sinn3r
e926bc16ba
Add MobileCartly 1.0 module
2012-09-04 14:23:16 -05:00
jvazquez-r7
4a92cc4641
jboss_invoke_deploy module cleanup
2012-09-04 18:49:11 +02:00
jvazquez-r7
cb40a0c362
Merge branch 'jboss-jmx-invoke-deploy' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-jmx-invoke-deploy
2012-09-04 18:47:30 +02:00
sinn3r
783ffb13c2
Add Adobe security bulletin references
2012-09-04 00:07:53 -05:00
sinn3r
b3bfaec089
Add reference about the patch
2012-09-03 23:58:21 -05:00
sinn3r
9d97dc8327
Add Metasploit blogs as references, because they're useful.
2012-09-03 15:57:27 -05:00
h0ng10
2b6aa6bbdb
Added Exploit for deployfilerepository via JMX
2012-09-03 13:50:16 -04:00
sinn3r
9ab62de637
Fix a spelling error
2012-09-03 01:44:02 -05:00
jvazquez-r7
943121dd61
Added module for CVE-2012-2611
2012-09-03 00:15:56 +02:00
sinn3r
d106a1150e
Be more clear that we dislike certain PDF templates
2012-08-31 14:07:58 -05:00
sinn3r
f48fbaccb0
Add Oracle's security alert
2012-08-30 14:04:16 -05:00
sinn3r
4758eb0dc3
Merge branch 'jvazquez-r7-taget_host_glassflish_deployer'
2012-08-30 12:18:02 -05:00
jvazquez-r7
f99982a85e
added java as platform to avoid confussion between target and payload
2012-08-30 18:39:20 +02:00
jvazquez-r7
4fd9f88304
avoid the redefinition of Module.target_host
2012-08-30 14:45:14 +02:00
jvazquez-r7
f439f256b5
Debug line deleted on
2012-08-30 00:18:07 +02:00
sinn3r
c3159e369a
A lot gotcha
...
When res is nil, that condition can fall into the 'else' clause.
If that happens, we can trigger a bug when we try to read res.code.
2012-08-29 14:46:35 -05:00
sinn3r
b70e205a7e
Merge branch 'sap_host_control_cmd_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sap_host_control_cmd_exec
2012-08-29 14:45:46 -05:00
sinn3r
5f64c55112
Update description
2012-08-29 11:10:35 -05:00
jvazquez-r7
6a24e042f9
fixing indentation
2012-08-29 16:17:56 +02:00
jvazquez-r7
2ed712949e
Added check function
2012-08-29 16:12:11 +02:00
jvazquez-r7
72cb39925a
Added exploit for OSVDB 84821
2012-08-29 12:17:44 +02:00
jvazquez-r7
363c0913ae
changed dir names according to CVE
2012-08-28 16:33:01 +02:00
sinn3r
34b12c4f55
Update CVE/OSVDB refs
2012-08-28 01:21:32 -05:00
jvazquez-r7
6e2369680b
Safari added
2012-08-28 02:04:03 +02:00
jvazquez-r7
30fd2cf256
Description updated
2012-08-28 02:01:26 +02:00
sinn3r
7e579db705
Add AlienVault reference
2012-08-27 13:29:27 -05:00
sinn3r
15a87a79f8
Add mihi's analysis
2012-08-27 13:24:43 -05:00
jvazquez-r7
52ca1083c2
Added java_jre17_exec
2012-08-27 11:25:04 +02:00
sinn3r
8e56d4f2eb
This reference is too damn useful, must add
2012-08-25 16:05:58 -05:00
sinn3r
d51f8cad25
Change title and description
2012-08-24 15:39:56 -05:00
sinn3r
ea7d7b847a
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-08-24 11:17:14 -05:00
jvazquez-r7
179e816194
Merge branch 'esva_bid' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-esva_bid
2012-08-24 17:37:25 +02:00
jvazquez-r7
8f748d833a
Added BID reference
2012-08-24 17:30:52 +02:00
jvazquez-r7
e27f736e95
BID reference added
2012-08-24 17:29:12 +02:00
jvazquez-r7
e461d542ac
added Windows 2003 SP1 Spanish targets
2012-08-24 12:50:30 +02:00
jvazquez-r7
54ce7268ad
modules/exploits/windows/smb/ms08_067_netapi.rb
2012-08-24 11:30:23 +02:00
jvazquez-r7
1a60abc7a7
Added W2003 SP2 Spanish targets
2012-08-24 11:16:08 +02:00
jvazquez-r7
261a17d28a
Added module for CVE-2009-4498
2012-08-23 18:29:39 +02:00
jvazquez-r7
57c6385279
heap spray from flash works pretty well on ie9 too
2012-08-22 20:47:11 +02:00
jvazquez-r7
730c0e9368
added windows vista and w7 targets
2012-08-22 20:13:10 +02:00
sinn3r
22051c9c2c
Merge branch 'flash_exploit_r2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-flash_exploit_r2
2012-08-22 10:00:34 -05:00
sinn3r
1b6fe22359
Give proper credit to Craig plus additional references
...
Craig first found the buffer overflow. But Matt found a more
reliable way to exploit the flaw.
2012-08-21 22:48:15 -05:00
sinn3r
f715527423
Improve CVE-2012-1535
2012-08-21 19:58:21 -05:00
jvazquez-r7
0e535e6485
added module for XODA file upload RCE
2012-08-22 00:54:13 +02:00
sinn3r
7ddcc787bd
Merge branch 'jboss-exploits-revision2' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-exploits-revision2
2012-08-21 14:37:09 -05:00
jvazquez-r7
3106f87687
badchars fixed
2012-08-21 13:30:15 +02:00
jvazquez-r7
e21ea6999c
added module for ESVA Command Injection Vulnerability
2012-08-21 13:25:03 +02:00
jvazquez-r7
3da8a59cf0
a little cleanup plus complete metadata
2012-08-20 22:42:54 +02:00
Matt Andreko
d226135986
Code Review Feedback
...
Removed trailing spaces and fixed indenting.
2012-08-20 10:41:42 -04:00
Matt Andreko
d82493a658
Code Review Feedback
...
Added 'Space' payload option, which in turn also required 'DisableNops'
Added/Corrected documentation for return addresses
2012-08-19 22:09:08 -04:00
Matt Andreko
bd249d1f28
Fixed exploit and made code review changes
...
The exploit was not working due to the user's root path causing
the EIP offset to change. To correct this, I was able to get
the server to disclose the root path in an error message (fixed in
5.67). I also radically refactored the exploit due to the feedback
I received from Juan Vazquez.
2012-08-19 10:01:03 -04:00
Matt Andreko
6dfe706860
Merge remote-tracking branch 'upstream/master' into sysax_create_folder
2012-08-19 09:58:04 -04:00
sinn3r
d1370c0f33
Alexander Gavrun gets a cookie
2012-08-17 12:23:49 -05:00
sinn3r
53a835dc85
Imply that we only garantee 11.3
2012-08-17 12:18:45 -05:00
sinn3r
13df1480c8
Add exploit for CVE-2012-1535
2012-08-17 12:16:54 -05:00
sinn3r
a228e42630
Add new target thanks for cabetux
2012-08-15 16:06:09 -05:00
h0ng10
c6b9121f8b
Added support for CVE-2010-0738
2012-08-15 15:47:44 -04:00
sinn3r
ac2e3dd44e
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-08-15 14:47:22 -05:00
h0ng10
6965431389
Added support for CVE-2010-0738, msftidy
2012-08-15 15:47:14 -04:00
sinn3r
54146b8e99
Add another ref about the technique
2012-08-15 14:46:51 -05:00
h0ng10
e5498e3e1d
Added fix for CVE-2010-0738, corrections
2012-08-15 15:46:34 -04:00
Tod Beardsley
f325d47659
Fix up description a little
2012-08-15 13:57:24 -05:00
Tod Beardsley
586d937161
Msftidy fix and adding OSVDB
2012-08-15 13:43:50 -05:00
Tod Beardsley
d56ac81a57
Recapitalizing GlobalSCAPE
...
According to
http://kb.globalscape.com/Search.aspx?Keywords=globalscape
this seems to be the preferred capitalization.
2012-08-15 13:25:35 -05:00
sinn3r
dc5f8b874d
Found a bug with retrying.
2012-08-14 17:04:17 -05:00
sinn3r
6a0271fb11
Correct OSX naming. See ticket #7182
2012-08-14 15:29:21 -05:00
Tod Beardsley
0e4e7dc903
Indentation fix
2012-08-14 12:27:27 -05:00
Tod Beardsley
6597d25726
Shortening an over-200 long line for readability
...
It's a contrived fix, but scrolling over is a hassle. This comes up a
lot in long regexes, not sure the best way to address these.
2012-08-14 12:27:27 -05:00
sinn3r
bfe2ed0737
Minor title update
2012-08-14 12:14:13 -05:00
jvazquez-r7
1ec7f03352
Changes proposed by todb: description, author email, zip data random
2012-08-14 18:45:05 +02:00
jvazquez-r7
3c79509780
Added module for BID 46375
2012-08-14 18:15:29 +02:00
sinn3r
3e0e5a1a75
No manual stuff, probably prones to failure anyway.
2012-08-14 10:58:57 -05:00
sinn3r
612848df6f
Add priv escalation mod for exploiting trusted service path
2012-08-14 01:55:03 -05:00
Tod Beardsley
bd408fc27e
Updating msft links to psexec
...
Thanks for the spot @shuckins-r7 !
2012-08-13 15:28:04 -05:00
jvazquez-r7
d6b28dc44d
ranking changed plus on_new_session handler added
2012-08-13 19:29:13 +02:00
jvazquez-r7
468030786f
small fixes, mainly check res agains nil, res.code and use send_request_cgi
2012-08-13 18:57:59 +02:00
jvazquez-r7
29c48be2ed
Merge branch 'testlink_upload_exec' of https://github.com/bcoles/metasploit-framework into bcoles-testlink_upload_exec
2012-08-13 18:54:33 +02:00
sinn3r
6059bb5710
Merge branch 'cyclope' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-cyclope
2012-08-13 11:40:46 -05:00
sinn3r
dfa00ac499
Merge branch 'zenworks_assetmgmt_uploadservlet' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_assetmgmt_uploadservlet
2012-08-13 11:39:15 -05:00
bcoles
8bb3181f68
Add TestLink v1.9.3 arbitrary file upload module
2012-08-13 16:30:10 +09:30
HD Moore
f72f334124
Fix an odd issue with search due to use of the builtin Proxies option
2012-08-12 23:22:38 -05:00
sinn3r
f9b5f321cb
ADD OSVDB-84517
2012-08-12 17:56:18 -05:00
RageLtMan
3711297719
dd Opt::Proxies and opthash[:proxies] to exploits
2012-08-12 16:29:39 -04:00
jvazquez-r7
bf04e2dded
Added module for CVE-2011-2653
2012-08-12 18:27:56 +02:00
James Lee
67cdea1788
Fix load order issues (again)
...
This is getting annoying. Some day we'll have autoload and never have
to deal with this.
2012-08-10 13:52:54 -06:00
sinn3r
b4b860f356
Correct MC's name
2012-08-08 14:16:02 -05:00
jvazquez-r7
8587ff535a
Added exploit module for CVE-2009-1730
2012-08-08 16:28:03 +02:00
sinn3r
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
sinn3r
7221420267
When it hangs, it's actually the correct behavior, not a failure.
2012-08-07 15:00:08 -05:00
Tod Beardsley
955a5af8cf
Adding OSVDB ref
2012-08-07 12:56:29 -05:00
sinn3r
ddcee6fee0
And the war between spaces and tabs goes on....
2012-08-07 12:36:53 -05:00
sinn3r
540f6253ef
Merge branch 'pbot_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-pbot_exec
2012-08-07 12:26:07 -05:00
sinn3r
57c32c9c7b
Slip Plixer's name in there, because it's their product.
2012-08-07 12:20:44 -05:00
jvazquez-r7
fb452d75a3
Added module for pbot RCE
2012-08-07 19:20:32 +02:00
sinn3r
0f37c1704d
Add vendor's name in there fore better searching
2012-08-07 12:17:41 -05:00
sinn3r
5f4297a68a
I tested it 9.5.2 too
2012-08-07 11:01:08 -05:00
sinn3r
3ba73c4f7f
Fix check() function
2012-08-07 11:00:12 -05:00
sinn3r
6b4ae94dce
Add CVE-2012-3951 Scrutinizer NetFlow and sFlow Analyzer exploit
...
This uses a default MySQL admin credential to write a php file to
the web directory, extracts our malicious executable, and then
finally execute it. We get SYSTEM.
2012-08-07 03:19:44 -05:00
jvazquez-r7
44dd8b0cc5
Merge branch 'update_juan_author' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-update_juan_author
2012-08-06 19:04:26 +02:00
jvazquez-r7
c2cc4b3b15
juan author name updated
2012-08-06 18:59:16 +02:00
sinn3r
349c841f6b
Blah, OSVDB ref shouldn't be a link
2012-08-06 11:57:59 -05:00
sinn3r
647b587f75
Merge branch 'Meatballs1-uplay'
2012-08-06 11:54:51 -05:00
sinn3r
69ff9e7c1c
Lots of changes before commit.
2012-08-06 11:54:08 -05:00
sinn3r
25b2b2de68
Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay
2012-08-06 11:33:27 -05:00
sinn3r
13aca3fe4c
Merge branch 'oracle_autovue_setmarkupmode' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_autovue_setmarkupmode
2012-08-06 03:13:27 -05:00
Steve Tornio
54ed27c1b3
add osvdb ref
2012-08-05 09:02:54 -05:00
Steve Tornio
b646dcc87f
add osvdb ref
2012-08-05 09:02:32 -05:00
Steve Tornio
79e04bb793
add osvdb ref
2012-08-05 09:02:11 -05:00
Steve Tornio
eb963ae52a
add osvdb ref
2012-08-05 09:01:46 -05:00
jvazquez-r7
4e8a6f6508
Added module for CVE-2012-0549
2012-08-05 12:13:23 +02:00
Tod Beardsley
d5b165abbb
Msftidy.rb cleanup on recent modules.
...
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
Meatballs1
1aacea951d
Serve files as hidden
2012-08-04 18:03:12 +01:00
Meatballs1
833999b2c3
Changed blacklist to 404 all files that are not our share and executable - this allows windows/exec payload to work
2012-08-04 17:59:45 +01:00
Daniel Miller
31510167e6
Make setuid_nmap more robust
...
Squashed commit of the following:
commit e1a1f84f9b1ce6466e82c72e39070c34607d6769
Author: James Lee <egypt@metasploit.com>
Date: Fri Aug 3 14:13:33 2012 -0600
Fix 1.8 compat
commit 26533219896b6e874b2f2113e7cbc6d5d7d1ac79
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Thu Aug 2 09:50:38 2012 -0500
Handle early Nmap versions that don't take absolute paths
commit 00db80131deba1f4a3bcc289b394feb5057fbbe9
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Fri Jul 27 11:58:36 2012 -0500
Add compatibility args to setuid_nmap command
Nmap before 4.75 would not run a script without a port scan being
performed. Example: 4.53 installed on Metasploitable would not work.
Added "-p80 localhost" to the command to ensure it works with these
older versions.
[Closes #649 ]
2012-08-03 14:15:09 -06:00
h0ng10
8872ea693c
real support for cve-2010-0738/verb bypass
2012-08-03 14:22:40 -04:00
h0ng10
52b1919315
Additional cleanups, verb tampering
2012-08-02 17:33:17 -04:00
James Lee
227d0dbc47
Add jabra to authors. I'm a jerk
2012-08-02 11:13:53 -06:00
James Lee
1a2a1e70f7
Replace load with require, *facepalm*
2012-08-01 22:51:36 -06:00
sinn3r
2f1022a5a3
Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay
2012-08-01 16:24:23 -05:00
sinn3r
f6a2ba094d
Merge branch 'sonicwall_scrutinizer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sonicwall_scrutinizer
2012-08-01 15:14:34 -05:00
sinn3r
74a6c724a6
Merge branch 'cisco_playerpt_setsource_surl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cisco_playerpt_setsource_surl
2012-08-01 15:13:15 -05:00
sinn3r
6ae863cdff
Forgot two extra spaces, how dare me!
2012-08-01 15:11:33 -05:00
sinn3r
227c3afed3
Merge branch 'bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec'
2012-08-01 15:08:51 -05:00
sinn3r
7af9979687
Merge branch 'zenoss_3.2.1_showdaemonxmlconfig_exec' of https://github.com/bcoles/metasploit-framework into bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec
2012-08-01 15:06:42 -05:00
sinn3r
48533dc392
Merge branch 'current-user-psexec' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-current-user-psexec
2012-08-01 15:02:10 -05:00
sinn3r
92d1d26288
Add CVE-2012-2962 : Dell SonicWall Scrutinizer exploit
2012-08-01 15:00:24 -05:00
jvazquez-r7
4c28b2a310
modified autopwn_info to add ie9
2012-08-01 19:36:20 +02:00
jvazquez-r7
d3c10d5d39
Added module for CVE-2012-0284
2012-08-01 19:34:37 +02:00
bcoles
2bf0899d09
minor improvements to Zenoss showdaemonxmlconfig exploit
2012-08-01 20:15:45 +09:30
James Lee
0707730fe0
Remove superfluous method
...
Obsoleted by session.session_host, which does the same thing
2012-08-01 01:07:21 -06:00
James Lee
47eb387886
Add current_user_psexec module
...
Tested against a 2k8 domain controller.
2012-08-01 01:05:10 -06:00
sinn3r
8a40ef397d
Merge branch 'webpagetest' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webpagetest
2012-07-31 17:29:42 -05:00
sinn3r
d66678e7ee
Forgot to randomize element ID
2012-07-31 17:25:50 -05:00
jvazquez-r7
7a0b5a6169
Added module for CVE-2012-1876
2012-07-31 23:14:29 +02:00
Meatballs1
75a9283fbf
Removed auto migrate as exploit loads in a seperate process to browser anyway
2012-07-31 20:44:14 +01:00
Meatballs1
6f697ce519
Working with WebDAV
2012-07-31 20:26:47 +01:00
sinn3r
9815faec37
Add OSVDB-83822
2012-07-31 13:31:06 -05:00
sinn3r
20489864fc
Merge branch 'zenoss_3.2.1_showdaemonxmlconfig_exec' of https://github.com/bcoles/metasploit-framework into bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec
2012-07-31 08:42:34 -05:00
sinn3r
e7db0ebcef
Blah, removed the wrong ref.
2012-07-30 12:47:32 -05:00
sinn3r
edfe43e7e0
When I say to remove BID ref, I mean it...
2012-07-30 12:46:27 -05:00
sinn3r
e84214d1e1
Remove some references to avoid confusion.
...
rgod's poc and Mikado aren't actually the same thing, despite the
fact they both use the same method. To avoid confusion, refs to
Secunia and CVE are removed, but OSVDB/EDB are kept unless OSVDB
decides rgod's and Mikado's are separate issues.
2012-07-30 12:42:27 -05:00
Meatballs1
f298dbbd04
Fixed to work with browser_autopwn
2012-07-30 16:43:21 +01:00
Meatballs1
066020e572
Msftidy
2012-07-30 15:51:56 +01:00
Meatballs1
404909cb95
Check as IE crashes if length > 693
2012-07-30 15:41:58 +01:00
Meatballs1
690c381abd
Initial commit
2012-07-30 14:49:34 +01:00
bcoles
bdf8f1a543
Clean up Zenoss exploit + minor improvements
...
Changed send_request_raw() to send_request_cgi()
- Removed redundant request headers 'Content-Length'
Added rescue error message for connection failures
Changed username to the default 'admin' account
2012-07-30 18:04:14 +09:30
jvazquez-r7
2fa88366be
Added module for MS10-104
2012-07-30 09:01:38 +02:00
bcoles
8d3700cc3c
Add Zenoss <= 3.2.1 exploit and Python payload
...
- modules/exploits/linux/http/zenoss_3.2.1_showdaemonxmlconfig_exec.rb
- modules/payloads/singles/cmd/unix/reverse_python.rb
2012-07-30 01:24:27 +09:30
Matt Andreko
2f7b5f35af
Added Sysax 5.64 Create Folder exploit
2012-07-29 10:40:02 -04:00
h0ng10
36be7cd9c4
removed unnecessary cleanup
2012-07-27 16:32:08 -04:00