infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,761 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

236 Commits (61ec07a10c45ddcb187bad4d3a1864ac8ad2593f)

Author SHA1 Message Date
sinn3r 2b13330483 Merge pull request #376 from wchen-r7/wikkawiki 
Add CVE-2011-4449
 2012-05-10 10:13:56 -07:00
sinn3r 6e8c3ad1e3 It's "inject", not "upload"... because technically that's what really happens. 2012-05-10 12:06:02 -05:00
sinn3r c69e34d407 Update description 2012-05-10 12:02:55 -05:00
sinn3r 86c3ad5e0c Add CVE-2011-4449 2012-05-10 11:57:40 -05:00
Jeff Jarmoc e1156834b9 Lots of encoding randomizations for php_cgi_arg_injection 2012-05-09 14:13:21 -05:00
Jeff Jarmoc 4909d8073a Added lots or encoding randomness 2012-05-09 11:01:15 -05:00
Steve Tornio cef2da6110 add osvdb ref 2012-05-05 10:13:42 -05:00
James Lee 18a44148dc Randomize case for ini true/false values 2012-05-04 17:32:32 -06:00
HD Moore 423437c620 Woops, small typo in disable_functions 2012-05-04 12:17:41 -05:00
HD Moore c6b39e8e5c Add additional definitions to disable safe_mode, open_basedir, suhosin. (thanks @i0n1c) 2012-05-04 12:15:46 -05:00
HD Moore 2ce3558bb4 Bump the rank 2012-05-04 10:19:37 -05:00
HD Moore bed4846763 A little more module cleanup 2012-05-04 10:06:18 -05:00
HD Moore d668e2321d Rename this to a more suitable location 2012-05-04 09:59:40 -05:00
sinn3r 5bebd01eb0 Tabs vs spaces war round 2 2012-04-24 16:06:08 -05:00
sinn3r bc42375565 Fix spaces to proper hard tabs. Not very fun to do. 2012-04-24 16:03:41 -05:00
Chris John Riley f4f1ec70bc Altered regex to detect Jetty hosts 
Added in detection for 401 Authentication responses
Added alternative REST based run method (seen in Axis2 1.1.1)
Added check to prevent // from appearing at the start of the URI (causes issues on Jetty hosts)

There should be a default method for URI to prevent double / from appearing at the start of the path (can cause unknown issues).
 2012-04-15 15:13:21 +02:00
andurin 4e955e5870 replace spaces with tabs 2012-04-06 10:45:10 -05:00
andurin 67e6c7b850 tomcat_mgr_deploy may report successful creds 
Using following code for 'check' as 'exploit':
               report_auth_info(
                       :host   => rhost,
                       :port   => rport,
                       :sname  => (ssl ? "https" : "http"),
                       :user   => datastore['BasicAuthUser'],
                       :pass   => datastore['BasicAuthPass'],
                       :proof  => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
                       :active => true
               )

Resulting in:

Credentials
===========

host           port  user    pass    type      active?
----           ----  ----    ----    ----      -------
192.168.x.xxx  8080  tomcat  s3cret  password  true
 2012-04-06 10:45:10 -05:00
Tod Beardsley 14e3cd75dc Revert "tomcat_mgr_deploy may report successful creds" 
This reverts commit 937f8f035a.
 2012-04-05 16:17:06 -05:00
andurin 937f8f035a tomcat_mgr_deploy may report successful creds 2012-04-05 11:09:56 +02:00
Tod Beardsley 2f3bbdc00c Sed replacement of exploit-db links with EDB refs 
This is the result of:

find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/\([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
 2012-03-21 16:43:21 -05:00
Tod Beardsley 23c9c51014 Fixing CVE format on sit_file_upload. 2012-03-21 09:59:20 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
sinn3r 7c77fe20cc Some variables don't need to be in a double-quote. 2012-03-17 20:37:42 -05:00
Tod Beardsley e3f2610985 Msftidy run through on the easy stuff. 
Still have some hits, but that requires a little more code contortion to
fix.
 2012-03-15 17:06:20 -05:00
Tod Beardsley 9144c33345 MSFTidy check for capitalization in modules 
And also fixes up a dozen or so failing modules.
 2012-03-15 16:38:12 -05:00
sinn3r 5250b179c8 Add CVE and OSVDB ref 2012-03-15 04:40:27 -05:00
James Lee 8d93e3ad44 Actually use the password we were given... 2012-03-08 10:17:39 -07:00
James Lee 02ea38516f Add a check method for tomcat_mgr_deploy 2012-03-06 23:22:44 -07:00
sinn3r 22a12a6dfc Add Lotus CMS exploit (OSVDB-75095) 2012-03-06 11:36:28 -06:00
James Lee 464cf7f65f Normalize service names 
Downcases lots and standardizes a few.  Notably, modules that reported a
service name of "TNS" are now "oracle".  Modules that report http
now check for SSL and report https instead.

[Fixes #6437]
 2012-02-21 22:59:20 -07:00
HD Moore 4932a9ca25 Dont dump an HTML document to the console 2012-02-21 23:45:25 -06:00
Tod Beardsley 4a631e463c Module title normalization 
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/

The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
 2012-02-21 11:07:44 -06:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
HD Moore af56807668 Cleanup the titles of many exploit modules 2012-02-20 19:25:55 -06:00
sinn3r 5bb9afe789 Correct disclosure date format 2012-02-16 18:15:51 -06:00
Joshua J. Drake 01a6b02c3e Add exploit for CVE-2012-0209, thx eromang! 2012-02-16 03:10:55 -06:00
Joshua J. Drake d2444e1cf6 fix a few typos 2012-02-16 03:10:22 -06:00
Tod Beardsley 829040d527 A bunch of msftidy fixes, no functional changes. 2012-02-10 19:44:03 -06:00
Jonathan Cran c3bd151197 add a ranking 2012-01-31 20:43:32 -06:00
Steve Tornio e392958d90 add osvdb ref 2012-01-31 07:06:33 -06:00
sinn3r bfd4734cbf Forgot to add CMD as a datastore option, here it is 2012-01-30 17:34:58 -06:00
sinn3r 08134ad600 Add Exploit-DB reference 2012-01-30 16:17:25 -06:00
sinn3r f3c340a9ab Add vBSEO proc_deutf() Remote Code Execution (Feature #6307) 2012-01-30 16:15:27 -06:00
sinn3r 9e5d2ff60e Improve URI, plus some other minor changes. 2012-01-19 13:26:25 -06:00
joernchen of Phenoelit 2199cd18d7 fine tuning thx to sinn3r 2012-01-19 19:50:30 +01:00
joernchen of Phenoelit df9380500a disclosure date added 2012-01-19 19:19:53 +01:00
joernchen of Phenoelit 197eb16f72 gitorious remote command exec exploit 2012-01-19 11:36:08 +01:00
Tod Beardsley 7e25f9a6cc Death to unicode 
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.

Also adds a check in msftidy for stray unicode.
 2012-01-10 14:54:55 -06:00
Tod Beardsley e7d7302644 Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a viewer has a Unicode-capable terminal. 2012-01-09 11:22:44 -06:00
sinn3r 243dbe50f0 Correct author name. Unfortunately not all editors can print unicode correctly. 2012-01-07 15:18:25 -06:00
sinn3r 4e858aba89 Add CVE-2012-0262 Op5 welcome.php Remote Code Execution 2012-01-07 15:13:45 -06:00
sinn3r 4645c1c2b9 Add CVE-2012-0261 Op5 license.php Remote Code Execution 2012-01-07 15:12:49 -06:00
sinn3r d484e18300 Add e-mail for tecr0c 2011-12-29 11:14:15 -06:00
sinn3r b5b2c57b9f Correct e-mail format 2011-12-29 10:57:00 -06:00
Steve Tornio a00dad32fe Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2011-12-29 07:50:33 -06:00
Steve Tornio 27d1601028 add osvdb ref 2011-12-29 07:49:16 -06:00
Tod Beardsley 0e3370f1fe Grammar and spelling on splunk and oracle exploits 2011-12-28 13:42:56 -06:00
sinn3r 101eba6aa5 Add CVE-2011-3587 Plone/Zope Remote CMD Injection (Feature #6151) 2011-12-27 00:59:26 -06:00
sinn3r b5b24a1fbf Add a check. I decided not to try to login in the check function in order to remain non-malicious. 
However, this decision doesn't represent how modules should write their own check.
 2011-12-22 13:16:54 -06:00
sinn3r 262fe75e0a Add CVE-2011-4642 - Splunk Remote Code Execution (Feature #6129) 2011-12-22 13:04:37 -06:00
Steve Tornio 85caabbf5d add osvdb ref 2011-12-14 07:19:34 -06:00
HD Moore cb456337a0 Handle invalid http responses better, see #6113 2011-12-13 19:54:10 -06:00
sinn3r d87d8d5799 Add CVE-2011-4453 (PmWiki Remote code exeuction - Feature #6103) 2011-12-13 11:45:24 -06:00
sinn3r 32c8301c19 Add feature #6082 (Traq 2.3 Auth bypass remote code execution) 2011-12-12 15:45:19 -06:00
sinn3r e043fb52c2 Incrase timeout 2011-12-08 11:21:03 -06:00
sinn3r 5afba20c21 Merge pull request #43 from jduck/master 
Clear up how to use native payloads for tomcat_mgr_deploy
 2011-12-06 23:01:53 -08:00
sinn3r edec6b98ee Add feature #6067 Family Connections CMS 2.7.1 exploit 2011-12-07 00:00:56 -06:00
Joshua J. Drake ac7edc268a Add some more clear documentation for selecting payloads for this module. 2011-12-05 00:35:11 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
David Maloney 4a22df4014 Fix to the axis2 Deployer exploit to add Default Target 2011-11-22 10:27:38 -08:00
David Maloney 30d1451159 Consolidation of the Axis2 Deployer Exploits 
Fixes #5276
 2011-11-22 08:47:53 -08:00
sinn3r 41d746a07a Add Support Incident Tracker (Feature #5964) by Juan 2011-11-12 12:36:21 -06:00
Wei Chen e767214411 Fix: whitespaces, svn propset, author e-mail format 
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-06 22:02:26 +00:00
Wei Chen 0dff3f3e52 Add #5682 (phpscheduleit module). Thx Juan. 
git-svn-id: file:///home/svn/framework3/trunk@14073 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-26 18:06:12 +00:00
Will Vandevanter a0d8a08851 java meterpreter should be used when the target is set to automatic 
git-svn-id: file:///home/svn/framework3/trunk@14068 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 20:02:09 +00:00
Wei Chen 2b46420b36 check nil 
git-svn-id: file:///home/svn/framework3/trunk@14062 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 16:19:55 +00:00
Wei Chen 7ba5a8ec4e Module is busted when it loads, restoring to the original method. Mixin should not be loaded into an exploit 
git-svn-id: file:///home/svn/framework3/trunk@14061 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 16:04:33 +00:00
Wei Chen 9cb54e37c5 Handle payloads better, also add a cleanup routine specifically for php/exec 
git-svn-id: file:///home/svn/framework3/trunk@14060 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 05:25:39 +00:00
Wei Chen 2da07d4963 Fix bug #5834 (uri being nil in print_good) 
git-svn-id: file:///home/svn/framework3/trunk@14057 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 00:40:03 +00:00
Wei Chen 3da8bb8b69 Add feature #5820 by mr_me and tecr0c 
git-svn-id: file:///home/svn/framework3/trunk@14055 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-24 23:22:32 +00:00
Joshua Drake 62c8c6ea9f big msftidy pass, ping me if there are issues 
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-23 11:56:13 +00:00
Wei Chen 975cc52bac Fix spelling errors 
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-18 00:54:05 +00:00
Tod Beardsley 94eb3ac14c Deleting a puts statement. 
git-svn-id: file:///home/svn/framework3/trunk@13968 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-17 03:52:10 +00:00
Tod Beardsley 30ac88694f More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster. 
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-17 02:58:53 +00:00
Tod Beardsley 020abd926b A handful of rankings changes, also converting whitespace. 
git-svn-id: file:///home/svn/framework3/trunk@13941 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 22:58:20 +00:00
Wei Chen 14d7db1641 Add disclosure dates to all the exploit modules that didn't have one 
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 21:09:17 +00:00
Wei Chen f2d328d969 cmd exec module should receive ExcellentRanking 
git-svn-id: file:///home/svn/framework3/trunk@13935 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 20:10:53 +00:00
HD Moore 142ae9288b Fix title 
git-svn-id: file:///home/svn/framework3/trunk@13933 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 19:56:57 +00:00
Wei Chen 262b3bbe00 Use Rex to encode payload to base64 
git-svn-id: file:///home/svn/framework3/trunk@13846 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-09 20:31:51 +00:00
Wei Chen 98157272fd Fix indentation for exploit description 
git-svn-id: file:///home/svn/framework3/trunk@13843 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-09 06:12:54 +00:00
Wei Chen d1b1b26d01 Add Feature #5499 (Snortreport module) 
git-svn-id: file:///home/svn/framework3/trunk@13842 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-09 06:10:18 +00:00
Wei Chen 44ac9d67e0 svn propset 
git-svn-id: file:///home/svn/framework3/trunk@13831 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-07 17:45:15 +00:00
Steve Tornio 9ec92ee603 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@13830 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-07 15:37:54 +00:00
HD Moore 9862987f45 Add a new module from joernchen 
git-svn-id: file:///home/svn/framework3/trunk@13829 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-07 15:30:24 +00:00
Wei Chen 612cdc8c73 No need to check if version is 'unknown' if nothing else (other than default) is assigned to it 
git-svn-id: file:///home/svn/framework3/trunk@13799 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-27 19:12:31 +00:00
Wei Chen 8bfdebeaf3 Handle the return value for send_request during the early stage 
git-svn-id: file:///home/svn/framework3/trunk@13791 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-25 19:28:15 +00:00
Wei Chen db79d21f75 Apply patch for non-default logins by jabra 
git-svn-id: file:///home/svn/framework3/trunk@13778 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-23 02:48:48 +00:00
Jonathan Cran 064255e910 fixup the payload encoding, per joernchen's comment in the #metasploit channel. 
git-svn-id: file:///home/svn/framework3/trunk@13747 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-17 17:48:51 +00:00
Mario Ceballos 6f28911d3d added patch from joshua taylor. 
git-svn-id: file:///home/svn/framework3/trunk@13698 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-06 19:58:40 +00:00