bdfad076b4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 15:43:58 -05:00
cb108a8253
Add module for ZDI-13-147
2013-07-18 15:37:11 -05:00
6885ef8aa4
Land #2123 , mutiny_frontend_upload code cleanup
2013-07-18 14:38:03 -05:00
a1a6aac229
Delete debug code from mutiny_frontend_upload
2013-07-18 14:03:19 -05:00
efb8591a49
Update apple_quicktime_rdrf references
2013-07-18 13:57:31 -05:00
1a5e0e10a5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 13:53:57 -05:00
a2ea5dd472
Land #2119 - Accept args for osx exec payload
2013-07-18 13:37:48 -05:00
b64d0429ac
Format fix
...
Just to make this more pleasing to the eyes
2013-07-18 13:36:31 -05:00
b90e1d54e2
Land #2117 - HP Managed Printing Administration jobAcct Command Exec
2013-07-18 13:21:11 -05:00
280529f885
Make some changes to the description
2013-07-18 13:20:36 -05:00
52079c960f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 12:52:42 -05:00
cd2e352971
Kill extra whitespace.
2013-07-18 11:30:54 -05:00
b94cde1d65
Name change for pyoor
2013-07-18 10:50:25 -05:00
104edd8e93
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 10:38:53 -05:00
c7ffe96f15
Land #2115 , module title disambiguation
2013-07-18 10:37:00 -05:00
3780b1b59f
Add module for ZDI-11-352
2013-07-18 09:39:55 -05:00
766a8d5817
Shellwords! Now you can use exec to get you a perl shell
2013-07-17 21:16:04 -05:00
9c1228067c
Change to += syntax.
2013-07-17 21:11:24 -05:00
bf023f261a
Delete comma
2013-07-17 20:46:03 -05:00
7ee4855345
Fix msftidy and delete duplicate stack adjustment
2013-07-17 20:45:54 -05:00
ab088712ba
Removes unnecessary copy-to-stack. Fixes arg-order issue.
...
* Now I simply point to the string in instruction-memory, which saves a few bytes.
2013-07-17 20:27:20 -05:00
5ab81e7e37
Convert to readable asm. Adds support for arguments.
...
* shellcode appears to do an unnecessary copy-to-stack, so will look into
improving that.
2013-07-17 19:20:47 -05:00
6713fb1609
Fix typos
2013-07-17 18:06:40 -05:00
3ac2ae6098
Disambiguate the module title from existing psexec
2013-07-17 17:11:56 -05:00
458ac5f289
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-17 15:02:33 -05:00
9ae7c80b15
Add more targets plus some other corrections
2013-07-17 14:43:41 -05:00
c85b994c07
Add CVE-2013-1017: Apple Quicktime Invalid Atom Length BoF
...
This module exploits a vulnerability found in Apple Quicktime. The
flaw is triggered when Quicktime fails to properly handle the data
length for certain atoms such as 'rdrf' or 'dref' in the Alis record,
which may result a buffer overflow by loading a specially crafted .mov
file, and allows arbitrary code execution under the context of the user.
2013-07-17 13:45:05 -05:00
c7361043ae
up to date
2013-07-17 11:47:06 -05:00
11f8b351c0
Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework
2013-07-17 11:44:42 -05:00
73fd14a500
Fix [SeeRM #8239 ] NoMethodError undefined method
2013-07-16 15:59:52 -05:00
8fd6dd50de
Check session and CSRF variables as per review
2013-07-16 14:30:55 -03:00
dc51c8a3a6
Change URIPATH option to TARGETURI as per review
2013-07-16 14:27:47 -03:00
3dbe8fab2c
Add foreman_openstack_satellite_code_exec.rb
...
This module exploits a code injection vulnerability in the 'create'
action of 'bookmarks' controller of Foreman and Red Hat
OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
2013-07-16 12:07:31 -03:00
e28dd42992
add http authentification and socks
2013-07-15 15:36:58 +01:00
19b11cd6e2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-15 08:23:38 -05:00
f594c4b128
small cleanup
2013-07-15 08:48:18 +02:00
393c1b2a99
session stuff
2013-07-15 07:57:30 +02:00
a6b48f3082
HTTP GET
2013-07-14 19:02:53 +02:00
9f65264af4
make msftidy happy
2013-07-14 15:45:14 +02:00
47ca4fd48f
session now working
2013-07-14 15:42:41 +02:00
9133dbac4a
some feedback included and some playing
2013-07-14 14:14:06 +02:00
f48c70d468
enable tor and small fix
2013-07-13 17:59:49 +01:00
94f8b1d177
Land #2073 , psexec_psh
2013-07-12 16:14:17 -05:00
f81369a10d
Don't make promises about AV detection
2013-07-12 16:13:02 -05:00
bc88732400
Prints don't need to be rescued
2013-07-12 15:56:04 -05:00
e8983a21c5
New meterpreter payload reverse_https_proxy
2013-07-12 16:45:16 -04:00
e2f6218104
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-12 08:38:08 -05:00
529471ed53
Land #2081 - MediaCoder .M3U Buffer Overflow
2013-07-11 23:57:43 -05:00
1341d6ec6b
Remove extra commas and try to keep a line in 100 columns
2013-07-11 23:54:54 -05:00
d9f212320f
Land #2094 , @wchen-r7's changes for smb_enumshares
2013-07-11 18:38:19 -05:00
279787d942
Make this error less verbose too
2013-07-11 17:36:11 -05:00
0906345af4
Ah, typo
2013-07-11 16:53:39 -05:00
eb1905025d
I bet having ip:rport will make more sense
2013-07-11 16:45:52 -05:00
937642762f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-11 15:20:33 -05:00
0a9c1bcfff
Too verbose by default drives users nuts, go easy on that.
2013-07-11 13:41:22 -05:00
55dbfc9281
shares_info should only run if there's shares found
2013-07-11 13:36:26 -05:00
14b3e6440c
Check nil
2013-07-11 13:31:30 -05:00
1cf65623d6
Small desc update
2013-07-11 13:20:39 -05:00
d9107d2bd9
Add module for CVE-2013-3248
2013-07-11 12:30:08 -05:00
ca0880428f
Make sure module is awre of USE_SRVSVC_ONLY if that kicks in
2013-07-11 11:08:09 -05:00
a6ce629c3c
Capture a 0xC00000BB condition, plus some other fixes
2013-07-11 10:52:58 -05:00
3e229fe236
[SeeRM:#1233] - Upgrade smb_enumshares to show directories & files
...
[SeeRM:#1233] - This is an upgrade based on ringt's code in PR #2017 .
As a pentester, it's useful to obtain additional information such as
device type, access rights, folders, and files, etc when doing a share
enumeration. I have also enhanced exception handling to avoid shutting
errors up, which is better for debugging purposes.
2013-07-11 00:06:25 -05:00
b8ce98b896
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-10 14:04:46 -05:00
8ade33552c
Land #2085 , use the new network_interface gem.
2013-07-10 13:15:01 -05:00
16c9effcb4
make msftidy happy
2013-07-11 00:32:32 +07:00
8de88cbd05
change target from win7 sp1 to win7 sp0, fix description
2013-07-11 00:14:30 +07:00
4a3dc2e365
Print all the creds! All your base belong to me.
...
After a short discussion with Tod, we think it's best to print the
creds by default. If some dude runs Metasploit in a public place,
dumps passwords, and gets shoulder surfed, well, sucks for them :-p
2013-07-09 19:56:44 -05:00
c343a59e1b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-09 17:48:27 -05:00
d3433a017b
Print hash too
2013-07-09 16:39:24 -05:00
234624793c
Add module for CVE-2013-1814
2013-07-09 14:03:35 -05:00
49c70911be
dlink upnp command injection
2013-07-09 13:24:12 +02:00
5c93fb2849
arp_sweep is once again working
...
modified the capture mixin to use NetworkInteface instead of
pcaprub for interfaces and addresses
FIXRM #8023,#7943
2013-07-08 17:24:28 -05:00
64b2f3f7a0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-08 16:55:39 -05:00
8d7396d60a
Minor description changes on new modules
2013-07-08 16:24:40 -05:00
6a9a9ac20a
Merge branch 'module-mediacoder-m3u' of https://github.com/modpr0be/metasploit-framework
2013-07-08 15:53:36 -05:00
8ab8eb8e59
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-08 15:52:31 -05:00
b2a18c37ee
add dll references for rop
2013-07-09 03:20:05 +07:00
3f874f504c
Use metadata
2013-07-08 09:25:02 -05:00
512dd7d15a
Update title
2013-07-08 09:11:31 -05:00
c60aeaa202
Add module for CVE-2013-3482
2013-07-08 09:11:10 -05:00
ed6d88a28b
credit to mona.py for rop
2013-07-07 18:07:05 +07:00
ecb2667401
remove seh mixin and fix the rop nop address
2013-07-06 23:08:51 +07:00
6dec81cbdf
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-06 10:38:19 -05:00
b2e7f61814
Fix path build on total_commander
2013-07-06 10:15:30 -05:00
df7209f28a
Land #2067 , @wchen-r7's fix for total_commander
2013-07-06 10:14:44 -05:00
fc5e5a5aad
Fixup description
2013-07-06 09:29:32 +01:00
22601e6cc7
Exit process when complete
2013-07-06 09:27:27 +01:00
39f0359fa4
Land #2061 , @wchen-r7's fix to make bitcoin_jacker use post mixins
2013-07-06 00:14:14 -05:00
23d2bfc915
add more author
2013-07-06 11:52:16 +07:00
b8354d3d6c
Added MediaCoder exploit module
2013-07-06 11:07:11 +07:00
0e84886bce
Spawn 32bit process
2013-07-05 22:56:21 +01:00
2bfe8b3b29
msftidy
2013-07-05 22:35:22 +01:00
5dc2492b20
Renamed module
2013-07-05 22:32:15 +01:00
0ce3fe2e7c
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
2013-07-05 22:25:04 +01:00
66c2b79177
Initial commit
2013-07-05 19:48:27 +01:00
ca4e11c112
Use check_other more
2013-07-05 12:38:38 -05:00
98f49758af
Don't need this line
2013-07-05 12:34:26 -05:00
d3000c0066
These funcs want 'filename'
2013-07-05 12:29:16 -05:00
353db0884d
Use expand_path from Msf::Post::File
2013-07-05 12:26:59 -05:00
18e5831ca8
Don't use begin/rescue to shut errors up and call it "file not found"
2013-07-05 12:22:05 -05:00
dc90904e50
Avoid misleading error
2013-07-05 12:12:30 -05:00
c859129339
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-05 12:06:05 -05:00
bcf6d11442
Land #2049 , @wchen-r7's had_pid? method work
2013-07-05 11:19:11 -05:00
7f645807f6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-05 10:25:41 -05:00
ad94f434ab
Avoid a fix address for the final userland payload
2013-07-05 10:21:11 -05:00
9b7567cd0f
Land #2071 , @wchen-r7's patch to use the Msf::Post::Windows::Process mixin
2013-07-05 10:19:56 -05:00
6477c6995d
Merge branch 'enum_db_no_method' of https://github.com/wchen-r7/metasploit-framework
2013-07-05 09:35:34 -05:00
9ed6b5c0b9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-05 09:35:24 -05:00
a7d110367a
Land #2064 , @wchen-r7's fix for access uninitialized variable on enum_services
2013-07-05 09:30:23 -05:00
4c57c83cb8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-05 09:14:23 -05:00
b9dd3df05f
Land #2068 , @wchen-r7's fix to initialize variables on windows_autologin module
2013-07-05 09:09:17 -05:00
a4f90ffadd
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-05 09:01:30 -05:00
4ed6a4d8d1
Land #2062 , @wchen-r7's fix to avoid redundant check
2013-07-05 08:51:05 -05:00
1ad4482ce2
Land #2069 , @wchen-r7's patch to print info when using store_loot
2013-07-05 08:35:57 -05:00
c459b0e937
Land #2045 , @wchen-r7's fix for memory_grep module
2013-07-05 08:16:47 -05:00
9a31885b8f
Merge branch 'memory_grep_fixes' of https://github.com/wchen-r7/metasploit-framework
2013-07-05 07:59:06 -05:00
e96a5d0237
Fixed a "NameError uninitialized constant" error.
...
On startup of msfconsole, the following error occurred:
modules/exploits/freebsd/local/mmap.rb: NameError uninitialized constant Msf::Post::Common
The addition of a corresponding 'require' line removed that error.
Signed-off-by: Thorsten Fischer <thorsten@froschi.org>
2013-07-05 11:56:15 +02:00
2a32b59c88
Forgot to change var 'filename'
2013-07-05 01:37:35 -05:00
84050241f0
Fix target ID
2013-07-05 01:25:08 -05:00
1352731062
Make heap grep optional
2013-07-05 00:57:25 -05:00
c4485b127c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-04 19:43:38 -05:00
7b05872153
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-04 10:10:07 -05:00
8772cfa998
Add support for PLESK on php_cgi_arg_injection
2013-07-04 08:24:25 -05:00
479664b5aa
Remove redundant file
2013-07-04 12:07:14 +01:00
cd159960e1
Tidy
2013-07-04 12:02:32 +01:00
9c1a43a417
Check payload arch
2013-07-04 11:46:34 +01:00
83bc32abb4
Remove Exploit::Exe
2013-07-04 11:01:01 +01:00
7d6a78bf1f
Remove report aux
2013-07-04 10:36:32 +01:00
555140b85a
Add warning for persist
2013-07-04 10:30:03 +01:00
44cdc0a1c8
Move options to lib
2013-07-04 10:25:37 +01:00
1368c1c27f
Move options to lib
2013-07-04 10:25:08 +01:00
8590720890
Use fail_with
2013-07-04 10:21:24 +01:00
3eab7107b8
Remove opt supplied by lib
2013-07-04 10:16:03 +01:00
7d273b2c8b
Refactor to psexec lib
2013-07-04 10:11:13 +01:00
1569a15856
Msf license
2013-07-04 10:08:29 +01:00
052c23b980
Add missing require
2013-07-04 09:58:48 +01:00
6fa60be76f
Merge branch 'psexec_psh' of https://github.com/sempervictus/metasploit-framework into psexec_psh
2013-07-04 09:42:18 +01:00
a52d38f359
Land #2052 - Fix regex
2013-07-03 16:55:07 -05:00
226f4dd8cc
Use execute_shellcode for novell_client_nicm.rb
2013-07-03 13:57:41 -05:00
f9cfba9021
Use execute_shellcode for novell_client_nwfs.rb
2013-07-03 13:55:50 -05:00
6e44cb56bf
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-03 12:44:47 -05:00
6cb53583b7
Make msftidy happy
2013-07-03 12:42:37 -05:00
61c85b10d3
Add final cleanup for #2012
2013-07-03 12:41:12 -05:00
4a076e0351
Land #2012 , @morisson improve for sap_router_portscanner
2013-07-03 12:39:59 -05:00
ff49cc1c4f
[SeeRM:#8135] - Be able to show where store_loot saves a file
...
If you don't print where store_loot saves the file, it can be a
pain in the butt to find it sometimes.
2013-07-03 12:29:01 -05:00
70c472fb7e
[FixRM:#8134] - Handle registry_getvaldata return value properly
...
registry_getvaldata can return nil, can't always assume it's
gonna throw a string.
2013-07-03 12:23:14 -05:00
c37884c6c7
Land #2066 , use Rex instead of Base64
2013-07-03 12:21:06 -05:00
f3f3a8239e
Land #2043 , @ricardojba exploit for InstantCMS
2013-07-03 12:11:30 -05:00
1064c050de
[FixRM:#8132] - Fix undefined method '+' in total_commander.rb
...
The return value of registry_getvaldata can return nil when a
RequestError occurs, so you can't always assume it's gonna throw
you a string.
2013-07-03 12:10:23 -05:00
27653b661f
[FixRM:#8131] & [FixRM:#8133] - Fix Base64 func usage
...
Instead of using Base64, these modules should use Rex.
2013-07-03 12:06:12 -05:00
jvazquez-r7
William Vu
sinn3r
Joe Vennix
Tod Beardsley
Ramon de C Valle
Alexandre Maloteaux
m-1-k-3
James Lee
corelanc0d3r
modpr0be
lsanchez-r7
Meatballs
Thorsten Fischer