Jeff Jarmoc
21b220321f
Fix typo.
...
This isn't a Linksys exploit. Left over wording from a previous exploit?
2014-04-07 18:06:59 -05:00
Tod Beardsley
17ddbccc34
Remove the broken lorcon module set
...
None of the lorcon / lorcon2 modules have been functional for a long
time, due to the lack of a "Lorcon" gem. It's unclear where it went.
I'm happy to include it and get these working again, but until someone
comes up with some functional code (hint: 'gem install' doesn't work) I
don't see any reason to keep shipping these.
Is there some trick people are doing to make these work? As far as I can
see, they are broken by default.
````
msf auxiliary(wifun) > show options
Module options (auxiliary/dos/wifi/wifun):
Name Current Setting Required Description
---- --------------- -------- -----------
CHANNEL 11 yes The initial channel
DRIVER autodetect yes The name of the wireless driver
for lorcon
INTERFACE wlan0 yes The name of the wireless
interface
msf auxiliary(wifun) > run
[*] The Lorcon2 module is not available: cannot load such file --
Lorcon2
[-] Auxiliary failed: RuntimeError Lorcon2 not available
[-] Call stack:
[-]
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/lorcon2.rb:67:in
`open_wifi'
[-]
/home/todb/git/rapid7/metasploit-framework/modules/auxiliary/dos/wifi/wifun.rb:29:in
`run'
[*] Auxiliary module execution completed
````
2014-04-07 16:37:10 -05:00
jvazquez-r7
fb1318b91c
Land #3193 , @m-1-k-3's exploit for the Fritzbox RCE vuln
2014-04-07 16:13:31 -05:00
jvazquez-r7
ceaa99e64e
Minor final cleanup
2014-04-07 16:12:54 -05:00
Michael Messner
b1a6b28af9
fixed disclosure date
2014-04-07 19:29:37 +02:00
Michael Messner
003310f18a
feedback included
2014-04-07 19:25:26 +02:00
Tod Beardsley
7572d6612e
Spelling and grammar on new release modules
2014-04-07 12:18:13 -05:00
Michael Messner
85de6ed0c9
feedback included
2014-04-07 18:20:15 +02:00
Michael Messner
11bbb7f429
fritzbox echo exploit
2014-04-07 09:12:22 +02:00
jvazquez-r7
6d72860d58
Land #3004 , @m-1-k-3's linksys moon exploit
2014-04-04 14:04:48 -05:00
jvazquez-r7
0ae75860ea
Code clean up
2014-04-04 14:02:12 -05:00
Tod Beardsley
ffdca3bf42
Fixup on some modules for release
...
There may be more coming, but if not, this should cover
this week's minor style changes.
2014-03-31 12:42:19 -05:00
Michael Messner
4319885420
we do not need pieces ...
2014-03-26 20:45:30 +01:00
sinn3r
0c3a535434
Land #3133 - LifeSize UVC Authenticated RCE via Ping
2014-03-24 21:16:10 -05:00
sinn3r
53b25c8c93
Fix header & author e-mail format
2014-03-24 21:15:27 -05:00
Brandon Perry
d2a9a26bc8
real fix for sinn3r bug
2014-03-24 18:40:48 -05:00
Brandon Perry
ec35f4b13f
some bugs for sinn3r
2014-03-24 18:17:50 -05:00
Tod Beardsley
cfdd64d5b1
Title, description grammar and spelling
2014-03-24 12:16:59 -05:00
Brandon Perry
d6f397ab6d
whoops that isn't how you EDB
2014-03-22 11:48:41 -05:00
Brandon Perry
291692d6e0
Update lifesize_uvc_ping_rce.rb
2014-03-22 11:30:00 -05:00
Brandon Perry
67a3a7227b
Create lifesize_uvc_ping_rce.rb
2014-03-21 21:33:12 -05:00
jvazquez-r7
144b86fee3
Add reference
2014-03-19 12:17:53 -05:00
jvazquez-r7
27d142b387
Solve conflict by keeping file
2014-03-19 12:15:05 -05:00
jvazquez-r7
fb645b6692
Clean code
2014-03-19 12:06:20 -05:00
jvazquez-r7
38176ad67d
Land #3109 , @xistence's Loadbalancer.org Enterprise VA applicance exploit
2014-03-18 06:53:26 -05:00
jvazquez-r7
ddd923793a
Do minor clean up
2014-03-18 06:52:50 -05:00
jvazquez-r7
ad49df4301
Register RHOST
2014-03-18 06:17:41 -05:00
jvazquez-r7
600338bd29
Land #3108 , @xistence's exploit for Quantum vmPRO shell-escape
2014-03-18 06:12:18 -05:00
jvazquez-r7
f656e5fedb
Do minor clean up
2014-03-18 06:11:02 -05:00
xistence
9bb4e5cfc3
Loadbalancer.org Enterprise VA SSH privkey exposure
2014-03-17 14:22:51 +07:00
xistence
c116697c70
Quantum vmPRO backdoor command
2014-03-17 14:19:27 +07:00
xistence
ef4a019b20
Quantum DXi V1000 SSH private key exposure
2014-03-17 14:15:00 +07:00
William Vu
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
James Lee
68205fa43c
Actually use the argument
2014-03-04 11:30:42 -06:00
Michael Messner
15345da9d8
remove the wget module, remove the cmd stuff, testing bind stuff ahead
2014-02-28 22:44:26 +01:00
Michael Messner
2935f4f562
CMD target
2014-02-24 18:12:23 +01:00
Michael Messner
0126e3fcc8
cleanup
2014-02-23 21:17:32 +01:00
Michael Messner
dbbd080fc1
a first try of the cmd stager, wget in a seperated module included
2014-02-23 20:59:17 +01:00
Michael Messner
3a8de6e124
replaced rhost by peer
2014-02-18 21:01:50 +01:00
Michael Messner
66e2148197
linksys themoon command execution exploit
2014-02-18 19:43:47 +01:00
Michael Messner
4dda7e6bad
linksys themoon command execution exploit
2014-02-18 19:42:50 +01:00
jvazquez-r7
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
Tod Beardsley
1236a4eb07
Fixup on description and some option descrips
2014-02-10 14:41:59 -06:00
sinn3r
c96116b193
Land #2949 - Add module Kloxo SQLi
2014-02-08 13:45:11 -06:00
jvazquez-r7
c679b1001b
Make pring_warning verbose
2014-02-07 10:23:07 -06:00
James Lee
4236abe282
Better SIGHUP handling
2014-02-06 15:21:54 -06:00
jvazquez-r7
fdb954fdfb
Report credentials
2014-02-05 14:37:33 -06:00
jvazquez-r7
631559a2e8
Add module for Kloco SQLi
2014-02-05 14:18:56 -06:00
xistence
50f860757b
Changes made to pandora_fms_exec module as requested
2014-02-03 14:10:27 +07:00
xistence
9a929e75e4
Added Pandora FMS RCE
2014-01-29 12:46:23 +07:00
sinn3r
a7fa4e312b
This module fails to load due to the missing end
2014-01-24 17:56:47 -06:00
sinn3r
cdc425e4eb
Update some checks
2014-01-24 12:08:23 -06:00
sinn3r
0a10c1297c
Address nil
2014-01-23 11:00:28 -06:00
sinn3r
333229ea7e
Throw Unknown if connection times out
2014-01-23 10:54:45 -06:00
sinn3r
c83053ba9b
Progress
2014-01-22 11:20:10 -06:00
sinn3r
646f7835a3
Saving progress
2014-01-21 17:14:55 -06:00
jvazquez-r7
272fe5ddfd
Delete debug comments
2014-01-16 16:12:12 -06:00
jvazquez-r7
8213eed49f
Delete Netgear N150 target, ist's a Netgear DGN1000 model
2014-01-16 15:14:31 -06:00
jvazquez-r7
139119d32c
Add Manual targets to sercomm_exec
2014-01-16 12:44:26 -06:00
jvazquez-r7
0922aef8d1
Update module description
2014-01-16 11:16:11 -06:00
Matt Andreko
b7b1ddf1e8
Sercomm Exploit module fixes
...
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
2014-01-13 16:58:32 -05:00
jvazquez-r7
24c57b34a7
Have into account endianess
2014-01-13 15:04:23 -06:00
Tod Beardsley
671027a126
Pre-release title/desc fixes
2014-01-13 13:57:34 -06:00
jvazquez-r7
9d14dd59eb
Delete parentheses
2014-01-09 15:17:13 -06:00
jvazquez-r7
85203c2f2a
Land #2823 , @mandreko's exploit module for OSVDB 101653
2014-01-09 10:27:44 -06:00
Matt Andreko
40d2299ab4
Added tested device
2014-01-09 10:46:14 -05:00
Matt Andreko
c50f7697a5
Merge branch 'review_2823' of https://github.com/jvazquez-r7/metasploit-framework into sercomm_exec
2014-01-09 10:39:12 -05:00
jvazquez-r7
bbaaecd648
Delete commas
2014-01-09 08:01:11 -06:00
jvazquez-r7
5e510dc64c
Add minor fixes, mainly formatting
2014-01-09 07:51:42 -06:00
Matt Andreko
ed6723655d
Code Review Feedback
...
Fixed some handling of errors and invalid hosts
2014-01-09 08:44:01 -05:00
Matt Andreko
d2458bcd2a
Code Review Feedback
...
Migrated the Sercomm module to use the CmdStager mixin to provide
uploading of the ELF binary.
Modified the CmdStagerEcho mixin to allow bypass of the "-en " since in
this case, the device messed up when it was used, and would actually
write the "-en " to the file, from some flaky busybox version of "echo".
2014-01-08 22:21:32 -05:00
jvazquez-r7
590547ebc7
Modify title to avoid versions
2014-01-07 13:01:10 -06:00
Joe Vennix
c34af35230
Add wrt100 to the description and title.
...
* The wrt110 and wrt100 share the same firmware, and are both vulnerable to this
bug.
2014-01-07 10:26:15 -06:00
jvazquez-r7
7f9f4ba4db
Make gsubs compliant with the new indentation standard
2013-12-31 11:06:53 -06:00
Tod Beardsley
5ce862a5b5
Add OSVDB
2013-12-26 10:33:46 -06:00
jvazquez-r7
163a54f8b1
Do send_request_cgi final clean up
2013-12-20 17:00:57 -06:00
jvazquez-r7
af13334c84
Revert gsub!
2013-12-20 11:39:49 -06:00
jvazquez-r7
1da961343a
Do final (minor) cleanup
2013-12-20 11:20:29 -06:00
Markus Wulftange
929f3ea35c
Turn Auxiliary module into Exploit module
2013-12-20 16:45:38 +01:00
jvazquez-r7
ec64382efc
Fix cfme_manageiq_evm_upload_exec according to chat with @rcvalle
2013-12-18 11:53:30 -06:00
jvazquez-r7
a28ea18798
Clean pull request
2013-12-18 11:32:34 -06:00
Ramon de C Valle
21661b168b
Add cfme_manageiq_evm_upload_exec.rb
...
This module exploits a path traversal vulnerability in the "linuxpkgs"
action of "agent" controller of the Red Hat CloudForms Management Engine
5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier).
2013-12-09 16:18:12 -02:00
sinn3r
bf3489203a
I missed this one
2013-12-03 13:13:14 -06:00
sinn3r
230db6451b
Remove @peer for modules that use HttpClient
...
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
Tod Beardsley
55847ce074
Fixup for release
...
Notably, adds a description for the module landed in #2709 .
2013-12-02 16:19:05 -06:00
sinn3r
fc14a6c149
Land #2576 - NETGEAR ReadyNAS Perl Code Evaluation Vulnerability
2013-11-24 00:47:14 -06:00
sinn3r
b5fc0493a5
Land #2642 - Fix titles
2013-11-18 12:14:36 -06:00
jvazquez-r7
9e46975a95
Land #2643 , @ChrisJohnRiley SkipVersionCheck for exim4_dovecot_bannercheck
2013-11-18 11:28:07 -06:00
jvazquez-r7
540b85df3f
Set SkipVersionCheck as not required
2013-11-18 11:27:32 -06:00
Tod Beardsley
36db6a4d59
Land #2616 , SuperMicro close_window BOF
2013-11-15 11:34:53 -06:00
Chris John Riley
5bd5eacd77
Added option to ignore banner checks
2013-11-15 15:01:11 +01:00
William Vu
2c485c509e
Fix caps on module titles (first pass)
2013-11-15 00:03:42 -06:00
Tod Beardsley
2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
...
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints
[SeeRM #8498 ]
2013-11-11 21:23:35 -06:00
jvazquez-r7
40f8e80775
Fix jlee-r7's feedback
2013-11-08 14:28:19 -06:00
jvazquez-r7
b7e360922d
Update ranking
2013-11-07 15:10:26 -06:00
jvazquez-r7
decf6ff6a0
Add module for CVE-2013-3623
2013-11-07 14:59:40 -06:00
James Lee
9e30c58495
Blow away remnants of Local::Unix
2013-11-05 13:51:45 -06:00
James Lee
36f96d343e
Revert "Revert "Land #2505" to resolve new rspec fails"
...
This reverts commit e7d3206dc9
.
2013-11-05 13:45:00 -06:00
jvazquez-r7
c92e8ff98d
Delete extra space
2013-10-30 19:34:54 -05:00
Tod Beardsley
9045eb06b0
Various title and description updates
2013-10-28 14:00:19 -05:00
jvazquez-r7
dd094eee04
Use 443 by default with SSL
2013-10-24 16:30:26 -05:00
jvazquez-r7
72f686d99a
Add module for CVE-2013-2751
2013-10-24 16:10:32 -05:00
William Vu
2aed8a3aea
Update modules to use new ZDI reference
2013-10-21 15:13:46 -05:00
sinn3r
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
Tod Beardsley
e7d3206dc9
Revert "Land #2505" to resolve new rspec fails
...
This reverts commit 717dfefead
, reversing
changes made to 6430fa3354
.
2013-10-21 12:47:57 -05:00
sinn3r
cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow
2013-10-21 12:03:07 -05:00
sinn3r
9bfd98b001
Change plate
2013-10-21 11:54:42 -05:00
William Vu
717dfefead
Land #2505 , missing source fix for sock_sendpage
2013-10-21 11:47:55 -05:00
jvazquez-r7
7dd39ae5e6
Update ranking
2013-10-17 22:43:47 -05:00
jvazquez-r7
a00a813649
Add real device libraries base addresses
2013-10-17 22:34:54 -05:00
jvazquez-r7
3d3a7b3818
Add support for OSVDB 86824
2013-10-17 01:08:01 -05:00
Tod Beardsley
ba2c52c5de
Fixed up some more weird splat formatting.
2013-10-16 16:25:48 -05:00
Tod Beardsley
ed0b84b7f7
Another round of re-splatting.
2013-10-15 14:14:15 -05:00
Tod Beardsley
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
Tod Beardsley
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
Tod Beardsley
63e40f9fba
Release time fixes to modules
...
* Period at the end of a description.
* Methods shouldn't be meth_name! unless the method is destructive.
* "Setup" is a noun, "set up" is a verb.
* Use the clunky post module naming convention.
2013-10-14 15:17:39 -05:00
jvazquez-r7
75aaded842
Land #2471 , @pyoor's exploit for CVE-2013-5743
2013-10-14 14:03:28 -05:00
jvazquez-r7
a6f17c3ba0
Clean zabbix_sqli
2013-10-14 14:01:58 -05:00
Joe Barrett
d929bdfaab
Re-fixing 8419, consistency is important.
2013-10-12 08:09:19 -04:00
James Lee
dfe74ce36c
Factorize sock_sendpage
2013-10-11 13:40:01 -05:00
pyoor
171b70fa7c
Zabbix v2.0.8 SQLi and RCE Module
...
Conflicts:
modules/exploits/linux/http/zabbix_sqli.rb
Commit completed version of zabbix_sqli.rb
2013-10-10 22:50:02 -04:00
James Lee
b9b2c82023
Add some entropy
...
* Random filename
* Stop shipping debug strings to the exploit executable
Also makes the writable path configurable, so we don't always have to
use /tmp in case it is mounted noexec, etc.
2013-10-10 18:18:01 -05:00
Meatballs
9ca9b4ab29
Merge branch 'master' into data_dir
...
Conflicts:
lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
James Lee
947925e3a3
Use a proper main signature with arguments
...
Allows us to `unlink(argv[0])`
2013-10-09 17:22:01 -05:00
James Lee
c251596f0b
Fix some bugs in preparation for factorizing
...
* Stop removing \x0a characters with String#scan, which of course breaks
the shellcode
* Fork so the original session continues to work
2013-10-09 16:03:40 -05:00
Winterspite
0acb170ee8
Bug #8419 - Added platform info missing on exploits
2013-10-08 22:41:50 -04:00
joev
4ba001d6dd
Put my short name to prevent conflicts.
2013-10-07 14:10:47 -05:00
joev
ec6516d87c
Deprecate misnamed module.
...
* Renames to a linux linksys module.
2013-10-07 14:06:13 -05:00
Tod Beardsley
fcba424308
Kill off EOL spaces on astium_sqli_upload.
2013-10-03 11:01:27 -05:00
Meatballs
c460f943f7
Merge branch 'master' into data_dir
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
plugins/sounds.rb
scripts/meterpreter/powerdump.rb
scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
sinn3r
23b0c3b723
Add Metasploit blog references
...
These modules have blogs from the Rapid7 community, we should add them.
2013-10-01 20:50:16 -05:00
Meatballs
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
jvazquez-r7
813bd2c9a5
Land #2379 , @xistence's exploit for OSVDB 88860
2013-09-26 13:52:15 -05:00
xistence
c2ff5accee
stability fixes to astium_sqli_upload
2013-09-26 10:23:33 +07:00
Tod Beardsley
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
Tod Beardsley
8db1a389eb
Land #2304 fix post module require order
...
Incidentally resolve conflict on current_user_psexec to account for the
new powershell require.
2013-09-23 16:52:23 -05:00
Tod Beardsley
4bff8f2cdc
Update descriptions for clarity.
2013-09-23 13:48:23 -05:00
jvazquez-r7
1fc849bdd5
Land #2188 , @m-1-k-3's module for OSVDB 90221
2013-09-23 11:44:43 -05:00
jvazquez-r7
71d74655f9
Modify description
2013-09-23 11:44:04 -05:00
sinn3r
0eb838156b
Land #2390 - Use payload.encoded because BadChars are defined
2013-09-19 22:10:55 -05:00
jvazquez-r7
1a00cce8a9
Clean up
2013-09-19 11:51:07 -05:00
jvazquez-r7
926ddf35bc
Fix possible collisions on binding port and handle rex socket
2013-09-19 08:23:25 -05:00
jvazquez-r7
accad24f31
Use payload.encoded because BadChars are defined
2013-09-18 13:03:35 -05:00
jvazquez-r7
61ab0e245c
Add Context to rex sockets plus track them with add_socket
2013-09-18 12:39:08 -05:00
jvazquez-r7
1988085a94
Fix possible port conflict
2013-09-18 12:24:36 -05:00
xistence
adc1bd9c65
changes made to astium_sqli_upload based on suggestions
2013-09-18 16:52:31 +07:00
James Lee
9a555d8701
Fix the modules added since the branch
2013-09-17 18:25:12 -05:00
James Lee
150f0f644e
Merge branch 'rapid7' into bug/osx-mods-load-order
...
Conflicts:
modules/post/windows/gather/enum_dirperms.rb
2013-09-17 18:21:13 -05:00
xistence
82aa3f97b0
added Astium confweb 25399 RCE
2013-09-17 12:32:10 +07:00
Tod Beardsley
b4b7cecaf4
Various minor desc fixes, also killed some tabs.
2013-09-16 15:50:00 -05:00