d5b698bf2d
Land #3944 , pkexec exploit
2014-10-17 16:30:55 -05:00
7652b580cd
Beautify description
2014-10-17 15:31:37 -05:00
d831a20629
Add references and fix typos
2014-10-17 15:29:28 -05:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
e689a0626d
Use Rex.sleep :-)
...
"Right is right even if no one is doing it; wrong is wrong even if everyone is doing it"
user@x:/opt/metasploit$ grep -nr "select(nil, nil, nil" . | wc -l
189
user@x:/opt/metasploit$ grep -nr "Rex.sleep" . | wc -l
25
2014-10-10 10:05:46 +01:00
c5494e037d
Land #3900 - Add F5 iControl Remote Root Command Execution
2014-10-08 00:30:07 -05:00
299d9afa6f
Add module for centreon vulnerabilities
2014-10-07 14:40:51 -05:00
3daa1ed4c5
Avoid changing modules indentation in this pull request
2014-10-07 10:41:25 -05:00
341d8b01cc
Favor echo encoder for back compatibility
2014-10-07 10:24:32 -05:00
0089810026
Merge to update
2014-10-06 19:09:31 -05:00
212762e1d6
Delete RequiredCmd for unix cmd encoders, favor EncoderType
2014-10-06 18:42:21 -05:00
f2b9aeed74
typo
2014-10-03 11:02:56 +01:00
f60f6d9c92
add exploit for CVE-2011-1485
2014-10-03 10:54:43 +01:00
2c9446e6a8
Update f5_icontrol_exec.rb
2014-10-02 17:56:24 -05:00
4fbab43f27
Release fixes, all titles and descs
2014-10-01 14:26:09 -05:00
039e544ffa
Land #3925 , rm indeces_enum
...
Deprecated.
2014-09-30 17:45:38 -05:00
161a145ec2
Create f5_icontrol_exec.rb
2014-09-27 10:40:13 -05:00
f2cfbebbfb
Add module for ZDI-14-305
2014-09-24 00:22:16 -05:00
495e1c14a1
Land #3721 , @brandonprry's module for Railo CVE-2014-5468
2014-09-09 19:10:46 -07:00
26d8432a22
Minor style and usability changes to @brandonprry's #3721
2014-09-09 19:09:45 -07:00
db6052ec6a
Update check method
2014-09-09 18:51:42 -05:00
3e57ac838c
Converted LD_PRELOAD library from precompiled binary to metasm code.
2014-09-04 21:49:55 +02:00
ee3e5c9159
Add check method
2014-09-02 21:35:47 -05:00
438f0e6365
typos
2014-08-30 09:22:58 -05:00
f72cce9ff2
Update railo_cfml_rfi.rb
2014-08-29 17:33:15 -05:00
f4965ec5cf
Create railo_cfml_rfi.rb
2014-08-28 08:42:07 -05:00
052327b9c6
Removed redundant string "linux_" from exploit name
2014-08-27 23:33:15 +02:00
b967336b3b
Small bugfix (incorrect filename in data directory)
2014-08-25 00:39:00 +02:00
fc6f50058b
Add desktop_linux_privilege_escalation module
2014-08-25 00:05:20 +02:00
f6f8d7b993
Delete debug print_status
2014-07-22 15:00:03 -05:00
b086462ed6
More cleanups of modules which REALLY need the 'old' generic encoder
2014-07-22 14:57:53 -05:00
3d7ed10ea0
Second review of modules which shouldn't be affected by changes
2014-07-22 14:33:57 -05:00
5e8da09b2d
Allow some modules to use the old encoder
2014-07-22 14:28:11 -05:00
b0f8d8eaf1
Delete debug print_status
2014-07-22 13:29:00 -05:00
f546eae464
Modify encoders to allow back compatibility
2014-07-22 13:27:12 -05:00
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
6c595f28d7
Set up a proper peer method
2014-07-14 13:29:07 -05:00
1b7008dafa
typo in name
2014-07-13 13:24:54 +02:00
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
eb9d2f130c
Change title
2014-07-11 12:03:09 -05:00
a356a0e818
Code cleanup
2014-07-11 12:00:31 -05:00
6fd1ff6870
Merge master
2014-07-11 11:40:39 -05:00
d637171ac0
Change module filename
2014-07-11 11:39:32 -05:00
c55117d455
Some cleanup
2014-07-11 11:39:01 -05:00
a7a700c70d
Land #3502 , @m-1-k-3's DLink devices HNAP Buffer Overflow CVE-2014-3936
2014-07-11 11:25:03 -05:00
b9cda5110c
Add target info to message
2014-07-11 11:24:33 -05:00
dea68c66f4
Update title and description
2014-07-11 10:38:53 -05:00
f238c2a93f
change module filename
2014-07-11 10:30:50 -05:00
f7d60bebdc
Do clean up
2014-07-11 10:28:31 -05:00
8f3197c192
Land #3496 , @m-1-k-3's switch to CmdStager on dlink_upnp_exec_noauth
2014-07-11 09:50:57 -05:00
4ea2daa96a
Minor cleanup
2014-07-11 09:50:22 -05:00
51cfa168b1
Fix deprecation information
2014-07-11 09:47:30 -05:00
611b8a1b6d
Modify title and ranking
2014-07-11 09:35:21 -05:00
a9b92ee581
Change module filename
2014-07-11 09:17:56 -05:00
36c6e74221
Do minor fixes
2014-07-11 09:17:34 -05:00
109201a5da
little auto detect fix
2014-07-10 20:45:49 +02:00
781149f13f
little auto detect fix
2014-07-10 20:40:39 +02:00
f068006f05
auto target
2014-07-09 21:53:11 +02:00
6a765ae3b0
small cleanup
2014-07-09 21:16:29 +02:00
0674314c74
auto target included
2014-07-09 20:56:04 +02:00
b4812c1b7d
auto target included
2014-07-09 20:53:24 +02:00
f89f47c4d0
dlink_dspw215_info_cgi_rop
2014-07-08 22:29:57 +02:00
6fbd6bb4a0
stager
2014-07-08 22:17:02 +02:00
ac727dae89
dlink_dsp_w215_hnap_exploit
2014-07-08 22:13:13 +02:00
579ce0a858
cleanup
2014-07-08 21:58:15 +02:00
51001f9cb3
Merge branch 'master' of git://github.com/rapid7/metasploit-framework into dlink_upnp_msearch_command_injection
2014-07-08 21:39:53 +02:00
84d6d56e15
cleanup, deprecated
2014-07-08 21:36:07 +02:00
10bcef0c33
cleanup, deprecated
2014-07-08 21:34:28 +02:00
e7ade9f84d
migrate from wget to echo mechanism
2014-07-06 21:45:53 +02:00
98a82bd145
Land #3486 , @brandonprry's exploit for CVE-2014-4511 gitlist RCE
2014-07-04 16:41:04 -05:00
59881323b9
Clean code
2014-07-04 16:40:16 -05:00
a33a6dc79d
add bash to requiredcmd
2014-07-03 16:52:52 -05:00
806f26424c
&& not and
2014-07-03 16:50:21 -05:00
6fb2fc85a0
address @jvasquez-r7 review points
2014-07-03 16:43:01 -05:00
86a31b1896
Update gitlist_exec.rb
2014-07-03 12:40:37 -05:00
8f55af5f9d
UPnP check included
2014-07-02 21:28:39 +02:00
ac2e84bfd6
check included
2014-07-02 21:24:50 +02:00
db6524106e
one more typo, last one I swear
2014-06-30 22:33:19 -05:00
d7dfa67e94
typo
2014-06-30 20:15:25 -05:00
acedf5e847
Update gitlist_exec.rb
...
Fix EDB ref and no twitter handles.
2014-06-30 20:12:08 -05:00
ecc1b08994
Create gitlist_exec.rb
...
This adds a metasploit module for CVE-2014-4511
2014-06-30 20:10:24 -05:00
6e8415143c
Fix msftidy and tweak a few modules missing timeouts
2014-06-30 00:46:28 -05:00
748589f56a
Make cmdstager flavor explicit or from info
...
Every module that uses cmdstager either passes the flavor
as an option to the execute_cmdstager function or relies
on the module / target info now.
2014-06-28 17:40:49 -04:00
5e900a9f49
Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse
2014-06-28 16:06:46 -05:00
3868348045
Fix incorrect use of sock.get that leads to indefinite hang
2014-06-28 15:48:58 -05:00
bd49d3b17b
Explicitly use the echo stager and deregister options
...
Certain modules will only work with the echo cmd stager so
specify that one as a parameter to execute_cmdstager and
remove the datastore options to change it.
2014-06-28 16:21:08 -04:00
42ac3a32fe
Multi-fy two new linux/http/dlink exploits
2014-06-27 08:40:27 -04:00
41d721a861
Update two modules to use the new unified cmdstager
2014-06-27 08:34:57 -04:00
870fa96bd4
Allow quotes in CmdStagerFlavor metadata
2014-06-27 08:34:56 -04:00
91e2e63f42
Add CmdStagerFlavor to metadata
2014-06-27 08:34:55 -04:00
d47994e009
Update modules to use the new generic CMDstager mixin
2014-06-27 08:34:55 -04:00
7ced5927d8
Use One CMDStagermixin
2014-06-27 08:34:55 -04:00
ae25c300e5
Initial attempt to unify the command stagers.
2014-06-27 08:34:55 -04:00
0219c4974a
Release fixups, word choice, refs, etc.
2014-06-23 11:17:00 -05:00
e8b914a62f
Download rankings for reliable exploit, but depending on a specific version without autodetection
2014-06-20 14:33:02 -05:00
f0d04fe77e
Do some randomizations
2014-06-20 11:38:10 -05:00
f26f8ae5db
Change module filename
2014-06-20 11:27:49 -05:00
33eaf643aa
Fix usage of :concat_operator operator
2014-06-20 11:27:23 -05:00
5542f846d6
Merge to solve conflicts
2014-06-20 11:24:08 -05:00
4203e75777
Land #3408 , @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950
2014-06-20 10:27:32 -05:00
William Vu
jvazquez-r7
URI Assassin
0a2940
sinn3r
Brandon Perry
Tod Beardsley
Jon Hart
Jakob Lell
Michael Messner
HD Moore
Spencer McIntyre