Commit Graph

11605 Commits (6f341934d6d795b070d1c9644401f0770adaa7c8)

Author SHA1 Message Date
Tod Beardsley dc1b9570b8 Grammar and spelling on splunk and oracle exploits 2011-12-28 13:44:44 -06:00
Tod Beardsley 65b4cb3a40 Merge branch 'master' of github_r7:rapid7/metasploit-framework 2011-12-28 13:43:16 -06:00
Tod Beardsley 0e3370f1fe Grammar and spelling on splunk and oracle exploits 2011-12-28 13:42:56 -06:00
David Maloney 5a860f45ef Fixed typo in validation routine 2011-12-28 12:10:38 -06:00
David Maloney 3bb2b5b7fd Fixed typo in validation routine 2011-12-28 09:40:36 -08:00
David Maloney 9e1e87508f Fix to boundary validation for when no db is present
Fixes #6171
2011-12-28 08:47:22 -08:00
HD Moore 5dc647a125 Make it clear that this exploit is for RHEL 3 (White Box 3 uses the same
packages)
2011-12-28 02:02:03 -06:00
HD Moore 5d67bd2a5e Phew. Exhaustive test of all i386 FreeBSD versions complete 2011-12-28 01:38:55 -06:00
HD Moore 1ff0cb2eef More testing - looks like 5.5 is not exploitable, at least not the same
way
2011-12-28 01:30:25 -06:00
HD Moore e071944a1a Allow ff in payloads but double them back up 2011-12-28 00:04:24 -06:00
HD Moore edb9843ef9 Add Linux exploit with one sample target (Whitebox Linux 3) 2011-12-28 00:00:10 -06:00
chao-mu 5560c6b17e Moved and adapted code relating to looking up constant names by constant value 2011-12-28 00:40:08 -05:00
HD Moore 79103074cb Add credit for Dan's advice 2011-12-27 23:39:02 -06:00
HD Moore f9224d6010 Adds basic coverage for CVE-2011-4862. Ported from Jaime Penalba
Estebanez's code, mostly written by Brandon Perry, exploit method (jmp
edx) by Dan Rosenberg, and general mangling/targets by hdm.
2011-12-27 23:37:30 -06:00
chao-mu ffcf5af9b0 Merge remote branch 'upstream/master' 2011-12-27 22:06:51 -05:00
HD Moore 2ad5c56d48 Typo in comment 2011-12-27 19:11:09 -06:00
HD Moore 617f3250cf Handle patched systems accurately (requires actually triggering the bug) 2011-12-27 19:04:34 -06:00
HD Moore f8e3119215 Add references 2011-12-27 17:50:06 -06:00
David Maloney a2760b219d Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-27 11:34:36 -08:00
David Maloney 9b995bc0a5 Adds boundary validation to the framework
enforces boudnary checking on netbios probes
2011-12-27 11:33:52 -08:00
Jonathan Cran b409560088 bring up to date with master 2011-12-27 11:33:08 -06:00
sinn3r 101eba6aa5 Add CVE-2011-3587 Plone/Zope Remote CMD Injection (Feature #6151) 2011-12-27 00:59:26 -06:00
James Lee 80603e03cb grab the appropriate shell from mult-platform meterpreters and use /bin/sh instead of /bin/bash for linux to improve compatibility, fixes #5996 2011-12-26 14:41:24 -07:00
David Maloney 05f3af1e77 Fixed typo in the windows autlogin post module 2011-12-26 11:17:17 -08:00
alhazred 39b365702f rename non existent local variable 'options' to correct session.options 2011-12-26 21:40:46 +13:00
sinn3r a00937b4d8 Fix typo. 2011-12-24 15:32:08 -06:00
sinn3r 87cf4cefea Fix bug #6164 2011-12-24 15:26:20 -06:00
sinn3r 062f661991 Fix bug #6161 - Must explicitly convert e to e.to_s 2011-12-24 15:11:26 -06:00
sinn3r 8a705c9223 Fix bug #6158 - session.db_record might return nil but wasn't checked 2011-12-24 15:06:43 -06:00
chao-mu 1604162ba3 A place to add railgun convenience code for use in modules 2011-12-24 15:59:46 -05:00
sinn3r dcb66307be Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-24 14:58:40 -06:00
sinn3r 2e2e28afb8 Fix bug #6160 - undefined method '[] for nil:NilClass' due to an invalid path 2011-12-24 14:57:46 -06:00
Tod Beardsley 06077a37f8 Fixes typo, variable name is paths not path. 2011-12-24 14:39:08 -06:00
Tod Beardsley c44e6701f3 Merge pull request #81 from swtornio/master
add osvdb ref
2011-12-24 09:22:15 -08:00
Steve Tornio 4215ef3ae1 add osvdb ref 2011-12-24 06:54:39 -06:00
sinn3r 3fe076bcd6 Check nil before using .empty? 2011-12-23 17:42:58 -06:00
steponequit 69570dada6 Add CVE-2008-2161 OpenTFTP SP 1.4 Buffer Overflow by steponequit 2011-12-23 16:28:36 -06:00
sinn3r 3b0b02fdcd Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-23 16:26:18 -06:00
Michael Boman 1102d56a27 Incorporating mboman's save credentials
I don't think the use of the constant is a show stopper since it is
identical to the existing Nessus plugin scheme as well. It doesn't make
it right but it's not a reason to block. Both should be fixed some time.

Made a handful of minor edits regarding file handle management, and also
noted that the act of saving nexpose credentials will always cause the
SSL nag screen to not display.

Thanks for the implementation, mboman!

[Closes #57] [Fixes #6156]

Squashed commit of the following:

commit 8d421ab8e3004bcb67e156b45f1355a608e0320c
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:55:35 2011 -0600

    Adds a comment note about bypassing the SSL verify warning

commit fd956b380f14bbb394f36b0a3c565906f9aed869
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:53:29 2011 -0600

    Changing file write mode from w+ to wb.

commit d884c87482b033b7200d5045ba5f9b2d910f4aa8
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:15:46 2011 -0600

    ::File instead of File throughout

commit 6d72f87e8f175f088ac7beeb80742d50ab01b38a
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:14:54 2011 -0600

    Space change

commit f6f3527595379ba11b3be4341a0c620b06340fbb
Merge: a978d19 2335614
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:13:12 2011 -0600

    Merge branch 'master' of github_r7:rapid7/metasploit-framework into mboman_nexpose

commit a978d1962f756f507fdabb988380a7ecf3ce76bb
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:12:51 2011 -0600

    Minor fixups mostly around ::File handling.

commit bddd0249b956c3e2c960b0bd6028b88e6e99eac5
Merge: 2ddc161 bb2ea62
Author: Michael Boman <michael@michaelboman.org>
Date:   Fri Dec 16 08:39:10 2011 +0100

    Merge branch 'master' of git://github.com/rapid7/metasploit-framework into nexpose

commit 2ddc1616714b37e89415195b2a9ef9c569e4065e
Author: Michael Boman <michael@michaelboman.org>
Date:   Wed Dec 14 11:44:29 2011 +0100

    msftidy cleanup (whitespace after EOL)

commit b202c7ff3a61ac450c181d4f60b01923bad9625f
Author: Michael Boman <michael@michaelboman.org>
Date:   Wed Dec 14 11:28:13 2011 +0100

    Removed a ncusage call

commit 45da9728d1867b04ce557521650abbc41753165e
Author: Michael Boman <michael@michaelboman.org>
Date:   Wed Dec 14 09:19:58 2011 +0100

    Fixed indenting, removed ncusage function until later...

commit e9f03aafba7db0d907c431eca3a3b55672437ea4
Merge: 41d3fae 8dc85f1
Author: Michael Boman <michael@michaelboman.org>
Date:   Wed Dec 14 07:35:17 2011 +0100

    Merge branch 'master' of git://github.com/rapid7/metasploit-framework into nexpose

commit 41d3fae61b9501179d5b474de018ea370ae90192
Merge: 63b6f38 d87d8d5
Author: Michael Boman <michael@michaelboman.org>
Date:   Tue Dec 13 20:07:34 2011 +0100

    Merge branch 'master' of git://github.com/rapid7/metasploit-framework into nexpose

commit 63b6f3873d466b7c6e4f3be5f0cea0a2a72e46f9
Merge: b3b7be4 cfa128a
Author: Michael Boman <michael@michaelboman.org>
Date:   Tue Dec 13 17:01:06 2011 +0100

    Merge branch 'master' of git://github.com/rapid7/metasploit-framework into nexpose

commit b3b7be4594eedbb82424e89ad44372dd71a0c507
Author: Michael Boman <michael@michaelboman.org>
Date:   Tue Dec 13 16:54:54 2011 +0100

    Nexpose plugin can now save/load credentials
2011-12-23 16:12:34 -06:00
Tod Beardsley 23356141fb Merge branch 'master' of github_r7:rapid7/metasploit-framework 2011-12-23 12:25:54 -06:00
scriptjunkie 1e811aed02 Adds scriptjunkie's multilingual admin fie for pxexploit
Also removes duplicated code between external/source/exploits/pxesploit
and external/source/pxesploit.

[Closes #63]

Squashed commit of the following:

commit 325f52527233ded1bf6506c366ec8cb9efdc2610
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date:   Fri Dec 16 12:14:18 2011 -0600

    Jetzt auf Deutsch! y español! 中國人!
    [update pxexploit to resolve administrators' group name rather than assume the English 'Administrators']
    Also remove duplicate/old pxexploit source code from the tree.
2011-12-23 12:24:45 -06:00
steponequit 84c6739921 added initial opentftp 1.4 windows exploit 2011-12-23 11:27:11 -06:00
sinn3r 41697440c7 Add Oracle Job Scheduler Command Execution (CreateProcessA) - Feature #6079 2011-12-23 01:22:39 -06:00
Tod Beardsley 35e868f705 Merge pull request #67 from kernelsmith/railgun-add_const_reverse_lookup
Add const_reverse_lookup and error_lookup to railgun (redmine 6128)
2011-12-22 14:43:24 -08:00
sinn3r ce6b1d6b8c Improve:
- Use 'Actions' to configure which OWA version to try
- Fix a bug where the USER_AS_PASS option might overwrite PASSWORD (and not restoring it) even though a password is already set.
- Increase timeout to 25
- Update description
2011-12-22 16:26:02 -06:00
Tod Beardsley db90989db4 Merge pull request #76 from kernelsmith/lab_tab_complete
lab_load now tab completes from data/lab (lab plugin), for real tho
2011-12-22 13:21:11 -08:00
Jonathan Cran 5cec44bc43 Merge pull request #77 from rapid7/lab_temp2
squashed lab upload commit
2011-12-22 13:00:26 -08:00
Jonathan Cran e48031cf22 squashed lab upload commit 2011-12-22 14:56:45 -06:00
Tod Beardsley 9b45b9523e Merge branch 'master' of github_r7:rapid7/metasploit-framework 2011-12-22 13:25:02 -06:00
sinn3r b5b24a1fbf Add a check. I decided not to try to login in the check function in order to remain non-malicious.
However, this decision doesn't represent how modules should write their own check.
2011-12-22 13:16:54 -06:00