Hans-Martin Münch (h0ng10)
bba4223d68
Initial commit
2015-03-09 16:36:11 +01:00
William Vu
3075c56064
Fix "response HTML" message
...
In modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb.
2015-03-07 17:08:08 -06:00
Julian Vilas
2eb0011a99
Autotrigger JSP shell at docBase
2015-03-07 20:41:08 +01:00
Julian Vilas
3be2bde5a2
Use bypass for bulletin S2-020
2015-03-07 19:14:20 +01:00
jvazquez-r7
2134cc3d22
Modify description
2015-03-05 16:55:24 -06:00
jvazquez-r7
7b4776ee79
Deregister FOLDER_NAME
2015-03-05 16:42:07 -06:00
jvazquez-r7
1bc81ea723
Merge #4884 into updated master
2015-03-05 16:41:15 -06:00
Meatballs
33f089b1a5
Tidyup
2015-03-05 21:50:12 +00:00
jvazquez-r7
9f3f8bb727
Merging #3323 work
2015-03-05 15:44:15 -06:00
jvazquez-r7
c388fd49c2
Fix print message
2015-03-05 15:43:54 -06:00
jvazquez-r7
dd2559b748
Favor new target over new module
2015-03-05 15:41:53 -06:00
jvazquez-r7
e1a4b046a0
Add support for tomcat 7 to struts_code_exec_classloader
2015-03-05 15:40:24 -06:00
Meatballs
c56679f33e
Modify for new SMB mixin
2015-03-05 21:26:13 +00:00
jvazquez-r7
de08d8247b
Do some module cleanup
2015-03-05 13:00:01 -06:00
jvazquez-r7
82659aba93
Populate metadata from code to make test easier
2015-03-05 12:40:20 -06:00
jvazquez-r7
dc02f8332f
Pass msftidy
2015-03-05 12:29:31 -06:00
jvazquez-r7
a06eb04d59
Deregister FOLDER_NAME on exploit modules
2015-03-05 12:27:12 -06:00
sinn3r
cb9922ad39
Land #4874 , Add PHPMoAdmin command injection
2015-03-05 11:30:44 -06:00
sinn3r
8978b1d7b5
Add a version
2015-03-05 11:29:44 -06:00
Ricardo Almeida
32188f09d6
Update phpmoadmin_exec.rb
...
Changes:
Added required comment at the top of the file;
Changed Class name "Metasploit3" >> "Metasploit4";
Standard name/email format for public PoC author.
2015-03-05 12:56:08 +00:00
Ricardo Almeida
95962aab0d
Update phpmoadmin_exec.rb
...
Changes:
"Check if vulnerable" code improvement;
Payload delivery code improvement;
Minor indent issues.
Thanks for your feedback guys :)
2015-03-05 12:46:53 +00:00
jvazquez-r7
e715eaba58
Update description
2015-03-04 16:39:27 -06:00
jvazquez-r7
e155f2998e
Change module filename
2015-03-04 16:38:08 -06:00
jvazquez-r7
77abd57397
Do code cleanup
2015-03-04 16:37:31 -06:00
jvazquez-r7
22ff4d0097
Update with master changes
2015-03-04 16:30:19 -06:00
jvazquez-r7
e7de09df29
Change module filename
2015-03-04 16:18:45 -06:00
jvazquez-r7
1337b7ace8
Clean module
2015-03-04 16:18:10 -06:00
Ricardo Almeida
9530e15c81
Update phpmoadmin_exec.rb
...
Changes:
Changed description section;
Changed 'URL' to 'EDB' in references section;
Added newline at the end.
2015-03-04 21:59:08 +00:00
jvazquez-r7
d4738d8c0a
Update #3076 branch
2015-03-04 15:51:00 -06:00
Ricardo Almeida
c19895ac85
Update phpmoadmin_exec.rb
...
Changes:
Added new URL;
Added CVE number;
Corrected the disclosure date;
Corrected the normalize_uri() function syntax.
2015-03-04 21:31:44 +00:00
jvazquez-r7
5cc9ea3618
Update with master changes
2015-03-04 15:16:12 -06:00
jvazquez-r7
fa9d921138
Beautify description
2015-03-04 13:07:10 -06:00
jvazquez-r7
8fdb7a798e
Change module filename
2015-03-04 13:01:06 -06:00
jvazquez-r7
36375fab28
Fix downcase path handling
2015-03-04 12:58:41 -06:00
jvazquez-r7
62dde22d88
Clean packet building
2015-03-04 12:27:58 -06:00
Ricardo Almeida
4d67e0e1bb
Add PHPMoAdmin RCE
2015-03-04 18:17:31 +00:00
jvazquez-r7
e04ff3ee24
Delete CMD option
2015-03-04 11:51:58 -06:00
jvazquez-r7
d4337ce1ae
Do minor metadata cleanup
2015-03-04 11:46:01 -06:00
jvazquez-r7
1371cfe025
Test landing #4451
2015-03-04 11:20:07 -06:00
jvazquez-r7
aaab4b401a
Fix indenting and use primer
2015-03-04 10:46:34 -06:00
jvazquez-r7
0e57277dc1
Do cleanup
2015-03-04 10:33:57 -06:00
jvazquez-r7
b9ed8178a9
Solve conflicts on ms13_071_theme
2015-03-04 10:28:52 -06:00
Matthew Hall
4757698c15
Modify primer to utilise file_contents macro.
2015-03-04 09:52:00 +00:00
Matthew Hall
a90ebfe9a7
Modify primer to utilise file_contents macro.
2015-03-04 09:51:32 +00:00
Matthew Hall
dfb6711ad7
Modify primer to utilise file_contents macro.
2015-03-04 09:51:01 +00:00
Matthew Hall
a5d748d19e
Modify primer to utilise file_contents macro.
2015-03-04 09:50:28 +00:00
Matthew Hall
0d56f5b6e6
Modify primer to utilise file_contents macro.
2015-03-04 09:49:17 +00:00
jvazquez-r7
80b76436bb
Land #4831 , @wchen-r7's update for MS14-064 exploit
...
* Support Windows XP with VBScript technique
2015-03-03 19:19:49 -06:00
sinn3r
7591e9ece3
Unbreak the comment
2015-03-03 19:14:18 -06:00
sinn3r
79e7bf7f9c
Update comments and description
2015-03-03 19:13:15 -06:00
William Vu
ecd7ae9c3b
Land #4857 , symantec_web_gateway_restore module
2015-03-02 15:00:10 -06:00
sinn3r
ad28f9767f
Use include
2015-03-02 14:41:25 -06:00
sinn3r
cb140434f9
Update
2015-03-02 12:59:21 -06:00
OJ
905a539a00
Add exploit for Seagate Business NAS devices
...
This module is an exploit for a pre-authenticated remote code execution
vulnerability in Seagate Business NAS products.
2015-03-01 13:25:28 +10:00
sinn3r
4a1fbbdc3b
Use datastore to find payload name
2015-02-28 19:56:32 -06:00
sinn3r
ef9196ba6c
Correct comment
2015-02-27 13:27:49 -06:00
sinn3r
7b6c39058a
Correct target name
2015-02-27 13:24:57 -06:00
sinn3r
90aff51676
Add CVE-2014-7285, Symantec Web Gateway restore.php Command Injection
2015-02-27 12:31:29 -06:00
Tod Beardsley
94b4bc24bd
Minor word choice changes
...
[See #4804 ]
2015-02-24 12:29:11 -06:00
Brent Cook
cf913e521c
Land #4832 @wvu-r7 remove and merge duplicate hash key initializers
2015-02-24 08:38:09 -06:00
William Vu
5cdb678654
Fix invalid use of RPORT (should be RHOST)
2015-02-24 05:24:09 -06:00
William Vu
aa1e1a5269
Fix duplicate hash key "Platform"
...
In modules/exploits/windows/mssql/mssql_linkcrawler.rb.
2015-02-24 05:19:56 -06:00
William Vu
57642377cc
Fix duplicate hash key "MinNops"
...
In modules/exploits/windows/backupexec/name_service.rb.
2015-02-24 05:19:55 -06:00
William Vu
f2c96b4fdd
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/browser/ntr_activex_stopmodule.rb.
2015-02-24 05:19:54 -06:00
William Vu
b671c9b496
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb.
2015-02-24 05:19:53 -06:00
William Vu
2e90f266fa
Fix duplicate hash key "massage_array"
...
In modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb.
2015-02-24 05:19:52 -06:00
William Vu
e618c2f112
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb.
2015-02-24 05:19:51 -06:00
William Vu
2ffa368c18
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/browser/ntr_activex_check_bof.rb.
2015-02-24 05:19:50 -06:00
William Vu
a8f0af4409
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/browser/cisco_playerpt_setsource.rb.
2015-02-24 05:19:49 -06:00
William Vu
ff73b4d51a
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/local/pxeexploit.rb.
2015-02-24 05:19:48 -06:00
William Vu
53e45498ca
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/http/hp_pcm_snac_update_certificates.rb.
2015-02-24 05:19:47 -06:00
William Vu
943ff2da75
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/http/hp_pcm_snac_update_domain.rb.
2015-02-24 05:19:46 -06:00
William Vu
6aa3952c91
Fix duplicate hash key "Platform"
...
In modules/exploits/windows/scada/winlog_runtime_2.rb.
2015-02-24 05:19:45 -06:00
sinn3r
8d17aa04ee
Update the title too
2015-02-24 00:46:35 -06:00
sinn3r
578a545b22
Update MS14-064 for Windows XP
2015-02-23 23:08:13 -06:00
William Vu
933c4a05b4
Land #4814 , ms04_011_pct improved error messages
2015-02-22 23:51:14 -06:00
William Vu
2609a2acee
Land #4815 , MS15-001 reference update
2015-02-21 21:05:03 -06:00
Christian Mehlmauer
7d42dcee9c
Land #4769 , Wordpress holding-pattern theme file upload
2015-02-21 23:13:06 +01:00
Christian Mehlmauer
9223c23eb4
Land #4808 , Wordpress plugin upload module
2015-02-21 23:01:15 +01:00
sinn3r
aa8a82f44f
Update MS15-001 reference
2015-02-21 08:39:21 -06:00
rastating
708340ec5a
Tidy up various bits of code
2015-02-21 12:53:33 +00:00
jvazquez-r7
ef62e1fc04
Land #4798 , @wchen-r7's deletion of x64 support on ms13_022_silverlight_script_object
...
* Ungenuine support, well deleted
2015-02-21 01:11:09 -06:00
jvazquez-r7
ef990223d5
Move arch out of target
2015-02-21 01:10:35 -06:00
sinn3r
441c301fd3
Fix #4458 , more informative errors for ms04_011
...
Fix #4458
2015-02-21 00:32:20 -06:00
rastating
76a64b31d7
Resolve msftidy issues
2015-02-21 01:41:29 +00:00
rastating
7d30b214ee
Add WordPress admin shell upload module
2015-02-21 01:31:33 +00:00
sinn3r
40972220e3
Land #4804 , HP Client Automation Command Injection
2015-02-20 16:56:03 -06:00
Brent Cook
b624278f9d
Merge branch 'master' into land-4706-smb_reflector
2015-02-20 10:26:04 -06:00
Matthew Hall
e6ecdde451
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:35:22 +00:00
Matthew Hall
4963992b17
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:31:15 +00:00
Matthew Hall
da829d9ea9
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:29:09 +00:00
Matthew Hall
9aef561fd3
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:28:35 +00:00
Matthew Hall
34f4ae782d
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:26:19 +00:00
Matthew Hall
1751921ede
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:01:38 +00:00
jvazquez-r7
1633a6d4fd
Read response back while staging
2015-02-20 01:06:47 -06:00
jvazquez-r7
b0c6671721
Add module for ZDI-15-038, HPCA command injection
2015-02-20 00:41:17 -06:00
sinn3r
49f4b68671
Land #4790 , injecting code into eval-based Javascript unpackers
2015-02-19 12:33:52 -06:00
sinn3r
036a6089eb
Drop ungenuine x64 support in ms13_022_silverlight_script_object
...
The MS13-022 exploit does not actually run as x64. IE by default
still runs x86 so BES will always automatically select that target.
If IE forces x64 (which can be done manually), the BES detection
code will see it as ARCH_X86_64, and the payload generator will
still end up generating a x86 payload anyway.
If the user actually chooses a x64 payload, such as
windows/x64/meterpreter/reverse_tcp, the exploit is going to crash
because you can't run x64 shellcode on an x86 architecture.
2015-02-19 10:39:43 -06:00
joev
483a145d19
Fix msftidy issues.
2015-02-18 14:08:03 -06:00
jakxx
44a7e7e4bc
publish-it fileformat exploit
2015-02-18 13:22:54 -05:00
Jay Smith
e40772efe2
Fixed open device issue for non-priv users
...
Fixed the open_device call to work for users without Administrator
privileges
2015-02-18 12:44:58 -05:00
joev
f8609ab0ba
Add file format exploit for injecting code into unpackers.
2015-02-18 11:26:45 -06:00
sinn3r
6acbe64dbd
The MSB reference in the title is wrong
...
It should be MS13-022.
MS12-022 is MSFT Expression Design.
2015-02-17 14:56:14 -06:00
William Vu
be5a0ee9c2
Land #4777 , @todb-r7's release fixes
2015-02-17 13:45:00 -06:00
sinn3r
b90639fd66
Land #4726 , X360 Software actvx buffer overflow
2015-02-17 11:41:23 -06:00
Matthew Hall
666b8e3e72
Add timeout to connection handler
2015-02-17 17:27:03 +00:00
Matthew Hall
728cfafe4d
cleanups
2015-02-17 17:27:03 +00:00
Matthew Hall
e4bab60007
Generic HTTP DLL Injection Exploit Module
...
This is an example implementation of using the
Msf::Exploit::Remote::SMBFileServer module to perform
arbitrary DLL injection over SMB.
2015-02-17 17:27:03 +00:00
Matthew Hall
c86caacf95
Merge branch 'master' into module-exploitsmbdllserver
...
Conflicts:
lib/msf/core/exploit/smb.rb
2015-02-17 17:16:09 +00:00
Matthew Hall
9f04e3bcf0
Merge branch 'master' into hp_dataprotector_dll_cmd_exec
2015-02-17 17:06:40 +00:00
Matthew Hall
afca27dae5
Merge branch 'master' into cve-2014-0094
2015-02-17 17:06:21 +00:00
Brent Cook
e08206d192
Land #4768 , jvazquez-r7 reorganizes the SMB mixins
2015-02-17 10:36:19 -06:00
Tod Beardsley
6370c99755
Avoid version numbers in titles
2015-02-17 10:28:56 -06:00
Tod Beardsley
62a679ebb8
Avoid version numbers in titles
...
Usually, the versions are more of a range, and nearly always, the module
author never truly knows where the ranges are bounded. It's okay to
clarify in the description.
2015-02-17 10:26:40 -06:00
sinn3r
0597d2defb
Land #4560 , Massive Java RMI update
2015-02-17 10:07:07 -06:00
rastating
40c92f5fe3
Add URL reference
2015-02-14 13:09:37 +00:00
rastating
4dce589bbe
Add WordPress Holding Pattern file upload module
2015-02-14 12:54:03 +00:00
jvazquez-r7
0372b08d83
Fix mixin usage on modules
2015-02-13 17:17:59 -06:00
sinn3r
b197b98ab9
Land #4759 , fix ms09_067_excel_featheader
2015-02-13 13:25:15 -06:00
jvazquez-r7
3ae3d56caa
Land #4745 , fixes #4711 , BrowserAutoPwn failing due to getpeername
2015-02-12 16:51:09 -06:00
jvazquez-r7
92422c7b9a
Save the output file on local_directory
2015-02-12 16:16:21 -06:00
Christian Mehlmauer
55f57e0b9b
Land #4746 , WordPress photo-gallery exploit
2015-02-12 22:24:12 +01:00
Christian Mehlmauer
bce7211f86
added url and randomize upload directory
2015-02-12 22:16:37 +01:00
sinn3r
05d2703a98
Explain why obfuscation is disabled
2015-02-12 14:00:01 -06:00
William Vu
9b10cd5655
Land #4755 , @todb-r7's release fixes
2015-02-12 13:16:08 -06:00
Tod Beardsley
c156ed62a9
on, not of.
2015-02-12 12:56:53 -06:00
Tod Beardsley
e35f603888
Comma fascism
2015-02-12 12:49:45 -06:00
Tod Beardsley
d89eda65fa
Moar fixes, thanks @wvu-r7
...
See #4755
2015-02-12 12:46:38 -06:00
Tod Beardsley
e78d08e20d
Fix up titles, descriptions
2015-02-12 12:11:40 -06:00
sinn3r
50c72125a4
::Errno::EINVAL, disable obfuscation, revoke ms14-064
2015-02-12 11:54:01 -06:00
jvazquez-r7
155651e187
Make filename shorter
2015-02-12 11:45:51 -06:00
jvazquez-r7
95bfe7a7de
Do minor cleanup
2015-02-12 11:45:51 -06:00
rastating
30f310321d
Added CVE reference
2015-02-12 11:45:51 -06:00
rastating
38ad960640
Add Maarch LetterBox file upload module
2015-02-12 11:45:51 -06:00
William Vu
309159d876
Land #4753 , updated ms14_070_tcpip_ioctl info
2015-02-12 09:57:29 -06:00
Spencer McIntyre
8ab469d3bd
Update ms14-070 module information and references
2015-02-12 09:51:01 -05:00
William Vu
b894050bba
Fix local/pxeexploit datastore
2015-02-11 12:19:56 -06:00
Brent Cook
f99ef5c0f5
fix msftidy warnings about towelroot module
2015-02-11 11:17:44 -06:00
rastating
cb1efa3edd
Improved error handling, tidied up some code
2015-02-11 10:16:18 +00:00
rastating
80a086d5f6
Add WordPress Photo Gallery upload module
2015-02-11 01:03:51 +00:00
sinn3r
d23c9b552f
Trade MS12-004 for MS13-090 against Windows XP BrowserAutoPwn
2015-02-10 18:58:56 -06:00
jvazquez-r7
29c68ef1ec
End fixing namespaces
2015-02-10 11:55:14 -06:00
jvazquez-r7
1f4fdb5d18
Update from master
2015-02-10 10:47:17 -06:00
jvazquez-r7
5687028f09
Land #4671 , @earthquake's exploit for achat buffer overflow
2015-02-09 17:50:09 -06:00
jvazquez-r7
6165d623ff
Change module filename
2015-02-09 17:39:55 -06:00
jvazquez-r7
eb0741d7a7
Modify reference
2015-02-09 17:39:18 -06:00
jvazquez-r7
86f3bcad11
Do minor cleanup
2015-02-09 17:33:05 -06:00
Balazs Bucsay
ac6879cfe1
proper payload encoding from now on
2015-02-09 23:36:35 +01:00
Balazs Bucsay
c7880ab4e1
hex strings related explanations
2015-02-09 23:21:38 +01:00
Balazs Bucsay
9891026d30
sleep changed to Rex::sleep
2015-02-09 22:33:41 +01:00