Commit Graph

478 Commits (7444a0ff042dd6a3e41f3fb9984b2f3cc5e14315)

Author SHA1 Message Date
jvazquez-r7 449d0d63d1 Do small clean up 2014-02-26 08:52:51 -06:00
ribeirux ead7cbc692 Author and URI fixed 2014-02-24 22:20:34 +01:00
ribeirux 8f7f1d0497 Add module for CVE-2014-0050 2014-02-22 14:56:59 +01:00
jvazquez-r7 ac52edabd5
Land #2801, Land @kicks4kittens IBM Sametime modules 2014-02-06 10:17:03 -06:00
kicks4kittens 38add0ab50 alter print_status
Altered print_status to print_good to differentiate when user is online easier
2014-02-05 21:49:39 +01:00
sinn3r a239e14084 Fix nodejs_popelining check 2014-01-19 17:06:35 -06:00
jvazquez-r7 01ab6fd545 Do small fixes 2014-01-17 17:59:03 -06:00
jvazquez-r7 bce321c628 Do response handling a little better, fake test 2014-01-17 11:02:35 -06:00
jvazquez-r7 11d613f1a7 Clean ibm_sametime_webplayer_dos 2014-01-17 10:52:42 -06:00
jvazquez-r7 51b3d164f7 Move the DoS module to the correct location 2014-01-17 09:30:51 -06:00
Tod Beardsley e737b136cc
Minor grammar/caps fixup for release 2013-12-09 14:01:27 -06:00
jvazquez-r7 fdebfe3d2f Add references 2013-12-07 14:25:58 -06:00
sinn3r adc241faf8 Last one, I say 2013-12-06 15:52:42 -06:00
sinn3r 17193e06a9 Last commit, I swear 2013-12-06 15:49:44 -06:00
sinn3r 58a70779ac Final update 2013-12-06 15:48:59 -06:00
sinn3r 9f5768ae37 Another update 2013-12-06 14:53:35 -06:00
sinn3r af16f11784 Another update 2013-12-06 14:39:26 -06:00
sinn3r 87e77b358e Use the correct URI 2013-12-06 12:08:19 -06:00
sinn3r 5d4acfa274 Plenty of changes 2013-12-06 11:57:02 -06:00
sinn3r c07686988c random uri 2013-12-05 18:07:24 -06:00
sinn3r 8e9723788d Correct description 2013-12-04 17:25:58 -06:00
sinn3r fb2fcf429f This one actually works 2013-12-04 17:22:42 -06:00
sinn3r d0071d7baa Add CVE-2013-6414 Rails Action View DoS 2013-12-04 14:57:30 -06:00
Tod Beardsley 23448b58e7
Remove timeout checkers that are rescued anyway 2013-11-25 12:37:23 -06:00
Tod Beardsley f311b0cd1e
Add user-controlled verbs.
GET, HEAD, POST, and PROPFIND were tested on WebRick, all successful.
2013-11-25 12:29:05 -06:00
Tod Beardsley 6a28aa298e
Module for CVE-2013-4164
So far, just a DoS. So far, just tested on recent Rails with Webrick and
Thin front ends -- would love to see some testing on ngix/apache with
passenger/mod_rails but I don't have it set up at the moment.
2013-11-22 16:51:02 -06:00
jvazquez-r7 f963f960cb Update title 2013-11-18 15:07:59 -06:00
jvazquez-r7 274247bfcd
Land #2647, @jvennix-r7's module for Gzip Memory Bomb DoS 2013-11-18 15:06:46 -06:00
joev 589660872e Kill FILEPATH datastore option. 2013-11-18 14:13:25 -06:00
joev 8e889c61f7 Update description. 2013-11-17 15:48:27 -06:00
joev f7820139dc Add a content_type datastore option. 2013-11-17 15:38:55 -06:00
joev 43d2711b98 Default to 1 round compression. 2013-11-17 15:35:35 -06:00
joev 1e3860d648 Add gzip bomb dos aux module. 2013-11-17 14:44:33 -06:00
William Vu 2c485c509e Fix caps on module titles (first pass) 2013-11-15 00:03:42 -06:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
Tod Beardsley 9045eb06b0
Various title and description updates 2013-10-28 14:00:19 -05:00
jvazquez-r7 6989f16661
Land #2548, @titanous's aux module for CVE-2013-4450 2013-10-22 15:02:54 -05:00
jvazquez-r7 bdf07456ba Last cleanup for nodejs_pipelining 2013-10-22 15:00:58 -05:00
Jonathan Rudenberg db447b65f9 Add exploit for Node.js HTTP Pipelining DoS 2013-10-22 15:12:14 -04:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Tod Beardsley ba2c52c5de
Fixed up some more weird splat formatting. 2013-10-16 16:25:48 -05:00
Tod Beardsley ed0b84b7f7
Another round of re-splatting. 2013-10-15 14:14:15 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat
[SeeRM #8496]
2013-10-15 13:51:57 -05:00
darknight007 7b82c64983 ms12-020 stack print resolve 2013-10-12 16:49:03 +05:00
darknight007 e1b9f1a3c4 modified ms12-020 module to resolve stack print 2013-10-12 16:36:37 +05:00
darknight007 291b90405d Merge branch 'master' of https://github.com/darknight007/metasploit-framework
Conflicts:
	modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids.rb
2013-10-12 16:23:09 +05:00
darknight007 602fd276bc using theirs 2013-10-12 16:20:26 +05:00
darknight007 4e50c574c5 Update ms12_020_maxchannelids.rb
ms12_020_maxchannelids.rb produces a call stack when the connection is timed out. 

To reproduct, just run the module against a system having no RDP enabled.
2013-10-12 15:39:13 +05:00
Meatballs c460f943f7
Merge branch 'master' into data_dir
Conflicts:
	modules/exploits/windows/local/always_install_elevated.rb
	plugins/sounds.rb
	scripts/meterpreter/powerdump.rb
	scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
darknight007 f1ab7b51b1 Update ms12_020_maxchannelids.rb
ms12_020_maxchannelids.rb produces a call stack when the connection is timed out. 

To reproduct, just run the module against a system having no RDP enabled.
2013-09-30 13:43:26 +05:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
FireFart 09fa7b7692 remove rport methods since it is already defined in Msf::Exploit::Remote::HttpClient 2013-09-25 23:50:34 +02:00
FireFart 84ec2cbf11 remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient 2013-09-25 23:42:44 +02:00
Tod Beardsley b4b7cecaf4 Various minor desc fixes, also killed some tabs. 2013-09-16 15:50:00 -05:00
jvazquez-r7 a40e0ba704 Clean up read_nttrans_ea_list 2013-09-07 16:11:00 -05:00
Tab Assassin 597f337d1b Retab changes for PR #2298 2013-09-05 13:52:10 -05:00
Tab Assassin acfef429c2 Merge for retab 2013-09-05 13:52:05 -05:00
Boris a23c1f1ad4 added additional "include" 2013-09-03 19:34:37 +04:00
Boris 9a33c674aa RHOST, RPORT removed, Tries option added 2013-09-01 22:58:22 +04:00
Boris 28ca62d60f New option added. Names now random. Dos check added 2013-08-31 13:18:22 +04:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
Boris b3ec8f741f File moved to auxiliary with some bug fixes 2013-08-29 00:11:34 +04:00
Tod Beardsley bc24f99f8d Various description and title updates 2013-07-01 15:37:37 -05:00
sinn3r 6168eb7590 Land #1981 - Canon Wireless Printer Denial of Service 2013-06-18 19:04:48 -05:00
sinn3r 7d15dc379d Make msftidy happy 2013-06-18 19:04:03 -05:00
Matt Andreko 0533ca68dc Added DoS result checking
Lowered the http timeout
2013-06-18 19:48:21 -04:00
Matt Andreko 8c28631d4b Fixed the date format
Removed the rport option
These are items that were code-review for my other related module, so
I figured they should be done here too
2013-06-18 12:17:50 -04:00
jvazquez-r7 6c2d99c2bc Land #1972, @wchen-r7's patch for [FixRM:#4704] 2013-06-17 23:17:22 -05:00
Tod Beardsley 4ca9a88324 Tidying up grammar and titles 2013-06-17 16:49:14 -05:00
Matt Andreko d877e4d489 Added CVE and disclosure date 2013-06-17 17:41:50 -04:00
sinn3r 8bdd89f68b [FixRM:#4704] - Fix EOFError in filezilla_server_port
If login fails, the module shouldn't continue sending commands to
the server, otherwise this causes an EOF.
2013-06-17 14:24:01 -05:00
Matt Andreko 3923bbeee9 Update 2013-06-15 18:28:58 -04:00
Matt Andreko 0494ac9218 Added Canon Wireless Printer DoS module 2013-06-15 18:23:04 -04:00
jvazquez-r7 fd74390952 Clean monkey_headers 2013-06-13 18:07:35 -05:00
sinn3r 73aff97053 Land #1950 - Monkey HTTPD Header Parsing Denial-of-Service
This is the reviewed/updated version of pull request #1950. We're
landing this one instead because the other one has a lot of
unnecessary commit messages.
2013-06-13 15:56:34 -05:00
Tod Beardsley f58e279066 Cleanup on module names, descriptions. 2013-06-10 10:52:22 -05:00
jvazquez-r7 3fbbe3e7b3 Make msftidy happy 2013-06-10 08:16:15 -05:00
jvazquez-r7 3c05cf4382 Land #1842, @viris DoS module for cve-2013-0229 2013-06-10 08:15:45 -05:00
Dejan Lukan 154894bda6 Added comments and merged jvazquez-r7-miniupnp_dos_clean branch. 2013-06-10 10:18:26 +02:00
jvazquez-r7 ec52795182 Clean for miniupnp_dos.rb 2013-06-06 11:19:26 -05:00
Dejan Lukan 2fe704ce38 Deleted undeeded comments and spaces. 2013-06-04 09:00:53 +02:00
William Vu 055e0a222c Land #1902, OSVDB reference for memcached 2013-06-03 14:57:43 -05:00
Tod Beardsley 4cf682691c New module title and description fixes 2013-06-03 14:40:38 -05:00
sinn3r b087951118 Add OSVDB reference 92867 for Memcached DoS module 2013-06-03 12:41:33 -05:00
sinn3r 116e2bb418 Landing #1782 - Added Memcached Remote Denial of Service module 2013-06-03 12:30:37 -05:00
sinn3r 3d9dcbf5bd Add a check to see if the host is down 2013-06-03 12:26:57 -05:00
Dejan Lukan 217b263af7 Moved the module to different location and make it msftidy.rb compliant. 2013-06-03 10:35:10 +02:00
Tod Beardsley e3384439ed 64-bit, not '64 bits' 2013-05-13 15:40:17 -05:00
jvazquez-r7 d37d211ecc Fix short escape sequences error 2013-05-09 17:29:55 -05:00
jvazquez-r7 b18a98259b Modify default rport 2013-05-09 16:24:54 -05:00
jvazquez-r7 3e1d1a3f98 Land #1659, @nmonkee's sap_soap_rfc_eps_delete_file module 2013-05-09 16:22:54 -05:00
jvazquez-r7 7b960a4f18 Add OSVDB reference 2013-05-06 00:54:00 -05:00
jvazquez-r7 a17062405d Clean up for sap_soap_rfc_eps_delete_file 2013-05-06 00:53:07 -05:00
jvazquez-r7 5adc2879bf Change module filename 2013-05-06 00:51:23 -05:00
jvazquez-r7 66a5eb74c5 Move file to auxiliary/dos/sap 2013-05-06 00:50:50 -05:00
Gregory Man 76e70adcff Added Memcached Remote Denial of Service module
https://code.google.com/p/memcached/issues/detail?id=192
2013-04-30 17:45:09 +03:00
sinn3r a09b3b8023 Lands #1169 - Adds a check
[Closes #1169]

Conflicts:
	modules/auxiliary/dos/http/apache_range_dos.rb
2013-04-22 15:50:15 -05:00
sinn3r 882b084cba Changes the default action 2013-04-22 15:47:38 -05:00
sinn3r 7e28a4ddb0 Uses "ACTIONS" keys instead of datastore options
It's better to use ACTIONS instead of datastore in this case. Also,
did some cleanup.
2013-04-22 15:41:47 -05:00
jvazquez-r7 225342ce8f final cleanup for sysax_sshd_kexchange 2013-04-08 20:28:37 +02:00
jvazquez-r7 5bc454035c Merge remote-tracking branch 'origin/pr/1710' into landing-pr1710 2013-04-08 20:20:11 +02:00
Matt Andreko f96baa7e7e Code Review Feedback
made the CLIENTVERSION always include the "SSH-2.0-OpenSSH_5.1p1 " to trigger DoS
2013-04-08 10:58:35 -04:00
Matt Andreko 4c8e19ad1a Added reference
Removed final debug print statement
2013-04-08 08:28:53 -04:00
James Lee 9086c53751 Not an HttpClient, so doesn't have normalize_uri
[FixRM #7851]
2013-03-28 13:16:21 -05:00
Matt Andreko fd5bd52e6d Added some error handling if the connection dies. 2013-03-18 17:26:40 -04:00
Matt Andreko 66dcbca562 Sysax Multi-Server SSHD DoS
This exploit affects Sysax Multi-Server version 6.10. It causes a
Denial of Service by sending a specially crafted Key Exchange, which
causes the service to crash.
2013-03-18 17:16:12 -04:00
jvazquez-r7 02f90b5bbd cleanup for dopewars 2013-03-14 15:53:19 +01:00
jvazquez-r7 4d9f2bbb06 Merge branch 'master' of https://github.com/dougsko/metasploit-framework into dougsko-master 2013-03-14 15:51:47 +01:00
James Lee 2f11796dfa Fix typo
[SeeRM #7800]
2013-03-13 16:10:20 -05:00
Doug P 22133ba8ff removed version number 2013-03-12 16:36:14 -04:00
Doug P 70da739666 fixed errors in dopewars.rb shown by msftidy 2013-03-12 15:47:31 -04:00
Doug P c8c50a6407 cleaned up dopewars module 2013-03-12 12:56:12 -04:00
doug a199c397e4 ... 2013-03-11 17:09:17 -04:00
doug 4d6e19b40b small edits to dopewars.rb 2013-03-11 17:07:05 -04:00
doug 0e607f8252 added dopewars module 2013-03-11 16:52:49 -04:00
James Lee 2160718250 Fix file header comment
[See #1555]
2013-03-07 17:53:19 -06:00
jvazquez-r7 781132b1cf cleanup for openssl_aesni 2013-03-05 22:41:16 +01:00
Wolfgang Ettlinger 867875b445 Beautified OpenSSL-AESNI module
Modifed the CVE-2012-2686 module to follow
suggestions by @jvazquez-r7:
* Added description for all fields in the
  SSL packets
* MAX_TRIES now required
* use get_once instead of timeout
2013-03-04 19:09:50 +01:00
Wolfgang Ettlinger e7015985e7 Added CVE-2012-2686
Added Module for a DoS issue in OpenSSL (pre 1.0.1d). Can be exploited
with services that use TLS >= 1.1 and AES-NI. Because of improper
length computation, an integer underflow occurs leading to a
segmentation fault. This module brute-forces serveral encrypted
messages - when the decrypted message coincidentally specifies a
certain value for the size, the integer underflow occurs. Though this
could be accomplished more effectively (e.g. implementing or
maninpulating and TLS implementation), this module still does what it
should do.
2013-02-27 22:57:53 +01:00
sinn3r 92093cd7d8 There's no HttpClient, so it shouldn't be using normalize_uri 2013-02-19 15:04:18 -06:00
sinn3r c174e6a208 Correctly use normalize_uri()
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Christian Mehlmauer e4a6669927 msftidy: remove $Revision$ 2013-01-03 01:05:45 +01:00
Christian Mehlmauer 4d8a2a0885 msftidy: remove $Revision$ 2013-01-03 01:01:18 +01:00
Christian Mehlmauer 95948b9d7c msftidy: remove $Revision$ 2013-01-03 00:58:09 +01:00
Christian Mehlmauer ca890369b1 msftidy: remove $Id$ 2013-01-03 00:54:48 +01:00
T0X1C-1 1714fa21b1 adjusted DOS part to use HttpClient 2012-12-17 15:46:39 +01:00
T0X1C-1 a48c14124b added CHECK functionality to the existing module 2012-12-13 16:54:50 +01:00
sinn3r 64a8b59ff9 Change CVE forma
Although the original text should work perfectly, for better
consistency, it's best to remove the "CVE" part. This may not
be a big deal in framework, but stands out a lot in Pro.
2012-12-09 01:09:21 -06:00
HD Moore 93a69ea62e Fix instances of invalid lower-case datastore use 2012-11-29 00:05:36 -06:00
Tod Beardsley 6b4c131cf5 Avoiding a future conflict with release 2012-11-20 13:24:19 -06:00
jvazquez-r7 e8fe6031e9 Let default timeout for send_request_cgi 2012-11-16 18:09:47 +01:00
jvazquez-r7 51f238ec38 up to date 2012-11-16 16:03:09 +01:00
Chris John Riley f88ec5cbc8 Add normalize_uri to modules that may have
been missed by PULL 1045.

Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)

ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
sinn3r 2c4273e478 Correct some modules with res nil 2012-10-29 04:41:30 -05:00
Michael Schierl 910644400d References EDB cleanup
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
Michael Schierl 39e81d3e53 Arch/Platform cleanup: aux modules need neither 2012-10-22 20:28:02 +02:00
David Maloney f75ff8987c updated all my authour refs to use an alias 2012-09-19 21:46:14 -05:00
sinn3r 9d97dc8327 Add Metasploit blogs as references, because they're useful. 2012-09-03 15:57:27 -05:00
sinn3r b46fb260a6 Comply with msftidy
*Knock, knock!*  Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
sinn3r e5dd6fc672 Update milw0rm references.
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links.  Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
HD Moore e31a09203d Take into account an integer-normalized datastore 2012-06-24 22:59:14 -05:00
HD Moore c388cba421 Fix up modules calling report_vuln() to use new syntax 2012-06-17 23:39:20 -05:00
sinn3r 3f0431cf51 Massive whitespace destruction
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
sinn3r b282901b08 Correct emails for aux and exploit modules 2012-06-04 21:58:01 -05:00
sinn3r 0fcc53b0a2 Handle nil for get_once 2012-06-04 15:31:10 -05:00
Christian Mehlmauer 6ae17db7d3 Adding FireFart's hashcollision DoS module
Have some minor edits below, looks like it all works now though.

Squashed commit of the following:

commit b7befd4889f12105f36794b1caca316d1691b335
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Jun 1 14:31:32 2012 -0500

    Removing ord in favor of unpack.

    Also renaming a 'character' variable to 'c' rather than 'i' which is
    easy to mistake for an Integer counter variable.

commit e80f6a5622df2136bc3557b2385822ba077e6469
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Jun 1 14:24:41 2012 -0500

    Cleaning up print msgs

commit 5fd65ed54cb47834dc646fdca8f047fca4b74953
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Jun 1 14:19:10 2012 -0500

    Clean up hashcollision_dos description

    Caps, mostly. One sentence I still don't get but it's not really a show
    stopper.

commit bec0ee43dc9078d34a328eb416970cdc446e6430
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Thu May 24 19:11:32 2012 +0200

    Removed RPORT, ruby 1.8 safe, no case insensitive check, error handling

commit 20793f0dfd9103c4d7067a71e81212b48318d183
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Tue May 22 23:11:53 2012 +0200

    Hashcollision Script (again)
2012-06-01 14:51:11 -05:00
Tod Beardsley 4772c1258e Removing hashcollision_dos module due to license violation
The description text is a copy-paste of
http://www.ocert.org/advisories/ocert-2011-003.html , which has a
specific creative commons liscence prohibiting derivative works.

Since I have no idea what else in this module is a license violating,
I'm pulling it completely. I suspect a lot, though -- there are weird
all-caps methods in the module that look like copy-pastes as well.

Next time, please contribute original work, or at least work that is not
encumbered by restrictive licensing.
2012-05-21 11:28:58 -05:00
Tod Beardsley eea20e773b Capitalization fixups on hashcollision_dos 2012-05-21 11:06:18 -05:00