e8b914a62f
Download rankings for reliable exploit, but depending on a specific version without autodetection
2014-06-20 14:33:02 -05:00
f0d04fe77e
Do some randomizations
2014-06-20 11:38:10 -05:00
f26f8ae5db
Change module filename
2014-06-20 11:27:49 -05:00
33eaf643aa
Fix usage of :concat_operator operator
2014-06-20 11:27:23 -05:00
5542f846d6
Merge to solve conflicts
2014-06-20 11:24:08 -05:00
4203e75777
Land #3408 , @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950
2014-06-20 10:27:32 -05:00
f74594c324
Order metadata
2014-06-20 10:26:50 -05:00
45dc197827
Lands 3454, exploits/linux/ids/alienvault_centerd_soap_exec
2014-06-19 15:58:33 -05:00
d28ced5b7b
change module filename
2014-06-19 15:56:55 -05:00
a0386f0797
Fix cmd_concat_operator
2014-06-19 15:52:55 -05:00
86f523f00c
concator handling
2014-06-18 18:15:58 +02:00
45ea59050c
Fix the if cleanup
2014-06-17 23:40:00 -05:00
288430d813
wraps some long lines
2014-06-17 22:30:28 -05:00
8e1949f3c8
Added newline at EOF
2014-06-17 21:03:18 +02:00
508998263b
removed wrong module file
2014-06-17 08:57:46 +02:00
6f45eb13c7
moved module file
2014-06-17 08:56:07 +02:00
a5eed71d50
renamed and other module removed
2014-06-17 08:50:09 +02:00
e908b7bc25
renamed and other module removed
2014-06-17 08:49:46 +02:00
f464c5ee97
dlink msearch commmand injection
2014-06-16 22:12:15 +02:00
f7b892e55b
Add module for AlienVault's ZDI-14-202
2014-06-16 12:10:30 -05:00
12ec785bdb
clean up, echo stager, concator handling
2014-06-14 17:37:09 +02:00
8eb21ded97
clean up
2014-06-14 17:02:55 +02:00
a3ae177347
echo stager, arch_cmd, echo module
2014-06-13 11:42:47 +02:00
894af92b22
echo stager, arch_cmd
2014-06-13 11:40:50 +02:00
76ed9bcf86
hedwig.cgi - cookie bof - return to system
2014-05-30 17:49:37 +02:00
1ddc2d4e87
hedwig.cgi - cookie bof - return to system
2014-05-30 17:32:49 +02:00
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
b85c0b7543
rop to system with telnetd
2014-05-23 20:51:25 +02:00
df4b832019
Resolved some more Set-Cookie warnings
2014-05-13 22:56:12 +02:00
1483f02f83
Land #3306 , @xistence's alienvault's exploit
2014-05-01 09:25:07 -05:00
1b39712b73
Redo response check
2014-05-01 09:10:16 -05:00
78cefae607
Use WfsDelay
2014-05-01 09:07:26 -05:00
5db24b8351
Fixes/Stability AlienVault module
2014-05-01 14:53:55 +07:00
c12d72b58c
Changes to alienvault module
2014-05-01 10:39:11 +07:00
9bcf5eadb7
Changes to alienvault module
2014-05-01 10:10:15 +07:00
9a1b216fdb
Move module to new location
2014-04-28 11:55:26 -05:00
7d801e3acc
Land #3200 , goodbye LORCON modules :(
2014-04-18 12:32:22 -05:00
b69662fa42
Land #3233 - eScan Password Command Injection
2014-04-11 11:05:48 -05:00
0c8f5e9b7d
Add @Firefart's feedback
2014-04-11 10:21:33 -05:00
fe066ae944
Land #3207 , @7a69 MIPS BE support for Fritz Box's exploit
2014-04-09 23:20:45 -05:00
fdda69d434
Align things
2014-04-09 23:19:41 -05:00
386e2e3d29
Do final / minor cleanup
2014-04-09 23:19:12 -05:00
b0b979ce62
Meterpreter sessions won't get root in this way
2014-04-09 16:59:12 -05:00
a2ce2bfa56
Fix disclosure date
2014-04-09 16:41:49 -05:00
ff232167a6
Add module for eScan command injection
2014-04-09 16:39:06 -05:00
eb9d3520be
Land #3208 - Sophos Web Protection Appliance Interface Authenticated Exec
2014-04-09 11:30:59 -05:00
8428b37e59
move file to .rb ext
2014-04-09 05:17:14 -07:00
82c9b539ac
Fix disclosure date, earlier than I thought
2014-04-08 21:43:49 -05:00
3013704c75
Create sophos_wpa_iface_exec
...
This module exploits both bugs in http://www.zerodayinitiative.com/advisories/ZDI-14-069/
2014-04-08 21:21:43 -05:00
8dce80fd30
Added Big Endianess, improved check()-Function
...
Some Fritz!Box devices also run in Big Endianess mode. However, since
"uname -a" always returns "mips" and the "file"-command is not
available, autodetection is not an easy task.
The check()-function now checks, whether the device is really
vulnerable.
Furthemore, it's possible to send 92 bytes.
2014-04-08 21:32:36 +02:00
21b220321f
Fix typo.
...
This isn't a Linksys exploit. Left over wording from a previous exploit?
2014-04-07 18:06:59 -05:00
17ddbccc34
Remove the broken lorcon module set
...
None of the lorcon / lorcon2 modules have been functional for a long
time, due to the lack of a "Lorcon" gem. It's unclear where it went.
I'm happy to include it and get these working again, but until someone
comes up with some functional code (hint: 'gem install' doesn't work) I
don't see any reason to keep shipping these.
Is there some trick people are doing to make these work? As far as I can
see, they are broken by default.
````
msf auxiliary(wifun) > show options
Module options (auxiliary/dos/wifi/wifun):
Name Current Setting Required Description
---- --------------- -------- -----------
CHANNEL 11 yes The initial channel
DRIVER autodetect yes The name of the wireless driver
for lorcon
INTERFACE wlan0 yes The name of the wireless
interface
msf auxiliary(wifun) > run
[*] The Lorcon2 module is not available: cannot load such file --
Lorcon2
[-] Auxiliary failed: RuntimeError Lorcon2 not available
[-] Call stack:
[-]
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/lorcon2.rb:67:in
`open_wifi'
[-]
/home/todb/git/rapid7/metasploit-framework/modules/auxiliary/dos/wifi/wifun.rb:29:in
`run'
[*] Auxiliary module execution completed
````
2014-04-07 16:37:10 -05:00
fb1318b91c
Land #3193 , @m-1-k-3's exploit for the Fritzbox RCE vuln
2014-04-07 16:13:31 -05:00
ceaa99e64e
Minor final cleanup
2014-04-07 16:12:54 -05:00
b1a6b28af9
fixed disclosure date
2014-04-07 19:29:37 +02:00
003310f18a
feedback included
2014-04-07 19:25:26 +02:00
7572d6612e
Spelling and grammar on new release modules
2014-04-07 12:18:13 -05:00
85de6ed0c9
feedback included
2014-04-07 18:20:15 +02:00
11bbb7f429
fritzbox echo exploit
2014-04-07 09:12:22 +02:00
6d72860d58
Land #3004 , @m-1-k-3's linksys moon exploit
2014-04-04 14:04:48 -05:00
0ae75860ea
Code clean up
2014-04-04 14:02:12 -05:00
ffdca3bf42
Fixup on some modules for release
...
There may be more coming, but if not, this should cover
this week's minor style changes.
2014-03-31 12:42:19 -05:00
4319885420
we do not need pieces ...
2014-03-26 20:45:30 +01:00
0c3a535434
Land #3133 - LifeSize UVC Authenticated RCE via Ping
2014-03-24 21:16:10 -05:00
53b25c8c93
Fix header & author e-mail format
2014-03-24 21:15:27 -05:00
d2a9a26bc8
real fix for sinn3r bug
2014-03-24 18:40:48 -05:00
ec35f4b13f
some bugs for sinn3r
2014-03-24 18:17:50 -05:00
cfdd64d5b1
Title, description grammar and spelling
2014-03-24 12:16:59 -05:00
d6f397ab6d
whoops that isn't how you EDB
2014-03-22 11:48:41 -05:00
291692d6e0
Update lifesize_uvc_ping_rce.rb
2014-03-22 11:30:00 -05:00
67a3a7227b
Create lifesize_uvc_ping_rce.rb
2014-03-21 21:33:12 -05:00
144b86fee3
Add reference
2014-03-19 12:17:53 -05:00
27d142b387
Solve conflict by keeping file
2014-03-19 12:15:05 -05:00
fb645b6692
Clean code
2014-03-19 12:06:20 -05:00
38176ad67d
Land #3109 , @xistence's Loadbalancer.org Enterprise VA applicance exploit
2014-03-18 06:53:26 -05:00
ddd923793a
Do minor clean up
2014-03-18 06:52:50 -05:00
ad49df4301
Register RHOST
2014-03-18 06:17:41 -05:00
600338bd29
Land #3108 , @xistence's exploit for Quantum vmPRO shell-escape
2014-03-18 06:12:18 -05:00
f656e5fedb
Do minor clean up
2014-03-18 06:11:02 -05:00
9bb4e5cfc3
Loadbalancer.org Enterprise VA SSH privkey exposure
2014-03-17 14:22:51 +07:00
c116697c70
Quantum vmPRO backdoor command
2014-03-17 14:19:27 +07:00
ef4a019b20
Quantum DXi V1000 SSH private key exposure
2014-03-17 14:15:00 +07:00
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
68205fa43c
Actually use the argument
2014-03-04 11:30:42 -06:00
15345da9d8
remove the wget module, remove the cmd stuff, testing bind stuff ahead
2014-02-28 22:44:26 +01:00
2935f4f562
CMD target
2014-02-24 18:12:23 +01:00
0126e3fcc8
cleanup
2014-02-23 21:17:32 +01:00
dbbd080fc1
a first try of the cmd stager, wget in a seperated module included
2014-02-23 20:59:17 +01:00
3a8de6e124
replaced rhost by peer
2014-02-18 21:01:50 +01:00
66e2148197
linksys themoon command execution exploit
2014-02-18 19:43:47 +01:00
4dda7e6bad
linksys themoon command execution exploit
2014-02-18 19:42:50 +01:00
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
1236a4eb07
Fixup on description and some option descrips
2014-02-10 14:41:59 -06:00
c96116b193
Land #2949 - Add module Kloxo SQLi
2014-02-08 13:45:11 -06:00
c679b1001b
Make pring_warning verbose
2014-02-07 10:23:07 -06:00
4236abe282
Better SIGHUP handling
2014-02-06 15:21:54 -06:00
fdb954fdfb
Report credentials
2014-02-05 14:37:33 -06:00
631559a2e8
Add module for Kloco SQLi
2014-02-05 14:18:56 -06:00
50f860757b
Changes made to pandora_fms_exec module as requested
2014-02-03 14:10:27 +07:00
9a929e75e4
Added Pandora FMS RCE
2014-01-29 12:46:23 +07:00
jvazquez-r7
Joshua Smith
Michael Messner
Christian Mehlmauer
xistence
William Vu
sinn3r
Brandon Perry
Brandon Perry
Fabian Bräunlein
Jeff Jarmoc
Tod Beardsley
James Lee