ef4a019b20
Quantum DXi V1000 SSH private key exposure
2014-03-17 14:15:00 +07:00
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
68205fa43c
Actually use the argument
2014-03-04 11:30:42 -06:00
15345da9d8
remove the wget module, remove the cmd stuff, testing bind stuff ahead
2014-02-28 22:44:26 +01:00
2935f4f562
CMD target
2014-02-24 18:12:23 +01:00
0126e3fcc8
cleanup
2014-02-23 21:17:32 +01:00
dbbd080fc1
a first try of the cmd stager, wget in a seperated module included
2014-02-23 20:59:17 +01:00
3a8de6e124
replaced rhost by peer
2014-02-18 21:01:50 +01:00
66e2148197
linksys themoon command execution exploit
2014-02-18 19:43:47 +01:00
4dda7e6bad
linksys themoon command execution exploit
2014-02-18 19:42:50 +01:00
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
1236a4eb07
Fixup on description and some option descrips
2014-02-10 14:41:59 -06:00
c96116b193
Land #2949 - Add module Kloxo SQLi
2014-02-08 13:45:11 -06:00
c679b1001b
Make pring_warning verbose
2014-02-07 10:23:07 -06:00
4236abe282
Better SIGHUP handling
2014-02-06 15:21:54 -06:00
fdb954fdfb
Report credentials
2014-02-05 14:37:33 -06:00
631559a2e8
Add module for Kloco SQLi
2014-02-05 14:18:56 -06:00
50f860757b
Changes made to pandora_fms_exec module as requested
2014-02-03 14:10:27 +07:00
9a929e75e4
Added Pandora FMS RCE
2014-01-29 12:46:23 +07:00
a7fa4e312b
This module fails to load due to the missing end
2014-01-24 17:56:47 -06:00
cdc425e4eb
Update some checks
2014-01-24 12:08:23 -06:00
0a10c1297c
Address nil
2014-01-23 11:00:28 -06:00
333229ea7e
Throw Unknown if connection times out
2014-01-23 10:54:45 -06:00
c83053ba9b
Progress
2014-01-22 11:20:10 -06:00
646f7835a3
Saving progress
2014-01-21 17:14:55 -06:00
272fe5ddfd
Delete debug comments
2014-01-16 16:12:12 -06:00
8213eed49f
Delete Netgear N150 target, ist's a Netgear DGN1000 model
2014-01-16 15:14:31 -06:00
139119d32c
Add Manual targets to sercomm_exec
2014-01-16 12:44:26 -06:00
0922aef8d1
Update module description
2014-01-16 11:16:11 -06:00
b7b1ddf1e8
Sercomm Exploit module fixes
...
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
2014-01-13 16:58:32 -05:00
24c57b34a7
Have into account endianess
2014-01-13 15:04:23 -06:00
671027a126
Pre-release title/desc fixes
2014-01-13 13:57:34 -06:00
9d14dd59eb
Delete parentheses
2014-01-09 15:17:13 -06:00
85203c2f2a
Land #2823 , @mandreko's exploit module for OSVDB 101653
2014-01-09 10:27:44 -06:00
40d2299ab4
Added tested device
2014-01-09 10:46:14 -05:00
c50f7697a5
Merge branch 'review_2823' of https://github.com/jvazquez-r7/metasploit-framework into sercomm_exec
2014-01-09 10:39:12 -05:00
bbaaecd648
Delete commas
2014-01-09 08:01:11 -06:00
5e510dc64c
Add minor fixes, mainly formatting
2014-01-09 07:51:42 -06:00
ed6723655d
Code Review Feedback
...
Fixed some handling of errors and invalid hosts
2014-01-09 08:44:01 -05:00
d2458bcd2a
Code Review Feedback
...
Migrated the Sercomm module to use the CmdStager mixin to provide
uploading of the ELF binary.
Modified the CmdStagerEcho mixin to allow bypass of the "-en " since in
this case, the device messed up when it was used, and would actually
write the "-en " to the file, from some flaky busybox version of "echo".
2014-01-08 22:21:32 -05:00
590547ebc7
Modify title to avoid versions
2014-01-07 13:01:10 -06:00
c34af35230
Add wrt100 to the description and title.
...
* The wrt110 and wrt100 share the same firmware, and are both vulnerable to this
bug.
2014-01-07 10:26:15 -06:00
7f9f4ba4db
Make gsubs compliant with the new indentation standard
2013-12-31 11:06:53 -06:00
5ce862a5b5
Add OSVDB
2013-12-26 10:33:46 -06:00
163a54f8b1
Do send_request_cgi final clean up
2013-12-20 17:00:57 -06:00
af13334c84
Revert gsub!
2013-12-20 11:39:49 -06:00
1da961343a
Do final (minor) cleanup
2013-12-20 11:20:29 -06:00
929f3ea35c
Turn Auxiliary module into Exploit module
2013-12-20 16:45:38 +01:00
ec64382efc
Fix cfme_manageiq_evm_upload_exec according to chat with @rcvalle
2013-12-18 11:53:30 -06:00
a28ea18798
Clean pull request
2013-12-18 11:32:34 -06:00
21661b168b
Add cfme_manageiq_evm_upload_exec.rb
...
This module exploits a path traversal vulnerability in the "linuxpkgs"
action of "agent" controller of the Red Hat CloudForms Management Engine
5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier).
2013-12-09 16:18:12 -02:00
bf3489203a
I missed this one
2013-12-03 13:13:14 -06:00
230db6451b
Remove @peer for modules that use HttpClient
...
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
55847ce074
Fixup for release
...
Notably, adds a description for the module landed in #2709 .
2013-12-02 16:19:05 -06:00
fc14a6c149
Land #2576 - NETGEAR ReadyNAS Perl Code Evaluation Vulnerability
2013-11-24 00:47:14 -06:00
b5fc0493a5
Land #2642 - Fix titles
2013-11-18 12:14:36 -06:00
9e46975a95
Land #2643 , @ChrisJohnRiley SkipVersionCheck for exim4_dovecot_bannercheck
2013-11-18 11:28:07 -06:00
540b85df3f
Set SkipVersionCheck as not required
2013-11-18 11:27:32 -06:00
36db6a4d59
Land #2616 , SuperMicro close_window BOF
2013-11-15 11:34:53 -06:00
5bd5eacd77
Added option to ignore banner checks
2013-11-15 15:01:11 +01:00
2c485c509e
Fix caps on module titles (first pass)
2013-11-15 00:03:42 -06:00
2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
...
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints
[SeeRM #8498 ]
2013-11-11 21:23:35 -06:00
40f8e80775
Fix jlee-r7's feedback
2013-11-08 14:28:19 -06:00
b7e360922d
Update ranking
2013-11-07 15:10:26 -06:00
decf6ff6a0
Add module for CVE-2013-3623
2013-11-07 14:59:40 -06:00
9e30c58495
Blow away remnants of Local::Unix
2013-11-05 13:51:45 -06:00
36f96d343e
Revert "Revert "Land #2505" to resolve new rspec fails"
...
This reverts commit e7d3206dc9
2013-11-05 13:45:00 -06:00
c92e8ff98d
Delete extra space
2013-10-30 19:34:54 -05:00
9045eb06b0
Various title and description updates
2013-10-28 14:00:19 -05:00
dd094eee04
Use 443 by default with SSL
2013-10-24 16:30:26 -05:00
72f686d99a
Add module for CVE-2013-2751
2013-10-24 16:10:32 -05:00
2aed8a3aea
Update modules to use new ZDI reference
2013-10-21 15:13:46 -05:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
e7d3206dc9
Revert "Land #2505" to resolve new rspec fails
...
This reverts commit 717dfefead6430fa3354
2013-10-21 12:47:57 -05:00
cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow
2013-10-21 12:03:07 -05:00
9bfd98b001
Change plate
2013-10-21 11:54:42 -05:00
717dfefead
Land #2505 , missing source fix for sock_sendpage
2013-10-21 11:47:55 -05:00
7dd39ae5e6
Update ranking
2013-10-17 22:43:47 -05:00
a00a813649
Add real device libraries base addresses
2013-10-17 22:34:54 -05:00
3d3a7b3818
Add support for OSVDB 86824
2013-10-17 01:08:01 -05:00
ba2c52c5de
Fixed up some more weird splat formatting.
2013-10-16 16:25:48 -05:00
ed0b84b7f7
Another round of re-splatting.
2013-10-15 14:14:15 -05:00
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
63e40f9fba
Release time fixes to modules
...
* Period at the end of a description.
* Methods shouldn't be meth_name! unless the method is destructive.
* "Setup" is a noun, "set up" is a verb.
* Use the clunky post module naming convention.
2013-10-14 15:17:39 -05:00
75aaded842
Land #2471 , @pyoor's exploit for CVE-2013-5743
2013-10-14 14:03:28 -05:00
a6f17c3ba0
Clean zabbix_sqli
2013-10-14 14:01:58 -05:00
d929bdfaab
Re-fixing 8419, consistency is important.
2013-10-12 08:09:19 -04:00
dfe74ce36c
Factorize sock_sendpage
2013-10-11 13:40:01 -05:00
171b70fa7c
Zabbix v2.0.8 SQLi and RCE Module
...
Conflicts:
modules/exploits/linux/http/zabbix_sqli.rb
Commit completed version of zabbix_sqli.rb
2013-10-10 22:50:02 -04:00
b9b2c82023
Add some entropy
...
* Random filename
* Stop shipping debug strings to the exploit executable
Also makes the writable path configurable, so we don't always have to
use /tmp in case it is mounted noexec, etc.
2013-10-10 18:18:01 -05:00
9ca9b4ab29
Merge branch 'master' into data_dir
...
Conflicts:
lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
947925e3a3
Use a proper main signature with arguments
...
Allows us to `unlink(argv[0])`
2013-10-09 17:22:01 -05:00
c251596f0b
Fix some bugs in preparation for factorizing
...
* Stop removing \x0a characters with String#scan, which of course breaks
the shellcode
* Fork so the original session continues to work
2013-10-09 16:03:40 -05:00
0acb170ee8
Bug #8419 - Added platform info missing on exploits
2013-10-08 22:41:50 -04:00
4ba001d6dd
Put my short name to prevent conflicts.
2013-10-07 14:10:47 -05:00
ec6516d87c
Deprecate misnamed module.
...
* Renames to a linux linksys module.
2013-10-07 14:06:13 -05:00
fcba424308
Kill off EOL spaces on astium_sqli_upload.
2013-10-03 11:01:27 -05:00
c460f943f7
Merge branch 'master' into data_dir
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
plugins/sounds.rb
scripts/meterpreter/powerdump.rb
scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
23b0c3b723
Add Metasploit blog references
...
These modules have blogs from the Rapid7 community, we should add them.
2013-10-01 20:50:16 -05:00
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
813bd2c9a5
Land #2379 , @xistence's exploit for OSVDB 88860
2013-09-26 13:52:15 -05:00
c2ff5accee
stability fixes to astium_sqli_upload
2013-09-26 10:23:33 +07:00
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
8db1a389eb
Land #2304 fix post module require order
...
Incidentally resolve conflict on current_user_psexec to account for the
new powershell require.
2013-09-23 16:52:23 -05:00
4bff8f2cdc
Update descriptions for clarity.
2013-09-23 13:48:23 -05:00
1fc849bdd5
Land #2188 , @m-1-k-3's module for OSVDB 90221
2013-09-23 11:44:43 -05:00
71d74655f9
Modify description
2013-09-23 11:44:04 -05:00
0eb838156b
Land #2390 - Use payload.encoded because BadChars are defined
2013-09-19 22:10:55 -05:00
1a00cce8a9
Clean up
2013-09-19 11:51:07 -05:00
926ddf35bc
Fix possible collisions on binding port and handle rex socket
2013-09-19 08:23:25 -05:00
accad24f31
Use payload.encoded because BadChars are defined
2013-09-18 13:03:35 -05:00
61ab0e245c
Add Context to rex sockets plus track them with add_socket
2013-09-18 12:39:08 -05:00
1988085a94
Fix possible port conflict
2013-09-18 12:24:36 -05:00
adc1bd9c65
changes made to astium_sqli_upload based on suggestions
2013-09-18 16:52:31 +07:00
9a555d8701
Fix the modules added since the branch
2013-09-17 18:25:12 -05:00
150f0f644e
Merge branch 'rapid7' into bug/osx-mods-load-order
...
Conflicts:
modules/post/windows/gather/enum_dirperms.rb
2013-09-17 18:21:13 -05:00
82aa3f97b0
added Astium confweb 25399 RCE
2013-09-17 12:32:10 +07:00
b4b7cecaf4
Various minor desc fixes, also killed some tabs.
2013-09-16 15:50:00 -05:00
f89af79223
Correct OSVDB for sophos sblistpack exploit
2013-09-16 15:41:50 -05:00
c18c41d8ea
Don't hidde exceptions
2013-09-16 09:26:13 -05:00
86e5163cad
Fix Indentation and cleanup
2013-09-16 09:19:26 -05:00
62cf9cb07c
Retab changes for PR #2188
2013-09-16 09:09:16 -05:00
842dba20b9
Merge for retab
2013-09-16 09:08:36 -05:00
c665f41cd6
Fix description
2013-09-13 09:09:14 -05:00
ac90cd1263
Land #2248 - Fix dlink upnp exec noauth
2013-09-12 15:10:20 -05:00
5aa6a0dd6b
Land #2346 - Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
2013-09-12 14:19:02 -05:00
8db66aeb98
Yes, clearly it is.
2013-09-12 14:16:34 -05:00
bf40dc02ce
Add module for CVE-2013-4984
2013-09-09 23:27:24 -05:00
c3ff9a03d8
Add module for CVE-2013-4983
2013-09-09 23:26:10 -05:00
f780a41f87
Retab changes for PR #2248
2013-09-05 14:12:24 -05:00
554d1868ce
Merge for retab
2013-09-05 14:12:18 -05:00
845bf7146b
Retab changes for PR #2304
2013-09-05 13:41:25 -05:00
adf9ff356c
Merge for retab
2013-09-05 13:41:23 -05:00
896bb129cd
Retab changes for PR #2325
2013-09-05 13:24:09 -05:00
5ff25d8b96
Merge for retab
2013-09-05 13:23:25 -05:00
50c6f26329
Don't deregister PrependFork
2013-09-05 10:50:36 -05:00
b913fcf1a7
Add a proper PrependFork for linux
...
Also fixes a typo bug for AppendExit
2013-09-04 00:15:07 -05:00
84aaf2334a
Retab new material
2013-09-03 11:47:26 -05:00
0c1e6546af
Update from master
2013-09-03 11:45:39 -05:00
c4aa557364
Land #2292 - Fix the way to get a session over a telnet connection
2013-08-31 00:29:25 -05:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
63adde2429
Fix load order in posts, hopefully forever
2013-08-29 13:37:50 -05:00
feae4a41e7
I don't like end-of-line comments
2013-08-28 12:42:26 -05:00
0bfc12ada1
Fix the way to get a session over a telnet connection
2013-08-27 11:38:49 -05:00
93c46c4be5
Complete the Author metadata
2013-08-26 23:29:16 -05:00
e1e889131b
Add references and comments
2013-08-26 23:26:13 -05:00
63786f9e86
Add local exploit for taviso's vmware privesc
2013-08-26 21:06:40 -05:00
7b555679e6
Really delete the telnet target
2013-08-19 15:06:47 -05:00
d64c8748e8
Fix descriptions and names
2013-08-19 15:05:27 -05:00
xistence
William Vu
James Lee
Michael Messner
jvazquez-r7
Tod Beardsley
sinn3r
Matt Andreko
Joe Vennix
Markus Wulftange
Ramon de C Valle
Chris John Riley
jvazquez-r7
Joe Barrett
pyoor
Meatballs
Tab Assassin