39f0359fa4
Land #2061 , @wchen-r7's fix to make bitcoin_jacker use post mixins
2013-07-06 00:14:14 -05:00
23d2bfc915
add more author
2013-07-06 11:52:16 +07:00
b8354d3d6c
Added MediaCoder exploit module
2013-07-06 11:07:11 +07:00
ca4e11c112
Use check_other more
2013-07-05 12:38:38 -05:00
98f49758af
Don't need this line
2013-07-05 12:34:26 -05:00
d3000c0066
These funcs want 'filename'
2013-07-05 12:29:16 -05:00
353db0884d
Use expand_path from Msf::Post::File
2013-07-05 12:26:59 -05:00
18e5831ca8
Don't use begin/rescue to shut errors up and call it "file not found"
2013-07-05 12:22:05 -05:00
dc90904e50
Avoid misleading error
2013-07-05 12:12:30 -05:00
bcf6d11442
Land #2049 , @wchen-r7's had_pid? method work
2013-07-05 11:19:11 -05:00
ad94f434ab
Avoid a fix address for the final userland payload
2013-07-05 10:21:11 -05:00
9b7567cd0f
Land #2071 , @wchen-r7's patch to use the Msf::Post::Windows::Process mixin
2013-07-05 10:19:56 -05:00
a7d110367a
Land #2064 , @wchen-r7's fix for access uninitialized variable on enum_services
2013-07-05 09:30:23 -05:00
b9dd3df05f
Land #2068 , @wchen-r7's fix to initialize variables on windows_autologin module
2013-07-05 09:09:17 -05:00
4ed6a4d8d1
Land #2062 , @wchen-r7's fix to avoid redundant check
2013-07-05 08:51:05 -05:00
1ad4482ce2
Land #2069 , @wchen-r7's patch to print info when using store_loot
2013-07-05 08:35:57 -05:00
c459b0e937
Land #2045 , @wchen-r7's fix for memory_grep module
2013-07-05 08:16:47 -05:00
e96a5d0237
Fixed a "NameError uninitialized constant" error.
...
On startup of msfconsole, the following error occurred:
modules/exploits/freebsd/local/mmap.rb: NameError uninitialized constant Msf::Post::Common
The addition of a corresponding 'require' line removed that error.
Signed-off-by: Thorsten Fischer <thorsten@froschi.org>
2013-07-05 11:56:15 +02:00
2a32b59c88
Forgot to change var 'filename'
2013-07-05 01:37:35 -05:00
84050241f0
Fix target ID
2013-07-05 01:25:08 -05:00
1352731062
Make heap grep optional
2013-07-05 00:57:25 -05:00
8772cfa998
Add support for PLESK on php_cgi_arg_injection
2013-07-04 08:24:25 -05:00
a52d38f359
Land #2052 - Fix regex
2013-07-03 16:55:07 -05:00
226f4dd8cc
Use execute_shellcode for novell_client_nicm.rb
2013-07-03 13:57:41 -05:00
f9cfba9021
Use execute_shellcode for novell_client_nwfs.rb
2013-07-03 13:55:50 -05:00
6cb53583b7
Make msftidy happy
2013-07-03 12:42:37 -05:00
61c85b10d3
Add final cleanup for #2012
2013-07-03 12:41:12 -05:00
4a076e0351
Land #2012 , @morisson improve for sap_router_portscanner
2013-07-03 12:39:59 -05:00
ff49cc1c4f
[SeeRM:#8135] - Be able to show where store_loot saves a file
...
If you don't print where store_loot saves the file, it can be a
pain in the butt to find it sometimes.
2013-07-03 12:29:01 -05:00
70c472fb7e
[FixRM:#8134] - Handle registry_getvaldata return value properly
...
registry_getvaldata can return nil, can't always assume it's
gonna throw a string.
2013-07-03 12:23:14 -05:00
c37884c6c7
Land #2066 , use Rex instead of Base64
2013-07-03 12:21:06 -05:00
f3f3a8239e
Land #2043 , @ricardojba exploit for InstantCMS
2013-07-03 12:11:30 -05:00
1064c050de
[FixRM:#8132] - Fix undefined method '+' in total_commander.rb
...
The return value of registry_getvaldata can return nil when a
RequestError occurs, so you can't always assume it's gonna throw
you a string.
2013-07-03 12:10:23 -05:00
27653b661f
[FixRM:#8131] & [FixRM:#8133] - Fix Base64 func usage
...
Instead of using Base64, these modules should use Rex.
2013-07-03 12:06:12 -05:00
7ef5695867
[FixRM:#8129] - Remove invalid metasploit.com references
...
These "metasploit.com" references aren't related to the vulns,
shouldn't be in them.
2013-07-03 11:52:10 -05:00
c40a605495
[FixRM:#8129] - Fix undefined method error in enum_services.rb
...
srv_conf may not have the 'Startup' key because it's only assigned
in service_info() when srvstart is 4, therefore it's possible to
cause an undefined method 'downcase' error.
2013-07-03 11:44:28 -05:00
c07e65d16e
Improve and clean instantcms_exec
2013-07-03 11:37:57 -05:00
6198409e71
[FixRM:#8127] - Remove junk code that checks ARTIFACTS again
...
ARTIFACTS uses OptPath, which already checks the path. We don't need
to do this again.
2013-07-03 11:33:25 -05:00
944761a1dc
[FixRM:#8126] - Use functions from Msf::Post::File
...
Some functions already exist in Msf::Post::File, should use them.
2013-07-03 11:30:05 -05:00
864f4e9d37
post/local_admin_search_enum~Regex fails,module 2
...
If the regex fails then the entire moudle would too
2013-07-03 00:43:08 +01:00
2a6056fd2a
exploits/s4u_persistence~Fixed typos+default values
2013-07-03 00:38:50 +01:00
a74f706bdb
These modules should check PID before using it
2013-07-02 14:48:04 -05:00
dd876008f9
Update instantcms_exec.rb
2013-07-02 17:26:14 +01:00
76a9abfd4e
Fix last print_ message format
2013-07-02 11:17:16 -05:00
e9441f540e
Land #2048 , @todb-r7 fix for print_* messages on the ipmi work
2013-07-02 11:16:11 -05:00
2ceb404f7d
Land #2047 , @hmoore-r7 ipmi related work
2013-07-02 11:13:25 -05:00
2fbea86884
IPMI scanners should mention IPMI in their messages
2013-07-02 10:44:42 -05:00
d668a20820
Use rport instead of datastore['RPORT']
2013-07-02 10:29:25 -05:00
1d87530e67
Add some verbosity on IPMI version scanning
2013-07-02 10:25:40 -05:00
1110aefe49
Land #2038 , @modpr0be exploit for ABBS Audio Media Player
2013-07-01 23:20:50 -05:00
2e5398470b
remove additional junk, tested and not needed
2013-07-02 09:23:42 +07:00
6815eef8f4
Fix multiple issues with memory_grep
...
This fixes the following:
[FixRM:#8118] - Allows the module to be able to enumerate from
multiple processes with the same name.
[FixRM:#8120] - Allows the module to be able to actually read data
from the heap.
2013-07-01 18:57:00 -05:00
1865e6c19d
Fix requrires for enable_support_account
2013-07-01 16:22:39 -05:00
dafa333e57
Update instantcms_exec.rb
2013-07-01 22:03:37 +01:00
be1a0d3cae
Land #2041 , title and description cleanup
2013-07-01 15:55:13 -05:00
bc24f99f8d
Various description and title updates
2013-07-01 15:37:37 -05:00
1c6657ee86
Land #2034 , @wchen-r7's patch for memory_grep
2013-07-01 13:34:57 -05:00
9b8bfa6290
change last junk from rand_text_alpha_upper to rand_text
2013-07-01 23:49:19 +07:00
c631778a38
make a nice way to fill the rest of buffer
2013-07-01 23:39:08 +07:00
760133d878
Error on line 60
2013-07-01 12:04:03 -04:00
dbce1b36e5
Land #2036 - CVE-2013-3660
...
Thx Tavis, Keebie4e, and Meatballs
2013-07-01 10:55:51 -05:00
4cd08966ff
added InstantCMS 1.6 PHP Code Injection
2013-07-01 11:44:47 -04:00
478beee38b
remove unnecessary option and make msftidy happy
2013-07-01 18:51:47 +07:00
f16d097c00
clean version, tested on winxp sp3 and win7 sp1
2013-07-01 18:35:50 +07:00
43c4f07e06
Use "unless"
...
Guidelines favor "unless".
2013-06-30 18:32:15 -05:00
62b62f4e9d
Fix bad hash detection
2013-06-30 15:57:47 -05:00
cca071ff55
Rework to reduce open fds, remove bugs, handle null user
2013-06-30 15:32:33 -05:00
e0ae71e874
minor fixing in the exploit module description
2013-07-01 03:27:06 +07:00
007fddb6bf
remove SEH function, not needed
2013-07-01 03:13:20 +07:00
1e4b69ab03
Added abbs amp exploit module
2013-07-01 03:08:22 +07:00
6b3178a67b
Fix EOL spaces
2013-06-30 14:38:30 -05:00
ad4f15daed
Switch to UDPScanner mixin, trim this down, add reporting
2013-06-30 14:36:51 -05:00
867eed7957
Make msftidy happy
2013-06-30 10:01:40 -05:00
db00599d44
Move carberp_backdoor_exec to unix webapp exploits foler
2013-06-30 10:00:14 -05:00
79fb381412
Landing #2035 , @bwall exploit for carberp control panel
2013-06-30 09:58:47 -05:00
8e4dd29a4c
Add cipher zero scanner
2013-06-30 02:35:37 -05:00
520a78e2c8
Add final cleanup for enable_support_account
2013-06-29 23:30:29 -05:00
df88ace6d1
Land #1989 , @salcho's post module for enable windows support account
2013-06-29 23:29:16 -05:00
1e21f0e2aa
Updated output formats, top 1000 passwords
2013-06-29 22:01:25 -05:00
8717a3b7d8
using post mixins, fixed checks, module renamed
2013-06-29 15:44:36 -05:00
00bf9070aa
using post mixins, fixed checks, module renamed
2013-06-29 15:41:36 -05:00
d990c7f21f
Dat line
2013-06-29 09:46:36 -07:00
ec7c9b039a
Further refactoring requested
2013-06-29 09:45:22 -07:00
a2b8daf149
Modify fail message when exploitation doen't success
2013-06-29 10:45:13 -05:00
a5c3f4ca9b
Modify ruby code according to comments
2013-06-29 08:54:00 -05:00
8542342ff6
Merge branch 'carberp_backdoor_exec' of git@github.com:bwall/metasploit-framework.git into carberp_backdoor_exec
2013-06-28 22:45:03 -07:00
b8cada9ab0
Applied some refactoring to decrease line count
2013-06-28 22:44:23 -07:00
427e26c4dc
Fix current_pid
2013-06-28 21:36:49 -05:00
32ae7ec2fa
Fix error description and bad variable usage
2013-06-28 21:30:33 -05:00
fb67002df9
Switch from print_error to print_warning
2013-06-28 21:29:20 -05:00
3ab948209b
Fix module according to @wchen-r7 feedback
2013-06-28 20:44:42 -05:00
00416f3430
Add a new print_status
2013-06-28 18:23:49 -05:00
7725937461
Add Module for cve-2013-3660
2013-06-28 18:18:21 -05:00
9486364cc4
Added Steven K's email
2013-06-28 15:31:17 -07:00
82eed1582f
No need for the 2nd element
2013-06-28 17:05:43 -05:00
fe0e16183c
Carberp backdoor eval PoC
2013-06-28 14:47:13 -07:00
a7ee95381b
Updates module description, and uses the proper func for hex dump
...
As an user, it's important to know that using this module may result
a lost session because it must migrate to grep memory, but does not
migrate back.
The module also has its own hex dump routine, which is no longer
needed because we have a built-in Rex::Text.to_hex_dump
2013-06-28 16:28:00 -05:00
f158e421fa
Add requires for pptp_tunnel
2013-06-28 10:07:52 -05:00
3c1af8217b
Land #2011 , @matthiaskaiser's exploit for cve-2013-2460
2013-06-26 14:35:22 -05:00
e4fb5b327f
Land #2028 , update references for multiple modules
2013-06-26 10:18:27 -05:00
jvazquez-r7
modpr0be
sinn3r
Thorsten Fischer
William Vu
g0tmi1k
Ricardo Almeida
Tod Beardsley
James Lee
HD Moore
salcho
Brian Wallace
(B)rian (Wall)ace