decf6ff6a0
Add module for CVE-2013-3623
2013-11-07 14:59:40 -06:00
bdba80c05c
Land #2569 , @averagesecurityguy and others exploit for CVE-2013-4468, CVE-2013-4467
2013-11-07 12:20:42 -06:00
7615264b17
Merge branch 'lanattacks_fix' of git://github.com/OJ/metasploit-framework into OJ-lanattacks_fix
2013-11-07 10:35:00 -06:00
944528e633
Updated for temporal pathing with TEMP variable
2013-11-07 01:34:55 -05:00
2d4090d9c3
Make option astGUIclient credentials
2013-11-06 20:33:47 -06:00
24d22c96a5
Improve exploitation
2013-11-06 20:15:40 -06:00
2b2ec1a576
Change module location
2013-11-06 15:53:45 -06:00
b9cb8e7930
Add new options
2013-11-06 15:53:12 -06:00
09c31f7582
Small nitpicks to catch bad http responses
2013-11-06 15:06:04 -06:00
7ec7248500
Land #2610 , new Supermicro modules
2013-11-06 14:26:19 -06:00
91639dbb99
Trailing whitespace
2013-11-06 14:25:28 -06:00
079816777a
I kin spel
2013-11-06 14:22:41 -06:00
6b43d94c72
Rename, change titles/descriptions, fix minor bugs
2013-11-06 13:45:40 -06:00
b9caf091d4
Change supermicro_ipmi_traversal location
2013-11-06 12:47:50 -06:00
c132a60973
Move Supermicro web interface name to a constant
2013-11-06 12:47:50 -06:00
0609c5b290
Move private key to a constant
2013-11-06 12:47:50 -06:00
275fd5e2ba
Sort options by name
2013-11-06 12:47:50 -06:00
9f87fb33a7
Move digest calculation to a variable
2013-11-06 12:47:50 -06:00
46f0998903
Add URL refs
2013-11-06 12:47:50 -06:00
a973862c74
Add new modules
2013-11-06 12:47:50 -06:00
61e4700832
Allow guest login option.
...
This enables obtaining or maintaining access to properly misconfigured
systems through the Guest account.
2013-11-06 11:28:13 -06:00
7dcb071f11
Remote shebang and fix pxexeploit
2013-11-06 07:10:25 +10:00
faf6be4529
Missed an errant require
...
Wasn't even using it anyway
2013-11-05 14:00:55 -06:00
9e30c58495
Blow away remnants of Local::Unix
2013-11-05 13:51:45 -06:00
36f96d343e
Revert "Revert "Land #2505" to resolve new rspec fails"
...
This reverts commit e7d3206dc9
2013-11-05 13:45:00 -06:00
f62247e731
Fix comments, indenting and pxexploit module
...
Updated the comments and indentation so they're not blatantly wrong.
Adjusted the pxexploit module so that it doesn't break any more as
a result of the refactoring.
2013-11-05 06:35:50 +10:00
84572c58a8
Minor fixup for release
...
* Adds some new refs.
* Fixes a typo in a module desc.
* Fixes a weird slash continuation for string building (See #2589 )
2013-11-04 12:10:38 -06:00
79e59b2066
Fix metasm data
2013-11-02 10:37:57 -05:00
b077b0accf
Add byte xori mipsle encoder
2013-11-02 10:22:41 -05:00
5c923757e8
Removed generic command execution capability
2013-10-30 21:35:24 -04:00
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
e488a54a06
Resplat new WMI module
2013-10-30 15:14:16 -05:00
98224ee89f
CVE update for vtiger issue
2013-10-30 13:48:35 -05:00
344413b74d
Reorder refs for some reason.
2013-10-30 12:25:55 -05:00
32794f9d37
Move OpenBravo to aux module land
2013-10-30 12:20:04 -05:00
17d796296c
Un-dupe References for ispconfig
2013-10-30 12:03:35 -05:00
0d480f3a7d
Typo fix
2013-10-30 11:38:04 -05:00
97a4ca0752
Update references for FOSS modules
2013-10-30 11:36:16 -05:00
78381316a2
Add @brandonprry's seven new modules
...
Already reviewed privately, no associated PR.
2013-10-30 11:04:21 -05:00
5b76947767
Add a few more modules.
2013-10-30 10:25:48 -05:00
c8ceaa25c6
Land #2589 , @wvu-r7's exploit for OSVDB 98714
2013-10-29 14:56:30 -05:00
9f81aeb4ad
Fix style
2013-10-29 14:55:16 -05:00
5af42f2c28
Add short comment on why the padding is necessary
2013-10-29 11:46:10 -05:00
e368cb0a5e
Add Win7 SP1 to WinXP SP3 target
2013-10-29 10:45:14 -05:00
c4c171d63f
Clean processmaker_exec
2013-10-29 09:53:39 -05:00
3eed800b85
Add ProcessMaker Open Source Authenticated PHP Code Execution
2013-10-29 23:27:29 +10:30
ea7bba4035
Add Beetel Connection Manager NetConfig.ini BOF
2013-10-28 22:52:02 -05:00
4128aa8c08
Resplat and tabs
2013-10-28 14:03:15 -05:00
9045eb06b0
Various title and description updates
2013-10-28 14:00:19 -05:00
9bb9f8b27b
Update descriptions on SMB file utils.
2013-10-28 13:48:25 -05:00
0f63420e9f
Be specific about the type of hash
...
See #2583 . Since there are several types of hashes, we need to be more
specific about this -- see modules/exploits/windows/smb/psexec.rb which
uses an "smb_hash" as a password type.
Also, the fixes in #2583 do not appear to address anything else reported
on the Redmine issue, namely, operating system and architecture
identification discovered with this module (assuming good credentials).
Therefore, the Redmine issue should not be considered resolved.
[SeeRM #4398 ]
2013-10-28 13:40:07 -05:00
1fee3ce952
Land #2584 , reporting for energizer_duo_detect
2013-10-28 10:48:20 -05:00
efcfc9eef7
Land #2273 , @kaospunk's enum domain feature for owa_login
2013-10-28 09:47:54 -05:00
71a1ccf771
Clean owa_login enum_domain feature
2013-10-28 09:46:41 -05:00
87dc58191d
Land #2583 - Report creds to db
2013-10-26 23:22:40 -05:00
278dff93e7
Add missing require for Msf::Exploit::Powershell
...
Thanks for the report, @mubix.
2013-10-25 21:41:24 -05:00
e0aec13ce1
[FixRM #4397 ] Add reporting for energizer_duo_detect
2013-10-25 16:51:44 -05:00
9276a839d4
[FixRM #4398 ] Report credentials to database
2013-10-25 16:19:47 -05:00
df83114f0b
Land #2578 , @wchen-r7's [FixRM #8525 ]
2013-10-25 13:28:59 -05:00
a95425de08
Check dec instead
2013-10-25 10:47:41 -05:00
b69ee1fc67
[FixRM #8419 ] Add module platform to ms04_011_pct
2013-10-25 09:29:19 -05:00
1d0a3aad70
[FixRM #8525 ] undefined method `+' for nil:NilClass in enum_ie
...
Looks like for some reason if CryptUnprotectData fails, the decrypt_reg()
method will return "". And when you unpack "", you produce an array of nils.
Since you cannot add something to nil, this should cause an
"undefined method `+' for nil:NilClass" error.
This will check if we get an array of nils, we jump to the next iteration.
2013-10-25 00:26:38 -05:00
7d788fbf76
Land #2571 - HP Intelligent Management SOM FileDownloadServlet Arbitrary Download
2013-10-24 14:15:26 -05:00
7ee615223d
Land #2570 - HP Intelligent Management SOM Account Creation
2013-10-24 14:14:06 -05:00
ea80c15c3b
Land #2383 , @jamcut's aux module for jenkins enum
2013-10-24 11:31:36 -05:00
8428671f32
Land #2455 , @juushya's aux module for radware
2013-10-24 10:54:02 -05:00
1673b66cbe
Delete some white lines
2013-10-24 10:50:14 -05:00
b589e9aa6e
Use the peer method
2013-10-24 10:45:02 -05:00
2ef33aabe7
Clean open_flash_chart_upload_exec
2013-10-24 10:15:28 -05:00
110daa6e96
Check for nil response from request in check method.
2013-10-24 09:12:37 -04:00
8a5d4d45b4
Add Open Flash Chart v2 Arbitrary File Upload exploit
2013-10-24 22:46:41 +10:30
ecbbd7bb4b
Ran resplat.rb and retab.rb. Fixed msftidy issues.
2013-10-23 20:59:27 -04:00
b5f26455a3
Land #2545 , javascript library overhaul
2013-10-23 16:12:49 -05:00
255cd18868
Use peer helper
2013-10-23 16:08:40 -05:00
69da39ad52
Add module for ZDI-13-240
2013-10-23 16:01:01 -05:00
655e09f007
Fixed description to look better in info output.
2013-10-23 16:36:39 -04:00
9f84ced00e
Fixed boilerplate text.
2013-10-23 16:13:25 -04:00
58a32ebb45
Initial commit.
2013-10-23 14:47:42 -04:00
d1e1968cb9
Land #2566 - Download and delete a file via SMB
2013-10-23 12:28:57 -05:00
9a51dd5fc4
Do exception handling and stuff
2013-10-23 12:28:25 -05:00
0500842625
Do some exception handling
2013-10-23 12:22:49 -05:00
83a4ac17e8
Make sure fd is closed to avoid a possible resource leak
2013-10-23 12:16:18 -05:00
af02fd0355
Use store_loot, sorry mubix
2013-10-23 12:13:05 -05:00
55e3f36589
Add module for ZDI-13-242
2013-10-23 11:24:29 -05:00
bea04cceeb
Remove the trailing slash from the ZDI ref
2013-10-23 11:05:33 -05:00
7d84fa487e
Correct ZDI ref to match new scheme
2013-10-23 11:44:44 +02:00
8f3228d191
chage author but basic copied from hdms upload_file
2013-10-22 21:13:30 -04:00
acc73dd545
Land #2282 - BypassUAC now checks if the process is LowIntegrityLevel
2013-10-22 17:16:26 -05:00
af174639cd
Land #2468 - Hwnd Broadcast Performance
2013-10-22 17:03:02 -05:00
2e8c369c69
Land #2559 - remove content-length
2013-10-22 16:03:42 -05:00
dc0d9ae21d
Land #2560 , ZDI references
...
[FixRM #8513 ]
2013-10-22 15:58:21 -05:00
e1c4aef805
Land #1789 - Windows SSO Post Module
2013-10-22 15:48:15 -05:00
8611a2a24c
Merge remote-tracking branch 'upstream/master' into low_integ_bypassuac
2013-10-22 21:42:36 +01:00
ba1edc6fa8
Land #2402 - Windows Management Instrumentation Local -> Peers
2013-10-22 15:39:32 -05:00
b2b8824e2e
add delete and download modules for smb
2013-10-22 16:31:56 -04:00
85479f5994
removed PrependMigrate, introduced migrate -f
2013-10-22 16:11:19 -04:00
6989f16661
Land #2548 , @titanous's aux module for CVE-2013-4450
2013-10-22 15:02:54 -05:00
bdf07456ba
Last cleanup for nodejs_pipelining
2013-10-22 15:00:58 -05:00
db447b65f9
Add exploit for Node.js HTTP Pipelining DoS
2013-10-22 15:12:14 -04:00
11b2719ccc
Change module plate
2013-10-22 12:36:58 -05:00
df42dfe863
Land #2536 , @ddouhine's exploit for ZDI-11-061
2013-10-22 12:35:40 -05:00
c34155b8be
Clean replication_manager_exec
2013-10-22 12:34:35 -05:00
a4dd53f650
Chane module filename
2013-10-22 11:16:14 -05:00
cdd183f43a
Add reporting
2013-10-22 11:15:16 -05:00
e447aff0ec
Fix misleading statement in Outlook post module
...
Since this module doesn't retrieve domain exchange information as it isn't stored there it shouldn't say that Outlook isn't installed at all.
2013-10-22 11:53:15 -04:00
0d73275c3f
Delete not necessary check
2013-10-22 10:39:54 -05:00
c50e7c73b6
Make parsing easier
2013-10-22 10:30:03 -05:00
0cc7be0138
Use snake_case
2013-10-22 10:04:32 -05:00
e4a340b7f1
Fix small issues
2013-10-22 10:02:32 -05:00
a425e2be78
Fix typo
2013-10-22 09:28:43 -05:00
111c12ef0d
Do cosmetic changes
2013-10-22 09:28:15 -05:00
f46cdb8970
Add the correct plate
2013-10-22 09:27:37 -05:00
de0d09886c
Retab changes for PR #2383
2013-10-22 09:26:44 -05:00
0214501891
Merge for retab
2013-10-22 09:22:10 -05:00
72f3d4f86c
Land #2496 - Added ability to generate multiple payloads
...
Thx Dave!
2013-10-22 01:42:03 -05:00
afcce8a511
Merge osdetect and addonsdetect
2013-10-22 01:11:11 -05:00
9a3e719233
Rework the naming style
2013-10-21 20:16:37 -05:00
5613cfb249
Retab changes for PR #2455
2013-10-21 15:57:23 -05:00
39d38e598d
Merge for retab
2013-10-21 15:55:48 -05:00
71fab72e06
Delete duplicate content-length from axis2_deployer
2013-10-21 15:35:51 -05:00
2aed8a3aea
Update modules to use new ZDI reference
2013-10-21 15:13:46 -05:00
10a4ff41de
Delete Content-Length duplicate header
2013-10-21 15:11:37 -05:00
57e39c2b2c
Land #2498 - multiple payload capabilities
2013-10-21 14:51:24 -05:00
03adb48d48
Resolve NoMethodError undefined method `empty?' for nil:NilClass
...
blank? should fix this.
2013-10-21 14:50:25 -05:00
1599d1171d
Land #2558 - Release fixes
2013-10-21 13:48:11 -05:00
c1954c458c
Just warn, don't bail
...
Even if the OS detection returns non-Win7, maybe it's Win 8 or something
where it'll still work. We rarely bail out on checks like these.
If I'm crazy, feel free to skip or revert this commit (it shouldn't hold
up the release at all)
For details on this module, see #2503 . I don't see any comments about
this line in particular
2013-10-21 13:39:45 -05:00
bce8d9a90f
Update license comments with resplat.
2013-10-21 13:36:15 -05:00
c070108da6
Release-related updates
...
* Lua is not an acronym
* Adds an OSVDB ref
* credit @jvazquez-r7, not HD, for the Windows CMD thing
2013-10-21 13:33:00 -05:00
58a43e87dd
Added fixes suggested by jlee-r7
...
additional code clean up
2013-10-21 14:18:12 -04:00
4c14595525
Land #2535 - Use %PATH% for notepad
2013-10-21 13:14:44 -05:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
e7d3206dc9
Revert "Land #2505" to resolve new rspec fails
...
This reverts commit 717dfefead6430fa3354
2013-10-21 12:47:57 -05:00
cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow
2013-10-21 12:03:07 -05:00
9bfd98b001
Change plate
2013-10-21 11:54:42 -05:00
717dfefead
Land #2505 , missing source fix for sock_sendpage
2013-10-21 11:47:55 -05:00
6430fa3354
Land #2539 - Support Windows CMD generic payload
...
This also upgrades auxiliary/admin/scada/igss_exec_17 to an exploit
2013-10-21 11:26:13 -05:00
45d06dd28d
Change plate
2013-10-21 11:24:30 -05:00
0670020701
Land #2553 - HP Intelligent Management BIMS DownloadServlet Directory Traversal
2013-10-21 11:20:16 -05:00
8c05f8cf51
Land #2550 - Add HP Intelligent Managemetn UploadServlet dir traversal
2013-10-21 11:14:22 -05:00
d22e4ac2f1
Check timeout condition
2013-10-21 11:13:48 -05:00
36dace26fa
Land #2538 - Fix redirect URLs
2013-10-21 11:08:03 -05:00
09c9cba3d5
Updated code
2013-10-21 19:29:05 +05:30
183116c81f
Make module work, and final cleanup
2013-10-20 18:39:41 -05:00
27078eb5a6
Add support for HP imc /BIMS 5.1
2013-10-20 18:18:34 -05:00
b0d32a308a
Update version information
2013-10-19 00:52:22 -05:00
7d8a0fc06c
Add BID reference
2013-10-19 00:29:43 -05:00
aa6a24da1b
Add module template
2013-10-19 00:27:57 -05:00
cf239c2234
Add module for ZDI-13-238
2013-10-19 00:05:09 -05:00
5a0b8095c0
Land #2382 , Lua bind and reverse shells
2013-10-18 17:11:37 -05:00
70fced1d74
Delete unnecessary requires and make msftidy compliant
2013-10-18 16:54:20 -05:00
jvazquez-r7
jvazquez-r7
scriptjunkie
root
HD Moore
Tod Beardsley
OJ
James Lee
William Vu
bcoles
sinn3r
AverageSecurityGuy
Booboule
Rob Fuller
Meatballs
Jonathan Rudenberg
jamcut
Karn Ganeshen