sinn3r
8f50a167bd
This is the right module
2012-09-17 08:36:04 -05:00
sinn3r
e43cae70a7
Add IE 0day exploiting the execcommand uaf
2012-09-17 08:28:33 -05:00
Tod Beardsley
c83b49ad58
Unix linefeeds, not windows
...
That's what I get for just committing willy-nilly with a fresh install
of Gvim for Windows.
Also, this is an experiment to see if linefeeds are being respected in
this editor Window. I doubt it will be, given GitHub's resistence to
50/72 as a sensible default.
2012-09-16 18:10:35 -05:00
Tod Beardsley
2fc34e0073
Auth successful, not successfully
...
Just fixing up some adverb versus adjective grammar.
2012-09-16 17:51:00 -05:00
sinn3r
b07b30839e
Merge branch 'webmin_edit_html_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-webmin_edit_html_fileaccess
2012-09-16 03:17:09 -05:00
sinn3r
1828857a63
Change conditions
...
When 'encod_params' is set to true explicitly, or does not have a
value, we make sure it's true. Otherwise, false.
2012-09-15 18:08:29 -05:00
sinn3r
0967d1bfc4
Allow modules to disable URI encoding for GET/POST variables
...
Often in HTTP modules, people are forced to to use 'data' instead
of 'vars_get' or 'vars_post', because the parameters (especially
the names) are URI-encoded, and the application actually may not
recognize the names/values. The new 'encode_params' option allows
that feature to be disabled. However, to make sure we're not
changing existing HTTP modules' behaviors, 'encode_params' is
still true by default (which is the original behavior we've always
been using).
2012-09-15 17:40:42 -05:00
jvazquez-r7
63d2d60c68
delete don't needed line
2012-09-15 23:56:38 +02:00
jvazquez-r7
ff2e9fc157
add changes proposed by sinn3r
2012-09-15 23:55:55 +02:00
jvazquez-r7
cbc778cb47
add changes proposed by sinn3r
2012-09-15 23:53:09 +02:00
jvazquez-r7
0708ec72fc
module moved to a more correct location
2012-09-15 15:31:21 +02:00
jvazquez-r7
0f67f8d08a
target modified
2012-09-15 15:14:33 +02:00
jvazquez-r7
70ff7621d6
added module for CVE-2012-2983
2012-09-15 15:11:12 +02:00
jvazquez-r7
0061d23b37
Added module for CVE-2012-2982
2012-09-15 15:09:19 +02:00
sinn3r
36483d1500
Merge branch 'oracle_btm_writetofil' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_btm_writetofil
2012-09-14 17:51:36 -05:00
Samuel Huckins
7f03e37cc3
Removing unneeded user-agent gem from cache
2012-09-14 12:33:02 -05:00
jvazquez-r7
9a83c7c338
changes according to egypt review
2012-09-14 18:47:50 +02:00
jvazquez-r7
eae571592c
Added rgod email
2012-09-14 17:45:16 +02:00
jvazquez-r7
a2649dc8d1
fix typo
2012-09-14 17:10:41 +02:00
jvazquez-r7
e27d5e2eb7
Description improved
2012-09-14 17:08:59 +02:00
jvazquez-r7
9c77c15cf5
Added module for osvdb 85087
2012-09-14 16:54:28 +02:00
James Lee
3c6319b75f
Add nonx stagers for linux
...
[See #784 ]
2012-09-13 15:15:38 -05:00
Samuel Huckins
578b507dc7
Adding new user-agent gem.
2012-09-13 12:52:33 -05:00
James Lee
caf7619b86
Remove extra comma, fixes syntax errors in 1.8
...
Thanks, Kanedaaa, for reporting
2012-09-13 12:07:34 -05:00
sinn3r
c6c59b6df6
Merge branch 'jlee-r7-bug/redmine-7226-rhost-dns'
2012-09-13 11:04:51 -05:00
sinn3r
1f58458073
Merge branch 'udev_netlink' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-udev_netlink
2012-09-13 10:37:52 -05:00
sinn3r
b31e8fd080
Merge branch 'qdpm_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-qdpm_upload_exec
2012-09-13 10:37:10 -05:00
sinn3r
71a0db9ae5
Make sure the user has a 'myAccount' page
2012-09-13 10:33:43 -05:00
jvazquez-r7
6771466cb7
Added module for CVE-2011-2750
2012-09-13 17:24:16 +02:00
sinn3r
658502d5ad
Add OSVDB-82978
...
This module exploits a vuln in qdPM - a web-based project
management software. The user profile's photo upload feature can
be abused to upload any arbitrary file onto the victim server
machine, which allows remote code execution. However, note in
order to use this module, the attacker must have a valid cred
to sign.
2012-09-13 10:01:08 -05:00
jvazquez-r7
12f3ef9c7c
added osvdb numbers
2012-09-13 14:00:12 +02:00
0a2940
733f656b00
code style improvement - start counter at 0
2012-09-13 11:32:10 +02:00
0a2940
f48f77c0d7
compatibility improvement - backticks not $()
...
For the comments above, and the fact we're using backticks later in the line also (uniformity++)
2012-09-13 11:19:00 +02:00
0a2940
f728d32f60
code style improvement - remove 'then' from 'if's
2012-09-13 11:14:45 +02:00
James Lee
f38ac954b8
Update linux stagers for NX compatibility
...
- Adds a call to mprotect(2) to the reverse and bind stagers
- Adds accurate source for some other linux shellcode, including some
comments to make it more maintainable
- Adds tools/module_payload.rb for listing all payloads for each exploit
in a greppable format. Makes it easy to find out if a payload change
causes a payload to no longer be compatible with a given exploit.
- Missing from this commit is source for reverse_ipv6_tcp
2012-09-12 18:44:00 -05:00
James Lee
ac2ec99fb7
Add bin for mephos' netstat fixes
...
[Closes #777 ]
2012-09-12 16:57:17 -05:00
James Lee
823bc0a7f6
Merge branch 'mephos-netstat' into rapid7
2012-09-12 16:56:17 -05:00
Tod Beardsley
39f2cbfc3c
Older targets confirmed for CoolType SING
2012-09-12 16:51:51 -05:00
Tod Beardsley
fba219532c
Updating BID for openfiler
2012-09-12 14:13:21 -05:00
m m
40b383e247
I was pretty sure to have removed those fclose before
2012-09-12 13:11:24 -05:00
m m
76e05dff30
fix netstat program name
2012-09-12 13:11:24 -05:00
m m
2ec92030ae
fix netstat program name
2012-09-12 13:11:24 -05:00
David Maloney
71e57a6067
Moved help text into cmd_findpids_help
2012-09-12 08:26:31 -05:00
Tod Beardsley
033442bf28
Merge remote branch 'jlee-r7/bug/redmine-7233-meterpreter-on-client-exploits'
2012-09-11 15:24:29 -05:00
James Lee
46dfeec402
Adds meterpreter bins all compiled with the same VS
...
Not sure exactly what was causing the breakage, but using bins compiled
with the same version of Visual Studio seems to have fixed the issue.
[FixRM #7233 ]
2012-09-11 14:16:21 -05:00
Tod Beardsley
32e2232de3
Disambiguating hkm from hdm
...
Having an author name of "hkm" really looks like a typo for "hdm," but
it's not.
2012-09-11 11:13:20 -05:00
Adam Dalton
0b0af0a4f5
updating sleep to allow nil arguments
2012-09-11 11:20:03 -04:00
HD Moore
c901002e75
Add ssh login module for cydia / ios defaults
2012-09-10 19:36:20 -05:00
HD Moore
fbbed2262b
Updated iOS modules
2012-09-10 17:42:17 -05:00
sinn3r
b0ce2c0003
Merge branch 'master' of github.com:rapid7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 16:24:27 -05:00