infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,150 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

464 Commits (7c1442c4b49ae646a879b0fa4e0d0dc46e1ecf61)

Author SHA1 Message Date
sinn3r 0e1fff2c4b Change the output style to comply with egyp7's expectations. 2012-04-10 13:42:52 -05:00
sinn3r 76c12fe7e6 Whitespace cleanup 2012-04-10 13:22:10 -05:00
Michael Schierl 705cf41858 Add firefox_xpi_bootstrapped_addon exploit 
This is similar to java_signed_applet as it does not exploit a vulnerability, but
hope that the user will trust the addon.
 2012-04-10 13:39:54 +02:00
andurin 4e955e5870 replace spaces with tabs 2012-04-06 10:45:10 -05:00
andurin 67e6c7b850 tomcat_mgr_deploy may report successful creds 
Using following code for 'check' as 'exploit':
               report_auth_info(
                       :host   => rhost,
                       :port   => rport,
                       :sname  => (ssl ? "https" : "http"),
                       :user   => datastore['BasicAuthUser'],
                       :pass   => datastore['BasicAuthPass'],
                       :proof  => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
                       :active => true
               )

Resulting in:

Credentials
===========

host           port  user    pass    type      active?
----           ----  ----    ----    ----      -------
192.168.x.xxx  8080  tomcat  s3cret  password  true
 2012-04-06 10:45:10 -05:00
Tod Beardsley 14e3cd75dc Revert "tomcat_mgr_deploy may report successful creds" 
This reverts commit 937f8f035a.
 2012-04-05 16:17:06 -05:00
sinn3r 8628991b1d Merge pull request #305 from jlee-r7/bap-refactor 
Bap refactor
 2012-04-05 08:02:43 -07:00
andurin 937f8f035a tomcat_mgr_deploy may report successful creds 2012-04-05 11:09:56 +02:00
James Lee 974d95b175 Both of these are obsoleted by java_atomicreferencearray 2012-04-03 18:23:42 -06:00
sinn3r bd5f43c918 Add another good reference by @mihi42 2012-04-01 01:30:50 -05:00
sinn3r bab4cddd83 Add Jeroen Frijters for finding/reporting the bug 2012-03-31 03:01:09 -05:00
James Lee cc54a260f5 Merge remote branch 'upstream/master' 2012-03-30 14:31:12 -06:00
James Lee 0547369966 Add bap support for flash mp4 and new java bug 
Also fixes a silly issue where adobe_flash_mp4_cprt was adding the
/test.mp4 resource after every request instead of just once at startup.
 2012-03-30 12:59:07 -06:00
Steve Tornio ae21c05e69 add osvdb ref 2012-03-30 07:26:07 -05:00
sinn3r e018c6604f Modify CVE-2012-0507 2012-03-30 02:06:56 -05:00
Tod Beardsley f069a32223 Merge pull request #288 from wchen-r7/cve_2012_0507 
Adding sinn3r and juan's exploit for CVE-2012-0507. Blog post coming soon.
 2012-03-29 08:46:49 -07:00
sinn3r 791ebdb679 Add CVE-2012-0507 (Java) 2012-03-29 10:31:14 -05:00
Tod Beardsley 2f3bbdc00c Sed replacement of exploit-db links with EDB refs 
This is the result of:

find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/\([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
 2012-03-21 16:43:21 -05:00
Tod Beardsley 23c9c51014 Fixing CVE format on sit_file_upload. 2012-03-21 09:59:20 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
sinn3r 7c77fe20cc Some variables don't need to be in a double-quote. 2012-03-17 20:37:42 -05:00
Tod Beardsley e3f2610985 Msftidy run through on the easy stuff. 
Still have some hits, but that requires a little more code contortion to
fix.
 2012-03-15 17:06:20 -05:00
Tod Beardsley 9144c33345 MSFTidy check for capitalization in modules 
And also fixes up a dozen or so failing modules.
 2012-03-15 16:38:12 -05:00
sinn3r 5250b179c8 Add CVE and OSVDB ref 2012-03-15 04:40:27 -05:00
James Lee 8d93e3ad44 Actually use the password we were given... 2012-03-08 10:17:39 -07:00
James Lee 02ea38516f Add a check method for tomcat_mgr_deploy 2012-03-06 23:22:44 -07:00
sinn3r 22a12a6dfc Add Lotus CMS exploit (OSVDB-75095) 2012-03-06 11:36:28 -06:00
James Lee 464cf7f65f Normalize service names 
Downcases lots and standardizes a few.  Notably, modules that reported a
service name of "TNS" are now "oracle".  Modules that report http
now check for SSL and report https instead.

[Fixes #6437]
 2012-02-21 22:59:20 -07:00
HD Moore 4932a9ca25 Dont dump an HTML document to the console 2012-02-21 23:45:25 -06:00
Tod Beardsley 4a631e463c Module title normalization 
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/

The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
 2012-02-21 11:07:44 -06:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
HD Moore af56807668 Cleanup the titles of many exploit modules 2012-02-20 19:25:55 -06:00
sinn3r 5bb9afe789 Correct disclosure date format 2012-02-16 18:15:51 -06:00
Joshua J. Drake 01a6b02c3e Add exploit for CVE-2012-0209, thx eromang! 2012-02-16 03:10:55 -06:00
Joshua J. Drake d2444e1cf6 fix a few typos 2012-02-16 03:10:22 -06:00
Tod Beardsley 829040d527 A bunch of msftidy fixes, no functional changes. 2012-02-10 19:44:03 -06:00
Jonathan Cran c3bd151197 add a ranking 2012-01-31 20:43:32 -06:00
Steve Tornio e392958d90 add osvdb ref 2012-01-31 07:06:33 -06:00
sinn3r bfd4734cbf Forgot to add CMD as a datastore option, here it is 2012-01-30 17:34:58 -06:00
sinn3r 08134ad600 Add Exploit-DB reference 2012-01-30 16:17:25 -06:00
sinn3r f3c340a9ab Add vBSEO proc_deutf() Remote Code Execution (Feature #6307) 2012-01-30 16:15:27 -06:00
sinn3r 9e5d2ff60e Improve URI, plus some other minor changes. 2012-01-19 13:26:25 -06:00
joernchen of Phenoelit 2199cd18d7 fine tuning thx to sinn3r 2012-01-19 19:50:30 +01:00
joernchen of Phenoelit df9380500a disclosure date added 2012-01-19 19:19:53 +01:00
joernchen of Phenoelit 197eb16f72 gitorious remote command exec exploit 2012-01-19 11:36:08 +01:00
Tod Beardsley 7e25f9a6cc Death to unicode 
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.

Also adds a check in msftidy for stray unicode.
 2012-01-10 14:54:55 -06:00
Tod Beardsley e7d7302644 Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a viewer has a Unicode-capable terminal. 2012-01-09 11:22:44 -06:00
sinn3r 243dbe50f0 Correct author name. Unfortunately not all editors can print unicode correctly. 2012-01-07 15:18:25 -06:00
sinn3r 4e858aba89 Add CVE-2012-0262 Op5 welcome.php Remote Code Execution 2012-01-07 15:13:45 -06:00
sinn3r 4645c1c2b9 Add CVE-2012-0261 Op5 license.php Remote Code Execution 2012-01-07 15:12:49 -06:00
sinn3r d484e18300 Add e-mail for tecr0c 2011-12-29 11:14:15 -06:00
sinn3r b5b2c57b9f Correct e-mail format 2011-12-29 10:57:00 -06:00
Steve Tornio a00dad32fe Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2011-12-29 07:50:33 -06:00
Steve Tornio 27d1601028 add osvdb ref 2011-12-29 07:49:16 -06:00
Tod Beardsley 0e3370f1fe Grammar and spelling on splunk and oracle exploits 2011-12-28 13:42:56 -06:00
sinn3r 101eba6aa5 Add CVE-2011-3587 Plone/Zope Remote CMD Injection (Feature #6151) 2011-12-27 00:59:26 -06:00
sinn3r b5b24a1fbf Add a check. I decided not to try to login in the check function in order to remain non-malicious. 
However, this decision doesn't represent how modules should write their own check.
 2011-12-22 13:16:54 -06:00
sinn3r 262fe75e0a Add CVE-2011-4642 - Splunk Remote Code Execution (Feature #6129) 2011-12-22 13:04:37 -06:00
Steve Tornio 85caabbf5d add osvdb ref 2011-12-14 07:19:34 -06:00
HD Moore cb456337a0 Handle invalid http responses better, see #6113 2011-12-13 19:54:10 -06:00
sinn3r d87d8d5799 Add CVE-2011-4453 (PmWiki Remote code exeuction - Feature #6103) 2011-12-13 11:45:24 -06:00
sinn3r 32c8301c19 Add feature #6082 (Traq 2.3 Auth bypass remote code execution) 2011-12-12 15:45:19 -06:00
sinn3r e043fb52c2 Incrase timeout 2011-12-08 11:21:03 -06:00
sinn3r 5afba20c21 Merge pull request #43 from jduck/master 
Clear up how to use native payloads for tomcat_mgr_deploy
 2011-12-06 23:01:53 -08:00
sinn3r edec6b98ee Add feature #6067 Family Connections CMS 2.7.1 exploit 2011-12-07 00:00:56 -06:00
Joshua J. Drake ac7edc268a Add some more clear documentation for selecting payloads for this module. 2011-12-05 00:35:11 -06:00
Steve Tornio 2bb97791f7 Update OSVDF refs for servu module. 
* Added osvdb ref to servu module.
* Fixed rhino entry in osvdb, removed comment from module.

Squashed commit of the following:

commit 80ce65253f51e07a0bcb8900402a1b3d59eaeaa1
Author: Steve Tornio <swtornio@gmail.com>
Date:   Fri Dec 2 07:44:28 2011 -0600

    add osvdb ref

commit 558f20d84dd705b57b7f807a5ea3815e17b6f9f5
Author: Steve Tornio <swtornio@gmail.com>
Date:   Wed Nov 30 08:15:20 2011 -0600

    fixed in osvdb

[Closes #39]
 2011-12-02 13:21:41 -05:00
sinn3r 93a419c76b Having nothing on the webpage may probably confuse some novice users. But I do like stealth. 2011-12-01 03:02:35 -06:00
sinn3r f26f6da74b Add CVE-2011-3544 (feature #6023) Java Rhino exploit 2011-11-29 18:05:20 -06:00
Tod Beardsley f503bd9488 Fixes #5749 by converting to unix-style linefeeds and forcing jtr modules to read files as binary, and updating msftidy to allow for r+b as a ghetto append. 2011-11-28 17:52:34 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
David Maloney 4a22df4014 Fix to the axis2 Deployer exploit to add Default Target 2011-11-22 10:27:38 -08:00
David Maloney 30d1451159 Consolidation of the Axis2 Deployer Exploits 
Fixes #5276
 2011-11-22 08:47:53 -08:00
sinn3r 41d746a07a Add Support Incident Tracker (Feature #5964) by Juan 2011-11-12 12:36:21 -06:00
Matt Buck 16f45fc894 Add empty directories from svn repo. 2011-11-09 18:41:40 -06:00
Wei Chen e767214411 Fix: whitespaces, svn propset, author e-mail format 
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-06 22:02:26 +00:00
Wei Chen 0dff3f3e52 Add #5682 (phpscheduleit module). Thx Juan. 
git-svn-id: file:///home/svn/framework3/trunk@14073 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-26 18:06:12 +00:00
Will Vandevanter a0d8a08851 java meterpreter should be used when the target is set to automatic 
git-svn-id: file:///home/svn/framework3/trunk@14068 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 20:02:09 +00:00
Wei Chen 2b46420b36 check nil 
git-svn-id: file:///home/svn/framework3/trunk@14062 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 16:19:55 +00:00
Wei Chen 7ba5a8ec4e Module is busted when it loads, restoring to the original method. Mixin should not be loaded into an exploit 
git-svn-id: file:///home/svn/framework3/trunk@14061 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 16:04:33 +00:00
Wei Chen 9cb54e37c5 Handle payloads better, also add a cleanup routine specifically for php/exec 
git-svn-id: file:///home/svn/framework3/trunk@14060 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 05:25:39 +00:00
Wei Chen 2da07d4963 Fix bug #5834 (uri being nil in print_good) 
git-svn-id: file:///home/svn/framework3/trunk@14057 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 00:40:03 +00:00
Wei Chen 3da8bb8b69 Add feature #5820 by mr_me and tecr0c 
git-svn-id: file:///home/svn/framework3/trunk@14055 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-24 23:22:32 +00:00
Joshua Drake 62c8c6ea9f big msftidy pass, ping me if there are issues 
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-23 11:56:13 +00:00
Wei Chen 975cc52bac Fix spelling errors 
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-18 00:54:05 +00:00
Tod Beardsley c336d063da Mostly file format (unix linefeeds) and File.open() calls using binary. Fixed ranking for mozilla_nstreerange and disclosure and BID # for tugzip. 
git-svn-id: file:///home/svn/framework3/trunk@13971 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-17 04:20:53 +00:00
Tod Beardsley 94eb3ac14c Deleting a puts statement. 
git-svn-id: file:///home/svn/framework3/trunk@13968 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-17 03:52:10 +00:00
Tod Beardsley 30ac88694f More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster. 
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-17 02:58:53 +00:00
Tod Beardsley 020abd926b A handful of rankings changes, also converting whitespace. 
git-svn-id: file:///home/svn/framework3/trunk@13941 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 22:58:20 +00:00
Wei Chen 14d7db1641 Add disclosure dates to all the exploit modules that didn't have one 
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 21:09:17 +00:00
Wei Chen f2d328d969 cmd exec module should receive ExcellentRanking 
git-svn-id: file:///home/svn/framework3/trunk@13935 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 20:10:53 +00:00
HD Moore 142ae9288b Fix title 
git-svn-id: file:///home/svn/framework3/trunk@13933 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 19:56:57 +00:00
Wei Chen 262b3bbe00 Use Rex to encode payload to base64 
git-svn-id: file:///home/svn/framework3/trunk@13846 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-09 20:31:51 +00:00
Wei Chen 98157272fd Fix indentation for exploit description 
git-svn-id: file:///home/svn/framework3/trunk@13843 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-09 06:12:54 +00:00
Wei Chen d1b1b26d01 Add Feature #5499 (Snortreport module) 
git-svn-id: file:///home/svn/framework3/trunk@13842 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-09 06:10:18 +00:00
Wei Chen 44ac9d67e0 svn propset 
git-svn-id: file:///home/svn/framework3/trunk@13831 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-07 17:45:15 +00:00
Steve Tornio 9ec92ee603 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@13830 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-07 15:37:54 +00:00
HD Moore 9862987f45 Add a new module from joernchen 
git-svn-id: file:///home/svn/framework3/trunk@13829 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-07 15:30:24 +00:00
Wei Chen 612cdc8c73 No need to check if version is 'unknown' if nothing else (other than default) is assigned to it 
git-svn-id: file:///home/svn/framework3/trunk@13799 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-27 19:12:31 +00:00
Wei Chen 8bfdebeaf3 Handle the return value for send_request during the early stage 
git-svn-id: file:///home/svn/framework3/trunk@13791 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-25 19:28:15 +00:00