f7aaae614e
Reduced instances of #{name} to client
...
connections and disconnections. All other
output should be self explanatory and
doesn't need #{name}
2012-09-21 11:08:47 +02:00
78f77a3df2
Replaced if @verbose with vprint_status
...
Corrected bug in non-detected print types
2012-09-21 10:59:39 +02:00
6ee2c32f08
add ZEN Load Balancer module
2012-09-21 17:25:20 +09:30
0032713198
description modified
2012-09-21 10:09:42 +02:00
f6baf7fe34
Merge branch 'MySQL-JtR' of https://github.com/halfie/metasploit-framework into halfie-MySQL-JtR
2012-09-21 10:08:34 +02:00
54b98b4175
Merge branch 'ntr_activex_check_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_check_bof
2012-09-20 16:43:20 -05:00
4ead0643a0
Correct target parameters
2012-09-20 16:41:54 -05:00
41449d8379
Merge branch 'ntr_activex_stopmodule' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_stopmodule
2012-09-20 16:33:12 -05:00
1534c4af6f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-09-20 16:20:34 -05:00
776d24d8a9
cleanup
2012-09-20 16:16:30 -05:00
311c01be46
Cleanup, improve option handlingg
2012-09-20 16:14:15 -05:00
7fcc34766a
Added datastore items to BAP handlers
...
Added two datastore items to handlers created by BAP
2012-09-20 15:21:08 -05:00
a5ffe7297f
Touching up Kernelsmith's wording.
...
It is merely the ROP chain, not the vuln, that requires Java.
2012-09-20 14:52:52 -05:00
883dc26d73
Merge remote branch 'kernelsmith/ie_execcommand_uaf_info'
2012-09-20 14:48:36 -05:00
57fd9b8c18
Merge branch 'master' of https://github.com/dcbz/metasploit-framework into dcbz-master
2012-09-20 13:37:31 -05:00
e98e3a1a28
added module for cve-2012-0266
2012-09-20 19:03:46 +02:00
b61c8b85b8
Added module for CVE-2012-02672
2012-09-20 19:02:20 +02:00
3d254b69fd
Applied all requirements from pull/715
...
Reworked PCL regex to match PCL 6/XL
msftidy is still complaining about
an indent. Can't find why however!
New PULL created as per request from
jvazquez-r7
2012-09-20 18:04:36 +02:00
17f7e94f4d
Add support for dumping MySQL challenge-response pairs in JtR format
2012-09-20 13:54:12 +05:30
f75ff8987c
updated all my authour refs to use an alias
2012-09-19 21:46:14 -05:00
f5df7e0e8a
Added 2 payload modules (reverse and bind tcp shells)
2012-09-19 16:59:26 -05:00
f1a39c76ed
update to ie_execcommand_uaf's info to add ROP info
...
This module requires the following dependencies on the target for the
ROP chain to function. For WinXP SP3 with IE8, msvcrt must be present
(which it is on default installs). For Vista/Win7 with IE8 or Win7
with IE9, ire 1.6.x or below must be installed.
2012-09-19 14:10:02 -05:00
11f82de098
Update author information
2012-09-19 14:00:51 -03:00
cc8102434a
CVE assigned for the IE '0day'
2012-09-18 16:13:27 -05:00
25475ffc93
Msftidy fixes.
...
Whitespace on ie_execcommand_uaf, and skipping a known-weird caps check
on a particular software name.
2012-09-18 11:25:00 -05:00
8b251b053e
initializing msghdr a little better
2012-09-18 12:12:27 +02:00
16c5df46fc
fix while testing ubuntu intrepid
2012-09-18 11:52:50 +02:00
5fbc4b836a
Add Microsoft advisory
2012-09-17 22:13:57 -05:00
75bbd1c48d
Being slightly more clear on Browser Not Supported
...
With this and the rest of sinn3r's fixes, it looks like we can close the
Redmine bug.
[FixRM #7242 ]
2012-09-17 11:16:19 -05:00
d77ab9d8bd
Fix URIPATH and nil target
...
Allow random and '/' as URIPATh, also refuse serving the exploit
when the browser is unknown.
2012-09-17 10:54:12 -05:00
48a46f3b94
Pack / Unpack should be V not L
...
Packing or unpacking to/from L, I, or S as pack types will cause
problems on big-endian builds of Metasloit, and are best avoided.
2012-09-17 09:52:43 -05:00
d77efd587a
Merge remote branch 'wchen-r7/ie_0day_execcommand'
2012-09-17 08:48:22 -05:00
5eaefcf4c7
This is the right one, I promise
2012-09-17 08:41:25 -05:00
8f50a167bd
This is the right module
2012-09-17 08:36:04 -05:00
e43cae70a7
Add IE 0day exploiting the execcommand uaf
2012-09-17 08:28:33 -05:00
c83b49ad58
Unix linefeeds, not windows
...
That's what I get for just committing willy-nilly with a fresh install
of Gvim for Windows.
Also, this is an experiment to see if linefeeds are being respected in
this editor Window. I doubt it will be, given GitHub's resistence to
50/72 as a sensible default.
2012-09-16 18:10:35 -05:00
2fc34e0073
Auth successful, not successfully
...
Just fixing up some adverb versus adjective grammar.
2012-09-16 17:51:00 -05:00
b07b30839e
Merge branch 'webmin_edit_html_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-webmin_edit_html_fileaccess
2012-09-16 03:17:09 -05:00
63d2d60c68
delete don't needed line
2012-09-15 23:56:38 +02:00
ff2e9fc157
add changes proposed by sinn3r
2012-09-15 23:55:55 +02:00
cbc778cb47
add changes proposed by sinn3r
2012-09-15 23:53:09 +02:00
0708ec72fc
module moved to a more correct location
2012-09-15 15:31:21 +02:00
0f67f8d08a
target modified
2012-09-15 15:14:33 +02:00
70ff7621d6
added module for CVE-2012-2983
2012-09-15 15:11:12 +02:00
0061d23b37
Added module for CVE-2012-2982
2012-09-15 15:09:19 +02:00
9a83c7c338
changes according to egypt review
2012-09-14 18:47:50 +02:00
eae571592c
Added rgod email
2012-09-14 17:45:16 +02:00
a2649dc8d1
fix typo
2012-09-14 17:10:41 +02:00
e27d5e2eb7
Description improved
2012-09-14 17:08:59 +02:00
9c77c15cf5
Added module for osvdb 85087
2012-09-14 16:54:28 +02:00
3c6319b75f
Add nonx stagers for linux
...
[See #784 ]
2012-09-13 15:15:38 -05:00
caf7619b86
Remove extra comma, fixes syntax errors in 1.8
...
Thanks, Kanedaaa, for reporting
2012-09-13 12:07:34 -05:00
1f58458073
Merge branch 'udev_netlink' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-udev_netlink
2012-09-13 10:37:52 -05:00
b31e8fd080
Merge branch 'qdpm_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-qdpm_upload_exec
2012-09-13 10:37:10 -05:00
71a0db9ae5
Make sure the user has a 'myAccount' page
2012-09-13 10:33:43 -05:00
6771466cb7
Added module for CVE-2011-2750
2012-09-13 17:24:16 +02:00
658502d5ad
Add OSVDB-82978
...
This module exploits a vuln in qdPM - a web-based project
management software. The user profile's photo upload feature can
be abused to upload any arbitrary file onto the victim server
machine, which allows remote code execution. However, note in
order to use this module, the attacker must have a valid cred
to sign.
2012-09-13 10:01:08 -05:00
12f3ef9c7c
added osvdb numbers
2012-09-13 14:00:12 +02:00
733f656b00
code style improvement - start counter at 0
2012-09-13 11:32:10 +02:00
f48f77c0d7
compatibility improvement - backticks not $()
...
For the comments above, and the fact we're using backticks later in the line also (uniformity++)
2012-09-13 11:19:00 +02:00
f728d32f60
code style improvement - remove 'then' from 'if's
2012-09-13 11:14:45 +02:00
f38ac954b8
Update linux stagers for NX compatibility
...
- Adds a call to mprotect(2) to the reverse and bind stagers
- Adds accurate source for some other linux shellcode, including some
comments to make it more maintainable
- Adds tools/module_payload.rb for listing all payloads for each exploit
in a greppable format. Makes it easy to find out if a payload change
causes a payload to no longer be compatible with a given exploit.
- Missing from this commit is source for reverse_ipv6_tcp
2012-09-12 18:44:00 -05:00
39f2cbfc3c
Older targets confirmed for CoolType SING
2012-09-12 16:51:51 -05:00
fba219532c
Updating BID for openfiler
2012-09-12 14:13:21 -05:00
32e2232de3
Disambiguating hkm from hdm
...
Having an author name of "hkm" really looks like a typo for "hdm," but
it's not.
2012-09-11 11:13:20 -05:00
c901002e75
Add ssh login module for cydia / ios defaults
2012-09-10 19:36:20 -05:00
fbbed2262b
Updated iOS modules
2012-09-10 17:42:17 -05:00
83f4b38609
Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 16:19:14 -05:00
61bf15114a
deregistering FILENAME option
2012-09-10 23:14:14 +02:00
2259de3130
Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 16:10:22 -05:00
199fbaf33d
use a static filename
2012-09-10 23:08:21 +02:00
1c14c270bc
Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 15:53:16 -05:00
cb975ce0a2
cleanup plus documentation for the maki template
2012-09-10 22:48:04 +02:00
f5a0f74d27
Merge branch 'wanem_exec_improve' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-wanem_exec_improve
2012-09-10 13:35:48 -05:00
bbeb6cc97a
Add a privilege escalation exploit for udev < 1.4.1
...
Also includes a new ```rm_f``` method for Post::File for deleting remote
files in a platform-independent way.
2012-09-10 12:32:14 -05:00
607c0f023a
added edb references
2012-09-10 17:30:31 +02:00
b813e4e650
Added module for CVE-2009-1831
2012-09-10 16:46:16 +02:00
64b8696e3c
Extra condition that's not actually needed
...
Don't actually need to check nil res, because no code will
actually try to access res when it's nil anyway. And the 'return'
at the of the function will catch it when the response times out.
2012-09-09 04:06:48 -05:00
cb95a7b520
Add openfiler_networkcard_exec exploit
2012-09-09 17:28:09 +09:30
37c7f366f2
check function test vulnerability + minor improvements
2012-09-09 00:42:02 +02:00
f02659184a
Add WANem v2.3 command execution
2012-09-08 16:01:45 +09:30
caae54a7ca
added osvdb reference
2012-09-07 16:56:37 +02:00
aaf7fcd5e9
Closing bracket doh
2012-09-07 08:57:27 -05:00
53e4818c2e
Humble-desser, not humble-dresser
2012-09-07 08:49:27 -05:00
c572c20831
Description updated to explain conditions
2012-09-07 11:18:54 +02:00
bd596a3f39
Merge branch 'sflog_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sflog_upload_exec
2012-09-06 18:40:19 -05:00
86036737ca
Apparently this app has two different names
...
People may either call the app "ActiveFax", or "ActFax". Include
both names in there to allow the module to be more searchable.
2012-09-06 18:38:03 -05:00
6a484cdbc5
Merge branch 'actfax_local_exploit' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-actfax_local_exploit
2012-09-06 18:35:08 -05:00
b4270bb480
Add OSVDB-83767: SFlog Upload Exec Module
...
This module exploits multiiple flaws in SFlog!. By default, the
CMS has a default admin cred of "admin:secret", which can be
abused to access admin features such as blog management. Through
the management interface, we can upload a backdoor that's accessible
by any remote user, and then we gain code execution.
2012-09-06 18:30:45 -05:00
fc1c1c93ba
ZDI references fixed
2012-09-07 00:50:07 +02:00
4985cb0982
Added module for ActFac SYSTEM Local bof
2012-09-07 00:45:08 +02:00
65681dc3b6
added osvdb reference
2012-09-06 13:56:52 +02:00
b4113a2a38
hp_site_scope_uploadfileshandler is now multiplatform
2012-09-06 12:54:51 +02:00
270fa1b87b
updated descriptions for hp sitescope modules tested over linux
2012-09-05 23:25:08 +02:00
9531c95627
Adding BID
2012-09-05 15:04:05 -05:00
ff97b1da00
Whitespace EOL
2012-09-05 14:04:20 -05:00
43041e3a0a
Merge branch 'hp_sitescope_uploadfileshandler' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_uploadfileshandler
2012-09-05 14:03:24 -05:00
6705f5405e
Merge branch 'symantec_smg_ssh_pass' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-symantec_smg_ssh_pass
2012-09-05 14:00:55 -05:00
bed3c7bbac
Merge branch 'hp_sitescope_loadfilecontent_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_loadfilecontent_fileaccess
2012-09-05 13:59:49 -05:00
2f87af1c3a
add some checks while parsing the java serialization config file
2012-09-05 20:58:55 +02:00
598fdb5c50
Merge branch 'hp_sitescope_getsitescopeconfiguration' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_getsitescopeconfiguration
2012-09-05 13:58:39 -05:00
41904891c9
Merge branch 'hp_sitescope_getfileinternal_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_getfileinternal_fileaccess
2012-09-05 13:57:39 -05:00
b2116e2394
cleanup, test, add on_new_session handler and osvdb references
2012-09-05 20:54:25 +02:00
bbab206eac
Add CVE-2012-3579 - Symantec Messaging Gateway 9 Default SSH Pass
...
This module exploits a default misconfig flaw on Symantec Messaging
Gateway 9.5 (or older). The "support" user has a known default
password, which can be used to login to the SSH service, and then
gain privileged access from remote.
2012-09-05 13:21:10 -05:00
20655232d7
cleanup, tested and added osvdb reference
2012-09-05 20:03:46 +02:00
c6f5b1f072
cleanup, test, osvdb reference
2012-09-05 19:56:04 +02:00
ea2eb046c3
cleanup, final test, osvdb reference
2012-09-05 19:45:50 +02:00
406202fc81
Added module for ZDI-12-174
2012-09-05 12:56:09 +02:00
166f68b194
added module for ZDI-12-177
2012-09-05 12:54:30 +02:00
534ab55e5c
Added module for ZDI-12-173
2012-09-05 12:53:03 +02:00
8a50ca2f47
Added module for ZDI-12-176
2012-09-05 12:51:25 +02:00
8fce975593
Aux module raise an error because Report module is not included in the source
2012-09-05 10:38:36 +02:00
c7de73e7bf
Clean up SVN metadata
2012-09-04 19:36:10 -05:00
7b8ab53661
Use :unique_data option for dns.enum reporting
...
Otherwise, you will only report the last thing that comes through on
that host for the dns.enum note type.
2012-09-04 19:32:29 -05:00
2edf4a676a
Merge remote branch 'bonsaiviking/axfr' into bonsai-afxr
2012-09-04 16:16:41 -05:00
b8132cae5c
Add the redistribution comment splat
2012-09-04 15:58:43 -05:00
15f1dd8525
Moving greetz to Author fields
2012-09-04 15:58:43 -05:00
6e7cbe793c
Spamguard e-mail addresses, make auth name consistent
2012-09-04 15:58:43 -05:00
a925eef070
Removed meterpreter reference from desc
...
This post module relies on meterpreter as a SessionType, but the
description shouldn't call this out specifically.
2012-09-04 15:58:42 -05:00
ba0de5acd9
Retitled for consistency and accuracy
2012-09-04 15:58:42 -05:00
f80abaf0d1
Dropping trailing whitespace
2012-09-04 15:58:42 -05:00
69b2f95a6f
small update
2012-09-04 15:58:42 -05:00
cac1e0a585
small update
2012-09-04 15:58:42 -05:00
e1da14f786
access database with local os admin privs
2012-09-04 15:58:42 -05:00
a08d2359d7
access database with local os admin privs
2012-09-04 15:58:42 -05:00
114ade6bea
applied todb requested fixes, and added sql 2k support
2012-09-04 15:58:42 -05:00
6cd6f9d5d1
minor comment updates
2012-09-04 15:58:42 -05:00
7e168f2e5c
Modified module to write query results to a file with report/loot options
2012-09-04 15:58:42 -05:00
522fb401e9
Find data on a SQL Server, sample it, and write it to a CSV file.
2012-09-04 15:58:42 -05:00
99009da567
Merge branch 'mobilecartly_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mobilecartly_upload_exec
2012-09-04 14:32:23 -05:00
e926bc16ba
Add MobileCartly 1.0 module
2012-09-04 14:23:16 -05:00
4a92cc4641
jboss_invoke_deploy module cleanup
2012-09-04 18:49:11 +02:00
cb40a0c362
Merge branch 'jboss-jmx-invoke-deploy' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-jmx-invoke-deploy
2012-09-04 18:47:30 +02:00
828f37701d
Fix linux shell_bind_tcp payload
...
It was calling bind(2) with a family of 0x02ff, which makes no sense and
causes execution to fall off the end and segfault. Fix it by replacing
0x02ff with the appropriate 0x0002, or AF_INET.
[Fixrm #7216 ]
2012-09-04 04:23:48 -05:00
783ffb13c2
Add Adobe security bulletin references
2012-09-04 00:07:53 -05:00
b3bfaec089
Add reference about the patch
2012-09-03 23:58:21 -05:00
9d97dc8327
Add Metasploit blogs as references, because they're useful.
2012-09-03 15:57:27 -05:00
2b6aa6bbdb
Added Exploit for deployfilerepository via JMX
2012-09-03 13:50:16 -04:00
9ab62de637
Fix a spelling error
2012-09-03 01:44:02 -05:00
943121dd61
Added module for CVE-2012-2611
2012-09-03 00:15:56 +02:00
53a9a8afce
Awww, typo! Nice catch, @Agarri_FR! :-)
2012-08-31 14:23:51 -05:00
d106a1150e
Be more clear that we dislike certain PDF templates
2012-08-31 14:07:58 -05:00
f48fbaccb0
Add Oracle's security alert
2012-08-30 14:04:16 -05:00
4758eb0dc3
Merge branch 'jvazquez-r7-taget_host_glassflish_deployer'
2012-08-30 12:18:02 -05:00
f99982a85e
added java as platform to avoid confussion between target and payload
2012-08-30 18:39:20 +02:00
4fd9f88304
avoid the redefinition of Module.target_host
2012-08-30 14:45:14 +02:00
f439f256b5
Debug line deleted on
2012-08-30 00:18:07 +02:00
c3159e369a
A lot gotcha
...
When res is nil, that condition can fall into the 'else' clause.
If that happens, we can trigger a bug when we try to read res.code.
2012-08-29 14:46:35 -05:00
b70e205a7e
Merge branch 'sap_host_control_cmd_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sap_host_control_cmd_exec
2012-08-29 14:45:46 -05:00
5f64c55112
Update description
2012-08-29 11:10:35 -05:00
6a24e042f9
fixing indentation
2012-08-29 16:17:56 +02:00
2ed712949e
Added check function
2012-08-29 16:12:11 +02:00
72cb39925a
Added exploit for OSVDB 84821
2012-08-29 12:17:44 +02:00
363c0913ae
changed dir names according to CVE
2012-08-28 16:33:01 +02:00
34b12c4f55
Update CVE/OSVDB refs
2012-08-28 01:21:32 -05:00
6e2369680b
Safari added
2012-08-28 02:04:03 +02:00
30fd2cf256
Description updated
2012-08-28 02:01:26 +02:00
7e579db705
Add AlienVault reference
2012-08-27 13:29:27 -05:00
15a87a79f8
Add mihi's analysis
2012-08-27 13:24:43 -05:00
52ca1083c2
Added java_jre17_exec
2012-08-27 11:25:04 +02:00
b0661a33a3
Update modules/post/windows/gather/tcpnetstat.rb
...
forgot to change table name with table code reuse
'connection table' is a better table header than
'routing table'.
2012-08-26 02:34:54 -03:00
8e56d4f2eb
This reference is too damn useful, must add
2012-08-25 16:05:58 -05:00
638d9d1095
Fix nil res bug, change action name, etc
2012-08-25 02:41:50 -05:00
6341260e13
Merge branch 'patch-1' of https://github.com/crashbrz/metasploit-framework into crashbrz-patch-1
2012-08-25 02:36:36 -05:00
d51f8cad25
Change title and description
2012-08-24 15:39:56 -05:00
cad590488d
Update modules/auxiliary/scanner/http/http_traversal.rb
2012-08-24 15:47:07 -03:00
3036f7725d
Merge branch 'webdav_fix' of https://github.com/mubix/metasploit-framework into mubix-webdav_fix
2012-08-24 11:18:50 -05:00
ea7d7b847a
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-08-24 11:17:14 -05:00
179e816194
Merge branch 'esva_bid' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-esva_bid
2012-08-24 17:37:25 +02:00
8f748d833a
Added BID reference
2012-08-24 17:30:52 +02:00
e27f736e95
BID reference added
2012-08-24 17:29:12 +02:00
e461d542ac
added Windows 2003 SP1 Spanish targets
2012-08-24 12:50:30 +02:00
54ce7268ad
modules/exploits/windows/smb/ms08_067_netapi.rb
2012-08-24 11:30:23 +02:00
1a60abc7a7
Added W2003 SP2 Spanish targets
2012-08-24 11:16:08 +02:00
d0558218ee
Add non-authed OPTION response to support WebDAV
2012-08-23 15:11:10 -04:00
a93c7836bd
Fixes load order with reverse http
...
This was originally intended to fix #664 .
SEERM #7141 also.
2012-08-23 12:16:47 -05:00
261a17d28a
Added module for CVE-2009-4498
2012-08-23 18:29:39 +02:00
aac56fc29b
Fix load order issue
...
[See #664 ][SeeRM #7141 ]
2012-08-23 10:54:23 -05:00
57c6385279
heap spray from flash works pretty well on ie9 too
2012-08-22 20:47:11 +02:00
730c0e9368
added windows vista and w7 targets
2012-08-22 20:13:10 +02:00
22051c9c2c
Merge branch 'flash_exploit_r2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-flash_exploit_r2
2012-08-22 10:00:34 -05:00
1b6fe22359
Give proper credit to Craig plus additional references
...
Craig first found the buffer overflow. But Matt found a more
reliable way to exploit the flaw.
2012-08-21 22:48:15 -05:00
f715527423
Improve CVE-2012-1535
2012-08-21 19:58:21 -05:00
0e535e6485
added module for XODA file upload RCE
2012-08-22 00:54:13 +02:00
8d187b272d
Some error handling on ntlm relayer
...
Instead of a cryptic exception, let the user know if the HTTP target
isn't actually asking for WWW-Authenticate.
There are likely many more opportunities to catch errors, but this is
the most obvious.
2012-08-21 16:13:00 -05:00
635710402b
Removing bullet points from module description
...
Due to the vagaries of various Metasploit module description viewers, we
can't guarantee things like lists and bullet points render right.
Descriptions should avoid using these things.
2012-08-21 16:00:04 -05:00
b457289e01
Merge remote branch 'webstersprodigy/module-http-ntlmrelay'
2012-08-21 15:28:50 -05:00
7ddcc787bd
Merge branch 'jboss-exploits-revision2' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-exploits-revision2
2012-08-21 14:37:09 -05:00
ed9ed25610
Merge branch 'esva_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-esva_exec
2012-08-21 14:20:17 -05:00
20b3dfca9f
Merge branch 'claudijd-master'
2012-08-21 14:19:45 -05:00
433c9f6b28
Final cleanup
2012-08-21 14:17:21 -05:00
c5623cae4c
Fixing Bug w/ XP Method & Improving formatting for smart_hashdump
...
1.) Addressed obvious bug in registry read for XP hint gathering code
2.) Cleaned up the formatting for smart_hashdump which needed
additional tabs
2012-08-21 07:56:52 -05:00
3106f87687
badchars fixed
2012-08-21 13:30:15 +02:00
e21ea6999c
added module for ESVA Command Injection Vulnerability
2012-08-21 13:25:03 +02:00
65b29d149f
Update to use OptEnum for RTYPE
2012-08-20 22:45:20 -04:00
a3bad0b3ae
Added XP Support and Changed Output Method for User Password Hints
...
1.) Now grabs clear-text user hint from XP systems in addition to
Win7/Win8 systems
2.) Changes output so it's no longer inline with hashes as not to
affect copy/paste of hashes output
3.) Adding alternate text in cases when no user hints are available
2012-08-20 21:30:12 -05:00
73eab8a8ee
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-08-20 15:44:28 -05:00
8d4b4fc7be
Some more changes before pushing to master
2012-08-20 15:43:39 -05:00
3da8a59cf0
a little cleanup plus complete metadata
2012-08-20 22:42:54 +02:00
e6bda752ee
cleaned up and using HttpServer for handling requests and sending 401
2012-08-20 15:23:49 -05:00
d226135986
Code Review Feedback
...
Removed trailing spaces and fixed indenting.
2012-08-20 10:41:42 -04:00
fbc36b57d0
Adding Windows User Password Hint Decoding to Hashdump Tools
...
* UserPasswordHint, a key that is used to store the users password
hint, can be easily decoded to clear-text to get the users hint
(Example: "My Favorite Color")
* Added decode_windows_hint() method to perform the decode process
* Added decoded hint output for hashdump.rb and smart_hashdump.rb
2012-08-19 23:04:11 -05:00
d82493a658
Code Review Feedback
...
Added 'Space' payload option, which in turn also required 'DisableNops'
Added/Corrected documentation for return addresses
2012-08-19 22:09:08 -04:00
10698e2f99
Updating HTTP Basic capture mod with edits based on MSF team suggestions
2012-08-19 19:47:01 -05:00
bd249d1f28
Fixed exploit and made code review changes
...
The exploit was not working due to the user's root path causing
the EIP offset to change. To correct this, I was able to get
the server to disclose the root path in an error message (fixed in
5.67). I also radically refactored the exploit due to the feedback
I received from Juan Vazquez.
2012-08-19 10:01:03 -04:00
6dfe706860
Merge remote-tracking branch 'upstream/master' into sysax_create_folder
2012-08-19 09:58:04 -04:00
de380cfb46
Adding aux mod for HTTP Basic Auth capture
2012-08-19 01:51:01 -05:00
d1370c0f33
Alexander Gavrun gets a cookie
2012-08-17 12:23:49 -05:00
53a835dc85
Imply that we only garantee 11.3
2012-08-17 12:18:45 -05:00
13df1480c8
Add exploit for CVE-2012-1535
2012-08-17 12:16:54 -05:00
6db09ba20c
Key notes on nameserver IP, not discovered IP
2012-08-16 21:31:23 -05:00
7005216d1f
Fix axfr support for auxiliary/gather/enum_dns
...
AXFR support in net-dns is broken. This fixes it, and makes the
requisite modifications to enum_dns module. Basic problem is that AXFR
responses consist of a chain of DNS replies, not a single reply with
multiple answers. Previously, only the first of these replies, the SOA
record, was returned. Also added some exception handling to avoid
problems like #483 .
2012-08-16 20:40:24 -05:00
0311caf4df
Alternate means of looking up NS IP
...
Sometimes a nameserver won't have an A record for its own name. Check
for this and fall back to using the system resolver via
Rex::Socket.gethostbyname. Example:
$ dig +short zonetransfer.me NS
ns12.zoneedit.com.
ns16.zoneedit.com.
$ dig +short @ns12.zoneedit.com ns12.zoneedit.com A
$ dig +short @ns16.zoneedit.com ns12.zoneedit.com A
$ dig +short @ns16.zoneedit.com ns16.zoneedit.com A
$
Also removed an extra A lookup that was unnecessary.
2012-08-16 11:48:37 -05:00
5cd20357d8
Updating URL for Bypass UAC
2012-08-15 22:34:44 -05:00
a228e42630
Add new target thanks for cabetux
2012-08-15 16:06:09 -05:00
c6b9121f8b
Added support for CVE-2010-0738
2012-08-15 15:47:44 -04:00
ac2e3dd44e
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-08-15 14:47:22 -05:00
6965431389
Added support for CVE-2010-0738, msftidy
2012-08-15 15:47:14 -04:00
54146b8e99
Add another ref about the technique
2012-08-15 14:46:51 -05:00
e5498e3e1d
Added fix for CVE-2010-0738, corrections
2012-08-15 15:46:34 -04:00
9bf1f28c1f
Apostrophe
2012-08-15 14:19:56 -05:00
f325d47659
Fix up description a little
2012-08-15 13:57:24 -05:00
586d937161
Msftidy fix and adding OSVDB
2012-08-15 13:43:50 -05:00
d56ac81a57
Recapitalizing GlobalSCAPE
...
According to
http://kb.globalscape.com/Search.aspx?Keywords=globalscape
this seems to be the preferred capitalization.
2012-08-15 13:25:35 -05:00
dc5f8b874d
Found a bug with retrying.
2012-08-14 17:04:17 -05:00
b3791b1545
I missed one
2012-08-14 16:51:55 -05:00
6a0271fb11
Correct OSX naming. See ticket #7182
2012-08-14 15:29:21 -05:00
0e4e7dc903
Indentation fix
2012-08-14 12:27:27 -05:00
6597d25726
Shortening an over-200 long line for readability
...
It's a contrived fix, but scrolling over is a hassle. This comes up a
lot in long regexes, not sure the best way to address these.
2012-08-14 12:27:27 -05:00
bfe2ed0737
Minor title update
2012-08-14 12:14:13 -05:00
1ec7f03352
Changes proposed by todb: description, author email, zip data random
2012-08-14 18:45:05 +02:00
3c79509780
Added module for BID 46375
2012-08-14 18:15:29 +02:00
3e0e5a1a75
No manual stuff, probably prones to failure anyway.
2012-08-14 10:58:57 -05:00
612848df6f
Add priv escalation mod for exploiting trusted service path
2012-08-14 01:55:03 -05:00
bd408fc27e
Updating msft links to psexec
...
Thanks for the spot @shuckins-r7 !
2012-08-13 15:28:04 -05:00
a872f624a1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2012-08-13 19:31:50 +02:00
d6b28dc44d
ranking changed plus on_new_session handler added
2012-08-13 19:29:13 +02:00
468030786f
small fixes, mainly check res agains nil, res.code and use send_request_cgi
2012-08-13 18:57:59 +02:00
7c6b6281d7
Merge branch 'beacon-addr' of https://github.com/bonsaiviking/metasploit-framework into bonsaiviking-beacon-addr
2012-08-13 11:57:22 -05:00
29c48be2ed
Merge branch 'testlink_upload_exec' of https://github.com/bcoles/metasploit-framework into bcoles-testlink_upload_exec
2012-08-13 18:54:33 +02:00
e5666d70e2
Merge branch 'glassfish-uri' of https://github.com/bonsaiviking/metasploit-framework into bonsaiviking-glassfish-uri
2012-08-13 11:53:03 -05:00
6059bb5710
Merge branch 'cyclope' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-cyclope
2012-08-13 11:40:46 -05:00
dfa00ac499
Merge branch 'zenworks_assetmgmt_uploadservlet' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_assetmgmt_uploadservlet
2012-08-13 11:39:15 -05:00
8bb3181f68
Add TestLink v1.9.3 arbitrary file upload module
2012-08-13 16:30:10 +09:30
f72f334124
Fix an odd issue with search due to use of the builtin Proxies option
2012-08-12 23:22:38 -05:00
f9b5f321cb
ADD OSVDB-84517
2012-08-12 17:56:18 -05:00
3711297719
dd Opt::Proxies and opthash[:proxies] to exploits
2012-08-12 16:29:39 -04:00
33c74c97e2
Add Opt::Proxies and opthash[:proxies] to ssh mods
2012-08-12 16:23:22 -04:00
c9690033c7
This commit allows ssh_login to use socks proxies. Net::SSH::Transport::Session could take a :proxy option,
...
but it expects a factory object not a string, when setting :proxy => datastore['Proxies'] user got:
"Auxiliary failed: NoMethodError private method `open' called for \"socks4:localhost:1080\":String."
VALID_OPTIONS in ssh.rb now takes :proxies option which is passed to the Rex socket in
Net::SSH::Transport::Session.new.
Testing: block all outgoing to SSH server, try to connect with a proxy. Try with :proxy option,
then merge this pull request and try again.
2012-08-12 16:01:52 -04:00
bf04e2dded
Added module for CVE-2011-2653
2012-08-12 18:27:56 +02:00
ed43418156
Fix unused ADDR_DST option in fuzz_beacon
...
auxiliary/fuzzers/wifi/fuzz_beacon offers ADDR_DST option, probably
copy-pasted from some other wifi modules, but does not use it, likely
because beacons are meant to be sent to broadcast address only. Since
this is a fuzzer, changing the destination address may be desirable.
Used the option in building the frame to be sent.
2012-08-10 16:14:50 -05:00
db4f31de76
Fix use of URI option for glassfish_login
...
auxiliary/scanner/http/glassfish_login offers URI option to set the path
where Glassfish is installed, but it doesn't work. Replaced it with
TARGETURI and call target_uri.path to get a base path.
2012-08-10 15:44:53 -05:00
67cdea1788
Fix load order issues (again)
...
This is getting annoying. Some day we'll have autoload and never have
to deal with this.
2012-08-10 13:52:54 -06:00
c8b8d7b8db
Fix handling of PAYLOAD_TYPE in persistence
...
post/windows/manage/persistence incorrectly checked the STARTUP option
to set the payload, which meant it was always the default (reverse_tcp).
Changed to check PAYLOAD_TYPE instead, as intended.
2012-08-10 13:34:09 -05:00
b4b860f356
Correct MC's name
2012-08-08 14:16:02 -05:00
9473d9f7c4
Merge branch 'osx_keychain' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-osx_keychain
2012-08-08 14:09:22 -05:00
880491c52f
Update description
2012-08-08 14:07:51 -05:00
8a787f8342
typo
2012-08-08 14:04:49 -05:00
0fe385138f
Merge branch 'netdecision_tftp_exploit' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-netdecision_tftp_exploit
2012-08-08 13:44:49 -05:00
5f46a1e239
Based on #676 , with some changes
2012-08-08 12:44:39 -05:00
7cff1365a2
Merge branch 'master' of https://github.com/ipwnstuff/metasploit-framework into osx_keychain
2012-08-08 11:12:07 -05:00
189a4ffb78
Edited spaceing
2012-08-08 10:40:33 -05:00
8587ff535a
Added exploit module for CVE-2009-1730
2012-08-08 16:28:03 +02:00
d04fdc9382
Added aux module for CVE-2009-1730
2012-08-08 16:26:41 +02:00
bb588d338b
Add Keychain Enumeration Mac OS X Post Module
...
Based off my `Keyjacker` script this module runs through an account's
keychains and returns internet accounts associated.
Setting the GETPASS option to true will return both many plain text
passwords given that the user allows their system to use the keychain
when prompted.
2012-08-08 03:03:19 -05:00
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
7221420267
When it hangs, it's actually the correct behavior, not a failure.
2012-08-07 15:00:08 -05:00
955a5af8cf
Adding OSVDB ref
2012-08-07 12:56:29 -05:00
dc47551a5c
Merge branch 'scrutinizer_add_admin' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-scrutinizer_add_admin
2012-08-07 12:40:04 -05:00
ddcee6fee0
And the war between spaces and tabs goes on....
2012-08-07 12:36:53 -05:00
540f6253ef
Merge branch 'pbot_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-pbot_exec
2012-08-07 12:26:07 -05:00
57c32c9c7b
Slip Plixer's name in there, because it's their product.
2012-08-07 12:20:44 -05:00
fb452d75a3
Added module for pbot RCE
2012-08-07 19:20:32 +02:00
0f37c1704d
Add vendor's name in there fore better searching
2012-08-07 12:17:41 -05:00
f26053c2c3
Add vendor's name in there for easier searching
2012-08-07 12:16:52 -05:00
614ae02a26
Add CVE-2012-2626 Scrutinizer add-user aux mod
2012-08-07 12:13:25 -05:00
5f4297a68a
I tested it 9.5.2 too
2012-08-07 11:01:08 -05:00
3ba73c4f7f
Fix check() function
2012-08-07 11:00:12 -05:00
6b4ae94dce
Add CVE-2012-3951 Scrutinizer NetFlow and sFlow Analyzer exploit
...
This uses a default MySQL admin credential to write a php file to
the web directory, extracts our malicious executable, and then
finally execute it. We get SYSTEM.
2012-08-07 03:19:44 -05:00
44dd8b0cc5
Merge branch 'update_juan_author' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-update_juan_author
2012-08-06 19:04:26 +02:00
c2cc4b3b15
juan author name updated
2012-08-06 18:59:16 +02:00
349c841f6b
Blah, OSVDB ref shouldn't be a link
2012-08-06 11:57:59 -05:00
647b587f75
Merge branch 'Meatballs1-uplay'
2012-08-06 11:54:51 -05:00
69ff9e7c1c
Lots of changes before commit.
2012-08-06 11:54:08 -05:00
25b2b2de68
Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay
2012-08-06 11:33:27 -05:00
f5b3886e8c
fix success/fail print statements
2012-08-06 10:41:55 +02:00
99d3ee6fc4
Merge branch 'webpagetest_traversal' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webpagetest_traversal
2012-08-06 03:15:16 -05:00
13aca3fe4c
Merge branch 'oracle_autovue_setmarkupmode' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_autovue_setmarkupmode
2012-08-06 03:13:27 -05:00
f1e7ef06cc
Add webpagetest dir traversal module
...
How did I forget this while writing the exploit?
2012-08-06 03:11:07 -05:00
176f6ea41e
added USERNAME and PASSWORD as options
2012-08-05 18:20:44 +02:00
54ed27c1b3
add osvdb ref
2012-08-05 09:02:54 -05:00
b646dcc87f
add osvdb ref
2012-08-05 09:02:32 -05:00
79e04bb793
add osvdb ref
2012-08-05 09:02:11 -05:00
eb963ae52a
add osvdb ref
2012-08-05 09:01:46 -05:00
4e8a6f6508
Added module for CVE-2012-0549
2012-08-05 12:13:23 +02:00
d5b165abbb
Msftidy.rb cleanup on recent modules.
...
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
1aacea951d
Serve files as hidden
2012-08-04 18:03:12 +01:00
833999b2c3
Changed blacklist to 404 all files that are not our share and executable - this allows windows/exec payload to work
2012-08-04 17:59:45 +01:00
76fee330ee
Squashed commit of the following:
...
commit dadb717f5e17851a85183847f3fdb01e45e6caaa
Author: James Lee <egypt@metasploit.com>
Date: Fri Aug 3 18:48:53 2012 -0600
Rescue SMB errors
Prevents backtraces and gives the user some idea of what happened.
Specifically useful for STATUS_ACCESS_DENIED and STATUS_LOGON_FAILURE.
commit aba203ead75eec22606f52d7eb67f1581c44c4df
Author: Rob Fuller <jd.mubix@gmail.com>
Date: Fri Jul 20 03:24:26 2012 -0400
add SMB list directory module
[Closes #628 ]
2012-08-03 19:00:11 -06:00
31510167e6
Make setuid_nmap more robust
...
Squashed commit of the following:
commit e1a1f84f9b1ce6466e82c72e39070c34607d6769
Author: James Lee <egypt@metasploit.com>
Date: Fri Aug 3 14:13:33 2012 -0600
Fix 1.8 compat
commit 26533219896b6e874b2f2113e7cbc6d5d7d1ac79
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Thu Aug 2 09:50:38 2012 -0500
Handle early Nmap versions that don't take absolute paths
commit 00db80131deba1f4a3bcc289b394feb5057fbbe9
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Fri Jul 27 11:58:36 2012 -0500
Add compatibility args to setuid_nmap command
Nmap before 4.75 would not run a script without a port scan being
performed. Example: 4.53 installed on Metasploitable would not work.
Added "-p80 localhost" to the command to ensure it works with these
older versions.
[Closes #649 ]
2012-08-03 14:15:09 -06:00
8872ea693c
real support for cve-2010-0738/verb bypass
2012-08-03 14:22:40 -04:00
52b1919315
Additional cleanups, verb tampering
2012-08-02 17:33:17 -04:00
227d0dbc47
Add jabra to authors. I'm a jerk
2012-08-02 11:13:53 -06:00
1a2a1e70f7
Replace load with require, *facepalm*
2012-08-01 22:51:36 -06:00
2f1022a5a3
Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay
2012-08-01 16:24:23 -05:00
f6a2ba094d
Merge branch 'sonicwall_scrutinizer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sonicwall_scrutinizer
2012-08-01 15:14:34 -05:00
74a6c724a6
Merge branch 'cisco_playerpt_setsource_surl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cisco_playerpt_setsource_surl
2012-08-01 15:13:15 -05:00
6ae863cdff
Forgot two extra spaces, how dare me!
2012-08-01 15:11:33 -05:00
227c3afed3
Merge branch 'bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec'
2012-08-01 15:08:51 -05:00
7af9979687
Merge branch 'zenoss_3.2.1_showdaemonxmlconfig_exec' of https://github.com/bcoles/metasploit-framework into bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec
2012-08-01 15:06:42 -05:00
832f47d467
Merge branch 'master' into jtr_seeding
2012-08-01 15:04:31 -05:00
48533dc392
Merge branch 'current-user-psexec' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-current-user-psexec
2012-08-01 15:02:10 -05:00
92d1d26288
Add CVE-2012-2962 : Dell SonicWall Scrutinizer exploit
2012-08-01 15:00:24 -05:00
fa2b0c26bb
Fixes password seeding for JtR modules
2012-08-01 14:15:51 -05:00
4c28b2a310
modified autopwn_info to add ie9
2012-08-01 19:36:20 +02:00
d3c10d5d39
Added module for CVE-2012-0284
2012-08-01 19:34:37 +02:00
2bf0899d09
minor improvements to Zenoss showdaemonxmlconfig exploit
2012-08-01 20:15:45 +09:30
0707730fe0
Remove superfluous method
...
Obsoleted by session.session_host, which does the same thing
2012-08-01 01:07:21 -06:00
47eb387886
Add current_user_psexec module
...
Tested against a 2k8 domain controller.
2012-08-01 01:05:10 -06:00
8a40ef397d
Merge branch 'webpagetest' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webpagetest
2012-07-31 17:29:42 -05:00
d66678e7ee
Forgot to randomize element ID
2012-07-31 17:25:50 -05:00
c1297043f2
Merge branch 'ms12_037_ie_colspan' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ms12_037_ie_colspan
2012-07-31 17:18:20 -05:00
94c7415653
Remove typo
2012-07-31 16:30:41 -05:00
7a0b5a6169
Added module for CVE-2012-1876
2012-07-31 23:14:29 +02:00
75a9283fbf
Removed auto migrate as exploit loads in a seperate process to browser anyway
2012-07-31 20:44:14 +01:00
6f697ce519
Working with WebDAV
2012-07-31 20:26:47 +01:00
9815faec37
Add OSVDB-83822
2012-07-31 13:31:06 -05:00
20489864fc
Merge branch 'zenoss_3.2.1_showdaemonxmlconfig_exec' of https://github.com/bcoles/metasploit-framework into bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec
2012-07-31 08:42:34 -05:00
e7db0ebcef
Blah, removed the wrong ref.
2012-07-30 12:47:32 -05:00
edfe43e7e0
When I say to remove BID ref, I mean it...
2012-07-30 12:46:27 -05:00
e84214d1e1
Remove some references to avoid confusion.
...
rgod's poc and Mikado aren't actually the same thing, despite the
fact they both use the same method. To avoid confusion, refs to
Secunia and CVE are removed, but OSVDB/EDB are kept unless OSVDB
decides rgod's and Mikado's are separate issues.
2012-07-30 12:42:27 -05:00
f298dbbd04
Fixed to work with browser_autopwn
2012-07-30 16:43:21 +01:00
066020e572
Msftidy
2012-07-30 15:51:56 +01:00
404909cb95
Check as IE crashes if length > 693
2012-07-30 15:41:58 +01:00
690c381abd
Initial commit
2012-07-30 14:49:34 +01:00
bdf8f1a543
Clean up Zenoss exploit + minor improvements
...
Changed send_request_raw() to send_request_cgi()
- Removed redundant request headers 'Content-Length'
Added rescue error message for connection failures
Changed username to the default 'admin' account
2012-07-30 18:04:14 +09:30
2fa88366be
Added module for MS10-104
2012-07-30 09:01:38 +02:00
8d3700cc3c
Add Zenoss <= 3.2.1 exploit and Python payload
...
- modules/exploits/linux/http/zenoss_3.2.1_showdaemonxmlconfig_exec.rb
- modules/payloads/singles/cmd/unix/reverse_python.rb
2012-07-30 01:24:27 +09:30
2f7b5f35af
Added Sysax 5.64 Create Folder exploit
2012-07-29 10:40:02 -04:00
36be7cd9c4
removed unnecessary cleanup
2012-07-27 16:32:08 -04:00
d67234bd03
Better regex and email format correction
2012-07-27 01:14:32 -05:00
2939e3918e
Rename file
2012-07-27 01:06:57 -05:00
cec15aa204
Added CuteFlow v2.11.2 Arbitrary File Upload
...
- modules/exploits/multi/http/cuteflow_2.11.2_upload_exec.rb
2012-07-27 12:30:20 +09:30
80e0688c68
Merge branch 'symantec_pbcontrol' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-symantec_pbcontrol
2012-07-26 15:16:23 -05:00
e483af64e4
Random text
2012-07-26 15:14:02 -05:00
6c3b05f1c4
Add CVE-2012-2953 Symantec Web Gateway proxy_file() cmd exec bug
2012-07-26 13:11:05 -05:00
0bbcac96ea
cleanup: delete revision metadata plus fix disc date
2012-07-26 15:04:15 +02:00
e885b84347
Added module for CVE-2012-0284
2012-07-26 13:08:24 +02:00
3cb60fb42a
Fix 1.8-specific regexp syntax bug
...
The bug was:
line 343: warning: regexp has invalid interval
line 343: warning: regexp has '}' without escape
2012-07-26 02:19:13 -05:00
d2e1f4b448
Added module for OSVDB 83745
2012-07-25 19:24:09 +02:00
87aae548e6
Final cleanup
2012-07-24 13:11:04 -05:00
fc0683310e
Merge branch 'master' of https://github.com/morisson/metasploit-framework into morisson-master
2012-07-24 13:05:04 -05:00
dbc779e02d
implemented fixes requested by sinn3r
...
Implemented the fixes, and re-tested the modules
2012-07-24 11:02:49 +01:00
716028c907
Catch exceptions that are expected when a host isn't pingable.
2012-07-23 18:34:03 -05:00
bc176b4148
Merge branch 'pingsweep_fix' of https://github.com/darkoperator/metasploit-framework into darkoperator-pingsweep_fix
2012-07-23 17:37:01 -05:00
cdee09b5cd
Fixes in threading and for Java Meterpreter on OSX
2012-07-23 18:34:05 -04:00
397d708340
Added bulk file retrieval to sap_mgmt_con_getlogfiles, and new module to get SAP process list from remote host
...
* Added option to retrieve all available files from remote SAP host to
sap_mgmt_con_getlogfiles, based on the listing request provided in
sap_mgmt_con_listlogfiles module, if the variable GETALL is set to true.
Kept previous functionality of retrieving just one chosen file.
* Added new module sap_mgmt_con_getprocesslist to remotely list SAP
processes using SAP SOAP interface. Based on the other sap_mgmt_con_*
modules by Chris John Riley.
2012-07-23 16:26:33 +01:00
4efe84c609
Merge branch 'Fix_Threading' of https://github.com/darkoperator/metasploit-framework into darkoperator-Fix_Threading
2012-07-23 02:58:30 -05:00
3c7ad96b45
Changing a string concat from + to <<
2012-07-22 20:28:17 -04:00
6bb31280fb
Took/tested all egypt's comments, other than the Actions one
2012-07-22 20:02:12 -04:00
d3f9e8ce72
Merge branch 'nevdull77-sip-capture'
2012-07-22 03:36:21 -05:00
33ee6ee699
Merge branch 'sip-capture' of https://github.com/nevdull77/metasploit-framework into nevdull77-sip-capture
2012-07-22 03:36:13 -05:00
b527356e00
This check can be handy
2012-07-22 03:34:16 -05:00
5fd58eda71
Merge branch 'sws_connection_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sws_connection_bof
2012-07-22 03:29:33 -05:00
4042275421
Fixed threading and added verbose print for each attempt
2012-07-22 00:26:37 -04:00
2f85f57922
Fixed threading and added new SRV records to enumerate.
2012-07-22 00:12:32 -04:00
7fc9d57f89
Fixed the threading for the reverse DNS lookup and improvements when ran against a Java Meterpreter session.
2012-07-21 23:54:29 -04:00
2941755576
Fixed the threading for ARP Scanner and skipped making a note is OUI is not known
2012-07-21 23:38:41 -04:00
d148acdce3
added exploit for metasploit pcap_log prov-esc
2012-07-21 12:18:43 +01:00
2f66aa7c4f
Added module for OSVDB 83891
2012-07-21 12:14:29 +02:00
beb1fbb55d
Added module for Simple Web Server Connection header bof
2012-07-21 12:07:36 +02:00
cccd3754a4
Fix load order problem
...
[FIXRM #7151 ]
2012-07-20 15:58:57 -06:00
f4e4675dc5
Avoid unpack with native endian types
2012-07-20 22:07:12 +02:00
08f0f693b0
change sname in report_auth_info from sip_challenge to sip_client
2012-07-20 19:48:15 +02:00
5dc985c911
fix msftidy WARNING
2012-07-20 17:15:06 +02:00
3fc1c1db73
fix problem with report_auth_info that was passed invalid host and port params.
2012-07-20 17:07:42 +02:00
d494ed9bf7
add a function to sanitize source and dest ip's to avoid breaking JtR format.
2012-07-20 13:27:45 +02:00
b662881613
Enforce a check before firing the exploit
2012-07-19 16:43:52 -05:00
7ec5c0d6e0
change module to use Rex::Socket::Udp instead of Ruby's ::UDPSocket.
2012-07-19 20:34:02 +02:00
1c6ce20ad8
Merge branch 'sip-capture' of https://github.com/nevdull77/metasploit-framework into nevdull77-sip-capture
2012-07-19 10:51:57 -05:00
9c510a738e
Improve outputs
2012-07-19 10:50:58 -05:00
7cb12921d6
Don't print cli addr twice
2012-07-19 10:43:55 -05:00
c4bb224a75
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-07-19 10:43:02 -05:00
afd314701e
Improve outputs
2012-07-19 10:41:25 -05:00
37f14f76b7
Descriptions updated
2012-07-19 17:38:01 +02:00
3253929555
Fix indent
2012-07-19 10:21:30 -05:00
2bb36f5ef9
Remove repeating words
2012-07-19 10:17:05 -05:00
898530dd54
Fix description
2012-07-19 10:15:26 -05:00
2c648b1c5b
Merge branch 'zenworks_preboot_op6c_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6c_bof
2012-07-19 10:14:10 -05:00
8f867b5b0d
100 columns or each line in the description
2012-07-19 10:12:22 -05:00
d51209a3cf
Beautify
2012-07-19 15:53:47 +02:00
d69a46a9f0
Beautify
2012-07-19 15:53:09 +02:00
83b7b90c61
Added module for CVE-2011-3175
2012-07-19 15:30:51 +02:00
48f8145d97
Added module for CVE-2011-3176
2012-07-19 15:29:10 +02:00
9bff1c913b
Merge pull request #592 from alexmaloteaux/ipv6arpfix
...
ipv6 and arp_scanner fix
2012-07-18 20:40:27 -07:00
d238debb2f
Add disclo date, discoverers, and better description
2012-07-18 16:14:32 -06:00
ad4a4b2ae3
add module for capturing SIP authentication challenge and response pairs.
...
The module starts a fake SIP server listening for incoming REGISTER requests.
It then triggers an authentication request at the client and captures the
response for cracking in JtR or Cain.
2012-07-18 20:45:08 +02:00
ebe48ecf16
Add Rank for schelevator, update sock_sendpage's
2012-07-18 11:16:29 -06:00
981ba60fee
Fix exception handlings
...
Two things:
1. Make msftidy happy
2. Exception handling shouldn't be used to shut errors up.
2012-07-18 12:05:14 -05:00
464df4ed1d
Oraenum - added error handling
...
The oraenum module has errror handling to catch instances where the user used to run the checks doesn't have the appropriate rights, however in one place (The default password check) the error handling code isn't included. This patch just adds the same check for that code.
2012-07-18 09:22:22 +01:00
f4547527a8
Merge branch 'omg-post-exploits' of https://github.com/jlee-r7/metasploit-framework
2012-07-17 17:43:40 -05:00
b3e11f2e6b
Merge branch 'zenworks_preboot_op6_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6_bof
2012-07-17 17:42:58 -05:00
80bfd48535
Added module for ZDI-010-090 Opcode 0x6
2012-07-17 23:25:55 +02:00
0514756e92
Added module for ZDI-010-090 Opcode 0x21
2012-07-17 23:25:04 +02:00
78edf15a86
Improve module
2012-07-17 08:39:56 -05:00
dde2254f29
rename file
2012-07-17 08:36:02 -05:00
d5711efd26
Merge branch 'master' of https://github.com/j0hnf/metasploit-framework into j0hnf-master
2012-07-17 08:35:49 -05:00
fbe0cb7471
Merge branch 'post_win_gather_creds_gpp_pass' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-post_win_gather_creds_gpp_pass
2012-07-17 08:28:19 -05:00
6ac6e375a7
Changes according to hdm and sinn3r feedback
2012-07-17 12:02:24 +02:00
7c2ea2ff23
Merge branch 'mysql-capture' of https://github.com/nevdull77/metasploit-framework into nevdull77-mysql-capture
2012-07-17 12:01:19 +02:00
3def2afb46
Correct e-mail format
2012-07-17 04:24:54 -05:00
b3eb7b1358
Clean up unicode names
2012-07-17 00:46:28 -05:00
c887e0aaff
Re-add AFP changes due to mangled merge
2012-07-17 00:42:49 -05:00
f62e0b1cca
AFP fixes and JTR typo fix
2012-07-16 21:45:45 -05:00
bc2edeace2
Cleanup AFP module output
2012-07-16 21:02:40 -05:00
efe478f847
Merge branch 'master' into omg-post-exploits
2012-07-16 09:20:23 -06:00
88275620ab
removed JtR support due to bugs in cracking module.
2012-07-16 15:59:43 +02:00
25a78e6ab0
change so that both Cain and JTR hashes can be stored at the same time and
...
added username report_auth_info
2012-07-16 14:13:35 +02:00
4859e0809e
add missing username to john hash
2012-07-16 09:14:44 +02:00
8fef1479ed
Trim string fields at first null
2012-07-15 23:12:40 -05:00
a57e712630
Be less verbose
2012-07-15 22:19:12 -05:00
b133428bc1
Better error handling in two web app modules
2012-07-15 21:56:00 -05:00
10db74d480
Show the IP address in the output
2012-07-15 21:35:43 -05:00
7f3aeca501
Put lipstick on this pig for the time being
2012-07-15 21:35:29 -05:00
7091d1c65b
Add an exploit for sock_sendpage
...
Unfortunately, adds a dep on bionic for runtime compilation.
Gets ring0, sets the (res)uid to 0 and jumps to the payload. Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into. Single payloads work fine, though.
Also cleans up and improves local exploits' ability to compile C.
[SEERM #3038 ]
2012-07-15 20:29:48 -06:00
6c058d9a9a
Skip blank usernames (corner case)
2012-07-15 21:14:55 -05:00
44e56c87f1
Make super sure that blank creds are not reported
2012-07-15 20:56:31 -05:00
8889d89eea
msftidy cleanup
2012-07-16 02:07:45 +02:00
6331c33472
add MySQL password capturing module
...
This module provides a fake MySQL service that is designed to
capture authentication credentials. It captures challenge and
response pairs that can be supplied to Cain or JTR for
cracking.
2012-07-16 01:55:22 +02:00
8cf08c6ca3
Target W7 updated
2012-07-15 17:45:58 +02:00
e1ff6b0cef
Nicer cleanup
2012-07-14 17:57:32 -05:00
bdf009d7a8
Review of pull request #606
2012-07-15 00:20:12 +02:00
6cdd044e10
Remove a buggy payload that doesn't have NX support
2012-07-12 12:15:57 -05:00
2da984d700
Added module for OSVDB 83275
2012-07-12 13:12:31 +02:00
6c8ee443c8
datastore cleanup according to sinn3r
2012-07-12 09:31:22 +02:00
65d15df9f9
Merge branch 'jboss-revision' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-revision
2012-07-12 09:25:37 +02:00
fd009fe3ff
Improved smb_put reliability
...
The .write function was having issues with large files, the
connection would close or sometimes there would be errors.
I changed thefunction to act more like smb_relay and it works better.
2012-07-11 23:30:55 -04:00
b12f13f837
Review of Pull request #594
2012-07-12 00:46:24 +02:00
16cd847e5a
Merge branch 'mssql_review' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-mssql_review
2012-07-12 00:36:54 +02:00
a840ff8cf8
Review of pull request #598
2012-07-12 00:34:17 +02:00
f933d98d38
Review of #595
2012-07-12 00:19:27 +02:00
87f5002516
added datastore cleanup
2012-07-11 12:56:23 -04:00
0d38a7e45f
switched to Rex::Text.encode_base64()
2012-07-11 12:52:09 -04:00
c593a3429d
fixed a type bug with the default response
2012-07-11 02:23:37 -04:00
32fa8bdfcf
Fixed typo in Stefan's last name
2012-07-11 14:53:26 +10:00
61ec07a10c
additional targets, meterpreter, bugfixes
2012-07-10 13:33:28 -04:00
06974cbc43
This bug is now patched
2012-07-10 12:28:46 -05:00
81ba60169f
ipv6 and arp_scanner fix
2012-07-10 18:28:24 +01:00
4af75ff7ed
Added module for CVE-2011-4542
2012-07-10 18:40:18 +02:00
6f97b330e7
Merge branch 'LittleLightLittleFire-module-cve-2012-1723'
2012-07-10 00:50:31 -05:00
Chris John Riley
bcoles
jvazquez-r7
sinn3r
David Maloney
Tod Beardsley
Dhiru Kholia
dcbz
kernelsmith
Ramon de C Valle
James Lee
0a2940
HD Moore
Cristiano Maruti
nullbind
h0ng10
Rob Fuller
Ewerson Guimaraes (Crash)
Jonathan Claudius
webstersprodigy
saint patrick
Matt Andreko
Daniel Miller
RageLtMan
Erran Carey
Steve Tornio
Meatballs1
Bruno Morisson
Carlos Perez
Bruno Morisson
Patrik Karlsson
Rory McCune
LittleLightLittleFire
Alexandre Maloteaux