6ea622c45e
reference updates
2013-06-26 09:44:56 -05:00
8d914a5a00
Land #2026 , @egypt's patch for write_file on freebsd
2013-06-26 08:25:02 -05:00
88a42aeffe
Land #2021 - Add SMTP open relay detection
2013-06-25 22:14:30 -05:00
7009748cf5
Fix module
2013-06-25 22:09:45 -05:00
3e929fb812
Use fixed `write_file` instead of re-implementing
2013-06-25 17:25:14 -05:00
2da278f151
fixed indent
2013-06-25 23:08:58 +01:00
7ba54e2ece
IIS requires a hello first
2013-06-25 15:43:58 -05:00
5c265c99d2
Clean jboss_seam_exec @cmaruti's collab
2013-06-25 14:09:30 -05:00
45a3e004c6
Land #1993 , @cmaruti changes for jboss_seam_exec
2013-06-25 14:07:10 -05:00
5b71013dde
reference updates
2013-06-25 13:41:22 -05:00
4fa789791d
Explain Ranking
2013-06-25 13:10:15 -05:00
127300c62d
Fix also ruby module
2013-06-25 12:59:42 -05:00
b32513b1b8
Fix CVE-2013-2171 with @jlee-r7 feedback
2013-06-25 10:40:55 -05:00
c829a7ec86
SMTP Open Relay scanner
2013-06-25 16:22:51 +01:00
c9a7372f9f
Land #2014 , @wchen-r7's exploit for CVE-2013-2171
2013-06-25 09:33:56 -05:00
d6374ddfff
Land #2020 , CVE and OSVDB update
2013-06-25 08:17:54 -05:00
55ea0cb3bd
Land #2019 , correct module naming style
2013-06-25 08:17:33 -05:00
4df943d1a2
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
ecfe083b0e
Correct module naming style
...
I was just looking at these modules on the web gui, and these names
need to be fixed to maintain style consistency.
2013-06-25 00:26:53 -05:00
795dd6a02a
Add module for OSVDB 93718
2013-06-24 23:51:28 -05:00
72847ee4c9
Land #2007 - Add local privilege escalation for ZPanel zsudo
2013-06-24 19:25:27 -05:00
d974e395e4
Add a check by checking uname
2013-06-24 15:54:41 -05:00
6b8e0605c0
Use FileDropper
2013-06-24 15:48:54 -05:00
be20a76be1
Remove 'Hash' string from the written output
2013-06-24 15:45:09 -05:00
24b7d19ecc
Fix target regex and wfsdelay
2013-06-24 14:56:43 -05:00
1801a5a270
Better HP iLO compatibility (retry on session ID error)
2013-06-24 14:23:53 -05:00
b86b4d955a
Make random strings also length random
2013-06-24 12:01:30 -05:00
6780566a54
Add CVE-2013-2171: FreeBSD 9 Address Space Manipulation Module
2013-06-24 11:50:21 -05:00
f7650a4b18
Fix wrong local variable
2013-06-24 11:35:26 -05:00
b3d90c68a4
Land #2008 - More OSVDB refs
2013-06-24 01:53:29 -05:00
8a96b7f9f2
added Java7u21 RCE module
...
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
593a99d76e
ipmi version scanner: fix probe method name
2013-06-24 01:38:17 -04:00
a920127f8c
reference updates for several modules
2013-06-23 20:43:34 -05:00
5b0092ff39
Land #2006 - Ref updates
2013-06-23 18:26:48 -05:00
7ab8485acc
output as table, added info on ports, added comment with default ports. msftidy cleanup.
2013-06-23 23:59:31 +01:00
3cfcdfca9e
output as table, added info on ports, added comment with default ports
2013-06-23 23:52:48 +01:00
9f5eceec10
minor cleanups
2013-06-23 17:55:38 +01:00
6672679530
Add local privilege escalation for ZPanel zsudo abuse
2013-06-23 11:00:39 -05:00
c869112407
Cleanup, reporting, and automatic cracking
2013-06-23 01:35:31 -05:00
5656e0cb7a
Initial commit of IPMI library, scanner, & cracker
2013-06-22 23:38:28 -05:00
e969cbb0bb
added INSTANCES option, and support for it on PORTS
2013-06-22 23:09:59 +01:00
e9883fe5b9
Land #2005 , @wchen-r7's exploit for ZPanel htpasswd
2013-06-22 13:24:23 -05:00
427f063c48
fix formatting
2013-06-22 07:32:29 -05:00
1e25dedb66
fix formatting
2013-06-22 07:31:47 -05:00
14850cd387
reference updates for multiple modules
2013-06-22 07:28:04 -05:00
de659326ce
Land #2003 - Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation
2013-06-21 21:52:32 -05:00
5de7fff685
Credit
2013-06-21 21:38:40 -05:00
339f2a5c83
Hmmm, one extra ','
2013-06-21 21:29:17 -05:00
8d422c9a39
Forgot to randomize the fake pass and remove the payload during testing
2013-06-21 21:27:11 -05:00
e7d75d6d16
Add OSVDB-94038: ZPanel htpasswd Module Username Command Execution
2013-06-21 21:03:10 -05:00
afa0e6c42a
Use CmdStagerVBS instead of CmdStagerTFTP
...
By using `php.exe` as stager, the bad characters can be completely
bypassed. This allows the use of the CmdStagerVBS, which should be
working on all supported Windows systems.
2013-06-22 01:13:03 +02:00
f106b6db50
Add comment with the component version
2013-06-21 17:38:30 -05:00
5fe9a80bf0
Add module for OSVDB 46578
2013-06-21 17:31:40 -05:00
469d7b968f
Land #1997 , @wchen-r7's brute forcer login for HP SMH
2013-06-20 23:56:24 -05:00
36c3460911
changed reference
2013-06-20 18:02:25 -05:00
c1994db2a7
shorter title, included msf::post mixins, added reference and overall readability
2013-06-20 17:42:38 -05:00
589b4be384
Land #1999 , zsh bind shell
2013-06-20 13:51:48 -05:00
86fc101c1f
Add payload module bind zsh
...
For #1984
2013-06-20 13:45:02 -05:00
660c97f512
Add module for reverse zsh payload
...
For #1985
2013-06-20 13:40:17 -05:00
64cfda8dad
Final
2013-06-20 13:28:12 -05:00
bfb78e001a
Add HP System Management Homepage Login Utility
2013-06-20 12:54:03 -05:00
4cc1f2440d
Land #1996 , references for several modules
2013-06-20 11:32:55 -05:00
322ba27f0f
re-order refs
2013-06-20 11:17:23 -05:00
22026352e6
Land #1995 , OSVDB reference for Gitorious
2013-06-20 10:51:51 -05:00
e4cbd4b174
Land #1994 , OSVDB reference for JBoss
2013-06-20 10:51:28 -05:00
66f4424202
fix formatting
2013-06-20 10:41:14 -05:00
f78b4d8874
modified according to jvazquez-r7 feedback
2013-06-20 16:29:42 +02:00
4846a680db
modified according to jvazquez-r7 feedback
2013-06-20 16:19:43 +02:00
8e64bf3d16
modified according to jvazquez-r7 feedback
2013-06-20 16:15:28 +02:00
a3a5dec369
add osvdb ref 94441
2013-06-20 08:03:34 -05:00
abea7e6a47
add osvdb ref 76389
2013-06-20 07:55:50 -05:00
cab20062a4
add osvdb ref 84706
2013-06-20 07:38:34 -05:00
a824a0583e
add osvdb ref 89059
2013-06-20 07:34:15 -05:00
89f649ab99
add osvdb ref 89026
2013-06-20 07:28:29 -05:00
2b55e0e0a6
add osvdb ref 64171
2013-06-20 07:17:22 -05:00
d19bd7a905
add osvdb 85739, cve 2012-5159, edb 21834
2013-06-20 07:01:59 -05:00
6cc7d9ccae
add osvdb ref 85446 and edb ref 20500
2013-06-20 06:54:06 -05:00
ee21120c04
add osvdb ref 85509
2013-06-20 06:47:10 -05:00
ade970afb8
add osvdb ref 89322
2013-06-20 06:44:22 -05:00
42690a5c48
add osvdb ref 77492
2013-06-20 06:38:47 -05:00
0dca5ede7e
add osvdb ref 78480
2013-06-20 06:07:08 -05:00
29bc169507
add osvdb ref 64171
2013-06-20 06:00:05 -05:00
a5332e5ed2
Module was updated to support WebSphere AS running seam-2.
...
msf auxiliary(jboss_seam_exec) > run
[*] Found right index at [0] - getRuntime
[*] Index [1]
[*] Index [2]
[*] Index [3]
[*] Index [4]
[*] Index [5]
[*] Found right index at [6] - exec
[*] Index [7]
[*] Index [8]
[*] Index [9]
[*] Index [10]
[*] Index [11]
[*] Index [12]
[*] Index [13]
[*] Index [14]
[*] Index [15]
[*] Index [16]
[*] Index [17]
[*] Index [18]
[*] Index [19]
[*] Index [20]
[*] Index [21]
[*] Index [22]
[*] Index [23]
[*] Index [24]
[*] Target appears VULNERABLE!
[*] Sending remote command:pwd
[*] Exploited successfully
[*] Auxiliary module execution completed
2013-06-20 12:17:07 +02:00
8dfe9b5318
Add login feature
2013-06-20 04:16:23 -05:00
ebde05b783
Improve check
2013-06-20 03:18:33 -05:00
20621d17de
Add CVE-2013-3576 - HP System Management Homepage exploit
2013-06-20 03:08:42 -05:00
df27e3e76c
Land #1991 , OSVDB reference for Canon
2013-06-19 23:17:30 -05:00
55312529d2
add osvdb ref 94417
2013-06-19 23:13:45 -05:00
494ee160af
Fix indent
2013-06-19 23:12:12 -05:00
2d99c46414
Land #1990 , @wchen-r7's exploit for Libretto CMS
2013-06-19 23:11:34 -05:00
079477c57d
Commit final version
2013-06-19 20:35:24 -05:00
db935498ab
admin_me modified according to msftidy
2013-06-19 18:14:32 -05:00
8afbcd6931
added admin_me.rb as post->manage script
2013-06-19 17:54:13 -05:00
62b23bc594
Initial (incomplete) commit
2013-06-19 16:59:15 -05:00
81b4efcdb8
Fix requires for PhpEXE
...
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
f91719bf80
Do final cleanup for pptp_tunnel
2013-06-19 14:21:48 -05:00
3e31d2c97a
Land #1820 , @bmerinofe post module for pptpd mitm
2013-06-19 14:19:50 -05:00
d347be35e9
Land #1986 - Restores MoinMoin during exploitation
2013-06-19 12:14:10 -05:00
1a06003ac8
Land #1983 , @wchen-r7's havalite exploit
2013-06-19 11:58:13 -05:00
a894dc83c2
Try restore also at exploiting time
2013-06-19 11:35:52 -05:00
7b0977f897
Change base path
2013-06-19 11:33:45 -05:00
f0c81ed3cc
Correct disclosure date
2013-06-19 03:00:32 -05:00
67593d6ef4
Eh, PHP, not "php"
2013-06-19 02:34:49 -05:00
9c3bd12613
If I can't write, I want to know.
...
It's possible that the upload directory doesn't allow write, the
module should be aware of that. Other reasons may be possible.
2013-06-19 02:32:30 -05:00
19d868748d
Final version
2013-06-19 02:21:01 -05:00
90cad4b7fb
Land #1980 - Canon Printer Wireless Configuration Disclosure
2013-06-18 19:09:38 -05:00
abc3951ca2
Final touchup
2013-06-18 19:08:42 -05:00
6168eb7590
Land #1981 - Canon Wireless Printer Denial of Service
2013-06-18 19:04:48 -05:00
7d15dc379d
Make msftidy happy
2013-06-18 19:04:03 -05:00
5c1822ea17
Initial commit for havalite module
2013-06-18 19:00:42 -05:00
0533ca68dc
Added DoS result checking
...
Lowered the http timeout
2013-06-18 19:48:21 -04:00
8c28631d4b
Fixed the date format
...
Removed the rport option
These are items that were code-review for my other related module, so
I figured they should be done here too
2013-06-18 12:17:50 -04:00
7f1a913bdc
Code Review Feedback from wchen
...
Fixed the disclosure date format
Removed the rport option
Added a call to report_note to store the data
2013-06-18 12:13:19 -04:00
b514124997
Land #1979 - OSVDB update
2013-06-18 10:42:09 -05:00
fbd16a2f3e
Land #1978 - OSVDB update
2013-06-18 10:41:33 -05:00
1e46f7df48
Land #1977 - OSVDB update
2013-06-18 10:40:55 -05:00
d0ed9a6687
Land #1976 - OSVDB update
2013-06-18 10:40:00 -05:00
aa134b0bcc
Land #1973 , @wchen-r7's fix to handle ftp auth correctly
2013-06-18 09:34:55 -05:00
e278ac5061
add osvdb ref 91841
2013-06-18 06:41:30 -05:00
404a9f0669
add osvdb ref 89594
2013-06-18 06:25:57 -05:00
27158d89c7
add osvdb ref 89105
2013-06-18 06:15:29 -05:00
2afc90a8de
fix typos
2013-06-18 06:05:45 -05:00
2c3181b56b
add osvdb ref 90627
2013-06-18 05:59:39 -05:00
6c2d99c2bc
Land #1972 , @wchen-r7's patch for [FixRM:#4704]
2013-06-17 23:17:22 -05:00
070111a520
Land #1975 - Add CVE-2012-6081 (MoinMoin twikidraw Action Traversal)
2013-06-17 22:31:36 -05:00
3223ea799c
An invalid WritablePage option can result the same message as well.
2013-06-17 22:30:44 -05:00
044bd2101f
Authenticate against the page to modify
2013-06-17 20:34:02 -05:00
4ca9a88324
Tidying up grammar and titles
2013-06-17 16:49:14 -05:00
d877e4d489
Added CVE and disclosure date
2013-06-17 17:41:50 -04:00
df8c80e3d1
Added CVE and disclosure date
2013-06-17 17:40:36 -04:00
0bd6ca2a6a
Add module for CVE-2012-6081
2013-06-17 16:13:55 -05:00
820f589df0
Missed this one.
2013-06-17 15:52:53 -05:00
163d3e771b
Handle connect_login return value properly
...
Some modules ignore connect_login's return value, which may result
an EOF if send_cmd() is used later on. All the modules fixed are
the ones require auth according to the module description, or
CVE/vendor/OSVDB info.
2013-06-17 15:48:34 -05:00
8bdd89f68b
[FixRM:#4704] - Fix EOFError in filezilla_server_port
...
If login fails, the module shouldn't continue sending commands to
the server, otherwise this causes an EOF.
2013-06-17 14:24:01 -05:00
b51349ed77
Land #1968 , OSVDB reference for ManageEngine
2013-06-17 10:30:05 -05:00
c5b6507437
Land #1967 , OSVDB and EDB references for Horde
2013-06-17 10:27:14 -05:00
fed6427f16
Land #1884 , @morrisson's saprouter port scanner module
2013-06-17 08:38:10 -05:00
e37a0b871f
add osvdb ref 86562
2013-06-17 06:04:54 -05:00
6e57ecab59
add osvdb ref 79246 and edb ref 18492
2013-06-17 05:58:00 -05:00
e17ccdda3a
add osvdb ref 68662
2013-06-16 18:11:13 -05:00
d20f72a9fd
Fix indentation
2013-06-16 15:18:19 -05:00
f478eb51cf
s/disable/disabled/
2013-06-16 21:27:45 +02:00
3cd94f5025
Do final cleanup for infovista_enum
2013-06-16 11:50:40 -05:00
c243ed1be3
Land #1962 , @juushya infovista brute force module
2013-06-16 11:49:45 -05:00
fd026c5b34
Added References and Disclosure Date
2013-06-15 18:31:20 -04:00
3923bbeee9
Update
2013-06-15 18:28:58 -04:00
0494ac9218
Added Canon Wireless Printer DoS module
2013-06-15 18:23:04 -04:00
852fc33c13
Added feedback, cleanup, and simplified modes
2013-06-15 17:16:10 +01:00
0cf2751ec1
Land #1965 , OSVDB reference for pBot
2013-06-15 07:39:25 -05:00
d35dd73328
add osvdb ref 84913
2013-06-15 07:30:23 -05:00
638175a6be
Land #1964 , OSVDB reference for StorageWorks
2013-06-15 07:27:43 -05:00
0c6157694f
add osvdb ref 82087
2013-06-15 07:22:32 -05:00
6e8b844954
add osvdb ref 89611
2013-06-15 07:12:44 -05:00
63483a979d
add osvdb ref 89611
2013-06-15 07:09:26 -05:00
ba59434261
added infovista module
2013-06-15 17:16:26 +05:30
bd17e67f75
Land #1960 , lower ranking for MS13-009
2013-06-14 15:28:06 -05:00
2abf70a1ca
Lower ranking for MS13-009
...
We haven't been able to make this one more reliable, so todb suggests
we lower the ranking first.
2013-06-14 15:24:43 -05:00
d35c3469e8
Fix typo
...
EDB reference
2013-06-14 15:16:20 -05:00
7a11077834
Land #1923 , @juushya's module for rfcode brute forcing
2013-06-14 13:36:14 -05:00
0d384d23b8
Land #1954 - Fix resource_uri and mp4 file path
2013-06-14 13:15:17 -05:00
933ac88b44
Missing the file param that's needed to download the mp4
2013-06-14 13:13:48 -05:00
ae027a9efb
Final cleanup for rfcode_reader_enum
2013-06-14 13:09:48 -05:00
d2df3234f4
Land #1955 - mozilla_mchannel.rb undefined agent variable
2013-06-14 11:14:20 -05:00
223807d0df
Land #1956 - fix regex error for mozilla_reduceright.rb
2013-06-14 11:09:49 -05:00
6fbb782ada
Clean sap_router_portscanner
2013-06-13 10:08:44 -05:00
6188df1b3a
added note :type - Info. This is mandatory field for report_note. also, vprint statements seem to be adding an extra space with a hyphen. kinda make print dis-aligned than other regular print_* statements. changed -> to -, removed ' from '#{user/pass}'. works fine. msftidy check. module load check. pcap taken.
2013-06-13 14:03:55 +05:30
871f1b7c1f
updated prints with ip-port reference. msftidy check. module load check. go rf reader..
2013-06-12 00:53:58 +05:30
736bf120d9
added sname in report data, corrected :host to rhost, :port to rport. msftidy check. module load check. upping it.
2013-06-12 00:25:50 +05:30
5c078f5139
added report_note to store collected info. removed register rport for 80t. msftidy & module load checked. pushing it up.
2013-06-11 12:57:26 +05:30
ca0ab8d6ee
maxthon_history_xcs.rb - fix User-agent string
...
request.headers['User-agent'] is incorrect, it should be
request.headers['User-Agent'].
Downloaded following version from oldapps.com to confirm
the exploit code is wrong.
Supported Systems Windows 98, 2000 (Maxthon 2.5.15 Build
1000), XP, Vista, 7, 8
MD5 Checksum F3791637C886A46940876211209F82F4
SHA1 Checksum 039BB218245E5DC1BAB0F57298C68AC487F86323
Release Date 20 October, 2011 (2 years ago )
2013-06-11 13:37:21 +10:00
69c25014ae
Make msftidy happy
2013-06-13 18:58:38 -05:00
44ff3ec8d9
Land #1953 , @wchen-r7's fix around fileformat
2013-06-13 18:56:48 -05:00
12801430e3
Update both ultraiso files to the right fix
2013-06-13 18:44:19 -05:00
fd74390952
Clean monkey_headers
2013-06-13 18:07:35 -05:00
73aff97053
Land #1950 - Monkey HTTPD Header Parsing Denial-of-Service
...
This is the reviewed/updated version of pull request #1950 . We're
landing this one instead because the other one has a lot of
unnecessary commit messages.
2013-06-13 15:56:34 -05:00
0440c03c7a
Land #1934 - Fix UltraISO Exploit File Creation
2013-06-13 13:57:09 -05:00
81813a78fc
Fix module Name
2013-06-13 11:55:23 -05:00
afb2f83238
Add module for CVE-2012-1533
2013-06-12 14:40:53 -05:00
c38eabe481
Fix description, code and perform test
2013-06-12 11:07:03 -05:00
5c8053491f
Add DEP bypass for ntdll ms12-001
2013-06-12 10:41:05 -05:00
a1c7961cbc
Suport js obfuscation for the trigger
2013-06-12 08:06:12 -05:00
5240c6e164
Add module for MS13-037 CVE-2013-2551
2013-06-12 07:37:57 -05:00
45da645717
Update ff svg exploit description to be more accurate.
2013-06-11 12:12:18 -05:00
2874aead2e
Land #1938 - Change sevone_enum because it's an Scanner
2013-06-11 11:42:18 -05:00
0578572d98
Change sevone_enum because it's an Scanner
2013-06-11 08:51:15 -05:00
081baad68c
Remove variable 'overflow' because it's not used
...
The 'overflow' variable isn't needed
2013-06-11 02:26:45 -05:00
4e41e871bb
mozilla_reduceright.rb - fix regex error.
...
[] is character class, and will match on 1, 6, 7, and |.
Where as (16|17) will match on either 16, or 17.
irb(main):053:0> y = /Firefox\/3\.6\.[16|17]/
=> /Firefox\/3\.6\.[16|17]/
irb(main):054:0> x = "Firefox/3.6.13"
=> "Firefox/3.6.13"
irb(main):055:0> x =~ y
=> 0
irb(main):056:0> y = /Firefox\/3\.6\.(16|17)/
=> /Firefox\/3\.6\.(16|17)/
irb(main):057:0> x =~ y
=> nil
2013-06-11 11:52:27 +10:00
996171b35f
mozilla_mchannel.rb undefined agent variable
...
If the TARGET is chosen instead of using the default
automatic, the agent variable will be undefined, which
causes the exploit to fail.
2013-06-11 10:43:47 +10:00
d91b412661
adobe_flash_sps.rb - resource_uri vs get_resource
...
resource_uri will randomize the returned uri unless
datastore['URIPATH"] is set.
get_resource will return the currently used reosurce_uri
Since the incorrect type is used, this exploit is completely broken.
Tested fix with both URIPATH set to / and unset, and it works after
redirect.
2013-06-11 07:13:02 +10:00
5b61f99ee6
Land #1933 - Update smart_hashdump Regular Expressions for Win 8 & 2012
2013-06-10 13:28:04 -05:00
0c6dbe9885
Add final cleanup for sevone_enum
2013-06-10 13:16:22 -05:00
6765a911a4
Land #1921 , @juushya brute force login module for SevOne
2013-06-10 13:15:14 -05:00
622dc27d95
Land #1925 - fix SNMP enum module failing to catch some fail cases
...
[FixRM:#7945]
2013-06-10 12:51:02 -05:00
72a9c8612b
setting rfcode_reader_enum straight. more updates.
2013-06-10 22:57:00 +05:30
5c988d99fe
more updates to sevone.rb. hopefully all is covered..
2013-06-10 21:59:18 +05:30
0895184e1f
Land #1932 - Actually support OUTPUTPATH datastore option
2013-06-10 11:22:28 -05:00
04171c46ec
more updates to sevone.rb. hopefully all is covered.
2013-06-10 21:47:56 +05:30
f58e279066
Cleanup on module names, descriptions.
2013-06-10 10:52:22 -05:00
3fbbe3e7b3
Make msftidy happy
2013-06-10 08:16:15 -05:00
3c05cf4382
Land #1842 , @viris DoS module for cve-2013-0229
2013-06-10 08:15:45 -05:00
Steve Tornio
jvazquez-r7
sinn3r
James Lee
Bruno Morisson
zyx2k
William Vu
HD Moore
Matthias Kaiser
RageLtMan
Markus Wulftange
salcho
Cristiano Maruti
Matt Andreko
Tod Beardsley
root
KarnGaneshen
Ruslaideemin
Joe Vennix