:14 -05:00
sinn3r
fbc3709774
Change the title and regex a bit
2012-10-03 12:16:25 -05:00
jvazquez-r7
30846f4190
fix typo in comment
2012-10-03 16:06:00 +02:00
jvazquez-r7
24037ac79a
Added module for CVE-2011-4051
2012-10-03 16:03:36 +02:00
sinn3r
e39472f7d4
Merge branch 'zeroSteiner-module-ms11-080'
2012-10-02 12:01:01 -05:00
sinn3r
e36507fc05
Code cleanup and make msftidy happy
2012-10-02 12:00:23 -05:00
Spencer McIntyre
21e832ac1c
add call to memory protect to fix DEP environments
2012-10-01 18:49:18 -04:00
bcoles
e2276bfedb
Add QNX QCOMM command execution module
2012-09-30 17:21:08 +09:30
jvazquez-r7
6679ff765a
remove extra commas
2012-09-28 12:21:59 +02:00
sinn3r
4087790cf7
Oops, forgot to update the check() function
2012-09-27 18:22:57 -05:00
jvazquez-r7
9d3a1871a6
Added module for Samba CVE-2012-1182
2012-09-28 01:18:52 +02:00
Spencer McIntyre
c93692b06d
add a check to verify session is not already system for MS11-080
2012-09-27 08:36:13 -04:00
Spencer McIntyre
8648953747
added MS11-080 AFD JoinLeaf Windows Local Exploit
2012-09-26 11:01:30 -04:00
HD Moore
3ade5a07e7
Add exploit for phpmyadmin backdoor
2012-09-25 10:47:53 -05:00
sinn3r
1111de0197
Add OSVDB reference
2012-09-25 01:19:58 -05:00
sinn3r
2db2c780d6
Additional changes
...
Updated get_target function, comment for original author, possible
bug in handling page redirection.
2012-09-24 17:38:19 -05:00
sinn3r
03815b47f8
Merge branch 'ie_uaf_js_spray_obfuscate' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ie_uaf_js_spray_obfuscate
2012-09-24 17:14:26 -05:00
jvazquez-r7
25e6990dc7
added osvdb reference
2012-09-24 21:49:32 +02:00
jvazquez-r7
2784a5ea2d
added js obfuscation for heap spray
2012-09-24 21:28:34 +02:00
sinn3r
0e94340967
Merge branch 'auxilium' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-auxilium
2012-09-24 10:22:18 -05:00
sinn3r
57b3aae9c0
Only JRE ROP is used
2012-09-24 10:21:02 -05:00
sinn3r
98f4190288
Add Auxilium RateMyPet module
2012-09-24 10:16:11 -05:00
jvazquez-r7
d476ab75cc
fix comment
2012-09-24 10:03:31 +02:00
jvazquez-r7
f3a64432e9
Added module for ZDI-12-170
2012-09-24 10:00:38 +02:00
sinn3r
cade078203
Update author info
2012-09-22 02:29:20 -05:00
sinn3r
d3611c3f99
Correct the tab
2012-09-21 12:29:24 -05:00
sinn3r
25f4e3ee1f
Update patch information for MS12-063
2012-09-21 12:28:41 -05:00
jvazquez-r7
ed24154915
minor fixes
2012-09-21 11:36:58 +02:00
bcoles
6ee2c32f08
add ZEN Load Balancer module
2012-09-21 17:25:20 +09:30
sinn3r
54b98b4175
Merge branch 'ntr_activex_check_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_check_bof
2012-09-20 16:43:20 -05:00
sinn3r
4ead0643a0
Correct target parameters
2012-09-20 16:41:54 -05:00
sinn3r
41449d8379
Merge branch 'ntr_activex_stopmodule' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_stopmodule
2012-09-20 16:33:12 -05:00
Tod Beardsley
a5ffe7297f
Touching up Kernelsmith's wording.
...
It is merely the ROP chain, not the vuln, that requires Java.
2012-09-20 14:52:52 -05:00
Tod Beardsley
883dc26d73
Merge remote branch 'kernelsmith/ie_execcommand_uaf_info'
2012-09-20 14:48:36 -05:00
jvazquez-r7
e98e3a1a28
added module for cve-2012-0266
2012-09-20 19:03:46 +02:00
jvazquez-r7
b61c8b85b8
Added module for CVE-2012-02672
2012-09-20 19:02:20 +02:00
David Maloney
f75ff8987c
updated all my authour refs to use an alias
2012-09-19 21:46:14 -05:00
kernelsmith
f1a39c76ed
update to ie_execcommand_uaf's info to add ROP info
...
This module requires the following dependencies on the target for the
ROP chain to function. For WinXP SP3 with IE8, msvcrt must be present
(which it is on default installs). For Vista/Win7 with IE8 or Win7
with IE9, ire 1.6.x or below must be installed.
2012-09-19 14:10:02 -05:00
Ramon de C Valle
11f82de098
Update author information
2012-09-19 14:00:51 -03:00
sinn3r
cc8102434a
CVE assigned for the IE '0day'
2012-09-18 16:13:27 -05:00
Tod Beardsley
25475ffc93
Msftidy fixes.
...
Whitespace on ie_execcommand_uaf, and skipping a known-weird caps check
on a particular software name.
2012-09-18 11:25:00 -05:00
jvazquez-r7
8b251b053e
initializing msghdr a little better
2012-09-18 12:12:27 +02:00
jvazquez-r7
16c5df46fc
fix while testing ubuntu intrepid
2012-09-18 11:52:50 +02:00
sinn3r
5fbc4b836a
Add Microsoft advisory
2012-09-17 22:13:57 -05:00
Tod Beardsley
75bbd1c48d
Being slightly more clear on Browser Not Supported
...
With this and the rest of sinn3r's fixes, it looks like we can close the
Redmine bug.
[FixRM #7242 ]
2012-09-17 11:16:19 -05:00
sinn3r
d77ab9d8bd
Fix URIPATH and nil target
...
Allow random and '/' as URIPATh, also refuse serving the exploit
when the browser is unknown.
2012-09-17 10:54:12 -05:00
Tod Beardsley
48a46f3b94
Pack / Unpack should be V not L
...
Packing or unpacking to/from L, I, or S as pack types will cause
problems on big-endian builds of Metasloit, and are best avoided.
2012-09-17 09:52:43 -05:00
Tod Beardsley
d77efd587a
Merge remote branch 'wchen-r7/ie_0day_execcommand'
2012-09-17 08:48:22 -05:00
sinn3r
5eaefcf4c7
This is the right one, I promise
2012-09-17 08:41:25 -05:00
sinn3r
8f50a167bd
This is the right module
2012-09-17 08:36:04 -05:00
sinn3r
e43cae70a7
Add IE 0day exploiting the execcommand uaf
2012-09-17 08:28:33 -05:00
Tod Beardsley
c83b49ad58
Unix linefeeds, not windows
...
That's what I get for just committing willy-nilly with a fresh install
of Gvim for Windows.
Also, this is an experiment to see if linefeeds are being respected in
this editor Window. I doubt it will be, given GitHub's resistence to
50/72 as a sensible default.
2012-09-16 18:10:35 -05:00
Tod Beardsley
2fc34e0073
Auth successful, not successfully
...
Just fixing up some adverb versus adjective grammar.
2012-09-16 17:51:00 -05:00
jvazquez-r7
cbc778cb47
add changes proposed by sinn3r
2012-09-15 23:53:09 +02:00
jvazquez-r7
0708ec72fc
module moved to a more correct location
2012-09-15 15:31:21 +02:00
jvazquez-r7
0f67f8d08a
target modified
2012-09-15 15:14:33 +02:00
jvazquez-r7
0061d23b37
Added module for CVE-2012-2982
2012-09-15 15:09:19 +02:00
jvazquez-r7
9a83c7c338
changes according to egypt review
2012-09-14 18:47:50 +02:00
jvazquez-r7
eae571592c
Added rgod email
2012-09-14 17:45:16 +02:00
jvazquez-r7
a2649dc8d1
fix typo
2012-09-14 17:10:41 +02:00
jvazquez-r7
e27d5e2eb7
Description improved
2012-09-14 17:08:59 +02:00
jvazquez-r7
9c77c15cf5
Added module for osvdb 85087
2012-09-14 16:54:28 +02:00
James Lee
caf7619b86
Remove extra comma, fixes syntax errors in 1.8
...
Thanks, Kanedaaa, for reporting
2012-09-13 12:07:34 -05:00
sinn3r
1f58458073
Merge branch 'udev_netlink' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-udev_netlink
2012-09-13 10:37:52 -05:00
sinn3r
b31e8fd080
Merge branch 'qdpm_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-qdpm_upload_exec
2012-09-13 10:37:10 -05:00
sinn3r
71a0db9ae5
Make sure the user has a 'myAccount' page
2012-09-13 10:33:43 -05:00
sinn3r
658502d5ad
Add OSVDB-82978
...
This module exploits a vuln in qdPM - a web-based project
management software. The user profile's photo upload feature can
be abused to upload any arbitrary file onto the victim server
machine, which allows remote code execution. However, note in
order to use this module, the attacker must have a valid cred
to sign.
2012-09-13 10:01:08 -05:00
jvazquez-r7
12f3ef9c7c
added osvdb numbers
2012-09-13 14:00:12 +02:00
Doug Prostko
d64208a604
changed return address
2012-09-12 18:46:53 -04:00
Doug P
f65e2ea923
description spacing
2013-04-12 16:20:43 -04:00
Doug P
90574b869f
added description
2013-04-12 16:16:30 -04:00
Doug P
6e6b98e589
got freefloatftp_user.rb working
2013-04-12 16:07:54 -04:00
Doug P
d33d6854b8
...
2013-04-12 09:53:21 -04:00
Doug P
be36b466ec
Merge branch 'master' into freefloatftp_user
2013-04-11 12:25:19 -04:00
Doug P
96f3a2dd67
freefloatftp_user.rb
2013-04-11 10:36:06 -04:00
doug
bd11b4feda
working on freefloatftp_user.rb
2013-03-22 16:13:38 -04:00
Tod Beardsley
39f2cbfc3c
Older targets confirmed for CoolType SING
2012-09-12 16:51:51 -05:00
Tod Beardsley
fba219532c
Updating BID for openfiler
2012-09-12 14:13:21 -05:00
HD Moore
c901002e75
Add ssh login module for cydia / ios defaults
2012-09-10 19:36:20 -05:00
HD Moore
fbbed2262b
Updated iOS modules
2012-09-10 17:42:17 -05:00
sinn3r
83f4b38609
Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 16:19:14 -05:00
jvazquez-r7
61bf15114a
deregistering FILENAME option
2012-09-10 23:14:14 +02:00
sinn3r
2259de3130
Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 16:10:22 -05:00
jvazquez-r7
199fbaf33d
use a static filename
2012-09-10 23:08:21 +02:00
sinn3r
1c14c270bc
Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 15:53:16 -05:00
jvazquez-r7
cb975ce0a2
cleanup plus documentation for the maki template
2012-09-10 22:48:04 +02:00
sinn3r
f5a0f74d27
Merge branch 'wanem_exec_improve' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-wanem_exec_improve
2012-09-10 13:35:48 -05:00
James Lee
bbeb6cc97a
Add a privilege escalation exploit for udev < 1.4.1
...
Also includes a new ```rm_f``` method for Post::File for deleting remote
files in a platform-independent way.
2012-09-10 12:32:14 -05:00
jvazquez-r7
607c0f023a
added edb references
2012-09-10 17:30:31 +02:00
jvazquez-r7
b813e4e650
Added module for CVE-2009-1831
2012-09-10 16:46:16 +02:00
sinn3r
64b8696e3c
Extra condition that's not actually needed
...
Don't actually need to check nil res, because no code will
actually try to access res when it's nil anyway. And the 'return'
at the of the function will catch it when the response times out.
2012-09-09 04:06:48 -05:00
bcoles
cb95a7b520
Add openfiler_networkcard_exec exploit
2012-09-09 17:28:09 +09:30
jvazquez-r7
37c7f366f2
check function test vulnerability + minor improvements
2012-09-09 00:42:02 +02:00
bcoles
f02659184a
Add WANem v2.3 command execution
2012-09-08 16:01:45 +09:30
jvazquez-r7
caae54a7ca
added osvdb reference
2012-09-07 16:56:37 +02:00
jvazquez-r7
c572c20831
Description updated to explain conditions
2012-09-07 11:18:54 +02:00
sinn3r
bd596a3f39
Merge branch 'sflog_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sflog_upload_exec
2012-09-06 18:40:19 -05:00
sinn3r
86036737ca
Apparently this app has two different names
...
People may either call the app "ActiveFax", or "ActFax". Include
both names in there to allow the module to be more searchable.
2012-09-06 18:38:03 -05:00
sinn3r
6a484cdbc5
Merge branch 'actfax_local_exploit' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-actfax_local_exploit
2012-09-06 18:35:08 -05:00
sinn3r
b4270bb480
Add OSVDB-83767: SFlog Upload Exec Module
...
This module exploits multiiple flaws in SFlog!. By default, the
CMS has a default admin cred of "admin:secret", which can be
abused to access admin features such as blog management. Through
the management interface, we can upload a backdoor that's accessible
by any remote user, and then we gain code execution.
2012-09-06 18:30:45 -05:00
jvazquez-r7
fc1c1c93ba
ZDI references fixed
2012-09-07 00:50:07 +02:00
jvazquez-r7
4985cb0982
Added module for ActFac SYSTEM Local bof
2012-09-07 00:45:08 +02:00
jvazquez-r7
65681dc3b6
added osvdb reference
2012-09-06 13:56:52 +02:00
jvazquez-r7
b4113a2a38
hp_site_scope_uploadfileshandler is now multiplatform
2012-09-06 12:54:51 +02:00
Tod Beardsley
9531c95627
Adding BID
2012-09-05 15:04:05 -05:00
sinn3r
43041e3a0a
Merge branch 'hp_sitescope_uploadfileshandler' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_uploadfileshandler
2012-09-05 14:03:24 -05:00
jvazquez-r7
2f87af1c3a
add some checks while parsing the java serialization config file
2012-09-05 20:58:55 +02:00
jvazquez-r7
b2116e2394
cleanup, test, add on_new_session handler and osvdb references
2012-09-05 20:54:25 +02:00
sinn3r
bbab206eac
Add CVE-2012-3579 - Symantec Messaging Gateway 9 Default SSH Pass
...
This module exploits a default misconfig flaw on Symantec Messaging
Gateway 9.5 (or older). The "support" user has a known default
password, which can be used to login to the SSH service, and then
gain privileged access from remote.
2012-09-05 13:21:10 -05:00
jvazquez-r7
406202fc81
Added module for ZDI-12-174
2012-09-05 12:56:09 +02:00
sinn3r
99009da567
Merge branch 'mobilecartly_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mobilecartly_upload_exec
2012-09-04 14:32:23 -05:00
sinn3r
e926bc16ba
Add MobileCartly 1.0 module
2012-09-04 14:23:16 -05:00
jvazquez-r7
4a92cc4641
jboss_invoke_deploy module cleanup
2012-09-04 18:49:11 +02:00
jvazquez-r7
cb40a0c362
Merge branch 'jboss-jmx-invoke-deploy' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-jmx-invoke-deploy
2012-09-04 18:47:30 +02:00
sinn3r
783ffb13c2
Add Adobe security bulletin references
2012-09-04 00:07:53 -05:00
sinn3r
b3bfaec089
Add reference about the patch
2012-09-03 23:58:21 -05:00
sinn3r
9d97dc8327
Add Metasploit blogs as references, because they're useful.
2012-09-03 15:57:27 -05:00
h0ng10
2b6aa6bbdb
Added Exploit for deployfilerepository via JMX
2012-09-03 13:50:16 -04:00
sinn3r
9ab62de637
Fix a spelling error
2012-09-03 01:44:02 -05:00
jvazquez-r7
943121dd61
Added module for CVE-2012-2611
2012-09-03 00:15:56 +02:00
sinn3r
d106a1150e
Be more clear that we dislike certain PDF templates
2012-08-31 14:07:58 -05:00
sinn3r
f48fbaccb0
Add Oracle's security alert
2012-08-30 14:04:16 -05:00
sinn3r
4758eb0dc3
Merge branch 'jvazquez-r7-taget_host_glassflish_deployer'
2012-08-30 12:18:02 -05:00
jvazquez-r7
f99982a85e
added java as platform to avoid confussion between target and payload
2012-08-30 18:39:20 +02:00
jvazquez-r7
4fd9f88304
avoid the redefinition of Module.target_host
2012-08-30 14:45:14 +02:00
jvazquez-r7
f439f256b5
Debug line deleted on
2012-08-30 00:18:07 +02:00
sinn3r
c3159e369a
A lot gotcha
...
When res is nil, that condition can fall into the 'else' clause.
If that happens, we can trigger a bug when we try to read res.code.
2012-08-29 14:46:35 -05:00
sinn3r
b70e205a7e
Merge branch 'sap_host_control_cmd_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sap_host_control_cmd_exec
2012-08-29 14:45:46 -05:00
sinn3r
5f64c55112
Update description
2012-08-29 11:10:35 -05:00
jvazquez-r7
6a24e042f9
fixing indentation
2012-08-29 16:17:56 +02:00
jvazquez-r7
2ed712949e
Added check function
2012-08-29 16:12:11 +02:00
jvazquez-r7
72cb39925a
Added exploit for OSVDB 84821
2012-08-29 12:17:44 +02:00
jvazquez-r7
363c0913ae
changed dir names according to CVE
2012-08-28 16:33:01 +02:00
sinn3r
34b12c4f55
Update CVE/OSVDB refs
2012-08-28 01:21:32 -05:00
jvazquez-r7
6e2369680b
Safari added
2012-08-28 02:04:03 +02:00
jvazquez-r7
30fd2cf256
Description updated
2012-08-28 02:01:26 +02:00
sinn3r
7e579db705
Add AlienVault reference
2012-08-27 13:29:27 -05:00
sinn3r
15a87a79f8
Add mihi's analysis
2012-08-27 13:24:43 -05:00
jvazquez-r7
52ca1083c2
Added java_jre17_exec
2012-08-27 11:25:04 +02:00
sinn3r
8e56d4f2eb
This reference is too damn useful, must add
2012-08-25 16:05:58 -05:00
midnitesnake
25ee8fd357
Run postgres.rb & postgres_payload through msftidy, and cleaned up the files
2012-08-25 01:44:49 +01:00
sinn3r
d51f8cad25
Change title and description
2012-08-24 15:39:56 -05:00
sinn3r
ea7d7b847a
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-08-24 11:17:14 -05:00
jvazquez-r7
179e816194
Merge branch 'esva_bid' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-esva_bid
2012-08-24 17:37:25 +02:00
jvazquez-r7
8f748d833a
Added BID reference
2012-08-24 17:30:52 +02:00
jvazquez-r7
e27f736e95
BID reference added
2012-08-24 17:29:12 +02:00
jvazquez-r7
e461d542ac
added Windows 2003 SP1 Spanish targets
2012-08-24 12:50:30 +02:00
jvazquez-r7
54ce7268ad
modules/exploits/windows/smb/ms08_067_netapi.rb
2012-08-24 11:30:23 +02:00
jvazquez-r7
1a60abc7a7
Added W2003 SP2 Spanish targets
2012-08-24 11:16:08 +02:00
jvazquez-r7
261a17d28a
Added module for CVE-2009-4498
2012-08-23 18:29:39 +02:00
jvazquez-r7
57c6385279
heap spray from flash works pretty well on ie9 too
2012-08-22 20:47:11 +02:00
jvazquez-r7
730c0e9368
added windows vista and w7 targets
2012-08-22 20:13:10 +02:00
sinn3r
22051c9c2c
Merge branch 'flash_exploit_r2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-flash_exploit_r2
2012-08-22 10:00:34 -05:00
sinn3r
1b6fe22359
Give proper credit to Craig plus additional references
...
Craig first found the buffer overflow. But Matt found a more
reliable way to exploit the flaw.
2012-08-21 22:48:15 -05:00
midnitesnake
d0b1fa33af
swapped out OptString for OptEnum
2012-08-22 02:20:13 +01:00
sinn3r
f715527423
Improve CVE-2012-1535
2012-08-21 19:58:21 -05:00
midnitesnake
8218a60b32
other corrections
2012-08-22 00:08:59 +01:00
midnitesnake
5cf7f22a13
corrections following on from jlee-r7 comments
2012-08-21 23:57:07 +01:00
jvazquez-r7
0e535e6485
added module for XODA file upload RCE
2012-08-22 00:54:13 +02:00
sinn3r
7ddcc787bd
Merge branch 'jboss-exploits-revision2' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-exploits-revision2
2012-08-21 14:37:09 -05:00
jvazquez-r7
3106f87687
badchars fixed
2012-08-21 13:30:15 +02:00
jvazquez-r7
e21ea6999c
added module for ESVA Command Injection Vulnerability
2012-08-21 13:25:03 +02:00
jvazquez-r7
3da8a59cf0
a little cleanup plus complete metadata
2012-08-20 22:42:54 +02:00
Matt Andreko
d226135986
Code Review Feedback
...
Removed trailing spaces and fixed indenting.
2012-08-20 10:41:42 -04:00
Matt Andreko
d82493a658
Code Review Feedback
...
Added 'Space' payload option, which in turn also required 'DisableNops'
Added/Corrected documentation for return addresses
2012-08-19 22:09:08 -04:00
Matt Andreko
bd249d1f28
Fixed exploit and made code review changes
...
The exploit was not working due to the user's root path causing
the EIP offset to change. To correct this, I was able to get
the server to disclose the root path in an error message (fixed in
5.67). I also radically refactored the exploit due to the feedback
I received from Juan Vazquez.
2012-08-19 10:01:03 -04:00
Matt Andreko
6dfe706860
Merge remote-tracking branch 'upstream/master' into sysax_create_folder
2012-08-19 09:58:04 -04:00
sinn3r
d1370c0f33
Alexander Gavrun gets a cookie
2012-08-17 12:23:49 -05:00
sinn3r
53a835dc85
Imply that we only garantee 11.3
2012-08-17 12:18:45 -05:00
sinn3r
13df1480c8
Add exploit for CVE-2012-1535
2012-08-17 12:16:54 -05:00
sinn3r
a228e42630
Add new target thanks for cabetux
2012-08-15 16:06:09 -05:00
h0ng10
c6b9121f8b
Added support for CVE-2010-0738
2012-08-15 15:47:44 -04:00
sinn3r
ac2e3dd44e
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-08-15 14:47:22 -05:00
h0ng10
6965431389
Added support for CVE-2010-0738, msftidy
2012-08-15 15:47:14 -04:00
sinn3r
54146b8e99
Add another ref about the technique
2012-08-15 14:46:51 -05:00
h0ng10
e5498e3e1d
Added fix for CVE-2010-0738, corrections
2012-08-15 15:46:34 -04:00
Tod Beardsley
f325d47659
Fix up description a little
2012-08-15 13:57:24 -05:00
Tod Beardsley
586d937161
Msftidy fix and adding OSVDB
2012-08-15 13:43:50 -05:00
Tod Beardsley
d56ac81a57
Recapitalizing GlobalSCAPE
...
According to
http://kb.globalscape.com/Search.aspx?Keywords=globalscape
this seems to be the preferred capitalization.
2012-08-15 13:25:35 -05:00
sinn3r
dc5f8b874d
Found a bug with retrying.
2012-08-14 17:04:17 -05:00
sinn3r
6a0271fb11
Correct OSX naming. See ticket #7182
2012-08-14 15:29:21 -05:00
Tod Beardsley
0e4e7dc903
Indentation fix
2012-08-14 12:27:27 -05:00
Tod Beardsley
6597d25726
Shortening an over-200 long line for readability
...
It's a contrived fix, but scrolling over is a hassle. This comes up a
lot in long regexes, not sure the best way to address these.
2012-08-14 12:27:27 -05:00
sinn3r
bfe2ed0737
Minor title update
2012-08-14 12:14:13 -05:00
midnitesnake
ad2b457fda
Added linux port for postgres payload
2012-08-14 17:46:35 +01:00
jvazquez-r7
1ec7f03352
Changes proposed by todb: description, author email, zip data random
2012-08-14 18:45:05 +02:00
jvazquez-r7
3c79509780
Added module for BID 46375
2012-08-14 18:15:29 +02:00
sinn3r
3e0e5a1a75
No manual stuff, probably prones to failure anyway.
2012-08-14 10:58:57 -05:00
sinn3r
612848df6f
Add priv escalation mod for exploiting trusted service path
2012-08-14 01:55:03 -05:00
Tod Beardsley
bd408fc27e
Updating msft links to psexec
...
Thanks for the spot @shuckins-r7 !
2012-08-13 15:28:04 -05:00
jvazquez-r7
d6b28dc44d
ranking changed plus on_new_session handler added
2012-08-13 19:29:13 +02:00
jvazquez-r7
468030786f
small fixes, mainly check res agains nil, res.code and use send_request_cgi
2012-08-13 18:57:59 +02:00
jvazquez-r7
29c48be2ed
Merge branch 'testlink_upload_exec' of https://github.com/bcoles/metasploit-framework into bcoles-testlink_upload_exec
2012-08-13 18:54:33 +02:00
sinn3r
6059bb5710
Merge branch 'cyclope' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-cyclope
2012-08-13 11:40:46 -05:00
sinn3r
dfa00ac499
Merge branch 'zenworks_assetmgmt_uploadservlet' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_assetmgmt_uploadservlet
2012-08-13 11:39:15 -05:00
bcoles
8bb3181f68
Add TestLink v1.9.3 arbitrary file upload module
2012-08-13 16:30:10 +09:30
HD Moore
f72f334124
Fix an odd issue with search due to use of the builtin Proxies option
2012-08-12 23:22:38 -05:00
sinn3r
f9b5f321cb
ADD OSVDB-84517
2012-08-12 17:56:18 -05:00
RageLtMan
3711297719
dd Opt::Proxies and opthash[:proxies] to exploits
2012-08-12 16:29:39 -04:00
jvazquez-r7
bf04e2dded
Added module for CVE-2011-2653
2012-08-12 18:27:56 +02:00
James Lee
67cdea1788
Fix load order issues (again)
...
This is getting annoying. Some day we'll have autoload and never have
to deal with this.
2012-08-10 13:52:54 -06:00
sinn3r
b4b860f356
Correct MC's name
2012-08-08 14:16:02 -05:00
jvazquez-r7
8587ff535a
Added exploit module for CVE-2009-1730
2012-08-08 16:28:03 +02:00
sinn3r
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
sinn3r
7221420267
When it hangs, it's actually the correct behavior, not a failure.
2012-08-07 15:00:08 -05:00
Tod Beardsley
955a5af8cf
Adding OSVDB ref
2012-08-07 12:56:29 -05:00
sinn3r
ddcee6fee0
And the war between spaces and tabs goes on....
2012-08-07 12:36:53 -05:00
sinn3r
540f6253ef
Merge branch 'pbot_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-pbot_exec
2012-08-07 12:26:07 -05:00
sinn3r
57c32c9c7b
Slip Plixer's name in there, because it's their product.
2012-08-07 12:20:44 -05:00
jvazquez-r7
fb452d75a3
Added module for pbot RCE
2012-08-07 19:20:32 +02:00
sinn3r
0f37c1704d
Add vendor's name in there fore better searching
2012-08-07 12:17:41 -05:00
sinn3r
5f4297a68a
I tested it 9.5.2 too
2012-08-07 11:01:08 -05:00
sinn3r
3ba73c4f7f
Fix check() function
2012-08-07 11:00:12 -05:00
sinn3r
6b4ae94dce
Add CVE-2012-3951 Scrutinizer NetFlow and sFlow Analyzer exploit
...
This uses a default MySQL admin credential to write a php file to
the web directory, extracts our malicious executable, and then
finally execute it. We get SYSTEM.
2012-08-07 03:19:44 -05:00
jvazquez-r7
44dd8b0cc5
Merge branch 'update_juan_author' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-update_juan_author
2012-08-06 19:04:26 +02:00
jvazquez-r7
c2cc4b3b15
juan author name updated
2012-08-06 18:59:16 +02:00
sinn3r
349c841f6b
Blah, OSVDB ref shouldn't be a link
2012-08-06 11:57:59 -05:00
sinn3r
647b587f75
Merge branch 'Meatballs1-uplay'
2012-08-06 11:54:51 -05:00
sinn3r
69ff9e7c1c
Lots of changes before commit.
2012-08-06 11:54:08 -05:00
sinn3r
25b2b2de68
Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay
2012-08-06 11:33:27 -05:00
sinn3r
13aca3fe4c
Merge branch 'oracle_autovue_setmarkupmode' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_autovue_setmarkupmode
2012-08-06 03:13:27 -05:00
Steve Tornio
54ed27c1b3
add osvdb ref
2012-08-05 09:02:54 -05:00
Steve Tornio
b646dcc87f
add osvdb ref
2012-08-05 09:02:32 -05:00
Steve Tornio
79e04bb793
add osvdb ref
2012-08-05 09:02:11 -05:00
Steve Tornio
eb963ae52a
add osvdb ref
2012-08-05 09:01:46 -05:00
jvazquez-r7
4e8a6f6508
Added module for CVE-2012-0549
2012-08-05 12:13:23 +02:00
Tod Beardsley
d5b165abbb
Msftidy.rb cleanup on recent modules.
...
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
Meatballs1
1aacea951d
Serve files as hidden
2012-08-04 18:03:12 +01:00
Meatballs1
833999b2c3
Changed blacklist to 404 all files that are not our share and executable - this allows windows/exec payload to work
2012-08-04 17:59:45 +01:00
Daniel Miller
31510167e6
Make setuid_nmap more robust
...
Squashed commit of the following:
commit e1a1f84f9b1ce6466e82c72e39070c34607d6769
Author: James Lee <egypt@metasploit.com>
Date: Fri Aug 3 14:13:33 2012 -0600
Fix 1.8 compat
commit 26533219896b6e874b2f2113e7cbc6d5d7d1ac79
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Thu Aug 2 09:50:38 2012 -0500
Handle early Nmap versions that don't take absolute paths
commit 00db80131deba1f4a3bcc289b394feb5057fbbe9
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Fri Jul 27 11:58:36 2012 -0500
Add compatibility args to setuid_nmap command
Nmap before 4.75 would not run a script without a port scan being
performed. Example: 4.53 installed on Metasploitable would not work.
Added "-p80 localhost" to the command to ensure it works with these
older versions.
[Closes #649 ]
2012-08-03 14:15:09 -06:00
h0ng10
8872ea693c
real support for cve-2010-0738/verb bypass
2012-08-03 14:22:40 -04:00
h0ng10
52b1919315
Additional cleanups, verb tampering
2012-08-02 17:33:17 -04:00
James Lee
227d0dbc47
Add jabra to authors. I'm a jerk
2012-08-02 11:13:53 -06:00
James Lee
1a2a1e70f7
Replace load with require, *facepalm*
2012-08-01 22:51:36 -06:00
sinn3r
2f1022a5a3
Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay
2012-08-01 16:24:23 -05:00
sinn3r
f6a2ba094d
Merge branch 'sonicwall_scrutinizer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sonicwall_scrutinizer
2012-08-01 15:14:34 -05:00
sinn3r
74a6c724a6
Merge branch 'cisco_playerpt_setsource_surl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cisco_playerpt_setsource_surl
2012-08-01 15:13:15 -05:00
sinn3r
6ae863cdff
Forgot two extra spaces, how dare me!
2012-08-01 15:11:33 -05:00
sinn3r
227c3afed3
Merge branch 'bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec'
2012-08-01 15:08:51 -05:00
sinn3r
7af9979687
Merge branch 'zenoss_3.2.1_showdaemonxmlconfig_exec' of https://github.com/bcoles/metasploit-framework into bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec
2012-08-01 15:06:42 -05:00
sinn3r
48533dc392
Merge branch 'current-user-psexec' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-current-user-psexec
2012-08-01 15:02:10 -05:00
sinn3r
92d1d26288
Add CVE-2012-2962 : Dell SonicWall Scrutinizer exploit
2012-08-01 15:00:24 -05:00
jvazquez-r7
4c28b2a310
modified autopwn_info to add ie9
2012-08-01 19:36:20 +02:00
jvazquez-r7
d3c10d5d39
Added module for CVE-2012-0284
2012-08-01 19:34:37 +02:00
bcoles
2bf0899d09
minor improvements to Zenoss showdaemonxmlconfig exploit
2012-08-01 20:15:45 +09:30
James Lee
0707730fe0
Remove superfluous method
...
Obsoleted by session.session_host, which does the same thing
2012-08-01 01:07:21 -06:00
James Lee
47eb387886
Add current_user_psexec module
...
Tested against a 2k8 domain controller.
2012-08-01 01:05:10 -06:00
sinn3r
8a40ef397d
Merge branch 'webpagetest' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webpagetest
2012-07-31 17:29:42 -05:00
sinn3r
d66678e7ee
Forgot to randomize element ID
2012-07-31 17:25:50 -05:00
jvazquez-r7
7a0b5a6169
Added module for CVE-2012-1876
2012-07-31 23:14:29 +02:00
Meatballs1
75a9283fbf
Removed auto migrate as exploit loads in a seperate process to browser anyway
2012-07-31 20:44:14 +01:00
Meatballs1
6f697ce519
Working with WebDAV
2012-07-31 20:26:47 +01:00
sinn3r
9815faec37
Add OSVDB-83822
2012-07-31 13:31:06 -05:00
sinn3r
20489864fc
Merge branch 'zenoss_3.2.1_showdaemonxmlconfig_exec' of https://github.com/bcoles/metasploit-framework into bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec
2012-07-31 08:42:34 -05:00
sinn3r
e7db0ebcef
Blah, removed the wrong ref.
2012-07-30 12:47:32 -05:00
sinn3r
edfe43e7e0
When I say to remove BID ref, I mean it...
2012-07-30 12:46:27 -05:00
sinn3r
e84214d1e1
Remove some references to avoid confusion.
...
rgod's poc and Mikado aren't actually the same thing, despite the
fact they both use the same method. To avoid confusion, refs to
Secunia and CVE are removed, but OSVDB/EDB are kept unless OSVDB
decides rgod's and Mikado's are separate issues.
2012-07-30 12:42:27 -05:00
Meatballs1
f298dbbd04
Fixed to work with browser_autopwn
2012-07-30 16:43:21 +01:00
Meatballs1
066020e572
Msftidy
2012-07-30 15:51:56 +01:00
Meatballs1
404909cb95
Check as IE crashes if length > 693
2012-07-30 15:41:58 +01:00
Meatballs1
690c381abd
Initial commit
2012-07-30 14:49:34 +01:00
bcoles
bdf8f1a543
Clean up Zenoss exploit + minor improvements
...
Changed send_request_raw() to send_request_cgi()
- Removed redundant request headers 'Content-Length'
Added rescue error message for connection failures
Changed username to the default 'admin' account
2012-07-30 18:04:14 +09:30
jvazquez-r7
2fa88366be
Added module for MS10-104
2012-07-30 09:01:38 +02:00
bcoles
8d3700cc3c
Add Zenoss <= 3.2.1 exploit and Python payload
...
- modules/exploits/linux/http/zenoss_3.2.1_showdaemonxmlconfig_exec.rb
- modules/payloads/singles/cmd/unix/reverse_python.rb
2012-07-30 01:24:27 +09:30
Matt Andreko
2f7b5f35af
Added Sysax 5.64 Create Folder exploit
2012-07-29 10:40:02 -04:00
h0ng10
36be7cd9c4
removed unnecessary cleanup
2012-07-27 16:32:08 -04:00
sinn3r
d67234bd03
Better regex and email format correction
2012-07-27 01:14:32 -05:00
sinn3r
2939e3918e
Rename file
2012-07-27 01:06:57 -05:00
bcoles
cec15aa204
Added CuteFlow v2.11.2 Arbitrary File Upload
...
- modules/exploits/multi/http/cuteflow_2.11.2_upload_exec.rb
2012-07-27 12:30:20 +09:30
sinn3r
80e0688c68
Merge branch 'symantec_pbcontrol' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-symantec_pbcontrol
2012-07-26 15:16:23 -05:00
sinn3r
e483af64e4
Random text
2012-07-26 15:14:02 -05:00
sinn3r
6c3b05f1c4
Add CVE-2012-2953 Symantec Web Gateway proxy_file() cmd exec bug
2012-07-26 13:11:05 -05:00
jvazquez-r7
0bbcac96ea
cleanup: delete revision metadata plus fix disc date
2012-07-26 15:04:15 +02:00
jvazquez-r7
e885b84347
Added module for CVE-2012-0284
2012-07-26 13:08:24 +02:00
sinn3r
3cb60fb42a
Fix 1.8-specific regexp syntax bug
...
The bug was:
line 343: warning: regexp has invalid interval
line 343: warning: regexp has '}' without escape
2012-07-26 02:19:13 -05:00
jvazquez-r7
d2e1f4b448
Added module for OSVDB 83745
2012-07-25 19:24:09 +02:00
sinn3r
b527356e00
This check can be handy
2012-07-22 03:34:16 -05:00
sinn3r
5fd58eda71
Merge branch 'sws_connection_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sws_connection_bof
2012-07-22 03:29:33 -05:00
jvazquez-r7
2f66aa7c4f
Added module for OSVDB 83891
2012-07-21 12:14:29 +02:00
jvazquez-r7
beb1fbb55d
Added module for Simple Web Server Connection header bof
2012-07-21 12:07:36 +02:00
jvazquez-r7
f4e4675dc5
Avoid unpack with native endian types
2012-07-20 22:07:12 +02:00
sinn3r
b662881613
Enforce a check before firing the exploit
2012-07-19 16:43:52 -05:00
jvazquez-r7
37f14f76b7
Descriptions updated
2012-07-19 17:38:01 +02:00
sinn3r
2bb36f5ef9
Remove repeating words
2012-07-19 10:17:05 -05:00
sinn3r
898530dd54
Fix description
2012-07-19 10:15:26 -05:00
sinn3r
2c648b1c5b
Merge branch 'zenworks_preboot_op6c_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6c_bof
2012-07-19 10:14:10 -05:00
sinn3r
8f867b5b0d
100 columns or each line in the description
2012-07-19 10:12:22 -05:00
jvazquez-r7
d51209a3cf
Beautify
2012-07-19 15:53:47 +02:00
jvazquez-r7
d69a46a9f0
Beautify
2012-07-19 15:53:09 +02:00
jvazquez-r7
83b7b90c61
Added module for CVE-2011-3175
2012-07-19 15:30:51 +02:00
jvazquez-r7
48f8145d97
Added module for CVE-2011-3176
2012-07-19 15:29:10 +02:00
James Lee
d238debb2f
Add disclo date, discoverers, and better description
2012-07-18 16:14:32 -06:00
James Lee
ebe48ecf16
Add Rank for schelevator, update sock_sendpage's
2012-07-18 11:16:29 -06:00
sinn3r
f4547527a8
Merge branch 'omg-post-exploits' of https://github.com/jlee-r7/metasploit-framework
2012-07-17 17:43:40 -05:00
sinn3r
b3e11f2e6b
Merge branch 'zenworks_preboot_op6_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6_bof
2012-07-17 17:42:58 -05:00
jvazquez-r7
80bfd48535
Added module for ZDI-010-090 Opcode 0x6
2012-07-17 23:25:55 +02:00
jvazquez-r7
0514756e92
Added module for ZDI-010-090 Opcode 0x21
2012-07-17 23:25:04 +02:00
James Lee
efe478f847
Merge branch 'master' into omg-post-exploits
2012-07-16 09:20:23 -06:00
HD Moore
a57e712630
Be less verbose
2012-07-15 22:19:12 -05:00
HD Moore
b133428bc1
Better error handling in two web app modules
2012-07-15 21:56:00 -05:00
HD Moore
7f3aeca501
Put lipstick on this pig for the time being
2012-07-15 21:35:29 -05:00
James Lee
7091d1c65b
Add an exploit for sock_sendpage
...
Unfortunately, adds a dep on bionic for runtime compilation.
Gets ring0, sets the (res)uid to 0 and jumps to the payload. Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into. Single payloads work fine, though.
Also cleans up and improves local exploits' ability to compile C.
[SEERM #3038 ]
2012-07-15 20:29:48 -06:00
HD Moore
44e56c87f1
Make super sure that blank creds are not reported
2012-07-15 20:56:31 -05:00
jvazquez-r7
8cf08c6ca3
Target W7 updated
2012-07-15 17:45:58 +02:00
sinn3r
e1ff6b0cef
Nicer cleanup
2012-07-14 17:57:32 -05:00
jvazquez-r7
bdf009d7a8
Review of pull request #606
2012-07-15 00:20:12 +02:00
jvazquez-r7
6c8ee443c8
datastore cleanup according to sinn3r
2012-07-12 09:31:22 +02:00
jvazquez-r7
65d15df9f9
Merge branch 'jboss-revision' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-revision
2012-07-12 09:25:37 +02:00
h0ng10
87f5002516
added datastore cleanup
2012-07-11 12:56:23 -04:00
h0ng10
0d38a7e45f
switched to Rex::Text.encode_base64()
2012-07-11 12:52:09 -04:00
LittleLightLittleFire
32fa8bdfcf
Fixed typo in Stefan's last name
2012-07-11 14:53:26 +10:00
h0ng10
61ec07a10c
additional targets, meterpreter, bugfixes
2012-07-10 13:33:28 -04:00
sinn3r
06974cbc43
This bug is now patched
2012-07-10 12:28:46 -05:00
jvazquez-r7
4af75ff7ed
Added module for CVE-2011-4542
2012-07-10 18:40:18 +02:00
sinn3r
6f97b330e7
Merge branch 'LittleLightLittleFire-module-cve-2012-1723'
2012-07-10 00:50:31 -05:00
sinn3r
5b7d1f17c0
Correct juan's name and comments
2012-07-10 00:43:46 -05:00
sinn3r
54576a9bbd
Last touch-up
...
The contents of this pull request are very similar to what the msf
dev had in private, so everybody is credited for the effort.
2012-07-10 00:37:07 -05:00
HD Moore
c532d4307a
Use the right failure reason
2012-07-10 00:26:14 -05:00
LittleLightLittleFire
e9ac90f7b0
added CVE-2012-1723
2012-07-10 12:20:37 +10:00
jvazquez-r7
73fcf73419
Added module for CVE-2011-2657
2012-07-09 18:03:16 +02:00
James Lee
6d6b4bfa92
Merge remote branch 'rapid7/master' into omg-post-exploits
2012-07-08 17:32:39 -06:00
Steve Tornio
44290c2c89
add osvdb ref
2012-07-07 08:40:25 -05:00
sinn3r
70c718a5ed
Fix indent level
2012-07-06 12:44:03 -05:00
sinn3r
24c57b61a8
Add juan as an author too for improving the module a lot
2012-07-06 10:41:06 -05:00
jvazquez-r7
9fecc80459
User of TARGETURI plus improve of description
2012-07-06 15:47:25 +02:00
jvazquez-r7
7751c54a52
references updates
2012-07-06 11:56:03 +02:00
jvazquez-r7
f8ca5b4234
Revision of pull request #562
2012-07-06 11:52:43 +02:00
sinn3r
1e6c4301b6
We worked on it, so we got credit
2012-07-06 02:12:10 -05:00
sinn3r
f8123ef316
Add a "#" in the end after the payload
2012-07-06 02:09:31 -05:00
sinn3r
187731f2cb
Add a check function to detect the vuln
2012-07-06 01:58:01 -05:00
sinn3r
dcddc712d2
Missing a "&"
2012-07-06 01:50:18 -05:00
sinn3r
3c8a836091
Add lcashdol's module from #568
...
Initial version being worked on by sinn3r & juan
2012-07-06 01:41:34 -05:00
sinn3r
260cea934d
Add more reference
2012-07-05 16:48:43 -05:00
sinn3r
850242e733
Remove the extra comma and a tab char
2012-07-05 14:05:23 -05:00
jvazquez-r7
aee7d1a966
Added module for CVE-2012-0911
2012-07-05 20:58:27 +02:00
jvazquez-r7
ff4a0bc3aa
poisonivy_bof description updated
2012-07-05 00:18:13 +02:00
jvazquez-r7
8bdf3b56f5
tries updated
2012-07-04 15:48:32 +02:00
jvazquez-r7
d8a5af7084
last changes done by gal, added RANDHEADER to single_exploit
2012-07-04 15:25:12 +02:00
jvazquez-r7
644d5029d5
add bruteforce target as optional
2012-07-04 13:02:47 +02:00
jvazquez-r7
7214a6c969
check function updated
2012-07-04 12:16:30 +02:00
jvazquez-r7
c531bd264b
brute force version of the exploit
2012-07-04 11:37:36 +02:00
jvazquez-r7
da2105787d
no rop versio of the exploit, metadata used, check and description fixed
2012-07-04 10:54:35 +02:00
jvazquez-r7
8bcc0ba440
Review of pull request #559
2012-07-03 23:49:47 +02:00
jvazquez-r7
600ca5b1dd
Added module for CVE-2012-0708
2012-07-03 19:03:58 +02:00
sinn3r
77d6fe16f0
Merge branch 'Winlog-CVE-resource' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-Winlog-CVE-resource
2012-07-02 16:04:02 -05:00
sinn3r
e2a2789f78
Support Ruby 1.8 syntax. Thanks M M.
2012-07-02 14:15:14 -05:00
m-1-k-3
e06ca8e654
Winlog-CVE-resource
2012-07-02 20:33:15 +02:00
jvazquez-r7
9d49052c52
hp_dataprotector_new_folder: added support for hpdp 6
2012-07-02 18:32:19 +02:00
HD Moore
3bb7405b09
Only report auth if the username is not blank
2012-07-02 04:11:29 -05:00
sinn3r
a3d74f5b10
Correct dead milw0rm references
2012-06-30 16:50:04 -05:00
sinn3r
2874768539
Also add juan as author. And links to the vulnerable setup.
2012-06-30 13:12:13 -05:00
jvazquez-r7
5dbfb7b9aa
last cleanup
2012-06-30 14:18:25 +02:00
jvazquez-r7
19d476122b
versions affected corrected
2012-06-29 20:23:17 +02:00
jvazquez-r7
533111c6da
irfanview_jpeg2000_bof: review of pull req #543
2012-06-29 20:13:02 +02:00
sinn3r
196e1b7f70
Update title & description to match what ZDI has.
...
ZDI publishes a new advisory that's closer to what we actually
see in a debugger. So we update the reference, as well as the
description + title to better match up theirs.
2012-06-29 11:10:28 -05:00
sinn3r
19b6ebbfbf
Merge branch 'apple_quicktime_texml_zdi' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-apple_quicktime_texml_zdi
2012-06-29 10:59:11 -05:00
sinn3r
0e87238e58
Space space
2012-06-29 10:56:12 -05:00
jvazquez-r7
c79312547a
Added module for CVE-2012-0124
2012-06-29 17:50:21 +02:00
jvazquez-r7
5efb459616
updated zdi reference
2012-06-29 16:36:11 +02:00
sinn3r
e5dd6fc672
Update milw0rm references.
...
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links. Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
sinn3r
7c9a8ba699
Add OSVDB reference
2012-06-28 02:09:12 -05:00
sinn3r
cf9a6d58cc
Update missing OSVDB ref
2012-06-28 00:44:01 -05:00
sinn3r
f63a3959e0
Update web app module references
2012-06-28 00:37:37 -05:00
sinn3r
869aec5e3e
Update CVE/OSVDB/Milw0rm references for browser modules
2012-06-28 00:26:20 -05:00
sinn3r
7dcdd205bb
Update CVEs for fileformat exploits
2012-06-28 00:21:03 -05:00
sinn3r
b83c02d8e3
Update CVE reference
2012-06-28 00:06:41 -05:00
sinn3r
d85ce8db5c
Update CVEs for HTTP exploits
2012-06-28 00:00:53 -05:00
sinn3r
e8102284ff
Add missing CVEs for misc exploit modules
2012-06-27 22:17:34 -05:00
sinn3r
f5faccfa07
Add missing CVEs for SCADA modules
2012-06-27 22:10:24 -05:00
sinn3r
e605a35433
Make sure the check func is always returning the same data type
2012-06-27 17:07:55 -05:00
sinn3r
cb1af5ab79
Final cleanup
2012-06-27 16:57:04 -05:00
jvazquez-r7
73360dfae3
minor fixes
2012-06-27 23:38:52 +02:00
jvazquez-r7
245205c6c9
changes on openfire_auth_bypass
2012-06-27 23:15:40 +02:00
jvazquez-r7
6ec990ed85
Merge branch 'Openfire-auth-bypass' of https://github.com/h0ng10/metasploit-framework into h0ng10-Openfire-auth-bypass
2012-06-27 23:09:26 +02:00
sinn3r
2f733ff8b9
Add CVE-2012-0663 Apple QuickTime TeXML Exploit
2012-06-27 14:41:45 -05:00
Tod Beardsley
94e28933c8
Whitespace fixes. msftidy.rb yall
2012-06-27 10:06:15 -05:00
sinn3r
9ea6d84a7a
Make it clear the exploit doesn't like certain PDF formats
...
If the exploit cannot fetch certain xref fields, we warn the user
we don't like their PDF, and recommend them to try a different
one.
2012-06-26 16:32:10 -05:00
h0ng10
6cc8390da9
Module rewrite, included Java support, direct upload, plugin deletion
2012-06-26 11:56:44 -04:00
sinn3r
b966dda980
Update missing CVE reference
2012-06-26 01:26:09 -05:00
sinn3r
8f355554c8
Update missing CVE reference
2012-06-26 01:21:24 -05:00
sinn3r
0d7b6d4053
Update missing CVE reference
2012-06-26 01:20:28 -05:00
sinn3r
c7935e0e99
Update OSVDB reference
2012-06-26 01:18:25 -05:00
sinn3r
9980c8f416
Add rh0's analysis
2012-06-25 21:32:45 -05:00
sinn3r
7698b2994d
Correct OSVDB typo
2012-06-25 18:32:35 -05:00
sinn3r
8927c8ae57
Make it more verbose, and do some exception handling for cleanup
2012-06-25 17:27:33 -05:00
jvazquez-r7
7b0f3383d2
delete default credentials
2012-06-25 23:53:56 +02:00
jvazquez-r7
7dc1a572e5
trying to fix serialization issues
2012-06-25 23:25:38 +02:00
jvazquez-r7
4c453f9b87
Added module for CVE-2012-0694
2012-06-25 17:21:03 +02:00
HD Moore
807f7729f0
Merge branch 'master' into feature/vuln-info
2012-06-25 10:10:20 -05:00
Steve Tornio
5d2655b0ce
add osvdb ref
2012-06-25 09:00:03 -05:00
HD Moore
348a0b8f6e
Merge branch 'master' into feature/vuln-info
2012-06-24 23:00:13 -05:00
HD Moore
c28d47dc70
Take into account an integer-normalized datastore
2012-06-24 23:00:02 -05:00
HD Moore
e31a09203d
Take into account an integer-normalized datastore
2012-06-24 22:59:14 -05:00
h0ng10
65197e79e2
added Exploit for CVE-2008-6508 (Openfire Auth bypass)
2012-06-24 07:35:38 -04:00
sinn3r
e805675c1f
Add Apple iTunes 10 Extended M3U Stack Buffer Overflow
...
New exploit against Apple iTunes. Note that this appears to be
different than liquidworm's CVE-2012-0677, because this one is
a stack-based buffer overflow, while CVE-2012-0677 is heap-based,
and a different crash/backtrace. However, according to Rh0, this
bug is patched anyway in the same update... possibly a silent
patch.
As of now, there seems to be no CVE or OSVDB addressing this
particular bug.
2012-06-24 02:01:34 -05:00
James Lee
6913440d67
More progress on syscall wrappers
...
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
2012-06-22 17:45:49 -06:00
Tod Beardsley
d708f2526c
Adding ref for APSB12-09 to new Flash sploit
2012-06-22 17:30:52 -05:00
jvazquez-r7
72ef8c91f0
module for CVE-2012-0779 added
2012-06-23 00:21:18 +02:00
m-1-k-3
315a1707e7
also new version v2.07.16 is vulnerable
2012-06-22 13:18:45 +02:00
James Lee
fd8b1636b9
Add the first bits of a sock_sendpage exploit
...
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.
Baby steps.
2012-06-22 00:03:29 -06:00
James Lee
815d80a2cc
Merge branch 'rapid7' into omg-post-exploits
2012-06-21 17:02:55 -06:00
sinn3r
9d52ecfbb6
Fix a few mistakes (typos & reference)
2012-06-21 02:32:04 -05:00
jvazquez-r7
6be7ba98aa
ezserver_http: added bid reference
2012-06-20 22:08:58 +02:00
HD Moore
f7ecc98923
Merge branch 'master' into feature/vuln-info
2012-06-20 13:34:53 -05:00
sinn3r
beb8e33fc4
Fix a typo
2012-06-20 09:53:09 -05:00
sinn3r
efaf5cf193
Oops, I found a typo.
2012-06-19 22:57:45 -05:00
sinn3r
9a9dd53e86
Use get_resource() instead of the hard-coded path
2012-06-19 22:56:25 -05:00
sinn3r
79fc053a2e
Merge branch 'module-CVE-2011-2110' of https://github.com/mrmee/metasploit-framework into mrmee-module-CVE-2011-2110
2012-06-19 22:05:07 -05:00
Steven Seeley
fcf42d3e7b
added adobe flashplayer array indexing exploit (CVE-2011-2110)
2012-06-20 12:52:37 +10:00
HD Moore
d40e39b71b
Additional exploit fail_with() changes to remove raise calls
2012-06-19 19:43:41 -05:00
HD Moore
664458ec45
No more crap :/
2012-06-19 19:43:29 -05:00
jvazquez-r7
a93eeca68d
msxml_get_definition_code_exec: added support for ie9
2012-06-20 00:17:50 +02:00
Tod Beardsley
3b1c434252
Remove trailing space
2012-06-19 16:44:07 -05:00
HD Moore
fb7f6b49f0
This mega-diff adds better error classification to existing modules
2012-06-19 12:59:15 -05:00
HD Moore
f7a85f3f9d
Make it clear that this works on Vista SP2
2012-06-18 20:13:37 -05:00
HD Moore
4739affd54
Fix the comment as well
2012-06-18 19:57:56 -05:00
HD Moore
bd0fd8195d
Add compatibility for Vista SP2 from troulouliou
2012-06-18 19:55:52 -05:00
sinn3r
4987acc703
Correct e-mail format, description, and some commas.
2012-06-18 18:52:26 -05:00
sinn3r
af8cb03d1b
Merge branch 'distcc-add-check' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-distcc-add-check
2012-06-18 18:33:21 -05:00
HD Moore
29887272a9
Correct the description to mention IE8 on Windows 7
2012-06-18 18:14:59 -05:00
jvazquez-r7
2df237b066
minor fixes
2012-06-18 22:44:17 +02:00
Juan Vazquez
10bd72f3a1
Merge pull request #500 from modpr0be/module-ezserver
...
added ezserver <=6.4.017 bof for winxp sp3
2012-06-18 13:42:35 -07:00
James Lee
96c16a498a
Add a check for distcc_exec
...
Just executes the exploit with an "echo <random>" payload to see if it
works.
2012-06-18 14:34:02 -06:00
modpr0be
d706199a83
fix all changes suggested by jvazquez-r7
2012-06-19 02:05:25 +07:00
sinn3r
256290c206
Additional changes
2012-06-18 10:49:16 -05:00
sinn3r
50269c910a
Add IE 8 targets
2012-06-18 10:44:52 -05:00
sinn3r
931f24b380
Merge branch 'php_apache_request_headers_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-php_apache_request_headers_bof
2012-06-16 14:56:45 -05:00
jvazquez-r7
a8a4594cd4
Documenting esi alignment plus using target_uri.to_s
2012-06-16 09:26:22 +02:00
James Lee
7eebc671ba
Put the curly braces back and drop a comma
...
The curly braces make extra commas at the end ok in 1.8. So fe39642e
broke this module for 1.8. Having braces doesn't hurt anything and
protects against syntax errors if a module author is not dilligent with
their commas, especially after copy-pasting another module.
2012-06-16 01:17:33 -06:00
sinn3r
424948a358
Fix title
2012-06-16 01:48:00 -05:00
sinn3r
38926fb97c
Description and name change
2012-06-15 20:11:34 -05:00
jvazquez-r7
c676708564
BrowserAutopwn info completed
2012-06-16 02:26:33 +02:00
jvazquez-r7
ce241b7e80
BrowserAutopwn info completed
2012-06-16 02:18:01 +02:00
jvazquez-r7
495ed2e434
BrowserAutopwn info added
2012-06-16 02:14:24 +02:00
jvazquez-r7
8a89968a1d
Added module for CVE-2012-1889
2012-06-16 01:50:25 +02:00
Tod Beardsley
fe39642e27
Dropping extra curly braces on f5 module
...
Also dropping extra whitespace.
2012-06-15 12:23:34 -05:00
Steve Tornio
80a0b4767a
add osvdb ref
2012-06-15 09:02:31 -05:00
jvazquez-r7
1d121071f3
Prepend nops to raw payload in encoder if needed
2012-06-15 09:59:10 +02:00
sinn3r
80d46580ec
One last minor change for metadata format
2012-06-14 21:48:24 -05:00
sinn3r
82799f2601
Some final touchup
...
This commit includes the following changes:
* Description change
* Additional references
* More testing
* Format change
* Other minor stuff
2012-06-14 21:46:38 -05:00
sinn3r
75a67d7160
Merge branch 'module-tfm_mmplayer' of https://github.com/bcoles/metasploit-framework into bcoles-module-tfm_mmplayer
2012-06-14 21:14:29 -05:00
jvazquez-r7
091b3bbbd9
Added module plus encoder for CVE-2012-2329
2012-06-15 00:29:52 +02:00
sinn3r
fb67fe9161
Merge branch 'mrmee-cmdsnd_ftp_exploit'
2012-06-14 14:19:56 -05:00
sinn3r
cde3c48765
Change title
2012-06-14 14:18:30 -05:00
sinn3r
b107025860
Correct typo. Also make use of random junks.
2012-06-14 14:17:57 -05:00
sinn3r
8e06babbba
Make msftidy happy
2012-06-14 14:16:07 -05:00
sinn3r
66e92d0200
Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit
2012-06-14 12:17:29 -05:00
sinn3r
c1685c44c3
Fix disclosure date
2012-06-14 10:03:49 -05:00
sinn3r
1cdf964719
A little change to the description
2012-06-14 10:03:15 -05:00
sinn3r
48ee81de29
Add CVE-2012-2915
2012-06-14 09:56:01 -05:00
bcoles
940f904dee
Changed date format to new DisclosureDate format. Removed two redundant spaces. Now passes msftidy.
2012-06-14 12:10:03 +09:30
Steven Seeley
a5fca47f56
updated windows XP SP3 pivot offset, please retest this
2012-06-14 10:31:17 +10:00
sinn3r
45eb531c23
Add Jun as an author for the initial discovery
2012-06-13 15:50:45 -05:00
sinn3r
7dc19bba16
Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit
2012-06-13 14:55:44 -05:00
Tod Beardsley
15b674dab3
Language on MS12-005
2012-06-13 14:22:20 -05:00
Tod Beardsley
99b9261294
Caps in title
2012-06-13 14:19:04 -05:00
Tod Beardsley
ae59f03ac9
Fixing print message in snort module
2012-06-13 14:04:05 -05:00
Tod Beardsley
559683f2a1
Fixing CRLFs on winlog_runtime_2
2012-06-13 13:59:39 -05:00
Tod Beardsley
3cf4f7ab44
Fixing indents on msadc module
2012-06-13 13:59:38 -05:00
sinn3r
42ee2b5c02
Add alienvault.com reference
2012-06-13 12:19:51 -05:00
jvazquez-r7
6abb7bb987
Added module for CVE-2012-1875 as exploited in the wild
2012-06-13 18:33:26 +02:00
Steven Seeley
209d6d20d1
comsnd ftp remote format string overflow exploit
2012-06-14 02:22:31 +10:00
James Lee
1138290a64
Return nil when an error occurred
...
Avoids anti-pattern of testing for a specific class.
2012-06-13 09:41:20 -06:00
HD Moore
a2aaca5e85
Correct a fp with this exploit module (would always print success)
2012-06-13 10:38:05 -05:00
James Lee
c39a42da3d
No need to alter time out
2012-06-12 23:58:20 -06:00
James Lee
1fbe5742bd
Axe some copy-pasta
2012-06-12 23:58:20 -06:00
James Lee
9f78a9e18e
Port ms10-092 to the new Exploit::Local format
2012-06-12 23:58:20 -06:00
James Lee
0e8fb0fe98
Add a post-exploitation exploit for suid nmap
...
Tested on Ubuntu with nmap 6.00 and nmap 5.00
2012-06-12 23:58:20 -06:00
sinn3r
cde508af03
Merge branch 'jjarmoc-php_cgi_arg_injection'
2012-06-13 00:44:41 -05:00
sinn3r
a631e1fef1
Change the default state to make it work on Metasploitable by default
2012-06-13 00:43:59 -05:00
sinn3r
597726d433
Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection
2012-06-13 00:40:02 -05:00
bcoles
9756f87517
Added TFM MMPlayer (m3u/ppl File) Buffer Overflow module
2012-06-13 13:50:12 +09:30
Jeff Jarmoc
bbfe0f8f49
" is 0x22, duh.
2012-06-12 20:00:28 -05:00
HD Moore
00aa8c0452
Add missing ExploitRank
2012-06-12 15:35:53 -05:00
HD Moore
4ea5712140
Add a timeout for wonky systems that hang during negotiation
2012-06-12 15:24:13 -05:00
Jeff Jarmoc
12a28bd519
Fixed ruby 1.9 String Indexing issue, using Rex::Text.uri_encode
2012-06-12 14:59:06 -05:00
Steve Tornio
5775fa9e67
add osvdb ref
2012-06-12 14:53:55 -05:00
HD Moore
cc0f3632a8
Merge pull request #477 from jlee-r7/f5-priv
...
CVE-2012-1493 F5 known private key exploit module
2012-06-12 12:20:48 -07:00
James Lee
a91085d6cd
Add a disclosure date and more detailed desc
2012-06-12 13:07:53 -06:00
James Lee
11df90c98e
Call update_info
...
Not sure why all modules don't do this. Or none of them.
2012-06-12 13:01:36 -06:00
James Lee
c564e9dcc4
Fix 1.8 compat error
...
Net::SSH expects +key_data+ to be an array of strings. Giving it just a
string works in 1.9 but not 1.8, presumably due to some errant use of
+each+.
2012-06-12 12:50:46 -06:00
James Lee
539deabef5
Clean up title, options
2012-06-12 12:08:58 -06:00
James Lee
85e1555e13
Payload compat to work with unix/interact
2012-06-12 11:46:21 -06:00
James Lee
3d5417e574
Initial commit of F5 exploit
2012-06-12 11:37:22 -06:00
jvazquez-r7
4ae786590a
php_wordpress_foxypress from patrick updated. Related to Pull Request #475
2012-06-12 17:39:05 +02:00
sinn3r
c3c9051014
Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection
2012-06-11 11:15:15 -05:00
jvazquez-r7
02a5dff51f
struts_code_exec_exception_delegator_on_new_session: on_new_session modified
2012-06-11 12:07:38 +02:00
Juan Vazquez
a43cf76591
Merge pull request #463 from schierlm/struts_arch_java
...
Add ARCH_JAVA support to struts_code_exec_exception_delegator
2012-06-11 03:05:37 -07:00
jvazquez-r7
b908ccff0f
Added module for CVE-2012-0297
2012-06-10 22:38:58 +02:00
sinn3r
74c6eb6f78
Change the title and add a Microsoft reference.
...
This is a MS bug, therefore it's important to point out which
bulletin it belongs to.
2012-06-10 14:45:15 -05:00
sinn3r
efcb206cdf
Correct a typo
2012-06-10 14:38:14 -05:00
sinn3r
498f3323f3
Merge branch 'ms12_005' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms12_005
2012-06-10 01:53:46 -05:00
sinn3r
8f6457661d
Change description
2012-06-10 01:52:26 -05:00
sinn3r
4743c9fb33
Add MS12-005 (CVE-2012-0013) exploit
2012-06-10 01:08:28 -05:00
jvazquez-r7
f0082ba38f
Added module for CVE-2012-0299
2012-06-09 22:27:27 +02:00
Michael Schierl
b4d33fb85a
Add ARCH_JAVA support to struts_code_exec_exception_delegator
2012-06-09 21:53:43 +02:00
jvazquez-r7
a9ee2b3480
Use of make_nops
2012-06-08 19:20:58 +02:00
jvazquez-r7
91f5f304cb
Added module for CVE-2011-2217
2012-06-08 18:10:20 +02:00
sinn3r
3726ddddac
Software name correction thanks to modpr0be
2012-06-08 07:07:19 -05:00
sinn3r
41d49ed553
Another badchar analysis. Allow shorter delay (5sec to 1)
2012-06-08 01:59:09 -05:00
sinn3r
e5b451c000
Too many tabs for the beginning of the description
2012-06-07 23:08:11 -05:00
sinn3r
520c0ca660
Make msftidy happy
2012-06-07 23:07:39 -05:00
sinn3r
61f5eddf47
Move winlog file
2012-06-07 23:03:30 -05:00
sinn3r
9adec7e7e7
Merge branch 'winlog-2.07.14' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-winlog-2.07.14
2012-06-07 23:02:23 -05:00
sinn3r
a709fe1fe3
Fix regex escaping thanks to w3bd3vil
2012-06-07 16:00:59 -05:00
sinn3r
1eb73dec38
Merge branch 'aushack-master'
2012-06-07 12:17:49 -05:00
sinn3r
42795fec00
Get rid of some whitespace
2012-06-07 12:17:25 -05:00
jvazquez-r7
bd714017bb
samsung_neti_wiewer: add Space property for Payload
2012-06-07 16:00:36 +02:00
Patrick Webster
0e20d324b8
Added ms02_065_msadc exploit module.
2012-06-07 21:02:13 +10:00
jvazquez-r7
2f3b1effb9
Added module for OSVDB 81453
2012-06-07 12:47:09 +02:00
sinn3r
28fe4c0be5
What's this break stuff?
...
"break" should be "return"
2012-06-06 11:21:35 -05:00
sinn3r
a54b14b192
Remove whitespace
2012-06-06 11:21:34 -05:00
Patrick Webster
c36ab97d41
Updated msadc exploit with fixes.
2012-06-06 11:21:34 -05:00
Patrick Webster
f25b828d31
Added exploit module msadc.rb
2012-06-06 11:21:34 -05:00
m-1-k-3
f4f023cbfb
add BID
2012-06-06 09:44:16 +02:00
sinn3r
462a91b005
Massive whitespace destruction
...
Remove tabs at the end of the line
2012-06-06 00:44:38 -05:00
sinn3r
3f0431cf51
Massive whitespace destruction
...
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
sinn3r
f438e6c121
Remove the 'Rop' key because we don't really use it
2012-06-05 16:07:23 -05:00
sinn3r
f9651be88e
Merge branch 'ms11_093_ole32' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ms11_093_ole32
2012-06-05 15:44:13 -05:00
sinn3r
a3048c7ae8
Clear whitespace
2012-06-05 11:28:47 -05:00
jvazquez-r7
a30f104ee6
Fix space on Authors
2012-06-05 18:23:57 +02:00
jvazquez-r7
93741770e2
Added module for CVE-2011-3400
2012-06-05 18:21:55 +02:00
m-1-k-3
95d949e860
sleep and at
2012-06-05 18:08:46 +02:00
0a2940
dc6b2f4205
merged unstable-modules/exploits/incomplete/linux/ids/snortdcerpc.rb with exploits/windows/ids/snort_dce_rpc.rb
2012-06-05 04:14:40 -07:00
sinn3r
d9c39d3798
Fix the rest of nil res from get_once
2012-06-04 17:26:15 -05:00
sinn3r
a071d2805e
Fix the rest of possible nil res bugs I've found
2012-06-04 14:56:27 -05:00
m-1-k-3
0acbd99e71
targets
2012-06-04 20:08:58 +02:00
m-1-k-3
08ff6c72b1
winlog_lite_2.07.14 initial commit
2012-06-04 17:24:01 +02:00
jvazquez-r7
b53a1396fc
Use of TARGETURI
2012-06-03 22:36:23 +02:00
jvazquez-r7
659b030269
Verbose messages cleanup
2012-06-03 22:29:31 +02:00
jvazquez-r7
34f42bab17
Fix typo in the URI param
2012-06-03 22:14:13 +02:00
jvazquez-r7
efe4136e5b
Added module for CVE-2012-0391
2012-06-03 22:08:31 +02:00
sinn3r
1817942aae
Merge branch 'logcms_writeinfo' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-logcms_writeinfo
2012-06-02 17:43:51 -05:00
sinn3r
7bb36bfbde
Fix typo thanks to juan
2012-06-02 16:57:53 -05:00
sinn3r
7e318e9787
Merge branch 'logcms_writeinfo' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-logcms_writeinfo
2012-06-02 14:14:56 -05:00
Christian Mehlmauer
3752c10ccf
Adding FireFart's RPORT(80) cleanup
...
This was tested by creating a resource script to load every changed
module and displaying the options, like so:
````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````
...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.
Thanks FireFart!
Squashed commit of the following:
commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Fri May 25 22:09:42 2012 +0200
Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
2012-06-02 09:53:19 -05:00
sinn3r
59468846e3
Change filename
2012-06-02 01:51:20 -05:00
sinn3r
522991f351
Correct name
2012-06-02 01:49:43 -05:00
sinn3r
7fd3644b8b
Add CVE-2011-4825 module
2012-06-01 18:45:44 -05:00
Tod Beardsley
ced5b9916e
Whitespace fix for script-fu module
...
This is really just to check the GitHub IRC bot thinger.
2012-06-01 12:24:52 -05:00
sinn3r
353d49d05b
Modify the description
2012-06-01 12:04:46 -05:00
jvazquez-r7
abbd8c8cd5
Added module for CVE-2012-2763
2012-06-01 18:53:25 +02:00
James Lee
4681ed1c1e
Whitespace, thanks msftidy.rb!
2012-05-31 18:18:27 -06:00
Tod Beardsley
c463bd7c6d
Fixing description for citrix module
2012-05-31 16:37:35 -05:00
Tod Beardsley
17e41b2e39
Fixing description for citrix module
2012-05-31 16:36:21 -05:00
Juan Vazquez
a0b491355c
Merge pull request #436 from jvazquez-r7/citrix_streamprocess_get_footer
...
Added module for Citrix Provisioning Services 5.6 SP1
2012-05-31 14:35:22 -07:00
Tod Beardsley
02a41afb2b
Fixing description for juan's Citrix module
2012-05-31 16:34:13 -05:00
Juan Vazquez
00bb216927
Merge pull request #435 from jvazquez-r7/citrix_streamprocess_get_boot_record_request
...
Added module for Citrix Streamprocess Opcode 0x40020004 Buffer Overflow
2012-05-31 14:33:20 -07:00
jvazquez-r7
47c5745673
Fixed name module
2012-05-31 23:23:11 +02:00
jvazquez-r7
e324ed5251
Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020002 Buffer Overflow
2012-05-31 23:21:43 +02:00
jvazquez-r7
1c11b1b1b7
Added module for Citrix Streamprocess Opcode 0x40020002 Buffer Overflow
2012-05-31 23:17:38 +02:00
jvazquez-r7
b5f5804d94
description updated
2012-05-31 23:14:25 +02:00
jvazquez-r7
198070361b
Added module for ZDI-12-010
2012-05-31 22:45:55 +02:00
Steve Tornio
5105c1a4df
add osvdb ref
2012-05-31 08:49:58 -05:00
Tod Beardsley
7e6c2f340e
Minor updates; added BID, fixed grammar
...
Modules should not refer to themselves in the first person unless they
are looking for Sarah Connor.
2012-05-30 16:16:41 -05:00
sinn3r
54e14014c3
Merge pull request #428 from wchen-r7/php_volunteer
...
Add PHP Volunteer Management System exploit
2012-05-30 09:33:32 -07:00
sinn3r
59ea8c9ab9
Print IP/Port for each message
2012-05-30 11:30:55 -05:00
sinn3r
43dffbe996
If we don't get a new file, we assume the upload failed. This is
...
possible when we actually don't have WRITE permission to the
'uploads/' directory.
2012-05-30 11:26:06 -05:00
sinn3r
efdcda55ef
Don't really care about the return value for the last send_request_raw
2012-05-30 11:00:31 -05:00
sinn3r
13ba51db34
Allow the login() function to be a little more verbose for debugging purposes
2012-05-30 10:56:59 -05:00
sinn3r
b81315790d
Add PHP Volunteer Management System exploit
2012-05-30 10:38:45 -05:00
David Maloney
54fb6d2f7a
Fixes unreal ircd race condition
...
Handler would exit before finishing staging
2012-05-29 17:16:07 -05:00
jvazquez-r7
065d3187d3
Added module for OSVDB 74604
2012-05-29 21:10:51 +02:00
Steve Tornio
fe86ab9914
=Add osvdb ref
2012-05-29 13:31:20 -05:00
jvazquez-r7
db5b3c8259
Added module for OSVDB 82000
2012-05-28 08:51:36 +02:00
sinn3r
d615e3bcb8
Print target IP/Port when restoring currencies.php
2012-05-28 01:33:45 -05:00
sinn3r
712a21717a
Totally forgot about disclosure date, damn it
2012-05-28 01:31:13 -05:00
sinn3r
7c1442c4b4
Merge pull request #421 from wchen-r7/symantec_web_gateway
...
Add CVE-2012-0297 Symantec Web Gateway
2012-05-27 23:28:59 -07:00
sinn3r
34c93d8e44
Fix check
2012-05-28 00:51:46 -05:00
sinn3r
96d70e5fb6
Add CVE-2012-0297 Symantec Web Gateway
2012-05-27 22:47:39 -05:00
sinn3r
18c8314d79
Change unknown authors to "Unknown".
...
Since "Anonymous" has become a well known organization, the meaning of the
term also may cause confusion. In order to clarify, we correct unknown
authors to simply "Unknown".
2012-05-26 15:23:09 -05:00
sinn3r
8f537653b4
Merge pull request #420 from wchen-r7/quickshare
...
Add OSVDB-70776 - QuickShare File Share
2012-05-26 01:04:21 -07:00
sinn3r
0b86ceb528
Add OSVDB-70776
2012-05-26 03:00:32 -05:00
jvazquez-r7
e774df5c32
target info plus relocation
2012-05-25 20:16:13 +02:00
jvazquez-r7
c4fad0dea5
module added for OSVDB-73609
2012-05-25 17:18:09 +02:00
sinn3r
7b0fbaed23
Merge pull request #417 from wchen-r7/rabidhamster
...
Add OSVDB-79007 - RabidHamster R4 Log Entry BoF
2012-05-25 01:11:17 -07:00
sinn3r
d595f908fc
Add OSVDB-79007
2012-05-25 03:06:28 -05:00
jvazquez-r7
f7224ab306
flexnet_lmgrd_bof rand_text fix
2012-05-24 18:02:25 +02:00
Tod Beardsley
5004515187
Resolved conflicts merging back from release
...
Merge branch 'release'
Conflicts:
lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb
modules/exploits/windows/license/flexnet_lmgrd_bof.rb
2012-05-24 00:27:41 -05:00
sinn3r
ac0d22453a
Merge pull request #414 from wchen-r7/apprain
...
Add CVE-2012-1153
2012-05-23 16:34:30 -07:00
sinn3r
8d837f5d20
Module description update. TARGETURI description update.
2012-05-23 18:33:32 -05:00
sinn3r
fab3bfcea1
Add CVE-2012-1153
2012-05-23 17:50:13 -05:00
sinn3r
0b7b71e240
Correct run-on sentence
2012-05-23 10:27:23 -05:00
sinn3r
94f114b69a
Fix typos
2012-05-23 10:22:52 -05:00
sinn3r
7a4f1a111b
Merge branch 'cve-2008-0320_openoffice_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cve-2008-0320_openoffice_bof
2012-05-23 10:20:16 -05:00
jvazquez-r7
287d68f304
added module for CVE-2008-0320
2012-05-23 17:14:11 +02:00
Tod Beardsley
a37e98f159
Updating release from master.
2012-05-22 14:12:08 -05:00
Jeff Jarmoc
c4b64a51f7
Added reference to vendor advisory
2012-05-22 13:22:26 -05:00
Tod Beardsley
87ce3fe2f7
Adding extra ref from jjarmoc
2012-05-22 11:17:57 -05:00
jvazquez-r7
c823e8099e
randomization when possible for flexnet_lmgrd_bof
2012-05-22 08:32:10 +02:00
sinn3r
cafe803217
Fix typos
2012-05-21 16:32:33 -05:00
jvazquez-r7
72b1f113ce
Added module for ZDI-12-052
2012-05-21 16:32:33 -05:00
Tod Beardsley
675dfe4e14
Don't keep the weblogi return codes secret
2012-05-21 11:27:24 -05:00
Tod Beardsley
1104dccde8
Noting rhost/rport, cli.peerhost where appropriate
...
There's no msftidy check for this, and it's irritating to have to
remember to do this all the time.
2012-05-21 11:19:02 -05:00
Tod Beardsley
7cc905832e
Consistent caps on SVG in batik_svg_java exploit
...
Also, modules should not refer to themselves as "I" or "me." It's
creepy.
2012-05-21 11:14:03 -05:00
Tod Beardsley
5dd866ed4a
Fixed print_status to include rhost:rport
...
Also don't let the failed user:pass be a mystery to the user.
2012-05-21 11:11:34 -05:00
Tod Beardsley
1fc7597a56
Msftidy fixes.
...
Fixed up activecollab_chat, batik_svg_java, and foxit_reader_launch
All whitespace fixes.
2012-05-21 10:59:52 -05:00
sinn3r
822e109b1f
Merge pull request #398 from wchen-r7/foxit_reader_launch
...
CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action BoF
2012-05-20 07:58:29 -07:00
Steve Tornio
ba2787df8a
add osvdb ref
2012-05-20 07:13:56 -05:00
Steve Tornio
c95a06e247
add osvdb ref
2012-05-20 07:13:31 -05:00
sinn3r
628233d15c
Merge pull request #399 from wchen-r7/hp_storageworks
...
Add HP StorageWorks VSA command execution vulnerability
2012-05-19 14:14:49 -07:00
sinn3r
d8c3edd316
Add HP StorageWorks VSA command execution vulnerability
2012-05-19 14:53:45 -05:00
sinn3r
f9bcb95952
Correct EDB references
2012-05-19 02:24:29 -05:00
sinn3r
964a6af423
Add Active Collab chat module PHP injection exploit, by mr_me
2012-05-19 02:06:30 -05:00
sinn3r
e4f80a1fab
Francisco is the the one who found it according to advisory
2012-05-18 17:12:52 -05:00
sinn3r
41aac751e9
Add CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action Buffer Overflow
...
This was added last year, but yanked due to some reliability issues.
bannedit gave me the updated version recently, and the issue he was having
appears to be resolved.
There is no good P/P/R to use in XP SP3, so that system isn't supported.
2012-05-18 13:25:51 -05:00
jvazquez-r7
bedf010676
description modified
2012-05-18 01:23:09 +02:00
jvazquez-r7
e7f5bf132c
trying to improve bea weblogic connector bof
2012-05-18 01:13:56 +02:00
sinn3r
c0d17734ed
Improve run-on sentences.
2012-05-17 15:00:00 -05:00
sinn3r
32a0596a03
Merge branch 'oracle_bea_post_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_bea_post_bof
2012-05-17 14:52:10 -05:00
jvazquez-r7
c4ab521d7b
better tab indentation
2012-05-17 21:41:31 +02:00
sinn3r
0b35ab6a75
If the target isn't support, make sure we warn the user
2012-05-17 12:34:17 -05:00
jvazquez-r7
a21e832336
fingerprinting bea connector with Transfer-Encoding
2012-05-17 19:21:16 +02:00
sinn3r
952ada1742
Fix broken target (variable naming)
2012-05-17 11:37:49 -05:00
sinn3r
2fccf4674f
Be explicit on what version we've tested
2012-05-17 11:04:40 -05:00
jvazquez-r7
0fd3f96720
errata fixed
2012-05-17 17:23:16 +02:00
jvazquez-r7
14d8ba00af
Added batik svg java module
2012-05-17 16:48:38 +02:00
jvazquez-r7
9a5e4d6500
Added target BEA Weblogic 8.1 SP4
2012-05-17 11:07:22 +02:00
jvazquez-r7
445bd90afb
Added module for CVE-2008-3257
2012-05-17 10:28:18 +02:00
jlee-r7
fe7928c18d
Merge pull request #390 from jlee-r7/consolidate-250-254-375
...
Consolidate #250 , #254 , #375
2012-05-16 17:07:33 -07:00
sinn3r
0b2a8e0b70
Correct e-mail format
2012-05-16 02:40:39 -05:00
sinn3r
b89e77c842
Add Spanish dir path. Thanks Miguel
2012-05-15 19:27:48 -05:00
James Lee
42719ab34b
Squashed commit of the following:
...
commit 6a3ad1d887df9d277e4878de94f8700ed8e404f9
Author: James Lee <egypt@metasploit.com>
Date: Wed May 9 16:22:49 2012 -0600
Add register_command calls for md5 and sha1
commit dbd52c5a1edfe1818a580d4d46aac0a9ca038e9c
Author: James Lee <egypt@metasploit.com>
Date: Wed May 9 16:22:09 2012 -0600
Read the file instead of downloading it
commit 55b84ad8e2a8532b3f8520ccb1162169b8e9c056
Author: James Lee <egypt@metasploit.com>
Date: Wed May 9 15:27:11 2012 -0600
Re-compile linux meterp to support the loadlib api
commit d112e84e490aa30aa9533fb0bdb33a9713ce01a5
Author: James Lee <egypt@metasploit.com>
Date: Wed May 9 14:50:25 2012 -0600
Re-compile java meterp to support the loadlib api
commit c137187b346b708487245a849b95343223e4e7b0
Author: James Lee <egypt@metasploit.com>
Date: Wed May 9 14:44:10 2012 -0600
Don't try to get interfaces if this session doesn't implement it
commit 88bba1e6c360c5725c4174623f56bcb6d8b54228
Author: James Lee <egypt@metasploit.com>
Date: Wed May 9 14:38:17 2012 -0600
Remove debugging load
commit 02954cbf93e2a13da967780cb703103b3f83ecf4
Merge: d9ef256 88b35a3
Author: James Lee <egypt@metasploit.com>
Date: Wed May 9 12:06:53 2012 -0600
Merge branch 'rapid7' into feature/4905
Conflicts:
data/meterpreter/ext_server_stdapi.php
modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb
commit d9ef2569b88ae8bce67f13316f6eff76311fd846
Author: James Lee <egypt@metasploit.com>
Date: Wed May 2 18:06:06 2012 -0600
PHP doesn't support rev2self
commit bf13ea0ff25541da07b8c099218e5ad7ea6ae8ba
Author: James Lee <egypt@metasploit.com>
Date: Tue May 1 18:21:59 2012 -0600
Add php support for returning new extension commands
commit 7e35f2d671d3797fc3fab12e54015387f44b0b33
Author: James Lee <egypt@metasploit.com>
Date: Tue May 1 16:03:26 2012 -0600
Reset CVE-2012-0507 back to master
Purges commits unrelated to this branch.
commit 86a77b3cd017e1e3a3f23d9fba3b9ed173761f80
Author: James Lee <egypt@metasploit.com>
Date: Tue May 1 15:59:35 2012 -0600
Revert "Make building the jar for cve-2012-0507 a bit easier"
This reverts commit 27ef76522ad10436ec785728445ed2cc0657f85f.
Conflicts:
external/source/exploits/CVE-2012-0507/Makefile
external/source/exploits/CVE-2012-0507/src/msf/x/PayloadX.java
commit 8c259fb779f736be16fe972215ddff1dd32fd0f3
Merge: fe2c273 1c03c2b
Author: James Lee <egypt@metasploit.com>
Date: Tue May 1 15:35:44 2012 -0600
Merge branch 'rapid7' into feature/4905
Conflicts:
data/meterpreter/ext_server_stdapi.jar
data/meterpreter/meterpreter.jar
external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/Meterpreter.java
modules/auxiliary/server/browser_autopwn.rb
commit fe2c273a6d840c67040d6c9e337f908204337e18
Merge: 8caff47 4e955e5
Author: James Lee <egypt@metasploit.com>
Date: Fri Apr 6 10:19:53 2012 -0600
Merge branch 'rapid7' into feature/4905
commit 8caff47d97469f1a5459c04461fd1098487ea514
Author: James Lee <egypt@metasploit.com>
Date: Thu Apr 5 17:51:18 2012 -0600
Fix requires to find the test library
commit 51c33574cee3c47f0b2900c388d3d1213dd0a90d
Author: James Lee <egypt@metasploit.com>
Date: Thu Apr 5 17:48:35 2012 -0600
Fix a load order problem with solaris post mods
commit 81b658362e5e6bdd215d18b53d14429d163aff72
Merge: adad2cf 6ef4257
Author: James Lee <egypt@metasploit.com>
Date: Thu Apr 5 15:43:19 2012 -0600
Merge branch 'master' into feature/4905
commit 6ef42579471c6fde4bba71d0d4ce2c6c3e836180
Merge: 70ab8c0 5852455
Author: James Lee <egypt@metasploit.com>
Date: Thu Apr 5 15:16:56 2012 -0600
Merge branch 'rapid7'
Conflicts:
lib/rex/exploitation/javascriptosdetect.rb
commit adad2cf04c501c2a787e5475b62abd31871c06a0
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 20:20:21 2012 -0600
Deal with null data/jar
Not sure why "" turns into null sometimes, but it was breaking shells;
this fixes it.
commit 4f8a437b490e2b2774f9efd23b4891eaf007cf16
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 18:10:59 2012 -0600
Prev commit moved these to src/a
commit 27ef76522ad10436ec785728445ed2cc0657f85f
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 18:08:32 2012 -0600
Make building the jar for cve-2012-0507 a bit easier
Mostly stolen from cve-2008-5353
commit db3dbad0a5ff20b05758be073c3502138ff095c2
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 14:52:23 2012 -0600
Fix incorrect option name
commit 776976af31795bdf1b405e208a2d4b78a6b6c2cf
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 28 15:36:20 2012 -0600
Add bap support to java_rhino
commit a611ab16e06bd324d6616d0bd69f2c09d671bca0
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 28 15:35:16 2012 -0600
Put next_exploit on the window object so it's always in scope
Solves some issues with Chrome not running more than one exploit
commit 5114d35de7c2f234ac7fe4288b344d4f2bb9731f
Author: James Lee <egypt@metasploit.com>
Date: Tue Mar 27 14:31:53 2012 -0600
Pull common stuff up out of the body
commit 748309465a029593e2fe2fd445149745367513f4
Author: James Lee <egypt@metasploit.com>
Date: Tue Mar 27 11:04:03 2012 -0600
Fix indentation level
commit 954d485e3b8ffea9a7451bd495c1956a098e0eda
Author: James Lee <egypt@metasploit.com>
Date: Tue Mar 27 11:02:42 2012 -0600
Abstract out copy-pasted methods
Need to do the same thing for OSX, but it's a different implementation.
commit cba8d7c911fb184f6358948022fd4a0e010878d0
Author: James Lee <egypt@metasploit.com>
Date: Fri Mar 23 18:04:50 2012 -0600
Linux doesn't implement (drop|steal)_token
commit 1cfda3a7b045c08ecfae1ad688e0124e76bd0c8f
Author: James Lee <egypt@metasploit.com>
Date: Fri Mar 23 17:57:37 2012 -0600
Add availability checks for net, sys, ui, and webcam
commit 4bdf39a8bf4b5aab293fc47cb8282d0346db0811
Author: James Lee <egypt@metasploit.com>
Date: Fri Mar 23 16:45:59 2012 -0600
add requirement checking for fs and core commands
commit 42e35971c9f7348b57293b2b94a42dd0260ac7e4
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 21 17:20:59 2012 -0600
Add a to_octal method that converts e.g. "A" to \0101
commit c3b9415a0a9e2b55b1effbaf2396e11f88301aaa
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 21 17:20:07 2012 -0600
Don't use "echo -n"
It's not portable
commit b0f3ceccfaedbeaf67fbbe76f1a0a9aec7b44548
Author: James Lee <egypt@metasploit.com>
Date: Tue Mar 20 17:01:10 2012 -0600
Return a list of new commands after core_loadlib, java version
Thanks mihi for the patch and the awesome responsiveness!
commit d65303e1b6458bd4b95138dc0d61e5354c4e8d3a
Author: James Lee <egypt@metasploit.com>
Date: Tue Mar 20 13:21:06 2012 -0600
Make sure we have a response before doing stuff with it
commit 721001ead474a17d1a16de543f78b548879f5e7e
Author: James Lee <egypt@metasploit.com>
Date: Mon Mar 19 21:25:31 2012 -0600
Add missing rmdir and mkdir protocol commands to PHP
Now passes all the stdapi tests that it can
[*] Session type is meterpreter and platform is php/php
[+] should return a user id
[+] should return a sysinfo Hash
[-] FAILED: should return network interfaces
[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1
[-] FAILED: should have an interface that matches session_host
[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1
[-] FAILED: should return network routes
[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_routes: Operation failed: 1
[+] should return the proper directory separator
[+] should return the current working directory
[+] should list files in the current directory
[+] should stat a directory
[+] should create and remove a dir
[+] should change directories
[+] should create and remove files
[+] should upload a file
[-] Passed: 10; Failed: 3
commit 024e99167a025f4678a707e1ee809a1524007d4d
Author: James Lee <egypt@metasploit.com>
Date: Mon Mar 19 15:26:00 2012 -0600
Use a proper TLV type instead of a generic one
commit 1836d915cbe0bfd2f536a667e74d8d6a6ccee72a
Author: James Lee <egypt@metasploit.com>
Date: Mon Mar 19 15:24:25 2012 -0600
Fix a counting error that caused segfaults (Linux)
commit 1e419d3fc392e435ae0af703561ce10bd5a45eb0
Author: James Lee <egypt@metasploit.com>
Date: Mon Mar 19 15:06:02 2012 -0600
Return a list of new commands after core_loadlib
Gets Windows back in sync with Linux
commit 3d3959f720de68e2f36ebfabe8196e01f98fe904
Author: James Lee <egypt@metasploit.com>
Date: Mon Mar 19 14:50:55 2012 -0600
Refactor extensionList -> extension_commands
It's not the same as extension_list.
commit a7acb638af803732fc5f3975e0c0632f427e0deb
Author: sinn3r <msfsinn3r@gmail.com>
Date: Sun Mar 18 00:07:27 2012 -0500
Massive whitespace cleanup
commit ef8b9fd5cea7db43860a5b88d7397ba84393ecd5
Author: sinn3r <msfsinn3r@gmail.com>
Date: Sat Mar 17 16:00:20 2012 -0500
Add back enum_protections with some new changes
commit d778eec36953bb9bf4985e967ad2c119a1acd79b
Author: ohdae <bindshell@live.com>
Date: Sat Mar 17 13:28:31 2012 -0400
Added fix for enum_protections
commit 64611819d43bf13ab2d68f4353513c39e5a64fe0
Author: sinn3r <msfsinn3r@gmail.com>
Date: Sat Mar 17 03:14:26 2012 -0500
A bunch of fixes
commit bb1a0205d73e75a61a8fbf5ff6440dd09f9780f9
Author: sinn3r <msfsinn3r@gmail.com>
Date: Sat Mar 17 00:28:05 2012 -0500
The comments in get_chatlogs need an update
commit 666477e42a734f3120dcc4282b01b5ab5819384a
Author: sinn3r <msfsinn3r@gmail.com>
Date: Sat Mar 17 00:25:41 2012 -0500
Correct license format
commit 3c8eecbcd7b952abaca0b1ce14dca41e1d4cabb7
Author: sinn3r <msfsinn3r@gmail.com>
Date: Sat Mar 17 00:22:03 2012 -0500
Add enum_adium.rb post module
commit d290cf4fef1309df9a1af748e7c6c259a6788576
Author: ohdae <bindshell@live.com>
Date: Fri Mar 16 16:54:36 2012 -0300
Changed store_note to store_loot. Fixed local/remote file retrieval
commit ccb830b594ea0f0a8ce7c29b24f2f137ecfd5c4c
Author: James Lee <egypt@metasploit.com>
Date: Fri Mar 16 11:29:07 2012 -0600
Fall back to MIB method if we can't get netmasks
Misses IPv6 addresses, but at least doesn't break everything.
[Fixes #6525 ]
commit a9a30232dd5fcc0854c10b4d58df8511a23f3091
Author: sinn3r <msfsinn3r@gmail.com>
Date: Fri Mar 16 11:49:31 2012 -0500
This module is not ready, yanked.
commit 6bb34f7fd0785d31902f1edc938a6b05b91a1495
Author: Gregory Man <man.gregory@gmail.com>
Date: Fri Mar 16 18:09:08 2012 +0200
sockso_traversal 1.8 compatibility fix
commit e76965ce565a8ae634dc0d3c743542f1a6d977d7
Author: ohdae <bindshell@live.com>
Date: Fri Mar 16 09:17:35 2012 -0400
fix
commit 61ce7b587de54363f7071bc19df5a29eb29e9aa7
Author: ohdae <bindshell@live.com>
Date: Fri Mar 16 09:14:48 2012 -0400
saves each config to loot instead of notes
commit f4713974fa82d8b13017cb0817b5fd36696194d9
Author: James Lee <egypt@metasploit.com>
Date: Fri Mar 16 03:46:10 2012 -0600
Check for a 0 prefix length
If the OnLinkPrefixLength is 0, something is wrong, try the value in the
prefix linked list. Appears to fix v4 addresses on XP but not 2k3.
[See #6525 ]
commit cde7fcc012e04880f2faa28226a1fc5834a2e3d5
Author: James Lee <egypt@metasploit.com>
Date: Fri Mar 16 01:46:41 2012 -0600
Return network prefixes when available
Solves #6525 on Vista+. Win2k still works using the old MIB method
(which doesn't support ipv6). Win2k3 and XP are still busted for
unknown reasons.
commit 98bd9a7bd09149f524ebbe1501ec916bf99b078d
Author: ohdae <bindshell@live.com>
Date: Thu Mar 15 22:59:42 2012 -0400
Enumerate important and interesting configuration files
commit 9336df2ac28ee2df10a0e66e7006df3d23493492
Author: David Maloney <David_Maloney@rapid7.com>
Date: Thu Mar 15 19:06:48 2012 -0500
More Virtualisation SSL fixes
commit f24c378281ee6c85f687d4823f09ef5848812daf
Author: David Maloney <David_Maloney@rapid7.com>
Date: Thu Mar 15 18:15:29 2012 -0500
Default SSL to true for esx_fingerprint module
commit d6e14c42120df0fd16b79709ac5723d0e2818810
Author: sinn3r <msfsinn3r@gmail.com>
Date: Thu Mar 15 15:56:24 2012 -0500
Fix typo
commit b24dcfe43e625740ec8a1465f33be02f7ec40162
Author: sinn3r <msfsinn3r@gmail.com>
Date: Thu Mar 15 15:55:54 2012 -0500
Add sockso dir traversal
commit 033052c1e075fcf43e9c17e5ee4a5006247cb375
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 15 14:31:25 2012 -0600
Fix syntax error in 1.8, thanks Jun Koi for the patch
commit 4529efaeaa22e52c9c7c1528c68efb60af8af729
Author: sinn3r <msfsinn3r@gmail.com>
Date: Thu Mar 15 14:27:40 2012 -0500
enum_protections is now find_apps
commit 49e823802bd8f2cb1940545e74db04f3788352d1
Author: sinn3r <msfsinn3r@gmail.com>
Date: Thu Mar 15 14:22:23 2012 -0500
File rename, as well as design and cosmetic changes
commit ccf6b011145cf9db444f7e2d3fb3ec61738e88cb
Author: ohdae <bindshell@live.com>
Date: Thu Mar 15 15:29:52 2012 -0300
added report_note, removed store_loot function, cleaned up info/author
commit 27d571932e51afbac0c0fcd95c52f038786a9a28
Author: ohdae <bindshell@live.com>
Date: Thu Mar 15 12:18:29 2012 -0300
fixed output newline issue
commit 5a828e35d1629dc68825fe7d9322d1316888f8d7
Author: ohdae <bindshell@live.com>
Date: Thu Mar 15 01:05:35 2012 -0300
fixed save line
commit 805c2ee9871c076a8c0ac62b028a7942af70b6a5
Author: ohdae <bindshell@live.com>
Date: Thu Mar 15 01:02:07 2012 -0300
removed unneeded comments
commit 5861e1512f2949c0d7848d9ebed8241277462085
Author: ohdae <bindshell@live.com>
Date: Thu Mar 15 01:00:55 2012 -0300
fixed output issue
commit 593a3648111f1db1f56a410250539261c2a7cd9f
Author: ohdae <bindshell@live.com>
Date: Wed Mar 14 18:26:53 2012 -0300
removed unneeded dependency
commit 05053e6e74b0ac99bbd4005c40ecc3b1196fd13f
Author: ohdae <bindshell@live.com>
Date: Wed Mar 14 13:30:16 2012 -0400
locates installed 3rd part av, fws, etc
commit 5bf512d0e9d2b412c4107228db178a7078111443
Author: sinn3r <msfsinn3r@gmail.com>
Date: Wed Mar 14 16:50:54 2012 -0500
Add OSVDB-79863 NetDecision Directory Traversal
commit 18715d0367f4ef01b5998d732043cbe224e1787e
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 14 23:03:01 2012 -0600
Store the retrieved commands on the session
commit b752cb8b31fd8dcd221fb6caa483f6202bf5a4fd
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 14 22:45:16 2012 -0600
Retrieve the list of new commands
The client side doesn't do anything with them yet
commit 69ce8ef42d4089a0b26644bd4d6bebf57c4cfd50
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 14 22:41:16 2012 -0600
Return a list of the new commands in response to core_loadlib
Linux
commit 354c754aa4cce63ffebb4567f3bbfd621ffef46c
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 14 15:13:45 2012 -0600
Whitespace at EOL
commit 4afcb4cb9da1921ede29b03b149433cc65d680da
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 14 14:30:09 2012 -0600
Create instance methods that return extensions
Before this change, meterpreter sessions would not #respond_to? their
extensions despite having a pseudo-accessor for them:
```
>> client.respond_to? :sys
=> false
>> client.sys
=> #<Rex::Post::Meterpreter::ObjectAliases:0x0000000e263488 @aliases={"config"=>#<Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Config:0x0000000e268dc8 @client=#<Session:meterpreter 192.168.99.1:55882 (192.168.99.1) "uid=1000, gid=1000, euid=1000, egid=1000, suid=1000, sgid=1000 @ wpad">>, "process"=>#<Class:0x0000000e268d20>, "registry"=>#<Class:0x0000000e266da0>, "eventlog"=>#<Class:0x0000000e2654e8>, "power"=>#<Class:0x0000000e263c30>}>
```
After:
```
>> client.respond_to? :sys
=> true
```
commit 70ab8c018f67d15929b6f41322540837ab7b37c5
Merge: a8a3938 5f2bace
Author: James Lee <egypt@metasploit.com>
Date: Tue Apr 3 11:46:25 2012 -0600
Merge branch 'master' into bap-refactor
Conflicts:
external/source/exploits/CVE-2012-0507/Help.java
external/source/exploits/CVE-2012-0507/Makefile
external/source/exploits/CVE-2012-0507/msf/x/Help.java
external/source/exploits/CVE-2012-0507/src/a/Exploit.java
external/source/exploits/CVE-2012-0507/src/a/Help.java
commit a8a393891588a8b5c18e3c2173f1cd9c2480b2d0
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 20:20:21 2012 -0600
Deal with null data/jar
Not sure why "" turns into null sometimes, but it was breaking shells;
this fixes it.
commit 5e5eb39d3ccb62a9fc006be8241cfb97723caa06
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 18:10:59 2012 -0600
Prev commit moved these to src/a
commit 5074eadbea426fc4f83d6d165a01e640ef42b4de
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 18:08:32 2012 -0600
Make building the jar for cve-2012-0507 a bit easier
Mostly stolen from cve-2008-5353
commit bdb3fbe7fd19aa76b4069edca5a78c53fec668c0
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 14:52:23 2012 -0600
Fix incorrect option name
commit 78824ef60084510d3befe0ded6eed314d55eeb12
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 13:24:33 2012 -0600
Add the detected browser version to the DOM
Doing it this way lets modules grab the info a bit more easily.
commit 9813ccb8d6b14e0e728b8a13bacf59dd31b9c4b9
Merge: 0faa3f6 b5fc8e4
Author: James Lee <egypt@metasploit.com>
Date: Thu Mar 29 13:19:05 2012 -0600
Merge branch 'master' into bap-refactor
commit 0faa3f65240c3a2b3ab0e72f4aeb2e9f50ed54ee
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 28 15:36:20 2012 -0600
Add bap support to java_rhino
commit 66ca27f994e3b11c9c8adae85642820768158860
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 28 15:35:16 2012 -0600
Put next_exploit on the window object so it's always in scope
Solves some issues with Chrome not running more than one exploit
commit 7fc2ca1a0690c7a973307772aed42ab3514e1761
Merge: 325d306 e48c47e
Author: James Lee <egypt@metasploit.com>
Date: Wed Mar 28 15:10:54 2012 -0600
Merge branch 'master' into bap-refactor
commit 325d3060599bc79674e93dd5f55a4e60061e9bdb
Author: James Lee <egypt@metasploit.com>
Date: Tue Mar 27 14:31:53 2012 -0600
Pull common stuff up out of the body
commit 4f2b3260bf7f14f4d763625792adb0c3cfd1ed7c
Author: James Lee <egypt@metasploit.com>
Date: Tue Mar 27 11:04:03 2012 -0600
Fix indentation level
commit 9b905c53b4d46beb86da8168a1c2c5b2da340f6d
Author: James Lee <egypt@metasploit.com>
Date: Tue Mar 27 11:02:42 2012 -0600
Abstract out copy-pasted methods
Need to do the same thing for OSX, but it's a different implementation.
2012-05-15 17:00:02 -06:00
Tod Beardsley
f5698f4bdc
Msftidy on mozilla_attribchildremoved.rb
...
was executable, had bad spacing.
2012-05-15 15:45:07 -05:00
Tod Beardsley
82885cc6e5
Fixing author tags
...
Ensuring a space between name and email.
2012-05-15 15:45:07 -05:00
Tod Beardsley
898398fd54
Fixing author tags
...
Ensuring a space between name and email.
2012-05-15 15:43:53 -05:00
Tod Beardsley
9b3f602910
Msftidy on mozilla_attribchildremoved.rb
...
was executable, had bad spacing.
2012-05-15 15:39:30 -05:00
sinn3r
d54a228f65
Correct version number
2012-05-15 01:16:41 -05:00
Steve Tornio
7690e86a89
add osvdb ref
2012-05-14 07:14:10 -05:00
Steve Tornio
bcfa96ced8
add osvdb ref
2012-05-14 07:13:49 -05:00
sinn3r
d2c26f989c
Cleanup whitespace
2012-05-13 04:42:22 -05:00
sinn3r
c1fbf1f931
Merge branch 'mozilla_attribchildremoved' of https://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-mozilla_attribchildremoved
2012-05-13 04:37:49 -05:00
Peter Van Eeckhoutte (corelanc0d3r)
dd42c3096e
added exploit for Firefox 8&9 AttributeChildRemoved UAF
2012-05-13 11:31:46 +02:00
sinn3r
5d8fbefc3d
Merge pull request #378 from wchen-r7/distinct
...
Add OSVDB-80984 - Distinct TFTP Directory traversal
2012-05-11 13:14:19 -07:00
sinn3r
653d7e5923
Add OSVDB-80984
2012-05-11 15:07:31 -05:00
Jeff Jarmoc
c2c160f86c
randomizes options from equivilants
2012-05-11 11:31:26 -05:00
sinn3r
7eabce8872
Add comment for PrependEncoder
2012-05-10 12:18:50 -05:00
sinn3r
2b13330483
Merge pull request #376 from wchen-r7/wikkawiki
...
Add CVE-2011-4449
2012-05-10 10:13:56 -07:00
sinn3r
6e8c3ad1e3
It's "inject", not "upload"... because technically that's what really happens.
2012-05-10 12:06:02 -05:00
sinn3r
c69e34d407
Update description
2012-05-10 12:02:55 -05:00
sinn3r
86c3ad5e0c
Add CVE-2011-4449
2012-05-10 11:57:40 -05:00
Jeff Jarmoc
e1156834b9
Lots of encoding randomizations for php_cgi_arg_injection
2012-05-09 14:13:21 -05:00
Tod Beardsley
65800f7c6e
Whitespace on solarwinds
2012-05-09 12:47:22 -05:00
Jeff Jarmoc
4909d8073a
Added lots or encoding randomness
2012-05-09 11:01:15 -05:00
sinn3r
ce16ab662c
Cosmetic changes. Also lower the rank for now, because I picked up a state where it can be less stable.
2012-05-08 00:22:19 -05:00