9b79bb99e0
Add references, correct disclosure date
2013-10-04 09:59:26 -05:00
ab786d1466
Imply authentication when a password is set
2013-10-04 09:54:04 -05:00
0112d6253c
add gestio ip module
2013-10-04 06:39:30 -07:00
db11e88255
Land #2321 , @juushya's aux module for Sentry CDU enumeration
2013-10-04 08:35:54 -05:00
81d4a8b8c1
added clipbucket_upload_exec RCE
2013-10-04 11:43:38 +07:00
646429b4dd
Put ready to pull request
2013-10-03 22:15:17 -05:00
5971fe87f5
Improve reliability
2013-10-03 17:19:53 -05:00
39eb20e33a
Add module for ZDI-13-169
2013-10-03 16:52:20 -05:00
8059c59f15
Land #2452 - Ignore unexpected DNS answers
2013-10-03 15:54:22 -05:00
c87e7b3cc1
Land #2451 - Don't overwrite default timeout on get_once
2013-10-03 15:44:40 -05:00
539a22a49e
Typo on Microsoft
2013-10-03 12:20:47 -05:00
fcba424308
Kill off EOL spaces on astium_sqli_upload.
2013-10-03 11:01:27 -05:00
1fe0c50df0
Ignore unexpected answers
2013-10-02 20:41:02 -05:00
0db93111de
Land #2445 , @todb-r7's new tab warning for msftidy
2013-10-02 17:19:12 -05:00
773abf0567
Pow, tab assassinated.
2013-10-02 17:16:38 -05:00
77d0236b4e
Don't overwrite defaul timeout
2013-10-02 16:15:14 -05:00
23b0c3b723
Add Metasploit blog references
...
These modules have blogs from the Rapid7 community, we should add them.
2013-10-01 20:50:16 -05:00
932ed0a939
Land #2444 - Add SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Vuln
2013-10-01 20:35:17 -05:00
ed82be6fd8
Use RopDB
2013-10-01 13:23:09 -05:00
6483c5526a
Add module for OSVDB 93696
2013-10-01 11:42:36 -05:00
9abf727fa6
Land #2439 - Update description
2013-09-30 16:03:15 -05:00
7118f7dc4c
Land #2422 - rm methods peer & rport
...
Because they're already defined in the HttpClient mixin
2013-09-30 16:01:59 -05:00
3cfee5a7c0
Land #2440 , remaining tabassassin changes
2013-09-30 14:30:50 -05:00
6c8f86883d
Land #2437 , @wchen-r7's exploit for CVE-2013-3893
2013-09-30 14:02:29 -05:00
2e8d19edcf
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
4dc88cf60f
Expand descriptions for ease of use.
2013-09-30 13:30:31 -05:00
c82ed33a95
Forgot Math.cos()
2013-09-30 13:29:16 -05:00
d6cd0e5c67
Tweak for office 2007 setup
2013-09-30 13:27:59 -05:00
ecf4e923e8
Change the target address for spray 1
2013-09-30 11:57:59 -05:00
9ada96ac51
Fix sqlmap accidental codepoint
...
See http://www.ruby-doc.org/core-1.9.3/String.html#method-i-3C-3C
Apparently, String#<< uses Integer#chr, not Integer#to_s. News to me.
Fixed originally by @TsCl in PR #2435 , but fixing seperately in order to
avoid screwing up his downstream tracking. Note, this isn't a merge, so
using Closes tag on the commit message.
[Closes #2435 ]
2013-09-30 11:23:17 -05:00
b9aae1c93c
Higher address seems better
2013-09-29 18:45:30 -05:00
a5ade93ab2
Add CVE-2013-3893 Internet Explorer SetMouseCapture Use-After-Free
...
This module exploits a use-after-free vulnerability that currents
targets Internet Explorer 9 on Windows 7, but the flaw should exist in
versions 6/7/8/9/10/11. It was initially found in the wild in Japan, but
other regions such as English, Chinese, Korean, etc, were targeted as
well.
The vulnerability is due to how the mshtml!CDoc::SetMouseCapture function
handles a reference during an event. An attacker first can setup two
elements, where the second is the child of the first, and then setup a
onlosecapture event handler for the parent element. The onlosecapture
event seems to require two setCapture() calls to trigger, one for the parent
element, one for the child. When the setCapture() call for the child element
is called, it finally triggers the event, which allows the attacker to cause
an arbitrary memory release using document.write(), which in particular frees
up a 0x54-byte memory. The exact size of this memory may differ based on the
version of IE. After the free, an invalid reference will still be kept and pass
on to more functions, eventuall this arrives in function
MSHTML!CTreeNode::GetInterface, and causes a crash (or arbitrary code execution)
when this function attempts to use this reference to call what appears to be a
PrivateQueryInterface due to the offset (0x00).
To mimic the same exploit found in the wild, this module will try to use the
same DLL from Microsoft Office 2007 or 2010 to leverage the attack.
2013-09-29 18:24:13 -05:00
b306415ecf
Tidy and updates to info
2013-09-29 17:32:39 +01:00
29a7059eb4
Update AlwaysInstallElevated to use a generated MSI file
...
Fixes bugs with MSI::UAC option, invalid logic and typo...
2013-09-29 17:09:03 +01:00
7cc2ad55a6
Land #1770 , unattend.xml snarfing modules
2013-09-27 16:04:38 -05:00
63d638888d
Get rid of interior tabs
2013-09-27 16:04:03 -05:00
d869b1bb70
Unless, unless everywhere.
2013-09-27 15:55:57 -05:00
ae655e42d2
Touchups: boolean check, unless, and TODO comment
2013-09-27 15:54:03 -05:00
37e4d58f4a
Call CSV text/plain so it can be viewed normally
...
Otherwise, things parsing through the loot table will treat it as binary
data, and not display it in a normal texty way, even though it's totally
readable with just a little squinting.
2013-09-27 15:48:48 -05:00
5e77dccd48
Add a ref to an example unattend.xml
2013-09-27 15:45:57 -05:00
58600b6475
Land #2423 , @TecR0c's exploit for OSVDB 96517
2013-09-27 09:48:52 -05:00
6381bbfd39
Clean up freeftpd_pass
2013-09-27 09:47:39 -05:00
b02a2b9ce0
Added crash info and basic tidy up
2013-09-27 17:05:42 +10:00
7dbc3f4f87
changed seh address to work on freeFTPd 1.0.10 and below
2013-09-27 12:37:52 +10:00
5fc98481a7
changed seh address to work on freeFTPd 1.0.10 and below
2013-09-27 12:35:03 +10:00
a6e1bc61ec
updated version in exploit freeFTPd 1.0.10
2013-09-27 11:27:51 +10:00
3a3f1c0d05
updated requested comments for freeFTPd 1.0.10
2013-09-27 11:13:28 +10:00
813bd2c9a5
Land #2379 , @xistence's exploit for OSVDB 88860
2013-09-26 13:52:15 -05:00
acb2a3490c
Land #2419 , nodejs_js_yaml_load_code_exec info
2013-09-26 12:55:48 -05:00
8696b5d2dc
Fix bug on missing hosts for SunRPC Portmap
...
Also cleans up and normalizes the print messages to follow the
conventions of "host:port - proto - message"
[FixRM #8409 ], reported by Chris F.
2013-09-26 09:42:38 -05:00
b618c40ceb
Fix English
2013-09-26 09:00:41 -05:00
0339c3ef48
added freeFTPd 1.0.10 (PASS Command)
2013-09-26 20:37:23 +10:00
c2ff5accee
stability fixes to astium_sqli_upload
2013-09-26 10:23:33 +07:00
09fa7b7692
remove rport methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:50:34 +02:00
84ec2cbf11
remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:42:44 +02:00
58d4096e0f
Resolv conflicts on #2267
2013-09-25 13:06:14 -05:00
ff610dc752
Add vulnerability discoverer as author
2013-09-25 12:45:54 -05:00
5c88ad41a8
Beautify nodejs_js_yaml_load_code_exec metadata
2013-09-25 12:44:34 -05:00
34b829abef
bugfix
2013-09-25 09:15:07 +02:00
99e46d2cdb
Merge branch 'master' into cve-2013-4660_js_yaml_code_exec
...
Conflicts:
modules/exploits/multi/handler.rb
2013-09-25 00:32:56 -05:00
cd98c4654d
Remove unecessary print from #generate in payloads.
2013-09-25 00:12:28 -05:00
d91cb85a31
Not actually a typo
...
Turns out, the object name is "CCaret," though we're talking about the
"caret." Confuz0ring!
2013-09-24 15:55:52 -05:00
ac1388368f
Typo in module name
2013-09-24 15:50:58 -05:00
a50ab1ddd3
Land #2409 , @xistence exploit for ZeroShell
2013-09-24 15:32:55 -05:00
6c2063c9c0
Do not get a session on every execute_command call
2013-09-24 15:31:40 -05:00
79ca123051
Use snake_case
2013-09-24 15:16:51 -05:00
34b84395c1
Fix References field
2013-09-24 15:16:02 -05:00
93486a627d
Whoops on trailing commas
2013-09-24 15:14:11 -05:00
adfacfbed1
Do not fail_with on method used from check
2013-09-24 15:08:48 -05:00
4b6a646899
Fix typo
2013-09-24 15:06:35 -05:00
f5cac304f4
Use default send_request_cgi timeout
2013-09-24 15:05:24 -05:00
52a92a55ce
Land #2394 , ms13_005_hwnd_broadcast require fix
2013-09-24 13:43:21 -05:00
ce4cf55d22
Land #2417 , @todb-r7's change to Platform field to make ruby style compliant
2013-09-24 13:30:48 -05:00
89222f4b16
Land #2416 , OSVDB refs for arkeia_upload_exec
2013-09-24 13:22:24 -05:00
3906d4a2ca
Fix caps that throw msftidy warnings
2013-09-24 13:03:16 -05:00
f47d4d7927
Revert change for resolve_hosts after #2415
2013-09-24 12:47:00 -05:00
7eecf7e6f0
Land #2415 , @Meatballs1's fix for resolve_hosts platform list
2013-09-24 12:37:03 -05:00
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
4b4ab3a6a0
Remove Linux Plat from ResolveHosts
2013-09-24 12:00:53 -05:00
081c279b61
Remove misleading comment
2013-09-24 11:42:31 -05:00
d15f442e56
Add OSVDB references to arkeia_upload_exec
2013-09-24 08:48:28 -05:00
aeb663a5d4
fix output
2013-09-24 10:48:38 +02:00
dc8f94bac1
Added wordpress version detection
2013-09-24 08:59:56 +02:00
8b9adf6886
changes made to zeroshell_exec according to suggestions
2013-09-24 08:35:07 +07:00
8db1a389eb
Land #2304 fix post module require order
...
Incidentally resolve conflict on current_user_psexec to account for the
new powershell require.
2013-09-23 16:52:23 -05:00
e885ab45b6
Land #1734 Metasploit side for ip resolv
2013-09-23 16:18:40 -05:00
2656c63459
Knock out a Unicode character
2013-09-23 14:22:11 -05:00
99f145cbff
Don't split the post requires
2013-09-23 14:02:43 -05:00
4bff8f2cdc
Update descriptions for clarity.
2013-09-23 13:48:23 -05:00
a46ac7533d
Land #2407 , require fix for current_user_psexec
2013-09-23 11:57:19 -05:00
1fc849bdd5
Land #2188 , @m-1-k-3's module for OSVDB 90221
2013-09-23 11:44:43 -05:00
71d74655f9
Modify description
2013-09-23 11:44:04 -05:00
801dda2b09
Change PayloadType to NodeJS.
2013-09-23 11:31:45 -05:00
6429219a1d
added ZeroShell RC2 RCE
2013-09-22 15:13:55 +07:00
8417b916c7
Complete MS13-071 Information
2013-09-21 21:22:34 -05:00
6b06ed0df1
Update current_user_psexec.rb
2013-09-22 03:07:17 +05:00
a08d195308
Add Node.js as a platform.
...
* Fix some whitespace issues in platform.rb
2013-09-20 18:14:01 -05:00
49f15fbea4
Removes PayloadType from exploit module.
2013-09-20 18:01:55 -05:00
8381bf8646
Land #2404 - Add powershell support for current_user_psexec
2013-09-20 17:14:55 -05:00
96364c78f8
Need to catch RequestError too
...
Because a meterpreter session may throw that
2013-09-20 17:13:35 -05:00
Tod Beardsley
Brandon Perry
jvazquez-r7
xistence
sinn3r
Tabassassin
Brandon Turner
Meatballs
TecR0c
William Vu
FireFart
joev
Meatballs1
Joe Vennix
darknight007