Commit Graph

10582 Commits (8fe9132159a19ce007f7259087e8c80c602ba1fd)

Author SHA1 Message Date
jvazquez-r7 b3f229ff59 Add module for CVE-2013-3928 2013-08-12 17:18:30 -05:00
Nathan Einwechter 7014322dfd Code cleanup 2013-08-12 18:16:00 -04:00
Nathan Einwechter 264fe32705 Added new badchars 2013-08-12 18:08:49 -04:00
Nathan Einwechter bbc93b2a58 msftidy 2013-08-12 15:14:01 -04:00
Nathan Einwechter 28f030494e Use tcp mixin/clean corrupt bytes 2013-08-12 15:12:15 -04:00
jvazquez-r7 4480dc3bec Land #2213, @todb-r7's deletion of deprecated modules 2013-08-12 11:36:24 -05:00
jvazquez-r7 b1fc8308c1 Land #2211, @bcoles exploit for CVE-201-2620 2013-08-12 11:23:20 -05:00
Tod Beardsley bfb5040dbf Remove deprecated modules
These three modules are well over their deprecation dates. Making good
on that threat now.

  * service_permissions: Marked for removal on 2013-01-10
  * bypassuac: Marked for removal on 2013-01-04
  * ms10_092_schelevator: Marked for removal on 2013-06-01
2013-08-12 11:21:45 -05:00
jvazquez-r7 8ac01d3b8e Fix description and make it aggressive 2013-08-12 11:19:25 -05:00
David Maloney c9bd791ff6 fix smart_migrate choice order
was trying winlogon first
should do explorer first
2013-08-12 11:02:27 -05:00
Nathan Einwechter 7854c452d2 Added more payload padding 2013-08-12 11:10:10 -04:00
Nathan Einwechter 9f33a59dc2 Fix target ret 2013-08-12 11:04:55 -04:00
Nathan Einwechter 6f96445b42 Change target ret/cleanup 2013-08-12 10:13:48 -04:00
Nathan Einwechter a35d548979 Use HttpClient 2013-08-12 10:01:01 -04:00
bcoles d63d7bc7da Add Open-FTPD 1.2 Writable Directory Traversal Execution 2013-08-12 08:49:49 +09:30
Nathan Einwechter 896320ed42 fix typo 2013-08-11 16:48:43 -04:00
Nathan Einwechter 4b14fa53e0 tidy debugs 2013-08-11 16:39:41 -04:00
Nathan Einwechter 90ef224c46 Implement CVE-2012-5019 2013-08-11 16:33:40 -04:00
jvazquez-r7 f2e5092fd5 Add module for ZDI-13-179 2013-08-10 18:44:33 -05:00
Nathan Einwechter 185ef2ecae msftidy 2013-08-10 16:01:44 -04:00
Nathan Einwechter 6fe4e3dd0e Added Intrasrv 1.0 BOF 2013-08-10 15:56:07 -04:00
sinn3r 5436ec7dd3 Title change for dlink_dir300_exec_telnet
Title change for dlink_dir300_exec_telnet. Also correct the email
format.
2013-08-09 15:41:50 -05:00
sinn3r 5128458c90 Land #2201 - Better check for ppr_flatten_rec 2013-08-09 14:44:23 -05:00
sinn3r 021c358159 Land #2203 - Fix regex for x64 detection 2013-08-09 13:23:38 -05:00
Tod Beardsley 6c0b067d7c Land #2163, known secret session cookie for RoR
From @joernchen, leverages an infoleak to gain a shell on rails
applications. There is no patch, since you are expected to keep your
secrets, well, secret.
2013-08-09 12:30:37 -05:00
Tod Beardsley 969b380d71 More explicit title, grammar check on description 2013-08-09 12:27:45 -05:00
Tod Beardsley 13ea8aaaad VALIDATE_COOKIE better grammar on fail message 2013-08-09 12:26:12 -05:00
Tod Beardsley 94e7164b01 Allow user to choose to validate the cookie or not 2013-08-09 12:22:28 -05:00
joernchen of Phenoelit 376c37d4cc Two more fixes, Arch and unneeded include. 2013-08-09 09:23:50 +02:00
Sagi Shahar 7178633140 Fixed architecture detection in bypassuac modules 2013-08-09 03:42:02 +02:00
Tod Beardsley 155c121cbb More spacing between ends 2013-08-08 16:35:38 -05:00
Tod Beardsley f4fc0ef3fb Moved classes into the Metasploit3 space
I'm just worried about all those naked classes just hanging around in
the top namespace. This shouldn't impact functionality at all.

While most modules don't define their own classes (this is usually the
job of Msf::Exploit and Rex), I can't think of a reason why you
shouldn't (well, aside from reusability). And yet, very rarely do
modules do it. It's not unknown, though -- the drda.rb capture module
defines a bunch of Constants, and the
post/windows/gather/credentials/bulletproof_ftp.rb module defines some
more interesting things.

So, this should be okay, as long as things are defined in the context of
the Metasploit module proper.
2013-08-08 16:22:34 -05:00
Tod Beardsley 4e166f3da4 Adding more blank lines between methods
For readability
2013-08-08 16:20:38 -05:00
jvazquez-r7 567873f3cc Use normalize_uri a little better 2013-08-08 15:12:51 -05:00
jvazquez-r7 4a609504e3 Land #2199, @jlee-r7's exploit for CVE-2013-4211 2013-08-08 14:57:28 -05:00
jvazquez-r7 06ebc686c4 Land #2194, @CharlieEriksen exploit for CVE-2013-5036 2013-08-08 14:50:28 -05:00
jvazquez-r7 40a61ec654 Do minor cleanup 2013-08-08 14:47:46 -05:00
Meatballs 318280fea7 Add 7/2k8 RTM versions 2013-08-08 20:02:14 +01:00
Meatballs d64352652f Adds unsupported Vista versions 2013-08-08 19:58:40 +01:00
Meatballs 08c32c250f File versions 2013-08-08 19:42:14 +01:00
sinn3r a03d71d60e Land #2181 - More targets for hp_sys_mgmt_exec
Thanks mwulftange!
2013-08-08 13:35:33 -05:00
sinn3r a73f87eaa5 No autodetect. Allow the user to manually select. 2013-08-08 13:34:25 -05:00
Charlie Eriksen 28b36ea29b Removing a space at EOL I missed. 2013-08-08 14:30:53 -04:00
Charlie Eriksen 1c6e994fe8 Adding improvements based on Juan's feedback 2013-08-08 14:29:35 -04:00
James Lee 080ca0b1b1 Use fail_with when failing instead of print_error 2013-08-08 13:12:39 -05:00
jvazquez-r7 a7c80ebfc2 Land #2185, @bmerinofe's post module for dns cache dumping 2013-08-08 12:49:37 -05:00
jvazquez-r7 5d0e868701 Land #2192 after cleanup 2013-08-08 08:44:17 -05:00
jvazquez-r7 74eeacf9f2 Fix regex 2013-08-08 08:40:45 -05:00
James Lee ca7c0defe1 No need to rescue if we're just re-raising 2013-08-07 17:36:07 -05:00
James Lee c808930f15 Add module for CVE-2013-4211, openx backdoor 2013-08-07 17:24:47 -05:00
root 3a24765585 Adding CVE ID 2013-08-07 18:11:43 -04:00
jvazquez-r7 0f975da5f4 Update target info and something else... 2013-08-07 16:00:06 -05:00
jvazquez-r7 d1beb313f6 Add module for 2013-1690 2013-08-07 15:36:54 -05:00
jvazquez-r7 821673c4d2 Try to fix a little description 2013-08-07 10:26:39 -05:00
jvazquez-r7 33ac0c5c3f Make exploit more print friendly 2013-08-07 10:21:14 -05:00
jvazquez-r7 32436973e4 Land #2192, @m-1-k-3's exploit for OSVDB-89861 2013-08-07 10:16:49 -05:00
jvazquez-r7 ae685ac41d Beautify description 2013-08-07 09:52:29 -05:00
jvazquez-r7 afb8a95f0a Land #2179, @m-1-k-3's exploit for OSVDB-92698 2013-08-07 09:00:41 -05:00
root 7412981138 Adding an OSVDB reference 2013-08-07 07:15:00 -04:00
root 36bab2fdfa Adding a space between init and check 2013-08-06 16:14:21 -04:00
root be683d5dc6 Fixing the TARGETURI variable, adding check 2013-08-06 16:13:44 -04:00
root a745ec8fa6 Adding reference 2013-08-06 14:43:25 -04:00
root cfd5f29220 Fixing the use of APIKEY, which is not needed 2013-08-06 14:10:48 -04:00
root 69a86b60e2 Added initial squash RCE exploit 2013-08-06 14:00:17 -04:00
Spencer McIntyre 2d69174c5b Initial commit of the python meterpreter. 2013-08-05 23:38:49 -04:00
HD Moore c73e417531 Merge pull request #2171 from frederic/master
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-08-05 18:31:41 -07:00
m-1-k-3 dd35495fb8 dir 300 and 600 auxiliary module replacement 2013-08-05 22:28:59 +02:00
m-1-k-3 786f16fc91 feedback included 2013-08-05 21:55:30 +02:00
jvazquez-r7 9790181dd2 Land #2176, @wchen-r7's fix for [TestRM #8272] 2013-08-05 13:10:25 -05:00
Tod Beardsley 40f015f596 Avoid require race with powershell 2013-08-05 09:56:32 -05:00
Tod Beardsley 8431eb7a79 Msftidy fixes, also use correct possessive plurals
http://englishplus.com/grammar/00000132.htm
2013-08-05 09:43:38 -05:00
Tod Beardsley bddcb33507 Update description for reverse_https_proxy 2013-08-05 09:35:14 -05:00
Tod Beardsley a885ff9bcc Use consistent caps for 'PowerShell' 2013-08-05 09:33:49 -05:00
Tod Beardsley 5ea67586c8 Rewrite description for MS13-005
The first part of the description was copy-pasted from

http://packetstormsecurity.com/files/122588/ms13_005_hwnd_broadcast.rb.txt

which contained some grammatical errors. Please try to avoid cribbing
other researchers' descriptions directly for Metasploit modules.
2013-08-05 09:29:29 -05:00
Tod Beardsley e7206af5b5 OSVDB and comment doc fixes 2013-08-05 09:08:17 -05:00
jvazquez-r7 5ef1e507b8 Make msftidy happy with http_login 2013-08-05 08:41:07 -05:00
bmerinofe 98c8c16803 Change offset values and hostname length 2013-08-05 12:29:54 +02:00
Markus Wulftange 9955899d9a Minor formal fixes 2013-08-04 08:03:02 +02:00
sinn3r 8be3f511a4 Fix undefined variable 'path' for http_login 2013-08-03 21:35:22 -05:00
bmerinofe 3e6de5d2e9 added a post-exploitation module to dump the cache dns entries 2013-08-03 13:37:32 +02:00
Markus Wulftange 8cc07cc571 Merge Linux and Windows exploit in multi platform exploit 2013-08-02 18:49:03 +02:00
m-1-k-3 a19afd163a feedback included 2013-08-02 17:30:39 +02:00
sinn3r 10e9b97a88 Land #2180 - Accepting args for x64 osx exec payload 2013-08-02 00:45:09 -05:00
Ruslaideemin f927d1d7d3 Increase exploit reliability
From some limited testing, it appears that this exploit is
missing \x0d\x0a in the bad chars. If the generated payload / hunter
or egg contain that combination, it seems to cause reliability issues
and exploitation fails.

The home page for this software can be found at
http://www.leighb.com/intrasrv.htm
2013-08-02 09:06:20 +10:00
Markus Wulftange 4a127c2ed2 Add hp_sys_mgmt_exec module for Linux and enhance module for Windows
The hp_sys_mgmt_exec module for Linux is a port of the Windows module with minor changes due to the requirement of quotes. It also uses Perl instead of PHP as PHP may not always be in the environment PATH. Although the Windows module works perfectly, it now uses the same technique to encode the command (thankfully, PHP adopted major syntax characteristics and functions from Perl).
2013-07-31 22:05:25 +02:00
Joe Vennix 592176137a Rewrite osx x64 cmd payload to accept args.
[SeeRM #8260]
2013-07-31 08:50:28 -05:00
m-1-k-3 15906b76db dir300 and 615 command injection 2013-07-31 14:36:51 +02:00
m-1-k-3 6b514bb44a dir300 and 615 command injection telnet session 2013-07-31 14:34:03 +02:00
sinn3r 8c47f1df2d We don't need this option anymore 2013-07-31 03:30:34 -05:00
sinn3r af0046658b Change the way file is stored 2013-07-31 03:28:24 -05:00
Frederic Basse 5e1def26aa remove Axis M1011 fingerprint, may not be specific enough to be used automatically. 2013-07-30 09:54:33 +02:00
Dhiru Kholia 1b6f6b8bf0 Land #2168 again
Adding Dhiru's module back now that things are straight.
2013-07-29 22:10:25 -05:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
Frederic Basse 63940d438e add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011 2013-07-30 01:56:10 +02:00
jvazquez-r7 300781823d Undo bad landing
This reverts commit e624ed18ad, reversing
changes made to 593363c5f9.
2013-07-29 17:39:12 -05:00
jvazquez-r7 438fbababd Land #2158, @kholia's post module to collect .ecryptfs info 2013-07-29 17:21:10 -05:00
jvazquez-r7 b29d18d8b8 Merge branch 'ecryptfs-creds' of https://github.com/kholia/metasploit-framework 2013-07-29 16:41:41 -05:00
jvazquez-r7 05be76ecb7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-29 16:41:22 -05:00
sinn3r ab75d00f8a Land #2169 - Description update 2013-07-29 14:24:57 -05:00
sinn3r 5efcbbd474 Land #2167 - PineApp Mail-SeCure livelog.html Exec 2013-07-29 13:18:18 -05:00
sinn3r 7967426db1 Land #2166 - PineApp Mail-SeCure ldapsyncnow.php EXEC 2013-07-29 13:16:42 -05:00
Meatballs 7801eadbc2 psh description 2013-07-29 19:14:12 +01:00
sinn3r baa0b983c8 Land #2165 - PineApp Mail-SeCure test_li_connection.php CMD EXEC 2013-07-29 13:13:55 -05:00
Dhiru Kholia 8379225e9b make msftidy happy (hopefully) 2013-07-29 23:42:29 +05:30
jvazquez-r7 455569aee8 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-29 12:10:12 -05:00
jvazquez-r7 3a05993f16 Make msftidy happy and warn user about long times 2013-07-29 11:45:30 -05:00
jvazquez-r7 0851974408 Land #2162, @Meatballs1's exploit for ms13-005 2013-07-29 11:43:31 -05:00
Tod Beardsley 37312f2aa9 Module, singular 2013-07-29 10:58:36 -05:00
Tod Beardsley 11e9cca855 Spelling and description touch ups. 2013-07-29 10:57:19 -05:00
joernchen of Phenoelit ac28dbe734 Minor typo fix 2013-07-28 19:44:44 +02:00
Dhiru Kholia 2de0a3e0f9 Add information gathering module for eCryptfs 2013-07-28 23:09:42 +05:30
jvazquez-r7 a1d9ed300e Add module for ZDI-13-184 2013-07-28 09:57:41 -05:00
joernchen of Phenoelit 8cdd163150 Module polishing, thanks @todb-r7.
Two test-apps (Rails 3/4) are available for this module. Ping me if you want to use them.
2013-07-28 13:52:27 +02:00
jvazquez-r7 f4e35b62ac Add module for ZDI-13-185 2013-07-27 12:12:06 -05:00
jvazquez-r7 fab9d33092 Fix disclosure date 2013-07-27 12:10:21 -05:00
jvazquez-r7 ac7bb1b07f Add module for ZDI-13-188 2013-07-27 03:25:39 -05:00
Meatballs 234e49d982 Add type technique 2013-07-26 23:33:16 +01:00
jvazquez-r7 805a9675a7 Modify the check for Integrity Level and Allow dropt o fs 2013-07-26 14:54:50 -05:00
joernchen of Phenoelit 7f3eccd644 Rails 3/4 RCE w/ token 2013-07-26 20:23:18 +02:00
Meatballs 12a58c730a Small fix 2013-07-26 10:15:47 +01:00
Meatballs 6a13ed0371 Missing include 2013-07-26 03:18:17 +01:00
Meatballs 72b8891ba3 Check for low integrity 2013-07-26 03:16:45 +01:00
Meatballs 030640d5bc back to cmd 2013-07-26 03:00:36 +01:00
Meatballs d3f3e5d63e Working with psh download 2013-07-26 02:29:55 +01:00
Meatballs b99ad41a64 Add api constants and tidy 2013-07-26 01:48:39 +01:00
jvazquez-r7 4a0b33241f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-25 18:41:50 -05:00
sinn3r 7b7603a5e7 Land #2104 - reverse_https_proxy 2013-07-25 17:26:56 -05:00
sinn3r 8dae114c7c msftidy happiness 2013-07-25 17:25:36 -05:00
Meatballs 0235e6803d Initial working 2013-07-25 23:24:11 +01:00
jvazquez-r7 5014919198 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-25 09:02:20 -05:00
Sean Verity dff35c0820 Minor update to Target Selection. Refer to comments on #2128. 2013-07-24 19:02:47 -04:00
Sean Verity d478df520f Merge remote-tracking branch 'rapid7/master'
Starting fresh.
2013-07-24 18:31:53 -04:00
William Vu 93a63081a5 Land #2151, @jvazquez-r7's Struts pwnage 2013-07-24 16:49:06 -05:00
jvazquez-r7 a70b346978 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 16:43:39 -05:00
jvazquez-r7 7641aa3e63 Delete stop_service calls 2013-07-24 16:35:15 -05:00
William Vu 95b0735695 Land #2150, smb_enumshares SRVSVC null byte fix 2013-07-24 14:08:01 -05:00
jvazquez-r7 e9a4f6d5da Merge branch 'dll_fix' of https://github.com/Meatballs1/metasploit-framework 2013-07-24 14:00:52 -05:00
Meatballs 44cae75af1 Cleanup 2013-07-24 19:52:59 +01:00
Rich Lundeen 9d032760ac changed description back 2013-07-24 11:51:06 -07:00
Rich Lundeen e89e2af9dc changed to chomp 2013-07-24 11:09:00 -07:00
jvazquez-r7 dbad1a5e4c Clean up description 2013-07-24 12:02:33 -05:00
jvazquez-r7 18dbdb828f Land #2133, @Meatballs1's exploit for PSH Web Delivery 2013-07-24 12:01:37 -05:00
Meatballs f79d3f7591 Shorten cmd 2013-07-24 17:48:03 +01:00
jvazquez-r7 47c21dfe85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 11:42:11 -05:00
Meatballs 8103baf21a Update title 2013-07-24 17:29:23 +01:00
Meatballs 18ac83bec1 Final updates and tidy 2013-07-24 17:28:19 +01:00
jvazquez-r7 8dd7a664b4 Give a chance to FileDropper too 2013-07-24 08:57:43 -05:00
jvazquez-r7 04b9e3a3e6 Add module for CVE-2013-2251 2013-07-24 08:52:02 -05:00
Rich Lundeen 3854d08dd9 Fixed smb_enumshares to support dir list in SRVSVC 2013-07-23 21:36:26 -07:00
jvazquez-r7 b0c17fdebc Land #2002, @jlee-r7's patch for better handling uri resources 2013-07-23 15:49:21 -05:00
Tod Beardsley 147d432b1d Move from DLink to D-Link 2013-07-23 14:11:16 -05:00
jvazquez-r7 e828517ed8 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-22 17:10:45 -05:00
jvazquez-r7 af1bd01b62 Change datastore options names for consistency 2013-07-22 16:57:32 -05:00
Tod Beardsley 6055ae7ba5 Land #2132, adding logging to hostname resolver
Also incidentally updated the description.
2013-07-22 15:19:47 -05:00
Tod Beardsley b4589c3c82 Expanding description 2013-07-22 15:19:30 -05:00
jvazquez-r7 4367a9ae49 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-22 15:09:35 -05:00
jvazquez-r7 70900cfe5e Final cleanup for foreman_openstack_satellite_priv_esc 2013-07-22 14:59:23 -05:00
jvazquez-r7 6346f80ff0 Land #2143, @rcvalle's module for CVE-2013-2113 2013-07-22 14:58:07 -05:00
jvazquez-r7 99a345f8d1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-22 13:54:26 -05:00
Tod Beardsley 5e55c506cd Land #2140, add CWS as a first-class reference. 2013-07-22 13:50:38 -05:00
Ramon de C Valle b6c9fd4723 Add foreman_openstack_satellite_priv_esc.rb
This module exploits a mass assignment vulnerability in the 'create'
action of 'users' controller of Foreman and Red Hat OpenStack/Satellite
(Foreman 1.2.0-RC1 and earlier) by creating an arbitrary administrator
account.
2013-07-22 15:24:25 -03:00
Rich Lundeen aa159f12b7 changed options wording 2013-07-22 11:15:22 -07:00
Rich Lundeen 57055ab754 added optional option 2013-07-22 11:13:29 -07:00
Tod Beardsley 164153f1e6 Minor updates to titles and descriptions 2013-07-22 13:04:54 -05:00
jvazquez-r7 77e8250349 Add support for CWE 2013-07-22 12:13:56 -05:00
jvazquez-r7 0fdfe866a7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-22 12:07:44 -05:00
jvazquez-r7 6158415bd3 Clean CWE reference, will ad in new pr 2013-07-22 12:03:55 -05:00
jvazquez-r7 da4fda6cb1 Land #2110, @rcvalle's exploit for Foreman Ruby Injection 2013-07-22 12:02:43 -05:00
jvazquez-r7 8015938b9a Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-22 11:20:12 -05:00
Ramon de C Valle 04e9398ddd Fix CSRF regular expressions as per review 2013-07-22 13:10:56 -03:00
jvazquez-r7 de6e2ef6f4 Final cleanup for dlink_upnp_exec_noauth 2013-07-22 10:53:09 -05:00
jvazquez-r7 c1c72dea38 Land @2127, @m-1-k-3's exploit for DLink UPNP SOAP Injection 2013-07-22 10:52:13 -05:00
Ramon de C Valle 11ef4263a4 Remove call to handler as per review 2013-07-22 12:49:42 -03:00
jvazquez-r7 15b0e39617 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-21 13:47:40 -05:00
sinn3r e7e712fa01 EOL fix 2013-07-20 19:54:05 -05:00
sinn3r ab515fb66d Add the file format version of CVE-2013-1017 2013-07-20 19:50:09 -05:00
Meatballs fe405d2187 Tidyup info 2013-07-19 23:50:59 +01:00
Meatballs 6fab3f6308 Add powershell cmdline 2013-07-19 23:24:54 +01:00
jvazquez-r7 4beea52449 Use instance variables 2013-07-19 14:46:17 -05:00
Meatballs d1fdcfff91 Initial commit 2013-07-19 19:33:55 +01:00
root 6bcdd37223 logged resolve_hostname to db 2013-07-19 11:14:14 -07:00
Ramon de C Valle 6761f95892 Change print_error/ret to fail_with as per review 2013-07-19 12:19:29 -03:00
Sean Verity f16ed32848 Added '2003 R2 SP2' to target selection 2013-07-19 09:57:09 -04:00
m-1-k-3 e93eef4534 fixing server header check 2013-07-19 08:00:02 +02:00
m-1-k-3 f26b60a082 functions and some tweaking 2013-07-19 07:57:27 +02:00
jvazquez-r7 bdfad076b4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 15:43:58 -05:00
jvazquez-r7 cb108a8253 Add module for ZDI-13-147 2013-07-18 15:37:11 -05:00
William Vu 6885ef8aa4 Land #2123, mutiny_frontend_upload code cleanup 2013-07-18 14:38:03 -05:00
jvazquez-r7 a1a6aac229 Delete debug code from mutiny_frontend_upload 2013-07-18 14:03:19 -05:00
jvazquez-r7 efb8591a49 Update apple_quicktime_rdrf references 2013-07-18 13:57:31 -05:00
jvazquez-r7 1a5e0e10a5 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 13:53:57 -05:00
sinn3r a2ea5dd472 Land #2119 - Accept args for osx exec payload 2013-07-18 13:37:48 -05:00
sinn3r b64d0429ac Format fix
Just to make this more pleasing to the eyes
2013-07-18 13:36:31 -05:00
sinn3r b90e1d54e2 Land #2117 - HP Managed Printing Administration jobAcct Command Exec 2013-07-18 13:21:11 -05:00
sinn3r 280529f885 Make some changes to the description 2013-07-18 13:20:36 -05:00
jvazquez-r7 52079c960f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 12:52:42 -05:00
Joe Vennix cd2e352971 Kill extra whitespace. 2013-07-18 11:30:54 -05:00
sinn3r b94cde1d65 Name change for pyoor 2013-07-18 10:50:25 -05:00
jvazquez-r7 104edd8e93 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 10:38:53 -05:00
William Vu c7ffe96f15 Land #2115, module title disambiguation 2013-07-18 10:37:00 -05:00
jvazquez-r7 3780b1b59f Add module for ZDI-11-352 2013-07-18 09:39:55 -05:00
Joe Vennix 766a8d5817 Shellwords! Now you can use exec to get you a perl shell 2013-07-17 21:16:04 -05:00
Joe Vennix 9c1228067c Change to += syntax. 2013-07-17 21:11:24 -05:00
jvazquez-r7 bf023f261a Delete comma 2013-07-17 20:46:03 -05:00
jvazquez-r7 7ee4855345 Fix msftidy and delete duplicate stack adjustment 2013-07-17 20:45:54 -05:00
Joe Vennix ab088712ba Removes unnecessary copy-to-stack. Fixes arg-order issue.
* Now I simply point to the string in instruction-memory, which saves a few bytes.
2013-07-17 20:27:20 -05:00
Joe Vennix 5ab81e7e37 Convert to readable asm. Adds support for arguments.
* shellcode appears to do an unnecessary copy-to-stack, so will look into
  improving that.
2013-07-17 19:20:47 -05:00
sinn3r 6713fb1609 Fix typos 2013-07-17 18:06:40 -05:00
Tod Beardsley 3ac2ae6098 Disambiguate the module title from existing psexec 2013-07-17 17:11:56 -05:00
jvazquez-r7 458ac5f289 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-17 15:02:33 -05:00
sinn3r 9ae7c80b15 Add more targets plus some other corrections 2013-07-17 14:43:41 -05:00
sinn3r c85b994c07 Add CVE-2013-1017: Apple Quicktime Invalid Atom Length BoF
This module exploits a vulnerability found in Apple Quicktime. The
flaw is triggered when Quicktime fails to properly handle the data
length for certain atoms such as 'rdrf' or 'dref' in the Alis record,
which may result a buffer overflow by loading a specially crafted .mov
file, and allows arbitrary code execution under the context of the user.
2013-07-17 13:45:05 -05:00
jvazquez-r7 c7361043ae up to date 2013-07-17 11:47:06 -05:00
jvazquez-r7 11f8b351c0 Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework 2013-07-17 11:44:42 -05:00
jiuweigui f3bb0ec1ee moved table << 2013-07-17 02:53:24 +03:00
jvazquez-r7 73fd14a500 Fix [SeeRM #8239] NoMethodError undefined method 2013-07-16 15:59:52 -05:00
Ramon de C Valle 8fd6dd50de Check session and CSRF variables as per review 2013-07-16 14:30:55 -03:00
Ramon de C Valle dc51c8a3a6 Change URIPATH option to TARGETURI as per review 2013-07-16 14:27:47 -03:00
jiuweigui c0e594eb6a removed unnecessary begin-end 2013-07-16 20:09:21 +03:00
Ramon de C Valle 3dbe8fab2c Add foreman_openstack_satellite_code_exec.rb
This module exploits a code injection vulnerability in the 'create'
action of 'bookmarks' controller of Foreman and Red Hat
OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
2013-07-16 12:07:31 -03:00
jiuweigui 9985ea3c3a Enumerates Windows Prefetch files through meterpreter session 2013-07-16 14:18:54 +03:00
jiuweigui e13f4f5b4e Minor fix 2013-07-16 13:46:42 +03:00
jiuweigui ef82308e07 Working versio 2013-07-16 12:45:03 +03:00
jiuweigui b32597620d Finally working. 2013-07-16 04:07:28 +03:00
jiuweigui 5f3d3a3956 still buggy 2013-07-16 01:05:08 +03:00
jiuweigui 4c56d8eba3 Still buggy 2013-07-15 23:55:24 +03:00
jiuweigui 315874a882 Minor fixes 2013-07-15 23:19:17 +03:00
jiuweigui 5d767fe319 Minor mods 2013-07-15 19:34:44 +03:00
jiuweigui 26f28ae47e Minor cleaup 2013-07-15 17:51:55 +03:00
jvazquez-r7 3a8856ae7f Apply review to spip_connect_exec 2013-07-15 09:44:05 -05:00
jvazquez-r7 bc44d42888 Move module to unix/webapps 2013-07-15 09:43:28 -05:00
Alexandre Maloteaux e28dd42992 add http authentification and socks 2013-07-15 15:36:58 +01:00
jvazquez-r7 19b11cd6e2 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-15 08:23:38 -05:00
jiuweigui 2349ee7276 Working version 2013-07-15 16:07:45 +03:00
jiuweigui 4801aab4c4 loot.txt broken 2013-07-15 15:38:42 +03:00
jiuweigui 4265141a11 minor modifications 2013-07-15 13:15:39 +03:00
m-1-k-3 f594c4b128 small cleanup 2013-07-15 08:48:18 +02:00
m-1-k-3 393c1b2a99 session stuff 2013-07-15 07:57:30 +02:00
jiuweigui 90107b82e1 Minor mods 2013-07-15 00:19:32 +03:00
m-1-k-3 a6b48f3082 HTTP GET 2013-07-14 19:02:53 +02:00
jiuweigui 6956003949 Everything working on this version. 2013-07-14 17:24:27 +03:00
m-1-k-3 9f65264af4 make msftidy happy 2013-07-14 15:45:14 +02:00
m-1-k-3 47ca4fd48f session now working 2013-07-14 15:42:41 +02:00
jiuweigui 52f9daf8c5 Renamed prefetch_tool to enum_prefetch 2013-07-14 15:33:54 +03:00
jiuweigui 6539b4e507 Working 2013-07-14 15:30:54 +03:00
m-1-k-3 9133dbac4a some feedback included and some playing 2013-07-14 14:14:06 +02:00
jiuweigui b77ba64e88 Fixed WinXP registry timezone key 2013-07-14 13:53:18 +03:00
jiuweigui 398d5070b2 Fixed WinXP registry timezone key 2013-07-14 06:18:25 +03:00
jiuweigui 43740d7626 Minor edits 2013-07-14 04:55:57 +03:00
jiuweigui 742615f3a1 Working 2013-07-14 04:50:13 +03:00
jiuweigui 1f27a2b7bd Working version 2013-07-14 04:32:20 +03:00
jiuweigui ae60abd05b Minor changes 2013-07-13 20:19:01 +03:00
jiuweigui 45d49cdfe5 Time conversion broken, otherwise works. 2013-07-13 20:03:08 +03:00
Alexandre Maloteaux f48c70d468 enable tor and small fix 2013-07-13 17:59:49 +01:00
jiuweigui 1f10d1ca05 Done. Needs final cleanup and rewrite. 2013-07-13 13:24:08 +03:00
James Lee 94f8b1d177 Land #2073, psexec_psh 2013-07-12 16:14:17 -05:00
James Lee f81369a10d Don't make promises about AV detection 2013-07-12 16:13:02 -05:00
James Lee bc88732400 Prints don't need to be rescued 2013-07-12 15:56:04 -05:00
corelanc0d3r e8983a21c5 New meterpreter payload reverse_https_proxy 2013-07-12 16:45:16 -04:00
jiuweigui 84f30b2379 Works. Needs just FILETIME converter 2013-07-12 23:31:52 +03:00
jiuweigui ce8f3d2a62 Tested on XP and Win7. Works, needs just Filetime convert 2013-07-12 23:29:54 +03:00
jiuweigui 5692cde57a Initial transfer 2013-07-12 21:19:44 +03:00
jvazquez-r7 e2f6218104 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-12 08:38:08 -05:00
sinn3r 529471ed53 Land #2081 - MediaCoder .M3U Buffer Overflow 2013-07-11 23:57:43 -05:00
sinn3r 1341d6ec6b Remove extra commas and try to keep a line in 100 columns 2013-07-11 23:54:54 -05:00
jvazquez-r7 d9f212320f Land #2094, @wchen-r7's changes for smb_enumshares 2013-07-11 18:38:19 -05:00
sinn3r 279787d942 Make this error less verbose too 2013-07-11 17:36:11 -05:00
sinn3r 0906345af4 Ah, typo 2013-07-11 16:53:39 -05:00
sinn3r eb1905025d I bet having ip:rport will make more sense 2013-07-11 16:45:52 -05:00
jvazquez-r7 937642762f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-11 15:20:33 -05:00
sinn3r 0a9c1bcfff Too verbose by default drives users nuts, go easy on that. 2013-07-11 13:41:22 -05:00
sinn3r 55dbfc9281 shares_info should only run if there's shares found 2013-07-11 13:36:26 -05:00
sinn3r 14b3e6440c Check nil 2013-07-11 13:31:30 -05:00
sinn3r 1cf65623d6 Small desc update 2013-07-11 13:20:39 -05:00
jvazquez-r7 d9107d2bd9 Add module for CVE-2013-3248 2013-07-11 12:30:08 -05:00
sinn3r ca0880428f Make sure module is awre of USE_SRVSVC_ONLY if that kicks in 2013-07-11 11:08:09 -05:00
sinn3r a6ce629c3c Capture a 0xC00000BB condition, plus some other fixes 2013-07-11 10:52:58 -05:00
Davy Douhine 4d120f49ba added exploit module for PHP inj in SPIP CMS 2013-07-11 17:28:31 +02:00
sinn3r 3e229fe236 [SeeRM:#1233] - Upgrade smb_enumshares to show directories & files
[SeeRM:#1233] - This is an upgrade based on ringt's code in PR #2017.
As a pentester, it's useful to obtain additional information such as
device type, access rights, folders, and files, etc when doing a share
enumeration.  I have also enhanced exception handling to avoid shutting
errors up, which is better for debugging purposes.
2013-07-11 00:06:25 -05:00
jvazquez-r7 b8ce98b896 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-10 14:04:46 -05:00
Tod Beardsley 8ade33552c Land #2085, use the new network_interface gem. 2013-07-10 13:15:01 -05:00
modpr0be 16c9effcb4 make msftidy happy 2013-07-11 00:32:32 +07:00
modpr0be 8de88cbd05 change target from win7 sp1 to win7 sp0, fix description 2013-07-11 00:14:30 +07:00
sinn3r 4a3dc2e365 Print all the creds! All your base belong to me.
After a short discussion with Tod, we think it's best to print the
creds by default.  If some dude runs Metasploit in a public place,
dumps passwords, and gets shoulder surfed, well, sucks for them :-p
2013-07-09 19:56:44 -05:00
jvazquez-r7 c343a59e1b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-09 17:48:27 -05:00
sinn3r d3433a017b Print hash too 2013-07-09 16:39:24 -05:00
jvazquez-r7 234624793c Add module for CVE-2013-1814 2013-07-09 14:03:35 -05:00
m-1-k-3 49c70911be dlink upnp command injection 2013-07-09 13:24:12 +02:00
lsanchez-r7 5c93fb2849 arp_sweep is once again working
modified the capture mixin to use NetworkInteface instead of
pcaprub for interfaces and addresses

FIXRM #8023,#7943
2013-07-08 17:24:28 -05:00
jvazquez-r7 64b2f3f7a0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-08 16:55:39 -05:00
Tod Beardsley 8d7396d60a Minor description changes on new modules 2013-07-08 16:24:40 -05:00
jvazquez-r7 6a9a9ac20a Merge branch 'module-mediacoder-m3u' of https://github.com/modpr0be/metasploit-framework 2013-07-08 15:53:36 -05:00
jvazquez-r7 8ab8eb8e59 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-08 15:52:31 -05:00
modpr0be b2a18c37ee add dll references for rop 2013-07-09 03:20:05 +07:00
jvazquez-r7 3f874f504c Use metadata 2013-07-08 09:25:02 -05:00
jvazquez-r7 512dd7d15a Update title 2013-07-08 09:11:31 -05:00
jvazquez-r7 c60aeaa202 Add module for CVE-2013-3482 2013-07-08 09:11:10 -05:00
modpr0be ed6d88a28b credit to mona.py for rop 2013-07-07 18:07:05 +07:00
modpr0be ecb2667401 remove seh mixin and fix the rop nop address 2013-07-06 23:08:51 +07:00
jvazquez-r7 6dec81cbdf Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-06 10:38:19 -05:00
jvazquez-r7 b2e7f61814 Fix path build on total_commander 2013-07-06 10:15:30 -05:00
jvazquez-r7 df7209f28a Land #2067, @wchen-r7's fix for total_commander 2013-07-06 10:14:44 -05:00
Meatballs fc5e5a5aad Fixup description 2013-07-06 09:29:32 +01:00
Meatballs 22601e6cc7 Exit process when complete 2013-07-06 09:27:27 +01:00
jvazquez-r7 39f0359fa4 Land #2061, @wchen-r7's fix to make bitcoin_jacker use post mixins 2013-07-06 00:14:14 -05:00
modpr0be 23d2bfc915 add more author 2013-07-06 11:52:16 +07:00
modpr0be b8354d3d6c Added MediaCoder exploit module 2013-07-06 11:07:11 +07:00
Meatballs 0e84886bce Spawn 32bit process 2013-07-05 22:56:21 +01:00
Meatballs 2bfe8b3b29 msftidy 2013-07-05 22:35:22 +01:00
Meatballs 5dc2492b20 Renamed module 2013-07-05 22:32:15 +01:00
Meatballs 0ce3fe2e7c Added service status checks to Post::Windows::Services
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
2013-07-05 22:25:04 +01:00
Meatballs 66c2b79177 Initial commit 2013-07-05 19:48:27 +01:00
sinn3r ca4e11c112 Use check_other more 2013-07-05 12:38:38 -05:00
sinn3r 98f49758af Don't need this line 2013-07-05 12:34:26 -05:00
sinn3r d3000c0066 These funcs want 'filename' 2013-07-05 12:29:16 -05:00
sinn3r 353db0884d Use expand_path from Msf::Post::File 2013-07-05 12:26:59 -05:00
sinn3r 18e5831ca8 Don't use begin/rescue to shut errors up and call it "file not found" 2013-07-05 12:22:05 -05:00
sinn3r dc90904e50 Avoid misleading error 2013-07-05 12:12:30 -05:00
jvazquez-r7 c859129339 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-05 12:06:05 -05:00
jvazquez-r7 bcf6d11442 Land #2049, @wchen-r7's had_pid? method work 2013-07-05 11:19:11 -05:00
jvazquez-r7 7f645807f6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-05 10:25:41 -05:00
jvazquez-r7 ad94f434ab Avoid a fix address for the final userland payload 2013-07-05 10:21:11 -05:00
jvazquez-r7 9b7567cd0f Land #2071, @wchen-r7's patch to use the Msf::Post::Windows::Process mixin 2013-07-05 10:19:56 -05:00
jvazquez-r7 6477c6995d Merge branch 'enum_db_no_method' of https://github.com/wchen-r7/metasploit-framework 2013-07-05 09:35:34 -05:00
jvazquez-r7 9ed6b5c0b9 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-05 09:35:24 -05:00
jvazquez-r7 a7d110367a Land #2064, @wchen-r7's fix for access uninitialized variable on enum_services 2013-07-05 09:30:23 -05:00
jvazquez-r7 4c57c83cb8 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-05 09:14:23 -05:00
jvazquez-r7 b9dd3df05f Land #2068, @wchen-r7's fix to initialize variables on windows_autologin module 2013-07-05 09:09:17 -05:00
jvazquez-r7 a4f90ffadd Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-05 09:01:30 -05:00
jvazquez-r7 4ed6a4d8d1 Land #2062, @wchen-r7's fix to avoid redundant check 2013-07-05 08:51:05 -05:00
jvazquez-r7 1ad4482ce2 Land #2069, @wchen-r7's patch to print info when using store_loot 2013-07-05 08:35:57 -05:00
jvazquez-r7 c459b0e937 Land #2045, @wchen-r7's fix for memory_grep module 2013-07-05 08:16:47 -05:00
jvazquez-r7 9a31885b8f Merge branch 'memory_grep_fixes' of https://github.com/wchen-r7/metasploit-framework 2013-07-05 07:59:06 -05:00
Thorsten Fischer e96a5d0237 Fixed a "NameError uninitialized constant" error.
On startup of msfconsole, the following error occurred:

  modules/exploits/freebsd/local/mmap.rb: NameError uninitialized constant Msf::Post::Common

The addition of a corresponding 'require' line removed that error.

Signed-off-by: Thorsten Fischer <thorsten@froschi.org>
2013-07-05 11:56:15 +02:00
sinn3r 2a32b59c88 Forgot to change var 'filename' 2013-07-05 01:37:35 -05:00
sinn3r 84050241f0 Fix target ID 2013-07-05 01:25:08 -05:00
sinn3r 1352731062 Make heap grep optional 2013-07-05 00:57:25 -05:00
jvazquez-r7 c4485b127c Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-04 19:43:38 -05:00
jvazquez-r7 7b05872153 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-04 10:10:07 -05:00
jvazquez-r7 8772cfa998 Add support for PLESK on php_cgi_arg_injection 2013-07-04 08:24:25 -05:00
Meatballs 479664b5aa Remove redundant file 2013-07-04 12:07:14 +01:00
Meatballs cd159960e1 Tidy 2013-07-04 12:02:32 +01:00
Meatballs 9c1a43a417 Check payload arch 2013-07-04 11:46:34 +01:00
Meatballs 83bc32abb4 Remove Exploit::Exe 2013-07-04 11:01:01 +01:00
Meatballs 7d6a78bf1f Remove report aux 2013-07-04 10:36:32 +01:00
Meatballs 555140b85a Add warning for persist 2013-07-04 10:30:03 +01:00
Meatballs 44cdc0a1c8 Move options to lib 2013-07-04 10:25:37 +01:00
Meatballs 1368c1c27f Move options to lib 2013-07-04 10:25:08 +01:00
Meatballs 8590720890 Use fail_with 2013-07-04 10:21:24 +01:00
Meatballs 3eab7107b8 Remove opt supplied by lib 2013-07-04 10:16:03 +01:00
Meatballs 7d273b2c8b Refactor to psexec lib 2013-07-04 10:11:13 +01:00
Meatballs 1569a15856 Msf license 2013-07-04 10:08:29 +01:00
Meatballs 052c23b980 Add missing require 2013-07-04 09:58:48 +01:00
Meatballs 6fa60be76f Merge branch 'psexec_psh' of https://github.com/sempervictus/metasploit-framework into psexec_psh 2013-07-04 09:42:18 +01:00
sinn3r a52d38f359 Land #2052 - Fix regex 2013-07-03 16:55:07 -05:00
sinn3r 226f4dd8cc Use execute_shellcode for novell_client_nicm.rb 2013-07-03 13:57:41 -05:00
sinn3r f9cfba9021 Use execute_shellcode for novell_client_nwfs.rb 2013-07-03 13:55:50 -05:00
jvazquez-r7 6e44cb56bf Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-03 12:44:47 -05:00
jvazquez-r7 6cb53583b7 Make msftidy happy 2013-07-03 12:42:37 -05:00
jvazquez-r7 61c85b10d3 Add final cleanup for #2012 2013-07-03 12:41:12 -05:00
jvazquez-r7 4a076e0351 Land #2012, @morisson improve for sap_router_portscanner 2013-07-03 12:39:59 -05:00
sinn3r ff49cc1c4f [SeeRM:#8135] - Be able to show where store_loot saves a file
If you don't print where store_loot saves the file, it can be a
pain in the butt to find it sometimes.
2013-07-03 12:29:01 -05:00
sinn3r 70c472fb7e [FixRM:#8134] - Handle registry_getvaldata return value properly
registry_getvaldata can return nil, can't always assume it's
gonna throw a string.
2013-07-03 12:23:14 -05:00
William Vu c37884c6c7 Land #2066, use Rex instead of Base64 2013-07-03 12:21:06 -05:00
jvazquez-r7 f3f3a8239e Land #2043, @ricardojba exploit for InstantCMS 2013-07-03 12:11:30 -05:00
sinn3r 1064c050de [FixRM:#8132] - Fix undefined method '+' in total_commander.rb
The return value of registry_getvaldata can return nil when a
RequestError occurs, so you can't always assume it's gonna throw
you a string.
2013-07-03 12:10:23 -05:00
sinn3r 27653b661f [FixRM:#8131] & [FixRM:#8133] - Fix Base64 func usage
Instead of using Base64, these modules should use Rex.
2013-07-03 12:06:12 -05:00
jvazquez-r7 2f77e8626f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-03 11:56:25 -05:00
sinn3r 7ef5695867 [FixRM:#8129] - Remove invalid metasploit.com references
These "metasploit.com" references aren't related to the vulns,
shouldn't be in them.
2013-07-03 11:52:10 -05:00
sinn3r c40a605495 [FixRM:#8129] - Fix undefined method error in enum_services.rb
srv_conf may not have the 'Startup' key because it's only assigned
in service_info() when srvstart is 4, therefore it's possible to
cause an undefined method 'downcase' error.
2013-07-03 11:44:28 -05:00
sinn3r 534858a23b [FixRM:#8128] - Potential undefined method 'include' for nil
A lot of return values aren't checked, may result in undefined method X
bugs. The same type of issue is all over the place.
2013-07-03 11:40:24 -05:00
jvazquez-r7 c07e65d16e Improve and clean instantcms_exec 2013-07-03 11:37:57 -05:00
sinn3r 6198409e71 [FixRM:#8127] - Remove junk code that checks ARTIFACTS again
ARTIFACTS uses OptPath, which already checks the path. We don't need
to do this again.
2013-07-03 11:33:25 -05:00
sinn3r 944761a1dc [FixRM:#8126] - Use functions from Msf::Post::File
Some functions already exist in Msf::Post::File, should use them.
2013-07-03 11:30:05 -05:00
g0tmi1k 864f4e9d37 post/local_admin_search_enum~Regex fails,module 2
If the regex fails then the entire moudle would too
2013-07-03 00:43:08 +01:00
g0tmi1k 2a6056fd2a exploits/s4u_persistence~Fixed typos+default values 2013-07-03 00:38:50 +01:00
sinn3r a74f706bdb These modules should check PID before using it 2013-07-02 14:48:04 -05:00
Ricardo Almeida dd876008f9 Update instantcms_exec.rb 2013-07-02 17:26:14 +01:00
jvazquez-r7 4ac5261802 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-02 11:20:26 -05:00
jvazquez-r7 76a9abfd4e Fix last print_ message format 2013-07-02 11:17:16 -05:00
jvazquez-r7 e9441f540e Land #2048, @todb-r7 fix for print_* messages on the ipmi work 2013-07-02 11:16:11 -05:00
jvazquez-r7 2ceb404f7d Land #2047, @hmoore-r7 ipmi related work 2013-07-02 11:13:25 -05:00
Tod Beardsley 2fbea86884 IPMI scanners should mention IPMI in their messages 2013-07-02 10:44:42 -05:00
Tod Beardsley d668a20820 Use rport instead of datastore['RPORT'] 2013-07-02 10:29:25 -05:00
Tod Beardsley 1d87530e67 Add some verbosity on IPMI version scanning 2013-07-02 10:25:40 -05:00
jvazquez-r7 146d1eb27d Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-02 10:06:00 -05:00
jvazquez-r7 1110aefe49 Land #2038, @modpr0be exploit for ABBS Audio Media Player 2013-07-01 23:20:50 -05:00
modpr0be 2e5398470b remove additional junk, tested and not needed 2013-07-02 09:23:42 +07:00
sinn3r 6815eef8f4 Fix multiple issues with memory_grep
This fixes the following:
[FixRM:#8118] - Allows the module to be able to enumerate from
multiple processes with the same name.

[FixRM:#8120] - Allows the module to be able to actually read data
from the heap.
2013-07-01 18:57:00 -05:00
jvazquez-r7 72f19181d1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-01 16:38:19 -05:00
James Lee 1865e6c19d Fix requrires for enable_support_account 2013-07-01 16:22:39 -05:00
Ricardo Almeida dafa333e57 Update instantcms_exec.rb 2013-07-01 22:03:37 +01:00
William Vu be1a0d3cae Land #2041, title and description cleanup 2013-07-01 15:55:13 -05:00
Tod Beardsley bc24f99f8d Various description and title updates 2013-07-01 15:37:37 -05:00
jvazquez-r7 1c6657ee86 Land #2034, @wchen-r7's patch for memory_grep 2013-07-01 13:34:57 -05:00
modpr0be 9b8bfa6290 change last junk from rand_text_alpha_upper to rand_text 2013-07-01 23:49:19 +07:00
modpr0be c631778a38 make a nice way to fill the rest of buffer 2013-07-01 23:39:08 +07:00
Ricardo Almeida 760133d878 Error on line 60 2013-07-01 12:04:03 -04:00
sinn3r dbce1b36e5 Land #2036 - CVE-2013-3660
Thx Tavis, Keebie4e, and Meatballs
2013-07-01 10:55:51 -05:00
Ricardo Almeida 4cd08966ff added InstantCMS 1.6 PHP Code Injection 2013-07-01 11:44:47 -04:00
modpr0be 478beee38b remove unnecessary option and make msftidy happy 2013-07-01 18:51:47 +07:00
modpr0be f16d097c00 clean version, tested on winxp sp3 and win7 sp1 2013-07-01 18:35:50 +07:00
jvazquez-r7 f58f481399 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-30 22:36:46 -05:00
sinn3r 43c4f07e06 Use "unless"
Guidelines favor "unless".
2013-06-30 18:32:15 -05:00
HD Moore 62b62f4e9d Fix bad hash detection 2013-06-30 15:57:47 -05:00
HD Moore cca071ff55 Rework to reduce open fds, remove bugs, handle null user 2013-06-30 15:32:33 -05:00
modpr0be e0ae71e874 minor fixing in the exploit module description 2013-07-01 03:27:06 +07:00
modpr0be 007fddb6bf remove SEH function, not needed 2013-07-01 03:13:20 +07:00
modpr0be 1e4b69ab03 Added abbs amp exploit module 2013-07-01 03:08:22 +07:00
HD Moore 6b3178a67b Fix EOL spaces 2013-06-30 14:38:30 -05:00
HD Moore ad4f15daed Switch to UDPScanner mixin, trim this down, add reporting 2013-06-30 14:36:51 -05:00
jvazquez-r7 0ff1cd24a9 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-30 10:03:30 -05:00
jvazquez-r7 867eed7957 Make msftidy happy 2013-06-30 10:01:40 -05:00
jvazquez-r7 db00599d44 Move carberp_backdoor_exec to unix webapp exploits foler 2013-06-30 10:00:14 -05:00
jvazquez-r7 79fb381412 Landing #2035, @bwall exploit for carberp control panel 2013-06-30 09:58:47 -05:00
HD Moore 8e4dd29a4c Add cipher zero scanner 2013-06-30 02:35:37 -05:00
jvazquez-r7 520a78e2c8 Add final cleanup for enable_support_account 2013-06-29 23:30:29 -05:00
jvazquez-r7 df88ace6d1 Land #1989, @salcho's post module for enable windows support account 2013-06-29 23:29:16 -05:00
HD Moore 1e21f0e2aa Updated output formats, top 1000 passwords 2013-06-29 22:01:25 -05:00
jvazquez-r7 6e7945ca5e Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-29 16:24:45 -05:00
salcho 8717a3b7d8 using post mixins, fixed checks, module renamed 2013-06-29 15:44:36 -05:00
salcho 00bf9070aa using post mixins, fixed checks, module renamed 2013-06-29 15:41:36 -05:00
Brian Wallace d990c7f21f Dat line 2013-06-29 09:46:36 -07:00
Brian Wallace ec7c9b039a Further refactoring requested 2013-06-29 09:45:22 -07:00
jvazquez-r7 a2b8daf149 Modify fail message when exploitation doen't success 2013-06-29 10:45:13 -05:00
jvazquez-r7 a5c3f4ca9b Modify ruby code according to comments 2013-06-29 08:54:00 -05:00
Brian Wallace 8542342ff6 Merge branch 'carberp_backdoor_exec' of git@github.com:bwall/metasploit-framework.git into carberp_backdoor_exec 2013-06-28 22:45:03 -07:00
Brian Wallace b8cada9ab0 Applied some refactoring to decrease line count 2013-06-28 22:44:23 -07:00
jvazquez-r7 427e26c4dc Fix current_pid 2013-06-28 21:36:49 -05:00
jvazquez-r7 32ae7ec2fa Fix error description and bad variable usage 2013-06-28 21:30:33 -05:00
jvazquez-r7 fb67002df9 Switch from print_error to print_warning 2013-06-28 21:29:20 -05:00
jvazquez-r7 3ab948209b Fix module according to @wchen-r7 feedback 2013-06-28 20:44:42 -05:00
jvazquez-r7 00416f3430 Add a new print_status 2013-06-28 18:23:49 -05:00
jvazquez-r7 7725937461 Add Module for cve-2013-3660 2013-06-28 18:18:21 -05:00
(B)rian (Wall)ace 9486364cc4 Added Steven K's email 2013-06-28 15:31:17 -07:00
sinn3r 82eed1582f No need for the 2nd element 2013-06-28 17:05:43 -05:00
Brian Wallace fe0e16183c Carberp backdoor eval PoC 2013-06-28 14:47:13 -07:00
sinn3r a7ee95381b Updates module description, and uses the proper func for hex dump
As an user, it's important to know that using this module may result
a lost session because it must migrate to grep memory, but does not
migrate back.

The module also has its own hex dump routine, which is no longer
needed because we have a built-in Rex::Text.to_hex_dump
2013-06-28 16:28:00 -05:00
James Lee f158e421fa Add requires for pptp_tunnel 2013-06-28 10:07:52 -05:00
jvazquez-r7 3c1af8217b Land #2011, @matthiaskaiser's exploit for cve-2013-2460 2013-06-26 14:35:22 -05:00
jvazquez-r7 81a2d9d1d5 Merge branch 'module_java_jre17_provider_skeleton' of https://github.com/matthiaskaiser/metasploit-framework 2013-06-26 14:32:59 -05:00
jvazquez-r7 90b30dc317 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-26 14:31:52 -05:00
William Vu e4fb5b327f Land #2028, update references for multiple modules 2013-06-26 10:18:27 -05:00
Steve Tornio 6ea622c45e reference updates 2013-06-26 09:44:56 -05:00
jvazquez-r7 8d914a5a00 Land #2026, @egypt's patch for write_file on freebsd 2013-06-26 08:25:02 -05:00
sinn3r 88a42aeffe Land #2021 - Add SMTP open relay detection 2013-06-25 22:14:30 -05:00
sinn3r 7009748cf5 Fix module 2013-06-25 22:09:45 -05:00
jvazquez-r7 7ab4d4dcc4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 17:34:29 -05:00
James Lee 3e929fb812 Use fixed `write_file` instead of re-implementing 2013-06-25 17:25:14 -05:00
Bruno Morisson 2da278f151 fixed indent 2013-06-25 23:08:58 +01:00