e4a570d36b
Update metadata according to OSVDB
2013-08-13 16:42:53 -05:00
2086c51b67
Add module for Joomla Upload Exploit in the wild
2013-08-13 16:27:27 -05:00
73e9bf9fa8
Merge branch 'bug/smart_migrate' of github.com:/dmaloney-r7/metasploit-framework into bug/smart_migrate
...
Conflicts:
modules/post/windows/manage/smart_migrate.rb
2013-08-13 13:56:01 -05:00
6be4d9e583
missing interpolation
2013-08-13 13:52:44 -05:00
31cbc270fd
Favor unless over if for negative condition
2013-08-13 08:46:12 -05:00
bc9a26d4ee
Fix condition
2013-08-12 23:05:26 -05:00
568181de84
Add sthetic spaces
2013-08-12 22:33:34 -05:00
6d70d4924e
Land #2206 , @PsychoSpy module for OSVDB 94097
2013-08-12 22:27:03 -05:00
7981601eb8
Do final cleanup on intrasrv_bof
2013-08-12 22:24:53 -05:00
ebd485349f
Retab smart_migrate.rb module
...
Retabs completely for PR #2212
2013-08-12 20:23:33 -05:00
2d3c2c1c87
Set default target to 0 because there's only one
2013-08-12 20:01:23 -05:00
c0335cee26
Land #2214 - CVE-2013-3928: Chasys Draw IES Buffer Overflow
2013-08-12 19:16:02 -05:00
7562324d96
Land #2210 - CVE-2013-5019: Ultra Mini HTTPD Stack Buffer Overflow
2013-08-12 19:13:58 -05:00
51d9c59dcd
Extra tabs, bye
2013-08-12 19:13:20 -05:00
db78ffcc46
...
2013-08-12 18:21:10 -04:00
49bcec5c92
Additional cleanup
2013-08-12 18:20:03 -04:00
b3f229ff59
Add module for CVE-2013-3928
2013-08-12 17:18:30 -05:00
7014322dfd
Code cleanup
2013-08-12 18:16:00 -04:00
264fe32705
Added new badchars
2013-08-12 18:08:49 -04:00
bbc93b2a58
msftidy
2013-08-12 15:14:01 -04:00
28f030494e
Use tcp mixin/clean corrupt bytes
2013-08-12 15:12:15 -04:00
4480dc3bec
Land #2213 , @todb-r7's deletion of deprecated modules
2013-08-12 11:36:24 -05:00
b1fc8308c1
Land #2211 , @bcoles exploit for CVE-201-2620
2013-08-12 11:23:20 -05:00
bfb5040dbf
Remove deprecated modules
...
These three modules are well over their deprecation dates. Making good
on that threat now.
* service_permissions: Marked for removal on 2013-01-10
* bypassuac: Marked for removal on 2013-01-04
* ms10_092_schelevator: Marked for removal on 2013-06-01
2013-08-12 11:21:45 -05:00
8ac01d3b8e
Fix description and make it aggressive
2013-08-12 11:19:25 -05:00
c9bd791ff6
fix smart_migrate choice order
...
was trying winlogon first
should do explorer first
2013-08-12 11:02:27 -05:00
7854c452d2
Added more payload padding
2013-08-12 11:10:10 -04:00
9f33a59dc2
Fix target ret
2013-08-12 11:04:55 -04:00
6f96445b42
Change target ret/cleanup
2013-08-12 10:13:48 -04:00
a35d548979
Use HttpClient
2013-08-12 10:01:01 -04:00
d63d7bc7da
Add Open-FTPD 1.2 Writable Directory Traversal Execution
2013-08-12 08:49:49 +09:30
896320ed42
fix typo
2013-08-11 16:48:43 -04:00
4b14fa53e0
tidy debugs
2013-08-11 16:39:41 -04:00
90ef224c46
Implement CVE-2012-5019
2013-08-11 16:33:40 -04:00
f2e5092fd5
Add module for ZDI-13-179
2013-08-10 18:44:33 -05:00
185ef2ecae
msftidy
2013-08-10 16:01:44 -04:00
6fe4e3dd0e
Added Intrasrv 1.0 BOF
2013-08-10 15:56:07 -04:00
5436ec7dd3
Title change for dlink_dir300_exec_telnet
...
Title change for dlink_dir300_exec_telnet. Also correct the email
format.
2013-08-09 15:41:50 -05:00
5128458c90
Land #2201 - Better check for ppr_flatten_rec
2013-08-09 14:44:23 -05:00
021c358159
Land #2203 - Fix regex for x64 detection
2013-08-09 13:23:38 -05:00
6c0b067d7c
Land #2163 , known secret session cookie for RoR
...
From @joernchen, leverages an infoleak to gain a shell on rails
applications. There is no patch, since you are expected to keep your
secrets, well, secret.
2013-08-09 12:30:37 -05:00
969b380d71
More explicit title, grammar check on description
2013-08-09 12:27:45 -05:00
13ea8aaaad
VALIDATE_COOKIE better grammar on fail message
2013-08-09 12:26:12 -05:00
94e7164b01
Allow user to choose to validate the cookie or not
2013-08-09 12:22:28 -05:00
376c37d4cc
Two more fixes, Arch and unneeded include.
2013-08-09 09:23:50 +02:00
7178633140
Fixed architecture detection in bypassuac modules
2013-08-09 03:42:02 +02:00
155c121cbb
More spacing between ends
2013-08-08 16:35:38 -05:00
f4fc0ef3fb
Moved classes into the Metasploit3 space
...
I'm just worried about all those naked classes just hanging around in
the top namespace. This shouldn't impact functionality at all.
While most modules don't define their own classes (this is usually the
job of Msf::Exploit and Rex), I can't think of a reason why you
shouldn't (well, aside from reusability). And yet, very rarely do
modules do it. It's not unknown, though -- the drda.rb capture module
defines a bunch of Constants, and the
post/windows/gather/credentials/bulletproof_ftp.rb module defines some
more interesting things.
So, this should be okay, as long as things are defined in the context of
the Metasploit module proper.
2013-08-08 16:22:34 -05:00
4e166f3da4
Adding more blank lines between methods
...
For readability
2013-08-08 16:20:38 -05:00
567873f3cc
Use normalize_uri a little better
2013-08-08 15:12:51 -05:00
4a609504e3
Land #2199 , @jlee-r7's exploit for CVE-2013-4211
2013-08-08 14:57:28 -05:00
06ebc686c4
Land #2194 , @CharlieEriksen exploit for CVE-2013-5036
2013-08-08 14:50:28 -05:00
40a61ec654
Do minor cleanup
2013-08-08 14:47:46 -05:00
318280fea7
Add 7/2k8 RTM versions
2013-08-08 20:02:14 +01:00
d64352652f
Adds unsupported Vista versions
2013-08-08 19:58:40 +01:00
08c32c250f
File versions
2013-08-08 19:42:14 +01:00
a03d71d60e
Land #2181 - More targets for hp_sys_mgmt_exec
...
Thanks mwulftange!
2013-08-08 13:35:33 -05:00
a73f87eaa5
No autodetect. Allow the user to manually select.
2013-08-08 13:34:25 -05:00
28b36ea29b
Removing a space at EOL I missed.
2013-08-08 14:30:53 -04:00
1c6e994fe8
Adding improvements based on Juan's feedback
2013-08-08 14:29:35 -04:00
080ca0b1b1
Use fail_with when failing instead of print_error
2013-08-08 13:12:39 -05:00
a7c80ebfc2
Land #2185 , @bmerinofe's post module for dns cache dumping
2013-08-08 12:49:37 -05:00
5d0e868701
Land #2192 after cleanup
2013-08-08 08:44:17 -05:00
74eeacf9f2
Fix regex
2013-08-08 08:40:45 -05:00
ca7c0defe1
No need to rescue if we're just re-raising
2013-08-07 17:36:07 -05:00
c808930f15
Add module for CVE-2013-4211, openx backdoor
2013-08-07 17:24:47 -05:00
3a24765585
Adding CVE ID
2013-08-07 18:11:43 -04:00
0f975da5f4
Update target info and something else...
2013-08-07 16:00:06 -05:00
d1beb313f6
Add module for 2013-1690
2013-08-07 15:36:54 -05:00
821673c4d2
Try to fix a little description
2013-08-07 10:26:39 -05:00
33ac0c5c3f
Make exploit more print friendly
2013-08-07 10:21:14 -05:00
32436973e4
Land #2192 , @m-1-k-3's exploit for OSVDB-89861
2013-08-07 10:16:49 -05:00
ae685ac41d
Beautify description
2013-08-07 09:52:29 -05:00
afb8a95f0a
Land #2179 , @m-1-k-3's exploit for OSVDB-92698
2013-08-07 09:00:41 -05:00
7412981138
Adding an OSVDB reference
2013-08-07 07:15:00 -04:00
36bab2fdfa
Adding a space between init and check
2013-08-06 16:14:21 -04:00
be683d5dc6
Fixing the TARGETURI variable, adding check
2013-08-06 16:13:44 -04:00
a745ec8fa6
Adding reference
2013-08-06 14:43:25 -04:00
cfd5f29220
Fixing the use of APIKEY, which is not needed
2013-08-06 14:10:48 -04:00
69a86b60e2
Added initial squash RCE exploit
2013-08-06 14:00:17 -04:00
2d69174c5b
Initial commit of the python meterpreter.
2013-08-05 23:38:49 -04:00
c73e417531
Merge pull request #2171 from frederic/master
...
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-08-05 18:31:41 -07:00
dd35495fb8
dir 300 and 600 auxiliary module replacement
2013-08-05 22:28:59 +02:00
786f16fc91
feedback included
2013-08-05 21:55:30 +02:00
9790181dd2
Land #2176 , @wchen-r7's fix for [TestRM #8272 ]
2013-08-05 13:10:25 -05:00
40f015f596
Avoid require race with powershell
2013-08-05 09:56:32 -05:00
8431eb7a79
Msftidy fixes, also use correct possessive plurals
...
http://englishplus.com/grammar/00000132.htm
2013-08-05 09:43:38 -05:00
bddcb33507
Update description for reverse_https_proxy
2013-08-05 09:35:14 -05:00
a885ff9bcc
Use consistent caps for 'PowerShell'
2013-08-05 09:33:49 -05:00
5ea67586c8
Rewrite description for MS13-005
...
The first part of the description was copy-pasted from
http://packetstormsecurity.com/files/122588/ms13_005_hwnd_broadcast.rb.txt
which contained some grammatical errors. Please try to avoid cribbing
other researchers' descriptions directly for Metasploit modules.
2013-08-05 09:29:29 -05:00
e7206af5b5
OSVDB and comment doc fixes
2013-08-05 09:08:17 -05:00
5ef1e507b8
Make msftidy happy with http_login
2013-08-05 08:41:07 -05:00
98c8c16803
Change offset values and hostname length
2013-08-05 12:29:54 +02:00
9955899d9a
Minor formal fixes
2013-08-04 08:03:02 +02:00
8be3f511a4
Fix undefined variable 'path' for http_login
2013-08-03 21:35:22 -05:00
3e6de5d2e9
added a post-exploitation module to dump the cache dns entries
2013-08-03 13:37:32 +02:00
8cc07cc571
Merge Linux and Windows exploit in multi platform exploit
2013-08-02 18:49:03 +02:00
a19afd163a
feedback included
2013-08-02 17:30:39 +02:00
10e9b97a88
Land #2180 - Accepting args for x64 osx exec payload
2013-08-02 00:45:09 -05:00
f927d1d7d3
Increase exploit reliability
...
From some limited testing, it appears that this exploit is
missing \x0d\x0a in the bad chars. If the generated payload / hunter
or egg contain that combination, it seems to cause reliability issues
and exploitation fails.
The home page for this software can be found at
http://www.leighb.com/intrasrv.htm
2013-08-02 09:06:20 +10:00
4a127c2ed2
Add hp_sys_mgmt_exec module for Linux and enhance module for Windows
...
The hp_sys_mgmt_exec module for Linux is a port of the Windows module with minor changes due to the requirement of quotes. It also uses Perl instead of PHP as PHP may not always be in the environment PATH. Although the Windows module works perfectly, it now uses the same technique to encode the command (thankfully, PHP adopted major syntax characteristics and functions from Perl).
2013-07-31 22:05:25 +02:00
592176137a
Rewrite osx x64 cmd payload to accept args.
...
[SeeRM #8260 ]
2013-07-31 08:50:28 -05:00
15906b76db
dir300 and 615 command injection
2013-07-31 14:36:51 +02:00
6b514bb44a
dir300 and 615 command injection telnet session
2013-07-31 14:34:03 +02:00
8c47f1df2d
We don't need this option anymore
2013-07-31 03:30:34 -05:00
af0046658b
Change the way file is stored
2013-07-31 03:28:24 -05:00
5e1def26aa
remove Axis M1011 fingerprint, may not be specific enough to be used automatically.
2013-07-30 09:54:33 +02:00
1b6f6b8bf0
Land #2168 again
...
Adding Dhiru's module back now that things are straight.
2013-07-29 22:10:25 -05:00
7e539332db
Reverting disaster merge to 593363c5f with diff
...
There was a disaster of a merge at 6f37cf22eb593363c5f9
2013-07-29 21:47:52 -05:00
63940d438e
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-07-30 01:56:10 +02:00
300781823d
Undo bad landing
...
This reverts commit e624ed18ad593363c5f9
2013-07-29 17:39:12 -05:00
438fbababd
Land #2158 , @kholia's post module to collect .ecryptfs info
2013-07-29 17:21:10 -05:00
b29d18d8b8
Merge branch 'ecryptfs-creds' of https://github.com/kholia/metasploit-framework
2013-07-29 16:41:41 -05:00
05be76ecb7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 16:41:22 -05:00
ab75d00f8a
Land #2169 - Description update
2013-07-29 14:24:57 -05:00
5efcbbd474
Land #2167 - PineApp Mail-SeCure livelog.html Exec
2013-07-29 13:18:18 -05:00
7967426db1
Land #2166 - PineApp Mail-SeCure ldapsyncnow.php EXEC
2013-07-29 13:16:42 -05:00
7801eadbc2
psh description
2013-07-29 19:14:12 +01:00
baa0b983c8
Land #2165 - PineApp Mail-SeCure test_li_connection.php CMD EXEC
2013-07-29 13:13:55 -05:00
8379225e9b
make msftidy happy (hopefully)
2013-07-29 23:42:29 +05:30
455569aee8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 12:10:12 -05:00
3a05993f16
Make msftidy happy and warn user about long times
2013-07-29 11:45:30 -05:00
0851974408
Land #2162 , @Meatballs1's exploit for ms13-005
2013-07-29 11:43:31 -05:00
37312f2aa9
Module, singular
2013-07-29 10:58:36 -05:00
11e9cca855
Spelling and description touch ups.
2013-07-29 10:57:19 -05:00
ac28dbe734
Minor typo fix
2013-07-28 19:44:44 +02:00
2de0a3e0f9
Add information gathering module for eCryptfs
2013-07-28 23:09:42 +05:30
a1d9ed300e
Add module for ZDI-13-184
2013-07-28 09:57:41 -05:00
8cdd163150
Module polishing, thanks @todb-r7.
...
Two test-apps (Rails 3/4) are available for this module. Ping me if you want to use them.
2013-07-28 13:52:27 +02:00
f4e35b62ac
Add module for ZDI-13-185
2013-07-27 12:12:06 -05:00
fab9d33092
Fix disclosure date
2013-07-27 12:10:21 -05:00
ac7bb1b07f
Add module for ZDI-13-188
2013-07-27 03:25:39 -05:00
234e49d982
Add type technique
2013-07-26 23:33:16 +01:00
805a9675a7
Modify the check for Integrity Level and Allow dropt o fs
2013-07-26 14:54:50 -05:00
7f3eccd644
Rails 3/4 RCE w/ token
2013-07-26 20:23:18 +02:00
12a58c730a
Small fix
2013-07-26 10:15:47 +01:00
6a13ed0371
Missing include
2013-07-26 03:18:17 +01:00
72b8891ba3
Check for low integrity
2013-07-26 03:16:45 +01:00
030640d5bc
back to cmd
2013-07-26 03:00:36 +01:00
d3f3e5d63e
Working with psh download
2013-07-26 02:29:55 +01:00
b99ad41a64
Add api constants and tidy
2013-07-26 01:48:39 +01:00
4a0b33241f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 18:41:50 -05:00
7b7603a5e7
Land #2104 - reverse_https_proxy
2013-07-25 17:26:56 -05:00
8dae114c7c
msftidy happiness
2013-07-25 17:25:36 -05:00
0235e6803d
Initial working
2013-07-25 23:24:11 +01:00
5014919198
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 09:02:20 -05:00
dff35c0820
Minor update to Target Selection. Refer to comments on #2128 .
2013-07-24 19:02:47 -04:00
d478df520f
Merge remote-tracking branch 'rapid7/master'
...
Starting fresh.
2013-07-24 18:31:53 -04:00
93a63081a5
Land #2151 , @jvazquez-r7's Struts pwnage
2013-07-24 16:49:06 -05:00
a70b346978
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 16:43:39 -05:00
7641aa3e63
Delete stop_service calls
2013-07-24 16:35:15 -05:00
95b0735695
Land #2150 , smb_enumshares SRVSVC null byte fix
2013-07-24 14:08:01 -05:00
e9a4f6d5da
Merge branch 'dll_fix' of https://github.com/Meatballs1/metasploit-framework
2013-07-24 14:00:52 -05:00
9d032760ac
changed description back
2013-07-24 11:51:06 -07:00
e89e2af9dc
changed to chomp
2013-07-24 11:09:00 -07:00
dbad1a5e4c
Clean up description
2013-07-24 12:02:33 -05:00
18dbdb828f
Land #2133 , @Meatballs1's exploit for PSH Web Delivery
2013-07-24 12:01:37 -05:00
f79d3f7591
Shorten cmd
2013-07-24 17:48:03 +01:00
47c21dfe85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 11:42:11 -05:00
8103baf21a
Update title
2013-07-24 17:29:23 +01:00
18ac83bec1
Final updates and tidy
2013-07-24 17:28:19 +01:00
8dd7a664b4
Give a chance to FileDropper too
2013-07-24 08:57:43 -05:00
04b9e3a3e6
Add module for CVE-2013-2251
2013-07-24 08:52:02 -05:00
3854d08dd9
Fixed smb_enumshares to support dir list in SRVSVC
2013-07-23 21:36:26 -07:00
b0c17fdebc
Land #2002 , @jlee-r7's patch for better handling uri resources
2013-07-23 15:49:21 -05:00
147d432b1d
Move from DLink to D-Link
2013-07-23 14:11:16 -05:00
e828517ed8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 17:10:45 -05:00
af1bd01b62
Change datastore options names for consistency
2013-07-22 16:57:32 -05:00
6055ae7ba5
Land #2132 , adding logging to hostname resolver
...
Also incidentally updated the description.
2013-07-22 15:19:47 -05:00
b4589c3c82
Expanding description
2013-07-22 15:19:30 -05:00
4367a9ae49
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 15:09:35 -05:00
70900cfe5e
Final cleanup for foreman_openstack_satellite_priv_esc
2013-07-22 14:59:23 -05:00
6346f80ff0
Land #2143 , @rcvalle's module for CVE-2013-2113
2013-07-22 14:58:07 -05:00
99a345f8d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 13:54:26 -05:00
5e55c506cd
Land #2140 , add CWS as a first-class reference.
2013-07-22 13:50:38 -05:00
b6c9fd4723
Add foreman_openstack_satellite_priv_esc.rb
...
This module exploits a mass assignment vulnerability in the 'create'
action of 'users' controller of Foreman and Red Hat OpenStack/Satellite
(Foreman 1.2.0-RC1 and earlier) by creating an arbitrary administrator
account.
2013-07-22 15:24:25 -03:00
aa159f12b7
changed options wording
2013-07-22 11:15:22 -07:00
57055ab754
added optional option
2013-07-22 11:13:29 -07:00
164153f1e6
Minor updates to titles and descriptions
2013-07-22 13:04:54 -05:00
77e8250349
Add support for CWE
2013-07-22 12:13:56 -05:00
0fdfe866a7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 12:07:44 -05:00
6158415bd3
Clean CWE reference, will ad in new pr
2013-07-22 12:03:55 -05:00
da4fda6cb1
Land #2110 , @rcvalle's exploit for Foreman Ruby Injection
2013-07-22 12:02:43 -05:00
8015938b9a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 11:20:12 -05:00
04e9398ddd
Fix CSRF regular expressions as per review
2013-07-22 13:10:56 -03:00
de6e2ef6f4
Final cleanup for dlink_upnp_exec_noauth
2013-07-22 10:53:09 -05:00
c1c72dea38
Land @2127, @m-1-k-3's exploit for DLink UPNP SOAP Injection
2013-07-22 10:52:13 -05:00
11ef4263a4
Remove call to handler as per review
2013-07-22 12:49:42 -03:00
15b0e39617
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-21 13:47:40 -05:00
e7e712fa01
EOL fix
2013-07-20 19:54:05 -05:00
ab515fb66d
Add the file format version of CVE-2013-1017
2013-07-20 19:50:09 -05:00
fe405d2187
Tidyup info
2013-07-19 23:50:59 +01:00
6fab3f6308
Add powershell cmdline
2013-07-19 23:24:54 +01:00
4beea52449
Use instance variables
2013-07-19 14:46:17 -05:00
d1fdcfff91
Initial commit
2013-07-19 19:33:55 +01:00
6bcdd37223
logged resolve_hostname to db
2013-07-19 11:14:14 -07:00
6761f95892
Change print_error/ret to fail_with as per review
2013-07-19 12:19:29 -03:00
f16ed32848
Added '2003 R2 SP2' to target selection
2013-07-19 09:57:09 -04:00
e93eef4534
fixing server header check
2013-07-19 08:00:02 +02:00
f26b60a082
functions and some tweaking
2013-07-19 07:57:27 +02:00
bdfad076b4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 15:43:58 -05:00
cb108a8253
Add module for ZDI-13-147
2013-07-18 15:37:11 -05:00
6885ef8aa4
Land #2123 , mutiny_frontend_upload code cleanup
2013-07-18 14:38:03 -05:00
a1a6aac229
Delete debug code from mutiny_frontend_upload
2013-07-18 14:03:19 -05:00
efb8591a49
Update apple_quicktime_rdrf references
2013-07-18 13:57:31 -05:00
1a5e0e10a5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 13:53:57 -05:00
a2ea5dd472
Land #2119 - Accept args for osx exec payload
2013-07-18 13:37:48 -05:00
b64d0429ac
Format fix
...
Just to make this more pleasing to the eyes
2013-07-18 13:36:31 -05:00
b90e1d54e2
Land #2117 - HP Managed Printing Administration jobAcct Command Exec
2013-07-18 13:21:11 -05:00
280529f885
Make some changes to the description
2013-07-18 13:20:36 -05:00
52079c960f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 12:52:42 -05:00
cd2e352971
Kill extra whitespace.
2013-07-18 11:30:54 -05:00
b94cde1d65
Name change for pyoor
2013-07-18 10:50:25 -05:00
104edd8e93
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 10:38:53 -05:00
c7ffe96f15
Land #2115 , module title disambiguation
2013-07-18 10:37:00 -05:00
3780b1b59f
Add module for ZDI-11-352
2013-07-18 09:39:55 -05:00
766a8d5817
Shellwords! Now you can use exec to get you a perl shell
2013-07-17 21:16:04 -05:00
9c1228067c
Change to += syntax.
2013-07-17 21:11:24 -05:00
bf023f261a
Delete comma
2013-07-17 20:46:03 -05:00
7ee4855345
Fix msftidy and delete duplicate stack adjustment
2013-07-17 20:45:54 -05:00
ab088712ba
Removes unnecessary copy-to-stack. Fixes arg-order issue.
...
* Now I simply point to the string in instruction-memory, which saves a few bytes.
2013-07-17 20:27:20 -05:00
5ab81e7e37
Convert to readable asm. Adds support for arguments.
...
* shellcode appears to do an unnecessary copy-to-stack, so will look into
improving that.
2013-07-17 19:20:47 -05:00
6713fb1609
Fix typos
2013-07-17 18:06:40 -05:00
3ac2ae6098
Disambiguate the module title from existing psexec
2013-07-17 17:11:56 -05:00
458ac5f289
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-17 15:02:33 -05:00
9ae7c80b15
Add more targets plus some other corrections
2013-07-17 14:43:41 -05:00
c85b994c07
Add CVE-2013-1017: Apple Quicktime Invalid Atom Length BoF
...
This module exploits a vulnerability found in Apple Quicktime. The
flaw is triggered when Quicktime fails to properly handle the data
length for certain atoms such as 'rdrf' or 'dref' in the Alis record,
which may result a buffer overflow by loading a specially crafted .mov
file, and allows arbitrary code execution under the context of the user.
2013-07-17 13:45:05 -05:00
c7361043ae
up to date
2013-07-17 11:47:06 -05:00
11f8b351c0
Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework
2013-07-17 11:44:42 -05:00
f3bb0ec1ee
moved table <<
2013-07-17 02:53:24 +03:00
73fd14a500
Fix [SeeRM #8239 ] NoMethodError undefined method
2013-07-16 15:59:52 -05:00
8fd6dd50de
Check session and CSRF variables as per review
2013-07-16 14:30:55 -03:00
dc51c8a3a6
Change URIPATH option to TARGETURI as per review
2013-07-16 14:27:47 -03:00
c0e594eb6a
removed unnecessary begin-end
2013-07-16 20:09:21 +03:00
3dbe8fab2c
Add foreman_openstack_satellite_code_exec.rb
...
This module exploits a code injection vulnerability in the 'create'
action of 'bookmarks' controller of Foreman and Red Hat
OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
2013-07-16 12:07:31 -03:00
9985ea3c3a
Enumerates Windows Prefetch files through meterpreter session
2013-07-16 14:18:54 +03:00
e13f4f5b4e
Minor fix
2013-07-16 13:46:42 +03:00
ef82308e07
Working versio
2013-07-16 12:45:03 +03:00
b32597620d
Finally working.
2013-07-16 04:07:28 +03:00
5f3d3a3956
still buggy
2013-07-16 01:05:08 +03:00
4c56d8eba3
Still buggy
2013-07-15 23:55:24 +03:00
315874a882
Minor fixes
2013-07-15 23:19:17 +03:00
5d767fe319
Minor mods
2013-07-15 19:34:44 +03:00
26f28ae47e
Minor cleaup
2013-07-15 17:51:55 +03:00
3a8856ae7f
Apply review to spip_connect_exec
2013-07-15 09:44:05 -05:00
bc44d42888
Move module to unix/webapps
2013-07-15 09:43:28 -05:00
e28dd42992
add http authentification and socks
2013-07-15 15:36:58 +01:00
19b11cd6e2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-15 08:23:38 -05:00
2349ee7276
Working version
2013-07-15 16:07:45 +03:00
4801aab4c4
loot.txt broken
2013-07-15 15:38:42 +03:00
4265141a11
minor modifications
2013-07-15 13:15:39 +03:00
f594c4b128
small cleanup
2013-07-15 08:48:18 +02:00
393c1b2a99
session stuff
2013-07-15 07:57:30 +02:00
90107b82e1
Minor mods
2013-07-15 00:19:32 +03:00
a6b48f3082
HTTP GET
2013-07-14 19:02:53 +02:00
6956003949
Everything working on this version.
2013-07-14 17:24:27 +03:00
9f65264af4
make msftidy happy
2013-07-14 15:45:14 +02:00
47ca4fd48f
session now working
2013-07-14 15:42:41 +02:00
52f9daf8c5
Renamed prefetch_tool to enum_prefetch
2013-07-14 15:33:54 +03:00
6539b4e507
Working
2013-07-14 15:30:54 +03:00
9133dbac4a
some feedback included and some playing
2013-07-14 14:14:06 +02:00
b77ba64e88
Fixed WinXP registry timezone key
2013-07-14 13:53:18 +03:00
398d5070b2
Fixed WinXP registry timezone key
2013-07-14 06:18:25 +03:00
43740d7626
Minor edits
2013-07-14 04:55:57 +03:00
742615f3a1
Working
2013-07-14 04:50:13 +03:00
1f27a2b7bd
Working version
2013-07-14 04:32:20 +03:00
ae60abd05b
Minor changes
2013-07-13 20:19:01 +03:00
45d49cdfe5
Time conversion broken, otherwise works.
2013-07-13 20:03:08 +03:00
f48c70d468
enable tor and small fix
2013-07-13 17:59:49 +01:00
1f10d1ca05
Done. Needs final cleanup and rewrite.
2013-07-13 13:24:08 +03:00
94f8b1d177
Land #2073 , psexec_psh
2013-07-12 16:14:17 -05:00
f81369a10d
Don't make promises about AV detection
2013-07-12 16:13:02 -05:00
bc88732400
Prints don't need to be rescued
2013-07-12 15:56:04 -05:00
e8983a21c5
New meterpreter payload reverse_https_proxy
2013-07-12 16:45:16 -04:00
84f30b2379
Works. Needs just FILETIME converter
2013-07-12 23:31:52 +03:00
ce8f3d2a62
Tested on XP and Win7. Works, needs just Filetime convert
2013-07-12 23:29:54 +03:00
5692cde57a
Initial transfer
2013-07-12 21:19:44 +03:00
e2f6218104
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-12 08:38:08 -05:00
529471ed53
Land #2081 - MediaCoder .M3U Buffer Overflow
2013-07-11 23:57:43 -05:00
1341d6ec6b
Remove extra commas and try to keep a line in 100 columns
2013-07-11 23:54:54 -05:00
d9f212320f
Land #2094 , @wchen-r7's changes for smb_enumshares
2013-07-11 18:38:19 -05:00
279787d942
Make this error less verbose too
2013-07-11 17:36:11 -05:00
0906345af4
Ah, typo
2013-07-11 16:53:39 -05:00
eb1905025d
I bet having ip:rport will make more sense
2013-07-11 16:45:52 -05:00
937642762f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-11 15:20:33 -05:00
0a9c1bcfff
Too verbose by default drives users nuts, go easy on that.
2013-07-11 13:41:22 -05:00
55dbfc9281
shares_info should only run if there's shares found
2013-07-11 13:36:26 -05:00
14b3e6440c
Check nil
2013-07-11 13:31:30 -05:00
1cf65623d6
Small desc update
2013-07-11 13:20:39 -05:00
d9107d2bd9
Add module for CVE-2013-3248
2013-07-11 12:30:08 -05:00
ca0880428f
Make sure module is awre of USE_SRVSVC_ONLY if that kicks in
2013-07-11 11:08:09 -05:00
a6ce629c3c
Capture a 0xC00000BB condition, plus some other fixes
2013-07-11 10:52:58 -05:00
4d120f49ba
added exploit module for PHP inj in SPIP CMS
2013-07-11 17:28:31 +02:00
3e229fe236
[SeeRM:#1233] - Upgrade smb_enumshares to show directories & files
...
[SeeRM:#1233] - This is an upgrade based on ringt's code in PR #2017 .
As a pentester, it's useful to obtain additional information such as
device type, access rights, folders, and files, etc when doing a share
enumeration. I have also enhanced exception handling to avoid shutting
errors up, which is better for debugging purposes.
2013-07-11 00:06:25 -05:00
b8ce98b896
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-10 14:04:46 -05:00
8ade33552c
Land #2085 , use the new network_interface gem.
2013-07-10 13:15:01 -05:00
16c9effcb4
make msftidy happy
2013-07-11 00:32:32 +07:00
8de88cbd05
change target from win7 sp1 to win7 sp0, fix description
2013-07-11 00:14:30 +07:00
4a3dc2e365
Print all the creds! All your base belong to me.
...
After a short discussion with Tod, we think it's best to print the
creds by default. If some dude runs Metasploit in a public place,
dumps passwords, and gets shoulder surfed, well, sucks for them :-p
2013-07-09 19:56:44 -05:00
c343a59e1b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-09 17:48:27 -05:00
jvazquez-r7
David Maloney
Tab Assassin
sinn3r
Nathan Einwechter
Tod Beardsley
bcoles
joernchen of Phenoelit
Sagi Shahar
Meatballs
Charlie Eriksen
James Lee
root
Spencer McIntyre
HD Moore
m-1-k-3
bmerinofe
Markus Wulftange
Ruslaideemin
Joe Vennix
Frederic Basse
Dhiru Kholia
Sean Verity
William Vu
Rich Lundeen
Ramon de C Valle
jiuweigui
Alexandre Maloteaux
corelanc0d3r
Davy Douhine
modpr0be