4a127c2ed2
Add hp_sys_mgmt_exec module for Linux and enhance module for Windows
...
The hp_sys_mgmt_exec module for Linux is a port of the Windows module with minor changes due to the requirement of quotes. It also uses Perl instead of PHP as PHP may not always be in the environment PATH. Although the Windows module works perfectly, it now uses the same technique to encode the command (thankfully, PHP adopted major syntax characteristics and functions from Perl).
2013-07-31 22:05:25 +02:00
592176137a
Rewrite osx x64 cmd payload to accept args.
...
[SeeRM #8260 ]
2013-07-31 08:50:28 -05:00
15906b76db
dir300 and 615 command injection
2013-07-31 14:36:51 +02:00
6b514bb44a
dir300 and 615 command injection telnet session
2013-07-31 14:34:03 +02:00
8c47f1df2d
We don't need this option anymore
2013-07-31 03:30:34 -05:00
af0046658b
Change the way file is stored
2013-07-31 03:28:24 -05:00
5e1def26aa
remove Axis M1011 fingerprint, may not be specific enough to be used automatically.
2013-07-30 09:54:33 +02:00
1b6f6b8bf0
Land #2168 again
...
Adding Dhiru's module back now that things are straight.
2013-07-29 22:10:25 -05:00
7e539332db
Reverting disaster merge to 593363c5f with diff
...
There was a disaster of a merge at 6f37cf22eb593363c5f9
2013-07-29 21:47:52 -05:00
63940d438e
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-07-30 01:56:10 +02:00
300781823d
Undo bad landing
...
This reverts commit e624ed18ad593363c5f9
2013-07-29 17:39:12 -05:00
438fbababd
Land #2158 , @kholia's post module to collect .ecryptfs info
2013-07-29 17:21:10 -05:00
b29d18d8b8
Merge branch 'ecryptfs-creds' of https://github.com/kholia/metasploit-framework
2013-07-29 16:41:41 -05:00
05be76ecb7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 16:41:22 -05:00
ab75d00f8a
Land #2169 - Description update
2013-07-29 14:24:57 -05:00
5efcbbd474
Land #2167 - PineApp Mail-SeCure livelog.html Exec
2013-07-29 13:18:18 -05:00
7967426db1
Land #2166 - PineApp Mail-SeCure ldapsyncnow.php EXEC
2013-07-29 13:16:42 -05:00
7801eadbc2
psh description
2013-07-29 19:14:12 +01:00
baa0b983c8
Land #2165 - PineApp Mail-SeCure test_li_connection.php CMD EXEC
2013-07-29 13:13:55 -05:00
8379225e9b
make msftidy happy (hopefully)
2013-07-29 23:42:29 +05:30
455569aee8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 12:10:12 -05:00
3a05993f16
Make msftidy happy and warn user about long times
2013-07-29 11:45:30 -05:00
0851974408
Land #2162 , @Meatballs1's exploit for ms13-005
2013-07-29 11:43:31 -05:00
37312f2aa9
Module, singular
2013-07-29 10:58:36 -05:00
11e9cca855
Spelling and description touch ups.
2013-07-29 10:57:19 -05:00
ac28dbe734
Minor typo fix
2013-07-28 19:44:44 +02:00
2de0a3e0f9
Add information gathering module for eCryptfs
2013-07-28 23:09:42 +05:30
a1d9ed300e
Add module for ZDI-13-184
2013-07-28 09:57:41 -05:00
8cdd163150
Module polishing, thanks @todb-r7.
...
Two test-apps (Rails 3/4) are available for this module. Ping me if you want to use them.
2013-07-28 13:52:27 +02:00
f4e35b62ac
Add module for ZDI-13-185
2013-07-27 12:12:06 -05:00
fab9d33092
Fix disclosure date
2013-07-27 12:10:21 -05:00
ac7bb1b07f
Add module for ZDI-13-188
2013-07-27 03:25:39 -05:00
234e49d982
Add type technique
2013-07-26 23:33:16 +01:00
805a9675a7
Modify the check for Integrity Level and Allow dropt o fs
2013-07-26 14:54:50 -05:00
7f3eccd644
Rails 3/4 RCE w/ token
2013-07-26 20:23:18 +02:00
12a58c730a
Small fix
2013-07-26 10:15:47 +01:00
6a13ed0371
Missing include
2013-07-26 03:18:17 +01:00
72b8891ba3
Check for low integrity
2013-07-26 03:16:45 +01:00
030640d5bc
back to cmd
2013-07-26 03:00:36 +01:00
d3f3e5d63e
Working with psh download
2013-07-26 02:29:55 +01:00
b99ad41a64
Add api constants and tidy
2013-07-26 01:48:39 +01:00
4a0b33241f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 18:41:50 -05:00
7b7603a5e7
Land #2104 - reverse_https_proxy
2013-07-25 17:26:56 -05:00
8dae114c7c
msftidy happiness
2013-07-25 17:25:36 -05:00
0235e6803d
Initial working
2013-07-25 23:24:11 +01:00
5014919198
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 09:02:20 -05:00
dff35c0820
Minor update to Target Selection. Refer to comments on #2128 .
2013-07-24 19:02:47 -04:00
d478df520f
Merge remote-tracking branch 'rapid7/master'
...
Starting fresh.
2013-07-24 18:31:53 -04:00
93a63081a5
Land #2151 , @jvazquez-r7's Struts pwnage
2013-07-24 16:49:06 -05:00
a70b346978
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 16:43:39 -05:00
7641aa3e63
Delete stop_service calls
2013-07-24 16:35:15 -05:00
95b0735695
Land #2150 , smb_enumshares SRVSVC null byte fix
2013-07-24 14:08:01 -05:00
e9a4f6d5da
Merge branch 'dll_fix' of https://github.com/Meatballs1/metasploit-framework
2013-07-24 14:00:52 -05:00
9d032760ac
changed description back
2013-07-24 11:51:06 -07:00
e89e2af9dc
changed to chomp
2013-07-24 11:09:00 -07:00
dbad1a5e4c
Clean up description
2013-07-24 12:02:33 -05:00
18dbdb828f
Land #2133 , @Meatballs1's exploit for PSH Web Delivery
2013-07-24 12:01:37 -05:00
f79d3f7591
Shorten cmd
2013-07-24 17:48:03 +01:00
47c21dfe85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 11:42:11 -05:00
8103baf21a
Update title
2013-07-24 17:29:23 +01:00
18ac83bec1
Final updates and tidy
2013-07-24 17:28:19 +01:00
8dd7a664b4
Give a chance to FileDropper too
2013-07-24 08:57:43 -05:00
04b9e3a3e6
Add module for CVE-2013-2251
2013-07-24 08:52:02 -05:00
3854d08dd9
Fixed smb_enumshares to support dir list in SRVSVC
2013-07-23 21:36:26 -07:00
b0c17fdebc
Land #2002 , @jlee-r7's patch for better handling uri resources
2013-07-23 15:49:21 -05:00
147d432b1d
Move from DLink to D-Link
2013-07-23 14:11:16 -05:00
e828517ed8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 17:10:45 -05:00
af1bd01b62
Change datastore options names for consistency
2013-07-22 16:57:32 -05:00
6055ae7ba5
Land #2132 , adding logging to hostname resolver
...
Also incidentally updated the description.
2013-07-22 15:19:47 -05:00
b4589c3c82
Expanding description
2013-07-22 15:19:30 -05:00
4367a9ae49
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 15:09:35 -05:00
70900cfe5e
Final cleanup for foreman_openstack_satellite_priv_esc
2013-07-22 14:59:23 -05:00
6346f80ff0
Land #2143 , @rcvalle's module for CVE-2013-2113
2013-07-22 14:58:07 -05:00
99a345f8d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 13:54:26 -05:00
5e55c506cd
Land #2140 , add CWS as a first-class reference.
2013-07-22 13:50:38 -05:00
b6c9fd4723
Add foreman_openstack_satellite_priv_esc.rb
...
This module exploits a mass assignment vulnerability in the 'create'
action of 'users' controller of Foreman and Red Hat OpenStack/Satellite
(Foreman 1.2.0-RC1 and earlier) by creating an arbitrary administrator
account.
2013-07-22 15:24:25 -03:00
aa159f12b7
changed options wording
2013-07-22 11:15:22 -07:00
57055ab754
added optional option
2013-07-22 11:13:29 -07:00
164153f1e6
Minor updates to titles and descriptions
2013-07-22 13:04:54 -05:00
77e8250349
Add support for CWE
2013-07-22 12:13:56 -05:00
0fdfe866a7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 12:07:44 -05:00
6158415bd3
Clean CWE reference, will ad in new pr
2013-07-22 12:03:55 -05:00
da4fda6cb1
Land #2110 , @rcvalle's exploit for Foreman Ruby Injection
2013-07-22 12:02:43 -05:00
8015938b9a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 11:20:12 -05:00
04e9398ddd
Fix CSRF regular expressions as per review
2013-07-22 13:10:56 -03:00
de6e2ef6f4
Final cleanup for dlink_upnp_exec_noauth
2013-07-22 10:53:09 -05:00
c1c72dea38
Land @2127, @m-1-k-3's exploit for DLink UPNP SOAP Injection
2013-07-22 10:52:13 -05:00
11ef4263a4
Remove call to handler as per review
2013-07-22 12:49:42 -03:00
15b0e39617
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-21 13:47:40 -05:00
e7e712fa01
EOL fix
2013-07-20 19:54:05 -05:00
ab515fb66d
Add the file format version of CVE-2013-1017
2013-07-20 19:50:09 -05:00
fe405d2187
Tidyup info
2013-07-19 23:50:59 +01:00
6fab3f6308
Add powershell cmdline
2013-07-19 23:24:54 +01:00
4beea52449
Use instance variables
2013-07-19 14:46:17 -05:00
d1fdcfff91
Initial commit
2013-07-19 19:33:55 +01:00
6bcdd37223
logged resolve_hostname to db
2013-07-19 11:14:14 -07:00
6761f95892
Change print_error/ret to fail_with as per review
2013-07-19 12:19:29 -03:00
f16ed32848
Added '2003 R2 SP2' to target selection
2013-07-19 09:57:09 -04:00
e93eef4534
fixing server header check
2013-07-19 08:00:02 +02:00
f26b60a082
functions and some tweaking
2013-07-19 07:57:27 +02:00
bdfad076b4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 15:43:58 -05:00
cb108a8253
Add module for ZDI-13-147
2013-07-18 15:37:11 -05:00
6885ef8aa4
Land #2123 , mutiny_frontend_upload code cleanup
2013-07-18 14:38:03 -05:00
a1a6aac229
Delete debug code from mutiny_frontend_upload
2013-07-18 14:03:19 -05:00
efb8591a49
Update apple_quicktime_rdrf references
2013-07-18 13:57:31 -05:00
1a5e0e10a5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 13:53:57 -05:00
a2ea5dd472
Land #2119 - Accept args for osx exec payload
2013-07-18 13:37:48 -05:00
b64d0429ac
Format fix
...
Just to make this more pleasing to the eyes
2013-07-18 13:36:31 -05:00
b90e1d54e2
Land #2117 - HP Managed Printing Administration jobAcct Command Exec
2013-07-18 13:21:11 -05:00
280529f885
Make some changes to the description
2013-07-18 13:20:36 -05:00
52079c960f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 12:52:42 -05:00
cd2e352971
Kill extra whitespace.
2013-07-18 11:30:54 -05:00
b94cde1d65
Name change for pyoor
2013-07-18 10:50:25 -05:00
104edd8e93
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 10:38:53 -05:00
c7ffe96f15
Land #2115 , module title disambiguation
2013-07-18 10:37:00 -05:00
3780b1b59f
Add module for ZDI-11-352
2013-07-18 09:39:55 -05:00
766a8d5817
Shellwords! Now you can use exec to get you a perl shell
2013-07-17 21:16:04 -05:00
9c1228067c
Change to += syntax.
2013-07-17 21:11:24 -05:00
bf023f261a
Delete comma
2013-07-17 20:46:03 -05:00
7ee4855345
Fix msftidy and delete duplicate stack adjustment
2013-07-17 20:45:54 -05:00
ab088712ba
Removes unnecessary copy-to-stack. Fixes arg-order issue.
...
* Now I simply point to the string in instruction-memory, which saves a few bytes.
2013-07-17 20:27:20 -05:00
5ab81e7e37
Convert to readable asm. Adds support for arguments.
...
* shellcode appears to do an unnecessary copy-to-stack, so will look into
improving that.
2013-07-17 19:20:47 -05:00
6713fb1609
Fix typos
2013-07-17 18:06:40 -05:00
3ac2ae6098
Disambiguate the module title from existing psexec
2013-07-17 17:11:56 -05:00
458ac5f289
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-17 15:02:33 -05:00
9ae7c80b15
Add more targets plus some other corrections
2013-07-17 14:43:41 -05:00
c85b994c07
Add CVE-2013-1017: Apple Quicktime Invalid Atom Length BoF
...
This module exploits a vulnerability found in Apple Quicktime. The
flaw is triggered when Quicktime fails to properly handle the data
length for certain atoms such as 'rdrf' or 'dref' in the Alis record,
which may result a buffer overflow by loading a specially crafted .mov
file, and allows arbitrary code execution under the context of the user.
2013-07-17 13:45:05 -05:00
c7361043ae
up to date
2013-07-17 11:47:06 -05:00
11f8b351c0
Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework
2013-07-17 11:44:42 -05:00
f3bb0ec1ee
moved table <<
2013-07-17 02:53:24 +03:00
73fd14a500
Fix [SeeRM #8239 ] NoMethodError undefined method
2013-07-16 15:59:52 -05:00
8fd6dd50de
Check session and CSRF variables as per review
2013-07-16 14:30:55 -03:00
dc51c8a3a6
Change URIPATH option to TARGETURI as per review
2013-07-16 14:27:47 -03:00
c0e594eb6a
removed unnecessary begin-end
2013-07-16 20:09:21 +03:00
3dbe8fab2c
Add foreman_openstack_satellite_code_exec.rb
...
This module exploits a code injection vulnerability in the 'create'
action of 'bookmarks' controller of Foreman and Red Hat
OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
2013-07-16 12:07:31 -03:00
9985ea3c3a
Enumerates Windows Prefetch files through meterpreter session
2013-07-16 14:18:54 +03:00
e13f4f5b4e
Minor fix
2013-07-16 13:46:42 +03:00
ef82308e07
Working versio
2013-07-16 12:45:03 +03:00
b32597620d
Finally working.
2013-07-16 04:07:28 +03:00
5f3d3a3956
still buggy
2013-07-16 01:05:08 +03:00
4c56d8eba3
Still buggy
2013-07-15 23:55:24 +03:00
315874a882
Minor fixes
2013-07-15 23:19:17 +03:00
5d767fe319
Minor mods
2013-07-15 19:34:44 +03:00
26f28ae47e
Minor cleaup
2013-07-15 17:51:55 +03:00
3a8856ae7f
Apply review to spip_connect_exec
2013-07-15 09:44:05 -05:00
bc44d42888
Move module to unix/webapps
2013-07-15 09:43:28 -05:00
e28dd42992
add http authentification and socks
2013-07-15 15:36:58 +01:00
19b11cd6e2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-15 08:23:38 -05:00
2349ee7276
Working version
2013-07-15 16:07:45 +03:00
4801aab4c4
loot.txt broken
2013-07-15 15:38:42 +03:00
4265141a11
minor modifications
2013-07-15 13:15:39 +03:00
f594c4b128
small cleanup
2013-07-15 08:48:18 +02:00
393c1b2a99
session stuff
2013-07-15 07:57:30 +02:00
90107b82e1
Minor mods
2013-07-15 00:19:32 +03:00
a6b48f3082
HTTP GET
2013-07-14 19:02:53 +02:00
6956003949
Everything working on this version.
2013-07-14 17:24:27 +03:00
9f65264af4
make msftidy happy
2013-07-14 15:45:14 +02:00
47ca4fd48f
session now working
2013-07-14 15:42:41 +02:00
52f9daf8c5
Renamed prefetch_tool to enum_prefetch
2013-07-14 15:33:54 +03:00
6539b4e507
Working
2013-07-14 15:30:54 +03:00
9133dbac4a
some feedback included and some playing
2013-07-14 14:14:06 +02:00
b77ba64e88
Fixed WinXP registry timezone key
2013-07-14 13:53:18 +03:00
398d5070b2
Fixed WinXP registry timezone key
2013-07-14 06:18:25 +03:00
43740d7626
Minor edits
2013-07-14 04:55:57 +03:00
742615f3a1
Working
2013-07-14 04:50:13 +03:00
1f27a2b7bd
Working version
2013-07-14 04:32:20 +03:00
ae60abd05b
Minor changes
2013-07-13 20:19:01 +03:00
45d49cdfe5
Time conversion broken, otherwise works.
2013-07-13 20:03:08 +03:00
f48c70d468
enable tor and small fix
2013-07-13 17:59:49 +01:00
1f10d1ca05
Done. Needs final cleanup and rewrite.
2013-07-13 13:24:08 +03:00
94f8b1d177
Land #2073 , psexec_psh
2013-07-12 16:14:17 -05:00
f81369a10d
Don't make promises about AV detection
2013-07-12 16:13:02 -05:00
bc88732400
Prints don't need to be rescued
2013-07-12 15:56:04 -05:00
e8983a21c5
New meterpreter payload reverse_https_proxy
2013-07-12 16:45:16 -04:00
84f30b2379
Works. Needs just FILETIME converter
2013-07-12 23:31:52 +03:00
ce8f3d2a62
Tested on XP and Win7. Works, needs just Filetime convert
2013-07-12 23:29:54 +03:00
5692cde57a
Initial transfer
2013-07-12 21:19:44 +03:00
e2f6218104
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-12 08:38:08 -05:00
529471ed53
Land #2081 - MediaCoder .M3U Buffer Overflow
2013-07-11 23:57:43 -05:00
1341d6ec6b
Remove extra commas and try to keep a line in 100 columns
2013-07-11 23:54:54 -05:00
d9f212320f
Land #2094 , @wchen-r7's changes for smb_enumshares
2013-07-11 18:38:19 -05:00
279787d942
Make this error less verbose too
2013-07-11 17:36:11 -05:00
0906345af4
Ah, typo
2013-07-11 16:53:39 -05:00
eb1905025d
I bet having ip:rport will make more sense
2013-07-11 16:45:52 -05:00
937642762f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-11 15:20:33 -05:00
0a9c1bcfff
Too verbose by default drives users nuts, go easy on that.
2013-07-11 13:41:22 -05:00
55dbfc9281
shares_info should only run if there's shares found
2013-07-11 13:36:26 -05:00
14b3e6440c
Check nil
2013-07-11 13:31:30 -05:00
1cf65623d6
Small desc update
2013-07-11 13:20:39 -05:00
d9107d2bd9
Add module for CVE-2013-3248
2013-07-11 12:30:08 -05:00
ca0880428f
Make sure module is awre of USE_SRVSVC_ONLY if that kicks in
2013-07-11 11:08:09 -05:00
a6ce629c3c
Capture a 0xC00000BB condition, plus some other fixes
2013-07-11 10:52:58 -05:00
4d120f49ba
added exploit module for PHP inj in SPIP CMS
2013-07-11 17:28:31 +02:00
3e229fe236
[SeeRM:#1233] - Upgrade smb_enumshares to show directories & files
...
[SeeRM:#1233] - This is an upgrade based on ringt's code in PR #2017 .
As a pentester, it's useful to obtain additional information such as
device type, access rights, folders, and files, etc when doing a share
enumeration. I have also enhanced exception handling to avoid shutting
errors up, which is better for debugging purposes.
2013-07-11 00:06:25 -05:00
b8ce98b896
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-10 14:04:46 -05:00
8ade33552c
Land #2085 , use the new network_interface gem.
2013-07-10 13:15:01 -05:00
16c9effcb4
make msftidy happy
2013-07-11 00:32:32 +07:00
8de88cbd05
change target from win7 sp1 to win7 sp0, fix description
2013-07-11 00:14:30 +07:00
4a3dc2e365
Print all the creds! All your base belong to me.
...
After a short discussion with Tod, we think it's best to print the
creds by default. If some dude runs Metasploit in a public place,
dumps passwords, and gets shoulder surfed, well, sucks for them :-p
2013-07-09 19:56:44 -05:00
c343a59e1b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-09 17:48:27 -05:00
d3433a017b
Print hash too
2013-07-09 16:39:24 -05:00
234624793c
Add module for CVE-2013-1814
2013-07-09 14:03:35 -05:00
49c70911be
dlink upnp command injection
2013-07-09 13:24:12 +02:00
5c93fb2849
arp_sweep is once again working
...
modified the capture mixin to use NetworkInteface instead of
pcaprub for interfaces and addresses
FIXRM #8023,#7943
2013-07-08 17:24:28 -05:00
64b2f3f7a0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-08 16:55:39 -05:00
8d7396d60a
Minor description changes on new modules
2013-07-08 16:24:40 -05:00
6a9a9ac20a
Merge branch 'module-mediacoder-m3u' of https://github.com/modpr0be/metasploit-framework
2013-07-08 15:53:36 -05:00
8ab8eb8e59
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-08 15:52:31 -05:00
b2a18c37ee
add dll references for rop
2013-07-09 03:20:05 +07:00
3f874f504c
Use metadata
2013-07-08 09:25:02 -05:00
512dd7d15a
Update title
2013-07-08 09:11:31 -05:00
c60aeaa202
Add module for CVE-2013-3482
2013-07-08 09:11:10 -05:00
ed6d88a28b
credit to mona.py for rop
2013-07-07 18:07:05 +07:00
ecb2667401
remove seh mixin and fix the rop nop address
2013-07-06 23:08:51 +07:00
6dec81cbdf
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-06 10:38:19 -05:00
b2e7f61814
Fix path build on total_commander
2013-07-06 10:15:30 -05:00
df7209f28a
Land #2067 , @wchen-r7's fix for total_commander
2013-07-06 10:14:44 -05:00
fc5e5a5aad
Fixup description
2013-07-06 09:29:32 +01:00
22601e6cc7
Exit process when complete
2013-07-06 09:27:27 +01:00
39f0359fa4
Land #2061 , @wchen-r7's fix to make bitcoin_jacker use post mixins
2013-07-06 00:14:14 -05:00
23d2bfc915
add more author
2013-07-06 11:52:16 +07:00
b8354d3d6c
Added MediaCoder exploit module
2013-07-06 11:07:11 +07:00
0e84886bce
Spawn 32bit process
2013-07-05 22:56:21 +01:00
2bfe8b3b29
msftidy
2013-07-05 22:35:22 +01:00
5dc2492b20
Renamed module
2013-07-05 22:32:15 +01:00
0ce3fe2e7c
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
2013-07-05 22:25:04 +01:00
66c2b79177
Initial commit
2013-07-05 19:48:27 +01:00
ca4e11c112
Use check_other more
2013-07-05 12:38:38 -05:00
98f49758af
Don't need this line
2013-07-05 12:34:26 -05:00
d3000c0066
These funcs want 'filename'
2013-07-05 12:29:16 -05:00
353db0884d
Use expand_path from Msf::Post::File
2013-07-05 12:26:59 -05:00
18e5831ca8
Don't use begin/rescue to shut errors up and call it "file not found"
2013-07-05 12:22:05 -05:00
dc90904e50
Avoid misleading error
2013-07-05 12:12:30 -05:00
c859129339
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-05 12:06:05 -05:00
bcf6d11442
Land #2049 , @wchen-r7's had_pid? method work
2013-07-05 11:19:11 -05:00
7f645807f6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-05 10:25:41 -05:00
ad94f434ab
Avoid a fix address for the final userland payload
2013-07-05 10:21:11 -05:00
9b7567cd0f
Land #2071 , @wchen-r7's patch to use the Msf::Post::Windows::Process mixin
2013-07-05 10:19:56 -05:00
6477c6995d
Merge branch 'enum_db_no_method' of https://github.com/wchen-r7/metasploit-framework
2013-07-05 09:35:34 -05:00
9ed6b5c0b9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-05 09:35:24 -05:00
a7d110367a
Land #2064 , @wchen-r7's fix for access uninitialized variable on enum_services
2013-07-05 09:30:23 -05:00
4c57c83cb8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-05 09:14:23 -05:00
b9dd3df05f
Land #2068 , @wchen-r7's fix to initialize variables on windows_autologin module
2013-07-05 09:09:17 -05:00
a4f90ffadd
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-05 09:01:30 -05:00
4ed6a4d8d1
Land #2062 , @wchen-r7's fix to avoid redundant check
2013-07-05 08:51:05 -05:00
1ad4482ce2
Land #2069 , @wchen-r7's patch to print info when using store_loot
2013-07-05 08:35:57 -05:00
c459b0e937
Land #2045 , @wchen-r7's fix for memory_grep module
2013-07-05 08:16:47 -05:00
9a31885b8f
Merge branch 'memory_grep_fixes' of https://github.com/wchen-r7/metasploit-framework
2013-07-05 07:59:06 -05:00
e96a5d0237
Fixed a "NameError uninitialized constant" error.
...
On startup of msfconsole, the following error occurred:
modules/exploits/freebsd/local/mmap.rb: NameError uninitialized constant Msf::Post::Common
The addition of a corresponding 'require' line removed that error.
Signed-off-by: Thorsten Fischer <thorsten@froschi.org>
2013-07-05 11:56:15 +02:00
2a32b59c88
Forgot to change var 'filename'
2013-07-05 01:37:35 -05:00
84050241f0
Fix target ID
2013-07-05 01:25:08 -05:00
1352731062
Make heap grep optional
2013-07-05 00:57:25 -05:00
c4485b127c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-04 19:43:38 -05:00
7b05872153
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-04 10:10:07 -05:00
8772cfa998
Add support for PLESK on php_cgi_arg_injection
2013-07-04 08:24:25 -05:00
479664b5aa
Remove redundant file
2013-07-04 12:07:14 +01:00
cd159960e1
Tidy
2013-07-04 12:02:32 +01:00
9c1a43a417
Check payload arch
2013-07-04 11:46:34 +01:00
83bc32abb4
Remove Exploit::Exe
2013-07-04 11:01:01 +01:00
7d6a78bf1f
Remove report aux
2013-07-04 10:36:32 +01:00
555140b85a
Add warning for persist
2013-07-04 10:30:03 +01:00
44cdc0a1c8
Move options to lib
2013-07-04 10:25:37 +01:00
1368c1c27f
Move options to lib
2013-07-04 10:25:08 +01:00
8590720890
Use fail_with
2013-07-04 10:21:24 +01:00
3eab7107b8
Remove opt supplied by lib
2013-07-04 10:16:03 +01:00
7d273b2c8b
Refactor to psexec lib
2013-07-04 10:11:13 +01:00
1569a15856
Msf license
2013-07-04 10:08:29 +01:00
052c23b980
Add missing require
2013-07-04 09:58:48 +01:00
6fa60be76f
Merge branch 'psexec_psh' of https://github.com/sempervictus/metasploit-framework into psexec_psh
2013-07-04 09:42:18 +01:00
a52d38f359
Land #2052 - Fix regex
2013-07-03 16:55:07 -05:00
226f4dd8cc
Use execute_shellcode for novell_client_nicm.rb
2013-07-03 13:57:41 -05:00
f9cfba9021
Use execute_shellcode for novell_client_nwfs.rb
2013-07-03 13:55:50 -05:00
6e44cb56bf
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-03 12:44:47 -05:00
6cb53583b7
Make msftidy happy
2013-07-03 12:42:37 -05:00
61c85b10d3
Add final cleanup for #2012
2013-07-03 12:41:12 -05:00
4a076e0351
Land #2012 , @morisson improve for sap_router_portscanner
2013-07-03 12:39:59 -05:00
ff49cc1c4f
[SeeRM:#8135] - Be able to show where store_loot saves a file
...
If you don't print where store_loot saves the file, it can be a
pain in the butt to find it sometimes.
2013-07-03 12:29:01 -05:00
70c472fb7e
[FixRM:#8134] - Handle registry_getvaldata return value properly
...
registry_getvaldata can return nil, can't always assume it's
gonna throw a string.
2013-07-03 12:23:14 -05:00
c37884c6c7
Land #2066 , use Rex instead of Base64
2013-07-03 12:21:06 -05:00
f3f3a8239e
Land #2043 , @ricardojba exploit for InstantCMS
2013-07-03 12:11:30 -05:00
1064c050de
[FixRM:#8132] - Fix undefined method '+' in total_commander.rb
...
The return value of registry_getvaldata can return nil when a
RequestError occurs, so you can't always assume it's gonna throw
you a string.
2013-07-03 12:10:23 -05:00
27653b661f
[FixRM:#8131] & [FixRM:#8133] - Fix Base64 func usage
...
Instead of using Base64, these modules should use Rex.
2013-07-03 12:06:12 -05:00
2f77e8626f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-03 11:56:25 -05:00
7ef5695867
[FixRM:#8129] - Remove invalid metasploit.com references
...
These "metasploit.com" references aren't related to the vulns,
shouldn't be in them.
2013-07-03 11:52:10 -05:00
c40a605495
[FixRM:#8129] - Fix undefined method error in enum_services.rb
...
srv_conf may not have the 'Startup' key because it's only assigned
in service_info() when srvstart is 4, therefore it's possible to
cause an undefined method 'downcase' error.
2013-07-03 11:44:28 -05:00
534858a23b
[FixRM:#8128] - Potential undefined method 'include' for nil
...
A lot of return values aren't checked, may result in undefined method X
bugs. The same type of issue is all over the place.
2013-07-03 11:40:24 -05:00
c07e65d16e
Improve and clean instantcms_exec
2013-07-03 11:37:57 -05:00
6198409e71
[FixRM:#8127] - Remove junk code that checks ARTIFACTS again
...
ARTIFACTS uses OptPath, which already checks the path. We don't need
to do this again.
2013-07-03 11:33:25 -05:00
944761a1dc
[FixRM:#8126] - Use functions from Msf::Post::File
...
Some functions already exist in Msf::Post::File, should use them.
2013-07-03 11:30:05 -05:00
864f4e9d37
post/local_admin_search_enum~Regex fails,module 2
...
If the regex fails then the entire moudle would too
2013-07-03 00:43:08 +01:00
2a6056fd2a
exploits/s4u_persistence~Fixed typos+default values
2013-07-03 00:38:50 +01:00
a74f706bdb
These modules should check PID before using it
2013-07-02 14:48:04 -05:00
dd876008f9
Update instantcms_exec.rb
2013-07-02 17:26:14 +01:00
4ac5261802
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-02 11:20:26 -05:00
76a9abfd4e
Fix last print_ message format
2013-07-02 11:17:16 -05:00
e9441f540e
Land #2048 , @todb-r7 fix for print_* messages on the ipmi work
2013-07-02 11:16:11 -05:00
2ceb404f7d
Land #2047 , @hmoore-r7 ipmi related work
2013-07-02 11:13:25 -05:00
2fbea86884
IPMI scanners should mention IPMI in their messages
2013-07-02 10:44:42 -05:00
d668a20820
Use rport instead of datastore['RPORT']
2013-07-02 10:29:25 -05:00
1d87530e67
Add some verbosity on IPMI version scanning
2013-07-02 10:25:40 -05:00
146d1eb27d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-02 10:06:00 -05:00
1110aefe49
Land #2038 , @modpr0be exploit for ABBS Audio Media Player
2013-07-01 23:20:50 -05:00
2e5398470b
remove additional junk, tested and not needed
2013-07-02 09:23:42 +07:00
6815eef8f4
Fix multiple issues with memory_grep
...
This fixes the following:
[FixRM:#8118] - Allows the module to be able to enumerate from
multiple processes with the same name.
[FixRM:#8120] - Allows the module to be able to actually read data
from the heap.
2013-07-01 18:57:00 -05:00
72f19181d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-01 16:38:19 -05:00
1865e6c19d
Fix requrires for enable_support_account
2013-07-01 16:22:39 -05:00
dafa333e57
Update instantcms_exec.rb
2013-07-01 22:03:37 +01:00
be1a0d3cae
Land #2041 , title and description cleanup
2013-07-01 15:55:13 -05:00
bc24f99f8d
Various description and title updates
2013-07-01 15:37:37 -05:00
1c6657ee86
Land #2034 , @wchen-r7's patch for memory_grep
2013-07-01 13:34:57 -05:00
9b8bfa6290
change last junk from rand_text_alpha_upper to rand_text
2013-07-01 23:49:19 +07:00
c631778a38
make a nice way to fill the rest of buffer
2013-07-01 23:39:08 +07:00
760133d878
Error on line 60
2013-07-01 12:04:03 -04:00
dbce1b36e5
Land #2036 - CVE-2013-3660
...
Thx Tavis, Keebie4e, and Meatballs
2013-07-01 10:55:51 -05:00
4cd08966ff
added InstantCMS 1.6 PHP Code Injection
2013-07-01 11:44:47 -04:00
478beee38b
remove unnecessary option and make msftidy happy
2013-07-01 18:51:47 +07:00
f16d097c00
clean version, tested on winxp sp3 and win7 sp1
2013-07-01 18:35:50 +07:00
f58f481399
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-30 22:36:46 -05:00
43c4f07e06
Use "unless"
...
Guidelines favor "unless".
2013-06-30 18:32:15 -05:00
62b62f4e9d
Fix bad hash detection
2013-06-30 15:57:47 -05:00
cca071ff55
Rework to reduce open fds, remove bugs, handle null user
2013-06-30 15:32:33 -05:00
e0ae71e874
minor fixing in the exploit module description
2013-07-01 03:27:06 +07:00
007fddb6bf
remove SEH function, not needed
2013-07-01 03:13:20 +07:00
1e4b69ab03
Added abbs amp exploit module
2013-07-01 03:08:22 +07:00
6b3178a67b
Fix EOL spaces
2013-06-30 14:38:30 -05:00
ad4f15daed
Switch to UDPScanner mixin, trim this down, add reporting
2013-06-30 14:36:51 -05:00
0ff1cd24a9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-30 10:03:30 -05:00
867eed7957
Make msftidy happy
2013-06-30 10:01:40 -05:00
db00599d44
Move carberp_backdoor_exec to unix webapp exploits foler
2013-06-30 10:00:14 -05:00
79fb381412
Landing #2035 , @bwall exploit for carberp control panel
2013-06-30 09:58:47 -05:00
8e4dd29a4c
Add cipher zero scanner
2013-06-30 02:35:37 -05:00
520a78e2c8
Add final cleanup for enable_support_account
2013-06-29 23:30:29 -05:00
df88ace6d1
Land #1989 , @salcho's post module for enable windows support account
2013-06-29 23:29:16 -05:00
1e21f0e2aa
Updated output formats, top 1000 passwords
2013-06-29 22:01:25 -05:00
6e7945ca5e
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-29 16:24:45 -05:00
8717a3b7d8
using post mixins, fixed checks, module renamed
2013-06-29 15:44:36 -05:00
00bf9070aa
using post mixins, fixed checks, module renamed
2013-06-29 15:41:36 -05:00
d990c7f21f
Dat line
2013-06-29 09:46:36 -07:00
ec7c9b039a
Further refactoring requested
2013-06-29 09:45:22 -07:00
a2b8daf149
Modify fail message when exploitation doen't success
2013-06-29 10:45:13 -05:00
a5c3f4ca9b
Modify ruby code according to comments
2013-06-29 08:54:00 -05:00
8542342ff6
Merge branch 'carberp_backdoor_exec' of git@github.com:bwall/metasploit-framework.git into carberp_backdoor_exec
2013-06-28 22:45:03 -07:00
b8cada9ab0
Applied some refactoring to decrease line count
2013-06-28 22:44:23 -07:00
427e26c4dc
Fix current_pid
2013-06-28 21:36:49 -05:00
32ae7ec2fa
Fix error description and bad variable usage
2013-06-28 21:30:33 -05:00
fb67002df9
Switch from print_error to print_warning
2013-06-28 21:29:20 -05:00
3ab948209b
Fix module according to @wchen-r7 feedback
2013-06-28 20:44:42 -05:00
00416f3430
Add a new print_status
2013-06-28 18:23:49 -05:00
7725937461
Add Module for cve-2013-3660
2013-06-28 18:18:21 -05:00
9486364cc4
Added Steven K's email
2013-06-28 15:31:17 -07:00
82eed1582f
No need for the 2nd element
2013-06-28 17:05:43 -05:00
fe0e16183c
Carberp backdoor eval PoC
2013-06-28 14:47:13 -07:00
a7ee95381b
Updates module description, and uses the proper func for hex dump
...
As an user, it's important to know that using this module may result
a lost session because it must migrate to grep memory, but does not
migrate back.
The module also has its own hex dump routine, which is no longer
needed because we have a built-in Rex::Text.to_hex_dump
2013-06-28 16:28:00 -05:00
f158e421fa
Add requires for pptp_tunnel
2013-06-28 10:07:52 -05:00
3c1af8217b
Land #2011 , @matthiaskaiser's exploit for cve-2013-2460
2013-06-26 14:35:22 -05:00
81a2d9d1d5
Merge branch 'module_java_jre17_provider_skeleton' of https://github.com/matthiaskaiser/metasploit-framework
2013-06-26 14:32:59 -05:00
90b30dc317
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-26 14:31:52 -05:00
e4fb5b327f
Land #2028 , update references for multiple modules
2013-06-26 10:18:27 -05:00
6ea622c45e
reference updates
2013-06-26 09:44:56 -05:00
8d914a5a00
Land #2026 , @egypt's patch for write_file on freebsd
2013-06-26 08:25:02 -05:00
88a42aeffe
Land #2021 - Add SMTP open relay detection
2013-06-25 22:14:30 -05:00
7009748cf5
Fix module
2013-06-25 22:09:45 -05:00
7ab4d4dcc4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 17:34:29 -05:00
3e929fb812
Use fixed `write_file` instead of re-implementing
2013-06-25 17:25:14 -05:00
2da278f151
fixed indent
2013-06-25 23:08:58 +01:00
7ba54e2ece
IIS requires a hello first
2013-06-25 15:43:58 -05:00
5c265c99d2
Clean jboss_seam_exec @cmaruti's collab
2013-06-25 14:09:30 -05:00
45a3e004c6
Land #1993 , @cmaruti changes for jboss_seam_exec
2013-06-25 14:07:10 -05:00
5b71013dde
reference updates
2013-06-25 13:41:22 -05:00
4fa789791d
Explain Ranking
2013-06-25 13:10:15 -05:00
127300c62d
Fix also ruby module
2013-06-25 12:59:42 -05:00
1ade467ac9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 11:10:43 -05:00
b32513b1b8
Fix CVE-2013-2171 with @jlee-r7 feedback
2013-06-25 10:40:55 -05:00
c829a7ec86
SMTP Open Relay scanner
2013-06-25 16:22:51 +01:00
3244013b1f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:48:20 -05:00
c9a7372f9f
Land #2014 , @wchen-r7's exploit for CVE-2013-2171
2013-06-25 09:33:56 -05:00
0c306260be
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:13:01 -05:00
d6374ddfff
Land #2020 , CVE and OSVDB update
2013-06-25 08:17:54 -05:00
55ea0cb3bd
Land #2019 , correct module naming style
2013-06-25 08:17:33 -05:00
4df943d1a2
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
ecfe083b0e
Correct module naming style
...
I was just looking at these modules on the web gui, and these names
need to be fixed to maintain style consistency.
2013-06-25 00:26:53 -05:00
795dd6a02a
Add module for OSVDB 93718
2013-06-24 23:51:28 -05:00
e9fccb8dbd
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-24 22:07:48 -05:00
72847ee4c9
Land #2007 - Add local privilege escalation for ZPanel zsudo
2013-06-24 19:25:27 -05:00
ca8ce363b8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-24 16:32:55 -05:00
d974e395e4
Add a check by checking uname
2013-06-24 15:54:41 -05:00
6b8e0605c0
Use FileDropper
2013-06-24 15:48:54 -05:00
be20a76be1
Remove 'Hash' string from the written output
2013-06-24 15:45:09 -05:00
24b7d19ecc
Fix target regex and wfsdelay
2013-06-24 14:56:43 -05:00
1801a5a270
Better HP iLO compatibility (retry on session ID error)
2013-06-24 14:23:53 -05:00
b86b4d955a
Make random strings also length random
2013-06-24 12:01:30 -05:00
98fddb6ce1
up to date
2013-06-24 11:57:11 -05:00
6780566a54
Add CVE-2013-2171: FreeBSD 9 Address Space Manipulation Module
2013-06-24 11:50:21 -05:00
f7650a4b18
Fix wrong local variable
2013-06-24 11:35:26 -05:00
b3d90c68a4
Land #2008 - More OSVDB refs
2013-06-24 01:53:29 -05:00
8a96b7f9f2
added Java7u21 RCE module
...
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
593a99d76e
ipmi version scanner: fix probe method name
2013-06-24 01:38:17 -04:00
31fcb911f2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-23 21:41:10 -05:00
a920127f8c
reference updates for several modules
2013-06-23 20:43:34 -05:00
5b0092ff39
Land #2006 - Ref updates
2013-06-23 18:26:48 -05:00
Markus Wulftange
Joe Vennix
m-1-k-3
sinn3r
Frederic Basse
Dhiru Kholia
Tod Beardsley
jvazquez-r7
Meatballs
joernchen of Phenoelit
Sean Verity
William Vu
Rich Lundeen
Ramon de C Valle
root
jiuweigui
Alexandre Maloteaux
James Lee
corelanc0d3r
Davy Douhine
modpr0be
lsanchez-r7
Thorsten Fischer
g0tmi1k
Ricardo Almeida
HD Moore
salcho
Brian Wallace
(B)rian (Wall)ace
Steve Tornio
Bruno Morisson
zyx2k
Matthias Kaiser
RageLtMan