226f4dd8cc
Use execute_shellcode for novell_client_nicm.rb
2013-07-03 13:57:41 -05:00
f9cfba9021
Use execute_shellcode for novell_client_nwfs.rb
2013-07-03 13:55:50 -05:00
6e44cb56bf
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-03 12:44:47 -05:00
f3f3a8239e
Land #2043 , @ricardojba exploit for InstantCMS
2013-07-03 12:11:30 -05:00
2f77e8626f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-03 11:56:25 -05:00
7ef5695867
[FixRM:#8129] - Remove invalid metasploit.com references
...
These "metasploit.com" references aren't related to the vulns,
shouldn't be in them.
2013-07-03 11:52:10 -05:00
c07e65d16e
Improve and clean instantcms_exec
2013-07-03 11:37:57 -05:00
2a6056fd2a
exploits/s4u_persistence~Fixed typos+default values
2013-07-03 00:38:50 +01:00
dd876008f9
Update instantcms_exec.rb
2013-07-02 17:26:14 +01:00
146d1eb27d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-02 10:06:00 -05:00
1110aefe49
Land #2038 , @modpr0be exploit for ABBS Audio Media Player
2013-07-01 23:20:50 -05:00
2e5398470b
remove additional junk, tested and not needed
2013-07-02 09:23:42 +07:00
72f19181d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-01 16:38:19 -05:00
dafa333e57
Update instantcms_exec.rb
2013-07-01 22:03:37 +01:00
bc24f99f8d
Various description and title updates
2013-07-01 15:37:37 -05:00
9b8bfa6290
change last junk from rand_text_alpha_upper to rand_text
2013-07-01 23:49:19 +07:00
c631778a38
make a nice way to fill the rest of buffer
2013-07-01 23:39:08 +07:00
760133d878
Error on line 60
2013-07-01 12:04:03 -04:00
dbce1b36e5
Land #2036 - CVE-2013-3660
...
Thx Tavis, Keebie4e, and Meatballs
2013-07-01 10:55:51 -05:00
4cd08966ff
added InstantCMS 1.6 PHP Code Injection
2013-07-01 11:44:47 -04:00
478beee38b
remove unnecessary option and make msftidy happy
2013-07-01 18:51:47 +07:00
f16d097c00
clean version, tested on winxp sp3 and win7 sp1
2013-07-01 18:35:50 +07:00
f58f481399
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-30 22:36:46 -05:00
e0ae71e874
minor fixing in the exploit module description
2013-07-01 03:27:06 +07:00
007fddb6bf
remove SEH function, not needed
2013-07-01 03:13:20 +07:00
1e4b69ab03
Added abbs amp exploit module
2013-07-01 03:08:22 +07:00
0ff1cd24a9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-30 10:03:30 -05:00
867eed7957
Make msftidy happy
2013-06-30 10:01:40 -05:00
db00599d44
Move carberp_backdoor_exec to unix webapp exploits foler
2013-06-30 10:00:14 -05:00
d990c7f21f
Dat line
2013-06-29 09:46:36 -07:00
ec7c9b039a
Further refactoring requested
2013-06-29 09:45:22 -07:00
a2b8daf149
Modify fail message when exploitation doen't success
2013-06-29 10:45:13 -05:00
a5c3f4ca9b
Modify ruby code according to comments
2013-06-29 08:54:00 -05:00
8542342ff6
Merge branch 'carberp_backdoor_exec' of git@github.com:bwall/metasploit-framework.git into carberp_backdoor_exec
2013-06-28 22:45:03 -07:00
b8cada9ab0
Applied some refactoring to decrease line count
2013-06-28 22:44:23 -07:00
427e26c4dc
Fix current_pid
2013-06-28 21:36:49 -05:00
32ae7ec2fa
Fix error description and bad variable usage
2013-06-28 21:30:33 -05:00
fb67002df9
Switch from print_error to print_warning
2013-06-28 21:29:20 -05:00
3ab948209b
Fix module according to @wchen-r7 feedback
2013-06-28 20:44:42 -05:00
00416f3430
Add a new print_status
2013-06-28 18:23:49 -05:00
7725937461
Add Module for cve-2013-3660
2013-06-28 18:18:21 -05:00
9486364cc4
Added Steven K's email
2013-06-28 15:31:17 -07:00
fe0e16183c
Carberp backdoor eval PoC
2013-06-28 14:47:13 -07:00
3c1af8217b
Land #2011 , @matthiaskaiser's exploit for cve-2013-2460
2013-06-26 14:35:22 -05:00
81a2d9d1d5
Merge branch 'module_java_jre17_provider_skeleton' of https://github.com/matthiaskaiser/metasploit-framework
2013-06-26 14:32:59 -05:00
90b30dc317
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-26 14:31:52 -05:00
e4fb5b327f
Land #2028 , update references for multiple modules
2013-06-26 10:18:27 -05:00
6ea622c45e
reference updates
2013-06-26 09:44:56 -05:00
7ab4d4dcc4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 17:34:29 -05:00
3e929fb812
Use fixed `write_file` instead of re-implementing
2013-06-25 17:25:14 -05:00
5b71013dde
reference updates
2013-06-25 13:41:22 -05:00
4fa789791d
Explain Ranking
2013-06-25 13:10:15 -05:00
127300c62d
Fix also ruby module
2013-06-25 12:59:42 -05:00
1ade467ac9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 11:10:43 -05:00
b32513b1b8
Fix CVE-2013-2171 with @jlee-r7 feedback
2013-06-25 10:40:55 -05:00
3244013b1f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:48:20 -05:00
c9a7372f9f
Land #2014 , @wchen-r7's exploit for CVE-2013-2171
2013-06-25 09:33:56 -05:00
0c306260be
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:13:01 -05:00
d6374ddfff
Land #2020 , CVE and OSVDB update
2013-06-25 08:17:54 -05:00
4df943d1a2
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
795dd6a02a
Add module for OSVDB 93718
2013-06-24 23:51:28 -05:00
e9fccb8dbd
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-24 22:07:48 -05:00
72847ee4c9
Land #2007 - Add local privilege escalation for ZPanel zsudo
2013-06-24 19:25:27 -05:00
ca8ce363b8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-24 16:32:55 -05:00
d974e395e4
Add a check by checking uname
2013-06-24 15:54:41 -05:00
6b8e0605c0
Use FileDropper
2013-06-24 15:48:54 -05:00
24b7d19ecc
Fix target regex and wfsdelay
2013-06-24 14:56:43 -05:00
b86b4d955a
Make random strings also length random
2013-06-24 12:01:30 -05:00
98fddb6ce1
up to date
2013-06-24 11:57:11 -05:00
6780566a54
Add CVE-2013-2171: FreeBSD 9 Address Space Manipulation Module
2013-06-24 11:50:21 -05:00
f7650a4b18
Fix wrong local variable
2013-06-24 11:35:26 -05:00
b3d90c68a4
Land #2008 - More OSVDB refs
2013-06-24 01:53:29 -05:00
8a96b7f9f2
added Java7u21 RCE module
...
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
31fcb911f2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-23 21:41:10 -05:00
a920127f8c
reference updates for several modules
2013-06-23 20:43:34 -05:00
5b0092ff39
Land #2006 - Ref updates
2013-06-23 18:26:48 -05:00
6672679530
Add local privilege escalation for ZPanel zsudo abuse
2013-06-23 11:00:39 -05:00
b49c4c4e9e
up to date
2013-06-22 18:28:17 -05:00
345773592f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-22 13:54:47 -05:00
04e6167f90
zpanel
2013-06-22 13:54:22 -05:00
e9883fe5b9
Land #2005 , @wchen-r7's exploit for ZPanel htpasswd
2013-06-22 13:24:23 -05:00
2150d9efb0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-22 12:06:18 -05:00
427f063c48
fix formatting
2013-06-22 07:32:29 -05:00
1e25dedb66
fix formatting
2013-06-22 07:31:47 -05:00
14850cd387
reference updates for multiple modules
2013-06-22 07:28:04 -05:00
de659326ce
Land #2003 - Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation
2013-06-21 21:52:32 -05:00
5de7fff685
Credit
2013-06-21 21:38:40 -05:00
339f2a5c83
Hmmm, one extra ','
2013-06-21 21:29:17 -05:00
8d422c9a39
Forgot to randomize the fake pass and remove the payload during testing
2013-06-21 21:27:11 -05:00
e7d75d6d16
Add OSVDB-94038: ZPanel htpasswd Module Username Command Execution
2013-06-21 21:03:10 -05:00
afa0e6c42a
Use CmdStagerVBS instead of CmdStagerTFTP
...
By using `php.exe` as stager, the bad characters can be completely
bypassed. This allows the use of the CmdStagerVBS, which should be
working on all supported Windows systems.
2013-06-22 01:13:03 +02:00
f106b6db50
Add comment with the component version
2013-06-21 17:38:30 -05:00
5fe9a80bf0
Add module for OSVDB 46578
2013-06-21 17:31:40 -05:00
2c12a43e77
Add a method for dealing with hardcoded URIs
2013-06-21 15:48:02 -05:00
785639148c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-20 17:18:42 -05:00
4cc1f2440d
Land #1996 , references for several modules
2013-06-20 11:32:55 -05:00
322ba27f0f
re-order refs
2013-06-20 11:17:23 -05:00
22026352e6
Land #1995 , OSVDB reference for Gitorious
2013-06-20 10:51:51 -05:00
e4cbd4b174
Land #1994 , OSVDB reference for JBoss
2013-06-20 10:51:28 -05:00
66f4424202
fix formatting
2013-06-20 10:41:14 -05:00
a3a5dec369
add osvdb ref 94441
2013-06-20 08:03:34 -05:00
abea7e6a47
add osvdb ref 76389
2013-06-20 07:55:50 -05:00
cab20062a4
add osvdb ref 84706
2013-06-20 07:38:34 -05:00
a824a0583e
add osvdb ref 89059
2013-06-20 07:34:15 -05:00
89f649ab99
add osvdb ref 89026
2013-06-20 07:28:29 -05:00
2b55e0e0a6
add osvdb ref 64171
2013-06-20 07:17:22 -05:00
d19bd7a905
add osvdb 85739, cve 2012-5159, edb 21834
2013-06-20 07:01:59 -05:00
6cc7d9ccae
add osvdb ref 85446 and edb ref 20500
2013-06-20 06:54:06 -05:00
ee21120c04
add osvdb ref 85509
2013-06-20 06:47:10 -05:00
ade970afb8
add osvdb ref 89322
2013-06-20 06:44:22 -05:00
42690a5c48
add osvdb ref 77492
2013-06-20 06:38:47 -05:00
0dca5ede7e
add osvdb ref 78480
2013-06-20 06:07:08 -05:00
29bc169507
add osvdb ref 64171
2013-06-20 06:00:05 -05:00
8dfe9b5318
Add login feature
2013-06-20 04:16:23 -05:00
ebde05b783
Improve check
2013-06-20 03:18:33 -05:00
20621d17de
Add CVE-2013-3576 - HP System Management Homepage exploit
2013-06-20 03:08:42 -05:00
fc7670fa5f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-19 23:16:04 -05:00
494ee160af
Fix indent
2013-06-19 23:12:12 -05:00
2d99c46414
Land #1990 , @wchen-r7's exploit for Libretto CMS
2013-06-19 23:11:34 -05:00
079477c57d
Commit final version
2013-06-19 20:35:24 -05:00
869438cb73
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-19 19:57:40 -05:00
62b23bc594
Initial (incomplete) commit
2013-06-19 16:59:15 -05:00
81b4efcdb8
Fix requires for PhpEXE
...
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
6d1101b65b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-19 12:14:53 -05:00
d347be35e9
Land #1986 - Restores MoinMoin during exploitation
2013-06-19 12:14:10 -05:00
a894dc83c2
Try restore also at exploiting time
2013-06-19 11:35:52 -05:00
7b0977f897
Change base path
2013-06-19 11:33:45 -05:00
f0c81ed3cc
Correct disclosure date
2013-06-19 03:00:32 -05:00
67593d6ef4
Eh, PHP, not "php"
2013-06-19 02:34:49 -05:00
9c3bd12613
If I can't write, I want to know.
...
It's possible that the upload directory doesn't allow write, the
module should be aware of that. Other reasons may be possible.
2013-06-19 02:32:30 -05:00
19d868748d
Final version
2013-06-19 02:21:01 -05:00
5c1822ea17
Initial commit for havalite module
2013-06-18 19:00:42 -05:00
fd397db6e0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-18 14:09:33 -05:00
b514124997
Land #1979 - OSVDB update
2013-06-18 10:42:09 -05:00
fbd16a2f3e
Land #1978 - OSVDB update
2013-06-18 10:41:33 -05:00
1e46f7df48
Land #1977 - OSVDB update
2013-06-18 10:40:55 -05:00
d0ed9a6687
Land #1976 - OSVDB update
2013-06-18 10:40:00 -05:00
9e3053f24d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-18 10:00:44 -05:00
aa134b0bcc
Land #1973 , @wchen-r7's fix to handle ftp auth correctly
2013-06-18 09:34:55 -05:00
2b46828d9c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-18 08:27:18 -05:00
e278ac5061
add osvdb ref 91841
2013-06-18 06:41:30 -05:00
404a9f0669
add osvdb ref 89594
2013-06-18 06:25:57 -05:00
27158d89c7
add osvdb ref 89105
2013-06-18 06:15:29 -05:00
2afc90a8de
fix typos
2013-06-18 06:05:45 -05:00
2c3181b56b
add osvdb ref 90627
2013-06-18 05:59:39 -05:00
070111a520
Land #1975 - Add CVE-2012-6081 (MoinMoin twikidraw Action Traversal)
2013-06-17 22:31:36 -05:00
3223ea799c
An invalid WritablePage option can result the same message as well.
2013-06-17 22:30:44 -05:00
ae1a3e3ca1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-17 20:39:31 -05:00
044bd2101f
Authenticate against the page to modify
2013-06-17 20:34:02 -05:00
4ca9a88324
Tidying up grammar and titles
2013-06-17 16:49:14 -05:00
de1561363e
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-17 16:43:33 -05:00
0bd6ca2a6a
Add module for CVE-2012-6081
2013-06-17 16:13:55 -05:00
820f589df0
Missed this one.
2013-06-17 15:52:53 -05:00
163d3e771b
Handle connect_login return value properly
...
Some modules ignore connect_login's return value, which may result
an EOF if send_cmd() is used later on. All the modules fixed are
the ones require auth according to the module description, or
CVE/vendor/OSVDB info.
2013-06-17 15:48:34 -05:00
b51349ed77
Land #1968 , OSVDB reference for ManageEngine
2013-06-17 10:30:05 -05:00
8fac0aaf6b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-17 08:24:39 -05:00
e37a0b871f
add osvdb ref 86562
2013-06-17 06:04:54 -05:00
6e57ecab59
add osvdb ref 79246 and edb ref 18492
2013-06-17 05:58:00 -05:00
e17ccdda3a
add osvdb ref 68662
2013-06-16 18:11:13 -05:00
11bf17b0d6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-15 11:55:22 -05:00
0cf2751ec1
Land #1965 , OSVDB reference for pBot
2013-06-15 07:39:25 -05:00
d35dd73328
add osvdb ref 84913
2013-06-15 07:30:23 -05:00
638175a6be
Land #1964 , OSVDB reference for StorageWorks
2013-06-15 07:27:43 -05:00
0c6157694f
add osvdb ref 82087
2013-06-15 07:22:32 -05:00
6e8b844954
add osvdb ref 89611
2013-06-15 07:12:44 -05:00
63483a979d
add osvdb ref 89611
2013-06-15 07:09:26 -05:00
bd17e67f75
Land #1960 , lower ranking for MS13-009
2013-06-14 15:28:06 -05:00
2abf70a1ca
Lower ranking for MS13-009
...
We haven't been able to make this one more reliable, so todb suggests
we lower the ranking first.
2013-06-14 15:24:43 -05:00
d35c3469e8
Fix typo
...
EDB reference
2013-06-14 15:16:20 -05:00
2d083be8e7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-14 13:28:44 -05:00
0d384d23b8
Land #1954 - Fix resource_uri and mp4 file path
2013-06-14 13:15:17 -05:00
060261bb3b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-14 13:15:13 -05:00
933ac88b44
Missing the file param that's needed to download the mp4
2013-06-14 13:13:48 -05:00
d2df3234f4
Land #1955 - mozilla_mchannel.rb undefined agent variable
2013-06-14 11:14:20 -05:00
223807d0df
Land #1956 - fix regex error for mozilla_reduceright.rb
2013-06-14 11:09:49 -05:00
86258e32b1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-13 16:05:03 -05:00
0440c03c7a
Land #1934 - Fix UltraISO Exploit File Creation
2013-06-13 13:57:09 -05:00
95118895d6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-13 13:05:42 -05:00
81813a78fc
Fix module Name
2013-06-13 11:55:23 -05:00
707bc33148
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-13 10:17:28 -05:00
eaba8e7b59
up to date
2013-06-12 15:44:00 -05:00
afb2f83238
Add module for CVE-2012-1533
2013-06-12 14:40:53 -05:00
0b9cf213df
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-12 12:03:10 -05:00
c38eabe481
Fix description, code and perform test
2013-06-12 11:07:03 -05:00
5c8053491f
Add DEP bypass for ntdll ms12-001
2013-06-12 10:41:05 -05:00
a1c7961cbc
Suport js obfuscation for the trigger
2013-06-12 08:06:12 -05:00
5240c6e164
Add module for MS13-037 CVE-2013-2551
2013-06-12 07:37:57 -05:00
45da645717
Update ff svg exploit description to be more accurate.
2013-06-11 12:12:18 -05:00
9ea58ba165
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-11 10:40:01 -05:00
081baad68c
Remove variable 'overflow' because it's not used
...
The 'overflow' variable isn't needed
2013-06-11 02:26:45 -05:00
ca0ab8d6ee
maxthon_history_xcs.rb - fix User-agent string
...
request.headers['User-agent'] is incorrect, it should be
request.headers['User-Agent'].
Downloaded following version from oldapps.com to confirm
the exploit code is wrong.
Supported Systems Windows 98, 2000 (Maxthon 2.5.15 Build
1000), XP, Vista, 7, 8
MD5 Checksum F3791637C886A46940876211209F82F4
SHA1 Checksum 039BB218245E5DC1BAB0F57298C68AC487F86323
Release Date 20 October, 2011 (2 years ago )
2013-06-11 13:37:21 +10:00
69c25014ae
Make msftidy happy
2013-06-13 18:58:38 -05:00
12801430e3
Update both ultraiso files to the right fix
2013-06-13 18:44:19 -05:00
4e41e871bb
mozilla_reduceright.rb - fix regex error.
...
[] is character class, and will match on 1, 6, 7, and |.
Where as (16|17) will match on either 16, or 17.
irb(main):053:0> y = /Firefox\/3\.6\.[16|17]/
=> /Firefox\/3\.6\.[16|17]/
irb(main):054:0> x = "Firefox/3.6.13"
=> "Firefox/3.6.13"
irb(main):055:0> x =~ y
=> 0
irb(main):056:0> y = /Firefox\/3\.6\.(16|17)/
=> /Firefox\/3\.6\.(16|17)/
irb(main):057:0> x =~ y
=> nil
2013-06-11 11:52:27 +10:00
996171b35f
mozilla_mchannel.rb undefined agent variable
...
If the TARGET is chosen instead of using the default
automatic, the agent variable will be undefined, which
causes the exploit to fail.
2013-06-11 10:43:47 +10:00
72b871d762
up to date
2013-06-10 16:37:05 -05:00
d91b412661
adobe_flash_sps.rb - resource_uri vs get_resource
...
resource_uri will randomize the returned uri unless
datastore['URIPATH"] is set.
get_resource will return the currently used reosurce_uri
Since the incorrect type is used, this exploit is completely broken.
Tested fix with both URIPATH set to / and unset, and it works after
redirect.
2013-06-11 07:13:02 +10:00
9c44ea0c61
up to date
2013-06-10 13:02:01 -05:00
b20a38add4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-10 12:22:52 -05:00
0895184e1f
Land #1932 - Actually support OUTPUTPATH datastore option
2013-06-10 11:22:28 -05:00
sinn3r
jvazquez-r7
g0tmi1k
Ricardo Almeida
modpr0be
Tod Beardsley
Brian Wallace
(B)rian (Wall)ace
William Vu
Steve Tornio
James Lee
HD Moore
Matthias Kaiser
Markus Wulftange
Joe Vennix
Ruslaideemin