Commit Graph

12670 Commits (7dbd690c99338b4c6d6f032166558ddddde91662)

Author SHA1 Message Date
sinn3r d7ca537a41 Microsoft module name changes
So after making changes for MSIE modules (see #3161), I decided to
take a look at all MS modules, and then I ended up changing all of
them. Reason is the same: if you list modules in an ordered list
, this is a little bit easier to see for your eyes.
2014-03-28 20:56:53 -05:00
sinn3r 466096f637 Add MSB number to name 2014-03-28 20:33:40 -05:00
William Vu c37dbd104a
Clean up perms and whitespace for owa_login 2014-04-02 01:45:15 -05:00
Tod Beardsley 2972220f60
Land #3047 for real.
Merge branch 'land-3047-really' into upstream-master
2014-04-01 13:16:13 -05:00
sinn3r 367652592c
Land #2964 - Powershell CMD Encoder 2014-04-01 10:26:38 -05:00
William Vu f9a7cfaa67
Land #3168, EICAR payload encoding 2014-04-01 09:17:10 -05:00
Spencer McIntyre dfec2eb53f Cleanup an expression and avoid fail_with 2014-03-31 18:05:20 -04:00
Spencer McIntyre 07e04717c2 Allow using a single URI and/or a list of URIs 2014-03-31 18:05:20 -04:00
Joshua Smith b21d5c1801 use TARGET_URI if given, otherwise TARGET_URIS_FILE 2014-03-31 18:05:20 -04:00
Spencer McIntyre 5e9e7e15c8 Return whether result is nil or not. 2014-03-31 18:05:20 -04:00
Spencer McIntyre 0ac112b5e7 Support checking a single URI for ntlm information. 2014-03-31 18:05:19 -04:00
Tod Beardsley fb20759fc2
Comment doc speelling 2014-03-31 16:42:50 -05:00
Tod Beardsley 6474c7be5c
Land #3166 and also #3167
[Closes #3167]
2014-03-31 16:21:07 -05:00
William Vu 3b6d73420e
Fix syntax error in dns_amp 2014-03-31 16:18:49 -05:00
William Vu d9df2fbf08
Land #3158, msftidy rank check for aux modules 2014-03-31 15:17:30 -05:00
Joshua Smith 159bc264a4 unretards the uri normalize loop 2014-03-31 15:58:21 -04:00
Joshua Smith 2290249a42 uses fail_with to bomb out on datastore probs 2014-03-31 15:52:05 -04:00
Joshua Smith 4f121e3e03 fixes if-logic for error condition 2014-03-31 15:38:05 -04:00
Tod Beardsley 894bbcae97
More fix-up on the DNS amplication scanner 2014-03-31 14:37:10 -05:00
Tod Beardsley 4d597174d0
Merge up from upstream/master 2014-03-31 14:33:28 -05:00
William Vu 387da26f8d
Land #3159, HP LaserJet printer SNMP enumeration 2014-03-31 12:48:23 -05:00
William Vu c6ceb8cdfd
Land #2929, DNS recursion amplification scanner 2014-03-31 12:47:46 -05:00
William Vu aaa15d13d9
Land #2928, extended SMTP open relay checks 2014-03-31 12:47:10 -05:00
Tod Beardsley ffdca3bf42
Fixup on some modules for release
There may be more coming, but if not, this should cover
this week's minor style changes.
2014-03-31 12:42:19 -05:00
Joshua Smith 2530fb9741 adds the return back in (forgot in prev commit) 2014-03-28 19:27:04 -04:00
Joshua Smith dc4b8461e8 unbreaks & DRYs my previous change. 2014-03-28 19:15:38 -04:00
Matteo Cantoni c559a6b39f fix description
(cherry picked from commit 7c860b9553)
2014-03-28 17:36:21 -05:00
Matteo Cantoni ae53d75cdb Module to HP LaserJet Printer SNMP Enumeration
(cherry picked from commit f18fef1864)
2014-03-28 17:36:21 -05:00
William Vu 2344a9368e
Fix warnings generated by #3158
Keeping ManualRanking for DoS modules.
2014-03-31 12:35:15 -05:00
jvazquez-r7 9374777da1
Land #2996, @mcantoni's jboss status aux module 2014-03-28 16:07:08 -05:00
jvazquez-r7 7689751c10 Module module location 2014-03-28 16:05:37 -05:00
jvazquez-r7 e3ec0e7624 Clean up jboss_status module 2014-03-28 16:04:43 -05:00
sinn3r a173fcf2fa Flash detection for firefox_svg_plugin
Good test case
2014-03-28 15:39:25 -05:00
jvazquez-r7 f7b1874e7d
Land #3151, @wchen-r7's use of BrowserExploitServer in ms13-59's exploit 2014-03-28 14:43:38 -05:00
jvazquez-r7 69369c04b3
Land #3126, @xistence's exploit for SePortal 2014-03-28 13:52:59 -05:00
jvazquez-r7 7b56c9edac Add references 2014-03-28 13:51:56 -05:00
Tod Beardsley 196e07c5b1
Touch up the EICAR stuff 2014-03-28 11:45:28 -05:00
Christian Mehlmauer 94494e38e7
Land #3152 - Use normalize_uri for module wp_property_upload_exec 2014-03-28 13:22:54 +01:00
William Vu 5458200434
Fix a couple minor annoyances in PJL 2014-03-28 02:19:30 -05:00
William Vu c1fdc4d945
Fix a couple things that were bugging me 2014-03-28 02:15:38 -05:00
sinn3r f4e62a8dcd
Land #3146 - Firefox Gather Cookies from Privileged Javascript Shell 2014-03-27 13:14:22 -05:00
sinn3r 0b3f49f22a
Land #3145, Clean up firefox_svg_plugin, use FirefoxPrivilegeEscalation mixin 2014-03-27 12:59:49 -05:00
Kurt Grutzmacher 0b766cd412 changes per firefart 2014-03-27 10:08:44 -07:00
Kurt Grutzmacher 744308bd35 tab... 2014-03-27 05:24:55 -07:00
Kurt Grutzmacher a8c96213f0 normalize_uri for wp_property_upload_exec 2014-03-27 05:22:56 -07:00
sinn3r 8ec10f7438 Use BrowserExploitServer for MS13-059 module 2014-03-26 17:49:01 -05:00
Michael Messner 4319885420 we do not need pieces ... 2014-03-26 20:45:30 +01:00
jvazquez-r7 19918e3207
Land #3143, @wchen-r7's switch to BrowserExploitServer on ie_setmousecapture_uaf 2014-03-26 14:16:35 -05:00
jvazquez-r7 7ce71445fe
Land #3140, @wchen-r7's requirements for ms14_012_textrange 2014-03-26 14:07:05 -05:00
Joe Vennix b7f1cee8d3 Remove targets from post module. 2014-03-26 13:55:02 -05:00
Joe Vennix ed8bf6279b Use #run, not #exploit, for post modules. 2014-03-26 13:51:05 -05:00
Joe Vennix 6c51e0fd0d Add cookie gathering post module for FF privileged sessions. 2014-03-26 13:49:53 -05:00
Joe Vennix 80808fc98c Cleans up firefox SVG plugin. 2014-03-26 13:12:39 -05:00
Tod Beardsley 5b8d8d8009
Get Pro and Framework back in sync. 2014-03-26 09:25:19 -05:00
sinn3r fdc355147f Use BrowserExploitServer mixin for ie_setmousecapture_uaf.rb 2014-03-25 18:41:47 -05:00
William Vu cd448ba46c
Land #3132, ntp_monlist improvements 2014-03-25 15:19:45 -05:00
Joe Vennix 33651d0753
Fix formatting of hash options. 2014-03-25 14:43:53 -05:00
Joe Vennix c8784168d5 Fix references and whitespace in mips payloads. 2014-03-25 14:39:27 -05:00
William Vu 1c4797337f Clean up rapid7/metasploit-framework#3132 2014-03-25 14:04:43 -05:00
jvazquez-r7 c72c96f0e0
Land #3138, @rcvalle's exploit for CVE-2013-2143 2014-03-25 13:36:03 -05:00
jvazquez-r7 d83f665466 Delete commas 2014-03-25 13:34:02 -05:00
sinn3r 6c206e4ced Add a comment about what this build version range is covering 2014-03-25 11:43:13 -05:00
sinn3r 7108d2b90a Add ua_ver and mshtml_build requirements
This vulnerability is specific to certain builds of IE9.
2014-03-25 11:35:35 -05:00
joev 1ac3944627
Merge branch 'landing-pr-3095' into upstream-master 2014-03-25 10:56:42 -05:00
joev 1680f9cc5d
Land PR #3127, @m-1-k-3's mipsbe reboot payload, into master 2014-03-25 10:44:37 -05:00
Ramon de C Valle e27adf6366 Fix msftidy warnings 2014-03-25 10:39:40 -03:00
Michael Messner 50efd0b5d0 change name and filename and file included 2014-03-25 09:13:04 +01:00
Michael Messner a9952fa294 change name and filename 2014-03-25 09:11:16 +01:00
Michael Messner fca4425f95 feedback 2014-03-25 09:09:13 +01:00
Ramon de C Valle 473f745c3c Add katello_satellite_priv_esc.rb
This module exploits a missing authorization vulnerability in the
"update_roles" action of "users" controller of Katello and Red Hat
Satellite (Katello 1.5.0-14 and earlier) by changing the specified
account to an administrator account.
2014-03-24 23:44:44 -03:00
sinn3r 0c3a535434
Land #3133 - LifeSize UVC Authenticated RCE via Ping 2014-03-24 21:16:10 -05:00
sinn3r 53b25c8c93 Fix header & author e-mail format 2014-03-24 21:15:27 -05:00
Brandon Perry d2a9a26bc8 real fix for sinn3r bug 2014-03-24 18:40:48 -05:00
Brandon Perry ec35f4b13f some bugs for sinn3r 2014-03-24 18:17:50 -05:00
Brandon Turner 460a1f551c
Fix for R7-2014-05 2014-03-24 14:12:12 -05:00
Tod Beardsley cfdd64d5b1
Title, description grammar and spelling 2014-03-24 12:16:59 -05:00
Tod Beardsley cd9182c77f
Msftidy warning fix on Joomla module.
Pre-commit hooks people.
2014-03-24 12:03:12 -05:00
jvazquez-r7 c7ba7e4d92
Land #3131, @xistence's exploit for CVE-2014-1903 2014-03-24 08:48:06 -05:00
jvazquez-r7 c3b753f92e Make PHPFUNC advanced option 2014-03-24 08:47:31 -05:00
jvazquez-r7 4f333d84c9 Clean up code 2014-03-24 08:15:54 -05:00
Brandon Perry d6f397ab6d whoops that isn't how you EDB 2014-03-22 11:48:41 -05:00
Brandon Perry 291692d6e0 Update lifesize_uvc_ping_rce.rb 2014-03-22 11:30:00 -05:00
Brandon Perry 67a3a7227b Create lifesize_uvc_ping_rce.rb 2014-03-21 21:33:12 -05:00
Joshua Smith 312f117262 updates file read to close file more quickly 2014-03-21 14:53:15 -04:00
sinn3r 13f5c22536
Land #3129 - Fix 2782 with 2961 and stop stack-tracing download_exec 2014-03-21 11:36:59 -05:00
Matteo Cantoni 4b2a2d4dea Improve NTP monlist auxiliary module 2014-03-21 16:39:53 +01:00
Matteo Cantoni fbcd661504 removed snmp_enum_hp_laserjet from this pull request 2014-03-21 15:58:53 +01:00
xistence c4f0d8e179 FreePBX config.php RCE CVE-2014-1903 2014-03-21 10:29:15 +07:00
Spencer McIntyre aa26405c23 Cleanup an expression and avoid fail_with 2014-03-20 17:33:09 -04:00
sinn3r b02337d8b6
Land #3123 - Horde Framework Unserialize PHP Code Execution 2014-03-20 12:32:14 -05:00
Tod Beardsley 3d3681801a
Fix linux download_exec for #2961
Note! This module already seems pretty broken, in that it doesn't appear
to correctly locate curl or wget. Will open another bug on that.

[See RM #8777]
2014-03-20 12:09:38 -05:00
sinn3r 0c4b71c8bf
Land #3094 - Joomla weblinks-categories Unauth SQLI Arbitrary File Read 2014-03-20 12:08:18 -05:00
sinn3r 93ad818358 Fix header and e-mail format for author 2014-03-20 12:07:50 -05:00
jvazquez-r7 a5afd929b4 Land #3120, @wchen-r7's exploit for CVE-2014-0307 2014-03-20 11:16:40 -05:00
jvazquez-r7 8cb7bc3cbe Fix typo 2014-03-20 11:13:57 -05:00
Spencer McIntyre 74398c4b6e Allow using a single URI and/or a list of URIs 2014-03-20 09:54:02 -04:00
Michael Messner 4f1404eecc reboot payload for mipsbe 2014-03-20 12:37:58 +01:00
xistence 2845f834c6 changed cookie retrieval to res.get_cookies 2014-03-20 16:39:26 +07:00
xistence 7bfb8e95e6 minor changes to seportal module 2014-03-20 13:44:39 +07:00
xistence 5ef49ff64b SePortal 2.5 SQLi Remote Code Execution 2014-03-20 12:02:06 +07:00