Commit Graph

478 Commits (7444a0ff042dd6a3e41f3fb9984b2f3cc5e14315)

Author SHA1 Message Date
sinn3r 76d36a46dc Missing a checkcode 2015-04-15 14:04:18 -05:00
sinn3r 8a542b841c Don't check Server header 2015-04-15 13:33:09 -05:00
sinn3r 90ed6ee0b6 No "vhost" 2015-04-15 13:32:11 -05:00
sinn3r 3aa8e6908d Converted to a DOS module 2015-04-15 13:13:16 -05:00
William Vu 3cdc84bf27 Fix missing type in report_note 2015-04-14 14:02:20 -05:00
William Vu 56dc7afea6
Land #5068, @todb-r7's module author cleanup 2015-04-03 16:00:36 -05:00
root 4bd40fed7f yard doc and comment corrections for auxiliary 2015-04-03 16:12:23 +05:00
Tod Beardsley 6532fad579
Remove credits to Alligator Security Team
All but one of these modules credits both a team name and individual
team members. We should just be crediting team members. The domain
persists in all the other credits.

The one that didn't was credited to dflah_ specifically, so merely
changed the author name.

Longer description, if needed, wrapped at 72 characters.

[See #5012]
2015-04-02 15:12:22 -05:00
dnkolegov 040a1af9c5 Delete useless ecnryption cookie detection, fix minor issues 2015-03-25 02:34:33 -04:00
dnkolegov ee17d6e606 Deleted spaces at EOL 2015-03-23 04:34:38 -04:00
dnkolegov 2a0deaa6c8 Deleted default options and SYN scan 2015-03-23 04:31:08 -04:00
dnkolegov 78be03623f Fix indent warnings 2015-03-17 03:39:04 -04:00
dnkolegov 34c30502fd Add SSL/TLS support, fix minor errors, change default parameters 2015-03-17 02:49:11 -04:00
dnkolegov 252557227d Add F5 BigIP APM DoS module 2015-03-06 01:55:42 -05:00
jvazquez-r7 0372b08d83 Fix mixin usage on modules 2015-02-13 17:17:59 -06:00
Christian Mehlmauer 354e952841
fix msftidy warnings 2015-01-18 23:55:57 +01:00
Christian Mehlmauer 6014ff8a31
fix msftidy warnings 2015-01-18 23:54:16 +01:00
rastating a5f48b23df Add use of Msf::ThreadManager 2015-01-07 17:27:06 +00:00
rastating e90e98547b Add configurable timeout to WordPress login 2015-01-07 17:06:31 +00:00
rastating 92015ac124 Replace custom login with wordpress_login mixin 2015-01-04 23:07:07 +00:00
rastating 39412c4a48 Add WordPress long password DoS module 2015-01-04 18:50:23 +00:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Christian Mehlmauer f45b89503d change WPVULNDBID to WPVDB 2014-10-03 17:13:18 +02:00
Christian Mehlmauer 33b37727c7 Added wpvulndb links 2014-10-02 23:03:31 +02:00
Christian Mehlmauer a7be5b5164
Added fingerprinting 2014-08-07 18:12:58 +02:00
Christian Mehlmauer d6e60453d6
Added Wordpress XMLRPC DoS 2014-08-07 11:38:44 +02:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
Tod Beardsley 4103f2295b
Missing comma 2014-06-09 13:44:46 -05:00
Tod Beardsley 0e14d77dba
Minor fixup on DTLS module 2014-06-09 13:42:30 -05:00
jvazquez-r7 ed5d83a41b Add vulnerability discoverer 2014-06-09 13:25:33 -05:00
jvazquez-r7 daf662b3c0 Do minor cleanup 2014-06-09 13:23:56 -05:00
Jon Hart 06e45e8253 Clean up TLS fragment building 2014-06-09 08:39:30 -07:00
Jon Hart a7a1a2bf3b Move dtls_fragment_overflow.rb under ssl where it belongs 2014-06-07 12:56:34 -07:00
Jon Hart 8637a1fff1 OpenSSL DTLS CVE-2014-0195 POC 2014-06-06 19:24:47 -07:00
Tod Beardsley 4b5c62ba8d
Dress up CAPWAP DoS desc a little. 2014-05-28 12:19:17 -05:00
jvazquez-r7 217a14e4d7
Land #3366, @jholgui's module for CVE-2013-4074 2014-05-25 18:53:30 -05:00
jvazquez-r7 33ba134147 Clean msftidy warnings and metadata 2014-05-25 18:52:01 -05:00
jvazquez-r7 d3c17d8e3e Delete wireshark_capwap_dos 2014-05-25 18:39:53 -05:00
JoseMi 9f166b87f6 Changed the description 2014-05-24 18:58:36 +01:00
JoseMi 71e2d19040 Adapted to auxiliary modules structure 2014-05-24 18:53:10 +01:00
JoseMi 21cf0a162c Added module to crash capwap dissector in wireshark tool 2014-05-17 11:31:43 +01:00
Tod Beardsley dc57e31be1
Aux modules don't respect Rank anyway 2014-05-14 15:03:10 -05:00
Tod Beardsley 3072c2f08a
Update CVEs for RootedCon Yokogawa modules
Noticed they were nicely documented at

http://chemical-facility-security-news.blogspot.com/2014/03/ics-cert-publishes-yokogawa-advisory.html

We apparently never updated with CVE numbers.
2014-05-05 13:25:55 -05:00
William Vu 7d801e3acc
Land #3200, goodbye LORCON modules :( 2014-04-18 12:32:22 -05:00
Tod Beardsley 062175128b
Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
Tod Beardsley 17ddbccc34
Remove the broken lorcon module set
None of the lorcon / lorcon2 modules have been functional for a long
time, due to the lack of a "Lorcon" gem. It's unclear where it went.

I'm happy to include it and get these working again, but until someone
comes up with some functional code (hint: 'gem install' doesn't work) I
don't see any reason to keep shipping these.

Is there some trick people are doing to make these work? As far as I can
see, they are broken by default.

````
msf auxiliary(wifun) > show options

Module options (auxiliary/dos/wifi/wifun):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   CHANNEL    11               yes       The initial channel
   DRIVER     autodetect       yes       The name of the wireless driver
for lorcon
   INTERFACE  wlan0            yes       The name of the wireless
interface

msf auxiliary(wifun) > run

[*] The Lorcon2 module is not available: cannot load such file --
Lorcon2
[-] Auxiliary failed: RuntimeError Lorcon2 not available
[-] Call stack:
[-]
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/lorcon2.rb:67:in
`open_wifi'
[-]
/home/todb/git/rapid7/metasploit-framework/modules/auxiliary/dos/wifi/wifun.rb:29:in
`run'
[*] Auxiliary module execution completed
````
2014-04-07 16:37:10 -05:00
William Vu 170608e97b Fix first chunk of msftidy "bad char" errors
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
jvazquez-r7 8cfa5679f2 More nick instead of name 2014-03-10 16:12:44 +01:00
jvazquez-r7 bc8590dbb9 Change DoS module location 2014-03-10 16:12:20 +01:00
Tod Beardsley de6be50d64
Minor cleanup and finger-wagging about a for loop 2014-03-03 14:12:22 -06:00
jvazquez-r7 449d0d63d1 Do small clean up 2014-02-26 08:52:51 -06:00
ribeirux ead7cbc692 Author and URI fixed 2014-02-24 22:20:34 +01:00
ribeirux 8f7f1d0497 Add module for CVE-2014-0050 2014-02-22 14:56:59 +01:00
jvazquez-r7 ac52edabd5
Land #2801, Land @kicks4kittens IBM Sametime modules 2014-02-06 10:17:03 -06:00
kicks4kittens 38add0ab50 alter print_status
Altered print_status to print_good to differentiate when user is online easier
2014-02-05 21:49:39 +01:00
sinn3r a239e14084 Fix nodejs_popelining check 2014-01-19 17:06:35 -06:00
jvazquez-r7 01ab6fd545 Do small fixes 2014-01-17 17:59:03 -06:00
jvazquez-r7 bce321c628 Do response handling a little better, fake test 2014-01-17 11:02:35 -06:00
jvazquez-r7 11d613f1a7 Clean ibm_sametime_webplayer_dos 2014-01-17 10:52:42 -06:00
jvazquez-r7 51b3d164f7 Move the DoS module to the correct location 2014-01-17 09:30:51 -06:00
Tod Beardsley e737b136cc
Minor grammar/caps fixup for release 2013-12-09 14:01:27 -06:00
jvazquez-r7 fdebfe3d2f Add references 2013-12-07 14:25:58 -06:00
sinn3r adc241faf8 Last one, I say 2013-12-06 15:52:42 -06:00
sinn3r 17193e06a9 Last commit, I swear 2013-12-06 15:49:44 -06:00
sinn3r 58a70779ac Final update 2013-12-06 15:48:59 -06:00
sinn3r 9f5768ae37 Another update 2013-12-06 14:53:35 -06:00
sinn3r af16f11784 Another update 2013-12-06 14:39:26 -06:00
sinn3r 87e77b358e Use the correct URI 2013-12-06 12:08:19 -06:00
sinn3r 5d4acfa274 Plenty of changes 2013-12-06 11:57:02 -06:00
sinn3r c07686988c random uri 2013-12-05 18:07:24 -06:00
sinn3r 8e9723788d Correct description 2013-12-04 17:25:58 -06:00
sinn3r fb2fcf429f This one actually works 2013-12-04 17:22:42 -06:00
sinn3r d0071d7baa Add CVE-2013-6414 Rails Action View DoS 2013-12-04 14:57:30 -06:00
Tod Beardsley 23448b58e7
Remove timeout checkers that are rescued anyway 2013-11-25 12:37:23 -06:00
Tod Beardsley f311b0cd1e
Add user-controlled verbs.
GET, HEAD, POST, and PROPFIND were tested on WebRick, all successful.
2013-11-25 12:29:05 -06:00
Tod Beardsley 6a28aa298e
Module for CVE-2013-4164
So far, just a DoS. So far, just tested on recent Rails with Webrick and
Thin front ends -- would love to see some testing on ngix/apache with
passenger/mod_rails but I don't have it set up at the moment.
2013-11-22 16:51:02 -06:00
jvazquez-r7 f963f960cb Update title 2013-11-18 15:07:59 -06:00
jvazquez-r7 274247bfcd
Land #2647, @jvennix-r7's module for Gzip Memory Bomb DoS 2013-11-18 15:06:46 -06:00
joev 589660872e Kill FILEPATH datastore option. 2013-11-18 14:13:25 -06:00
joev 8e889c61f7 Update description. 2013-11-17 15:48:27 -06:00
joev f7820139dc Add a content_type datastore option. 2013-11-17 15:38:55 -06:00
joev 43d2711b98 Default to 1 round compression. 2013-11-17 15:35:35 -06:00
joev 1e3860d648 Add gzip bomb dos aux module. 2013-11-17 14:44:33 -06:00
William Vu 2c485c509e Fix caps on module titles (first pass) 2013-11-15 00:03:42 -06:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
Tod Beardsley 9045eb06b0
Various title and description updates 2013-10-28 14:00:19 -05:00
jvazquez-r7 6989f16661
Land #2548, @titanous's aux module for CVE-2013-4450 2013-10-22 15:02:54 -05:00
jvazquez-r7 bdf07456ba Last cleanup for nodejs_pipelining 2013-10-22 15:00:58 -05:00
Jonathan Rudenberg db447b65f9 Add exploit for Node.js HTTP Pipelining DoS 2013-10-22 15:12:14 -04:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Tod Beardsley ba2c52c5de
Fixed up some more weird splat formatting. 2013-10-16 16:25:48 -05:00
Tod Beardsley ed0b84b7f7
Another round of re-splatting. 2013-10-15 14:14:15 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat
[SeeRM #8496]
2013-10-15 13:51:57 -05:00
darknight007 7b82c64983 ms12-020 stack print resolve 2013-10-12 16:49:03 +05:00
darknight007 e1b9f1a3c4 modified ms12-020 module to resolve stack print 2013-10-12 16:36:37 +05:00
darknight007 291b90405d Merge branch 'master' of https://github.com/darknight007/metasploit-framework
Conflicts:
	modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids.rb
2013-10-12 16:23:09 +05:00
darknight007 602fd276bc using theirs 2013-10-12 16:20:26 +05:00
darknight007 4e50c574c5 Update ms12_020_maxchannelids.rb
ms12_020_maxchannelids.rb produces a call stack when the connection is timed out. 

To reproduct, just run the module against a system having no RDP enabled.
2013-10-12 15:39:13 +05:00
Meatballs c460f943f7
Merge branch 'master' into data_dir
Conflicts:
	modules/exploits/windows/local/always_install_elevated.rb
	plugins/sounds.rb
	scripts/meterpreter/powerdump.rb
	scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00