2d09aa2a91
Landing #1709 .
2013-04-09 10:55:21 -05:00
65e5ed8950
Merge #1716 , version checker fix for UAC bypass
2013-04-09 09:00:30 -05:00
157f25788b
final cleanup for linksys_wrt54gl_apply_exec
2013-04-09 12:39:57 +02:00
b090495ffb
Landing pr #1703 , m-1-k-3's linksys_wrt54gl_apply_exec exploit
2013-04-09 12:38:49 +02:00
b93ba58d79
EDB, BID
2013-04-09 11:56:53 +02:00
e2b8d5ed23
Fix from David Kennedy, enable Windows 8 support
2013-04-09 02:07:40 -05:00
cbefc44a45
correct waiting
2013-04-08 21:40:50 +02:00
8a98b1af4a
Added command mode, plus fixed the dropping of payloads
2013-04-07 15:39:38 -07:00
955efc7009
final cleanup
2013-04-07 17:59:57 +02:00
9f89a996b2
final regex, dhcp check and feedback from juan
2013-04-07 17:57:18 +02:00
0e69edc89e
fixing use of regex
2013-04-07 11:39:29 +02:00
f482496795
Initial commit of an exploit module for the CVEs covered by APSB13-03.
...
Not complete but will currently get command execution on Coldfusion 9.x
instances with CSRF protection disabled
2013-04-06 20:08:50 -07:00
6a410d984d
adding get_config where I forgot
2013-04-06 19:13:42 +02:00
0c25ffb4de
Landing #1695 , agix's smhstart local root exploit
2013-04-06 17:32:12 +02:00
55302ee07f
Merge remote-tracking branch 'origin/pr/1695' into landing-pr1695
2013-04-06 17:30:02 +02:00
9a2f409974
first cleanup for linksys_wrt54gl_apply_exec
2013-04-06 01:05:09 +02:00
ecaaaa34bf
dlink diagnostic - initial commit
2013-04-05 19:56:15 +02:00
96b444c79e
ManualRanking
2013-04-04 17:40:53 +02:00
67f0b1b6ee
little cleanump
2013-04-04 17:33:46 +02:00
f07117fe7d
replacement of wrt54gl auxiliary module - initial commit
2013-04-04 17:30:36 +02:00
e4d901d12c
Space at EOL (msftidy)
2013-04-03 09:20:01 -05:00
b947dc71e9
english :) "must be"
2013-04-03 13:47:57 +02:00
60dfece55c
add opcode description
2013-04-03 13:46:56 +02:00
ce88d8473a
cleanup for netgear_dgn1000b_setup_exec
2013-04-03 12:44:04 +02:00
3c27678168
Merge branch 'netgear-dgn1000b-exec-exploit' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-netgear-dgn1000b-exec-exploit
2013-04-03 12:43:42 +02:00
a93ec3aea3
fix name
2013-04-03 10:40:52 +02:00
2ceecabede
make msftidy happy
2013-04-03 10:34:28 +02:00
91b0e5f800
netgear dgn2200b pppoe exec exploit - initial commit
2013-04-03 10:32:52 +02:00
642d8b846f
netgear_dgn1000b_setup_exec - initial commit
2013-04-02 14:41:50 +02:00
7f3c6f7629
netgear_dgn1000b_setup_exec - initial commit
2013-04-02 14:39:04 +02:00
1b27d39591
netgear dgn1000b mipsbe exploit
2013-04-02 14:34:09 +02:00
7359151c14
decrement esp to fix crash in the middle of shellcode
2013-04-02 13:25:31 +02:00
6a6fa5b39e
module filename changed
2013-04-02 10:50:50 +02:00
b3feb51c49
cleanup for linksys_e1500_up_exec
2013-04-02 10:49:09 +02:00
5e42b8472b
Merge branch 'linksys_e1500_exploit' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys_e1500_exploit
2013-04-02 10:48:28 +02:00
579c499f43
Juans SRVHOST check included
2013-04-02 07:50:51 +02:00
08ba2c70d3
update title and descr for mongod_native_helper
2013-04-01 21:44:08 +02:00
81bca2c45a
cleanup for mongod_native_helper
2013-04-01 21:35:34 +02:00
c386d54445
check SRVHOST
2013-04-01 18:12:13 +02:00
cc598bf977
Resolv a problem with mmap64 libc function and its unknown last argument
2013-04-01 17:38:09 +02:00
6b639ad2ee
add memcpy to the ropchain due to the zeroed mmap function under ubuntu
2013-04-01 14:13:19 +02:00
baf1ce22b3
increase mmap RWX size
2013-03-31 21:04:39 +02:00
6b896933dd
Merge branch 'fix_author_details' of github.com:m-1-k-3/metasploit-framework into m-1-k-3-fix_author_details
2013-03-31 13:14:47 -05:00
0f965ddaa3
waiting for payload download on linksys_e1500_more_work
2013-03-31 16:07:14 +02:00
30111e3d8b
hpsmh smhstart local exploit BOF
2013-03-31 13:04:34 +02:00
315abd8839
fix Privileged field
2013-03-30 19:39:01 +01:00
a46805d95d
description updated
2013-03-30 19:36:35 +01:00
c880a63e75
Added module for ZDI-13-049
2013-03-30 19:35:04 +01:00
1d6184cd63
fixed author details
2013-03-30 12:41:31 +01:00
cd8bc2f87d
description, blind exploitation info on cmd payload
2013-03-30 12:03:14 +01:00
b0a61adc23
juans feedback included
2013-03-30 11:43:10 +01:00
5fd996f775
added osvdb reference
2013-03-30 10:42:58 +01:00
3bf0046e3e
Merge branch 'hp_system_management' of https://github.com/agix/metasploit-framework into agix-hp_system_management
2013-03-30 10:42:06 +01:00
7965f54890
juans feedback included
2013-03-30 08:40:42 +01:00
607b1c5c14
little cleanup for e1500_up_exec
2013-03-29 23:16:13 +01:00
1b563ad915
stop_service
2013-03-29 22:38:06 +01:00
813ff1e61e
removed payload stuff
2013-03-29 22:32:57 +01:00
c5e358c9c3
compatible payloads
2013-03-29 20:54:35 +01:00
714fc83cfe
Merge branch 'Ra1NX_pubcall' of https://github.com/bwall/metasploit-framework into bwall-Ra1NX_pubcall
2013-03-29 19:58:06 +01:00
0164cc34be
msftidy, generate exe, register_file_for_cleanup
2013-03-29 19:00:04 +01:00
21ea1c9ed4
Merge branch 'Ra1NX_pubcall' of https://github.com/bwall/metasploit-framework into Ra1NX_pubcall
2013-03-29 13:29:38 -04:00
10d9e86b42
Renamed file to be all lower case
2013-03-29 13:29:05 -04:00
c55a3870a8
cleanup for hp_system_management
2013-03-29 18:02:23 +01:00
cfeddf3f34
cmd payload working, most feedback included
2013-03-29 14:43:48 +01:00
cd1820d769
trying to solve irc comm issues
2013-03-29 12:54:57 +01:00
6cf44d9c85
added a 3 message window for recieving the check response
2013-03-28 21:14:52 -04:00
29ad9939e1
cleanup for stunshell_eval
2013-03-28 15:11:20 +01:00
514aed404c
Merge branch 'STUNSHELL_eval' of https://github.com/bwall/metasploit-framework into bwall-STUNSHELL_eval
2013-03-28 15:10:57 +01:00
9b18eb858b
cleanup for stunshell_exec
2013-03-28 14:45:51 +01:00
a7a5569725
Merge branch 'STUNSHELL_exec' of https://github.com/bwall/metasploit-framework into bwall-STUNSHELL_exec
2013-03-28 14:45:28 +01:00
4a683ec9a4
Fix msftidy WARNING
2013-03-28 13:36:35 +01:00
139926a25b
Fix msftidy Warning
2013-03-28 13:22:26 +01:00
eec386de60
fail in git usage... sorry
2013-03-28 12:05:49 +01:00
4bcadaabc1
hp system management homepage DataValidation?iprange buffer overflow
2013-03-28 12:00:17 +01:00
69fb465293
Put gadgets in Target
2013-03-28 11:15:13 +01:00
dee5835eab
Create mongod_native_helper.rb
...
metasploit exploit module for CVE-2013-1892
2013-03-28 03:10:38 +01:00
ce9f11aeb3
Changed the targets to be more specific
2013-03-27 17:22:29 -04:00
f14d5ba8ec
Removed extra comma
2013-03-27 17:15:34 -04:00
2a60ef2d60
Renamed and fixed some code issues
2013-03-27 17:14:41 -04:00
cc92b54e83
Moved module and cleaned code
2013-03-27 17:03:18 -04:00
76fb6ff48f
Updated ranking
2013-03-27 16:41:35 -04:00
e25a06c649
delete comma
2013-03-27 21:33:58 +01:00
276e8f647b
Merge branch 'v0pCr3w' of https://github.com/bwall/metasploit-framework into bwall-v0pCr3w
2013-03-27 21:33:34 +01:00
5fc5a4f429
use target_uri
2013-03-27 20:45:34 +01:00
f29cfbf393
cleanup for v0pCr3w_exec
2013-03-27 20:38:11 +01:00
fd302d62b8
Removed testing code
2013-03-27 12:50:42 -04:00
dfd451f875
make msftidy happy
2013-03-27 17:46:02 +01:00
0109d81c95
fix typo
2013-03-27 17:39:18 +01:00
e042fd3697
first test of e1500 down and exec exploit
2013-03-27 17:09:17 +01:00
8fc67b5c4e
SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Execution
2013-03-27 15:01:46 +00:00
c225d8244e
Added module for CVE-2013-1493
2013-03-26 22:30:18 +01:00
f16c8094f9
Rex::Text.rand_text_alphanumeric for file name
2013-03-26 13:53:16 +00:00
ff7096782f
SAP /sap/bc/soap/rfc SOAP Service SXPG_COMMAND_EXEC Function Command Injection
2013-03-26 12:16:50 +00:00
1d95abc458
cleanup for joomla_comjce_imgmanager
2013-03-26 12:02:39 +01:00
9b3bbd577f
module moved to unix webapps
2013-03-26 12:02:08 +01:00
c4fcf85af2
Merge branch 'heyder-joomla' of https://github.com/heyder/metasploit-framework into heyder-heyder-joomla
2013-03-26 12:01:46 +01:00
a5346240de
Updated v0pCr3w_exec to use send_request_cgi
2013-03-26 01:33:30 -04:00
014c01099e
improve cleanup
2013-03-26 02:22:10 -03:00
56c07211a0
Merge branch 'actfax_raw_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-actfax_raw_bof
2013-03-25 11:56:15 -05:00
47e3d7de59
Merge branch 'bugs/RM7108-adobe_flash_mp4_cprt-add_resource_issue' of github.com:neinwechter/metasploit-framework into neinwechter-bugs/RM7108-adobe_flash_mp4_cprt-add_resource_issue
2013-03-25 11:46:37 -05:00
5218831167
Added license information and tidied up the code
2013-03-25 00:05:31 -04:00
e98a463de2
Added license information and tidied up code
2013-03-25 00:04:39 -04:00
e37fa3b40a
Added license information and tidied up code
2013-03-25 00:03:32 -04:00
6be88224bf
Added the license information and tidied up
2013-03-25 00:01:20 -04:00
0c169f94eb
correct some bad indent
2013-03-24 21:07:51 -03:00
d54687cb37
fix typo
2013-03-25 00:58:47 +01:00
26b43d9ed2
Added module for ZDI-13-050
2013-03-25 00:54:30 +01:00
50ac5cf247
Adjust payload size and others code adjustments
2013-03-24 20:25:29 -03:00
7e0b0ac092
Added STUNSHELL webshell remote command execution module
2013-03-24 15:18:08 -04:00
b23d259485
Added STUNSHELL webshell remote code evaluation[PHP] module
2013-03-24 15:16:45 -04:00
bbcf21ee24
Added v0pCr3w webshell remote command execution module
2013-03-24 15:13:42 -04:00
ca6ab7c8c2
Added Ra1NX pubcall authentication bypass exploit module
2013-03-24 14:59:27 -04:00
5bee1471df
many code adjustments
2013-03-22 23:07:08 -03:00
89c0e8c27e
Fix add_resource call in adobe_flas_mp5_cprt
2013-03-22 19:27:02 -04:00
6eaf995642
cleaning exploiting string
2013-03-22 21:48:02 +01:00
fd63283524
make msftidy happy
2013-03-22 21:46:12 +01:00
11754f271a
Merge branch 'mutiny_subnetmask_exec' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mutiny_subnetmask_exec
2013-03-22 13:05:16 -05:00
051e31c19f
Merge branch 'kingview_kingmess_kvl' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-kingview_kingmess_kvl
2013-03-22 13:00:38 -05:00
b5c65ad51b
add Joomla Component JCE File Upload Code Execution
2013-03-22 10:41:35 -03:00
bbff20fd65
cleanup for struts_code_exec_parameters
2013-03-21 22:17:47 +01:00
50c6a98530
Merge branch 'struts-param-rce' of https://github.com/Console/metasploit-framework into Console-struts-param-rce
2013-03-21 22:17:20 +01:00
cbccda10ca
fixing issue raised by @meatballs1
2013-03-21 20:58:40 +00:00
302193f98b
Various fixes and improvements
...
Chunk_length now varies according to targeturi and parameter
A few typographical inconsistences corrected
CMD option removed as its not being used
custom http request timeout removed
2013-03-21 19:03:39 +00:00
8027615608
fixed comments left in by accident
2013-03-21 16:43:44 +00:00
4edf5260f4
check function now tells user about delay
2013-03-21 16:40:45 +00:00
a714b430ca
used normalize_uri
2013-03-21 14:05:08 +00:00
5c9bec1552
commit fix branch for Console-struts-RCE
2013-03-21 13:40:16 +00:00
cd58a6e1a1
cleanup for nagios_nrpe_arguments
2013-03-20 19:22:48 +01:00
26dec4eb8f
last cleanup for sami_ftpd_list
2013-03-19 21:32:05 +01:00
42efe5955b
Merge branch 'osvdb-90815' of https://github.com/dougsko/metasploit-framework into dougsko-osvdb-90815
2013-03-19 21:31:46 +01:00
b19c51aa81
cleanup for sami_ftpd_list
2013-03-19 19:04:14 +01:00
e2a9245b08
Changed target to Windows XP
2013-03-19 13:20:23 -03:00
0c0d15024a
No tabs for these
2013-03-19 08:39:47 -05:00
21e9f7dbd2
Added module for CVE-2013-1362
...
Module exploits a shell code metacharacter escaping vulnerability in
poorly configured Nagios Remote Plugin Executor installations.
2013-03-19 01:43:46 -07:00
fb90a1b497
Uses IP address length in offset calculation
2013-03-18 16:18:04 -03:00
4aab1cc5df
delete debug code
2013-03-18 16:28:39 +01:00
dffec1cd41
added module for cve-2012-4914
2013-03-17 21:12:40 +01:00
3d92d6e977
removed the handler call
2013-03-15 16:48:53 -04:00
a96283029e
made payload size a little smaller
2013-03-15 16:08:43 -04:00
8b5c782b54
changed Platform from Windows to win
2013-03-15 15:13:52 -04:00
8f4b3d073a
Explicitly set EXITFUNC to thread
2013-03-15 14:52:39 -04:00
e9af05a178
made recommended changes
2013-03-15 11:35:12 -04:00
4bb64a0f41
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-14 16:10:10 -04:00
bbbf395659
got everything working and cleaned up
2013-03-14 16:02:41 -04:00
d8f46e3df4
Merge branch 'module/fb_cnct_target_214' of https://github.com/zeroSteiner/metasploit-framework into zeroSteiner-module/fb_cnct_target_214
2013-03-14 16:27:58 +01:00
6ccfa0ec18
cleanup for dreambox_openpli_shell
2013-03-14 15:02:21 +01:00
9366e3fcc5
last adjustment
2013-03-14 11:18:52 +01:00
0140caf1f0
Merge branch 'master' of git://github.com/rapid7/metasploit-framework into openpli-shell
2013-03-14 10:55:52 +01:00
1f7b2a8e9f
minor edits
2013-03-13 17:48:37 -04:00
fa5c988110
got sami_ftpd_list.rb working
2013-03-13 17:27:02 -04:00
456e4449e5
definitely the free trial of 6.53 is also vulnerable
2013-03-13 20:29:07 +01:00
5345af87f2
better description according to advisory
2013-03-13 20:25:13 +01:00
5339c6f76e
better target description according to advisory
2013-03-13 20:23:22 +01:00
50083996ff
better target description
2013-03-13 20:13:09 +01:00
a2755820cb
Added module for CVE-2012-4711
2013-03-13 20:07:58 +01:00
458ffc1f19
Add a target for Firebird 2.1.4.18393
2013-03-13 13:44:28 -04:00
6da4c53191
Merge remote-tracking branch 'jvazquez-r7/netcat_gaping' into rapid7
...
[Closes #1576 ]
2013-03-11 16:02:49 -05:00
2f95d083e8
Updating URL for Honewell EBI exploit
2013-03-11 13:35:58 -05:00
23972fbebc
Merge branch 'release'
2013-03-11 13:08:30 -05:00
d81d9261e7
Adding Honeywell exploit.
2013-03-11 13:03:59 -05:00
4852f1b9f7
modify exploits to be compatible with the new netcat payloads
2013-03-11 18:35:44 +01:00
8b5a83c7f5
Remove the DECODER option
2013-03-08 15:25:16 -05:00
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
64398d2b60
deleting some commas
2013-03-07 21:34:51 +01:00
ab44e3e643
cleanup for fb_cnct_group
2013-03-07 21:34:07 +01:00
25db782b03
change print location
2013-03-07 19:15:40 +01:00
fdd7c375ad
added linux native target
2013-03-07 19:12:25 +01:00
398d13e053
Initial commit of the Firebird CNCT Group Number Buffer Overflow.
2013-03-07 09:51:05 -05:00
03f3b06ccb
added module for cve-2012-3001
2013-03-07 14:23:13 +01:00
b65f410048
Updates the description
2013-03-06 16:37:41 -06:00
fee07678dd
Rename module to better describe the bug.
2013-03-06 16:33:41 -06:00
79d3597d31
That's not a real check...
2013-03-06 16:32:53 -06:00
16d7b625bc
Format cleanup
2013-03-06 16:31:39 -06:00
7219c7b4aa
Merge branch 'codesys_gateway_server_remote_execution.rb' of github.com:nahualito/metasploit-framework into nahualito-codesys_gateway_server_remote_execution.rb
2013-03-06 16:15:24 -06:00
aa5c9461ae
Fixed more styling issues, EOL, tabs and headers
2013-03-06 10:50:31 -08:00
437d6d6ba6
Fixed EOL, bad indent, added header, removed #!/usr/env/ruby
2013-03-06 10:44:29 -08:00
af9982e289
Merge branch 'codesys_gateway_server_remote_execution.rb' of github.com:nahualito/metasploit-framework into nahualito-codesys_gateway_server_remote_execution.rb
2013-03-06 12:11:58 -06:00
aa3a54fba0
Added CoDeSyS Gateway.exe Server remote execution via arbitrary file creation
2013-03-06 09:29:28 -08:00
c0689a7d43
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-03-04 12:14:33 -06:00
7fa24d9060
Module rename
2013-03-04 10:54:33 -06:00
59b5e8e688
Merge branch 'setuid_tunnelblick' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-setuid_tunnelblick
2013-03-04 10:53:31 -06:00
12247d47ba
Rename module, sorry, no pull request.
2013-03-04 10:46:05 -06:00
a980bf0ef6
minor fixes
2013-03-03 19:54:17 +01:00
248481f195
fixed EOF
2013-03-03 19:52:31 +01:00
81e2dbc71e
added module for CVE-2012-3485
2013-03-03 19:48:12 +01:00
76180f22fc
added module for cve-2012-4284
2013-03-03 13:23:21 +01:00
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
abdcde06cd
Fix polarcms_upload_exec exploit
2013-02-25 22:58:26 -08:00
181e3c0496
Uses normalize_uri
2013-02-25 19:36:48 -06:00
1ed74b46be
Add CVE-2013-0803
...
From:
http://dev.metasploit.com/redmine/issues/7691
2013-02-25 14:14:57 -06:00
f3f913edc5
Correct bad naming style
2013-02-25 13:29:27 -06:00
690e7ec8a7
Uses normalize_uri
2013-02-25 13:28:00 -06:00
b930613653
Merge branch 'kordil-edms-upload-exec' of github.com:bcoles/metasploit-framework into bcoles-kordil-edms-upload-exec
2013-02-25 12:43:50 -06:00
5fe2c26d82
Merge branch 'bcoles-glossword_upload_exec'
2013-02-25 12:41:05 -06:00
52241b847a
Uses normalize_uri instead of manually adding a slash
2013-02-25 12:20:37 -06:00
1446992253
Merge jvazquez-r7's java exploit
2013-02-25 07:19:12 -06:00
d7c0ce4e4a
Fix 'check()' in glossword_upload_exec
2013-02-25 15:52:07 +10:30
1f46b3aa02
Add Glossword Arbitrary File Upload Vulnerability exploit
2013-02-25 01:59:46 +10:30
2b65cfa5ab
Minor changes
2013-02-22 21:02:19 -06:00
1623877151
Merge branch 'MS13-009' of github.com:jjarmoc/metasploit-framework into jjarmoc-MS13-009
2013-02-22 20:58:42 -06:00
002654317c
Add Kordil EDMS File Upload Vulnerability exploit
2013-02-22 23:32:17 +10:30
5b16e26f82
change module filename
2013-02-21 20:05:13 +01:00
b4f4cdabbc
cleanup for the module
2013-02-21 20:04:05 +01:00
1913d60d65
multibrowser support
2013-02-21 01:13:25 +01:00
bf216cca5c
description and references updated
2013-02-20 18:14:53 +01:00
d7b89a2228
added security level bypass
2013-02-20 17:50:47 +01:00
d88ad80116
Added first version of cve-2013-0431
2013-02-20 16:39:53 +01:00
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
9d4a3ca729
Fix a typo that broke this module against x64
...
[SeeRM #7747 ]
2013-02-19 19:22:42 -06:00
37634a9e60
Merge branch 'hp_vsa_exec_9' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_vsa_exec_9
2013-02-19 12:36:39 -06:00
189558b862
Merge branch 'openemr_upload_exec' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-openemr_upload_exec
2013-02-19 12:25:00 -06:00
5108e8ef1c
Correct tab
2013-02-19 11:44:41 -06:00
b2664e04fb
Merge branch 'bigant_server_dupf_upload' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-bigant_server_dupf_upload
2013-02-19 11:42:04 -06:00
9813c815ef
Minor changes
2013-02-19 11:40:06 -06:00
553d7abe43
Merge branch 'bigant_server_sch_dupf_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-bigant_server_sch_dupf_bof
2013-02-19 11:26:47 -06:00
416a7aeaa3
make msftidy happy for s4u_persistence
2013-02-18 15:23:06 +01:00
be0feecf8f
Merge branch 's4u_persistence' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-s4u_persistence
2013-02-18 15:22:37 +01:00
25f8a7dcb9
Fix expire tag logic and slight clean up
...
Was a dumbass again and didn't fully understand how Optints worked when left blank at run time. If not 0 the expire tag will be inserted now. Also made it print the xpath if used because I believe it will be of value to the user for trouble shooting.
2013-02-17 22:35:52 -05:00
322fa53d49
fix typo
2013-02-17 20:29:41 +01:00
31a3a374c3
Added module for CVE-2012-6274
2013-02-17 20:25:39 +01:00
1a2a0bc38e
Added module for CVE-2012-6275
2013-02-17 20:21:45 +01:00
a8d574e4ce
Updated one print_status
2013-02-17 14:08:33 -05:00
3ab5585107
make msftidy happy
2013-02-16 20:49:32 +01:00
121a736e28
initial commit
2013-02-16 20:42:02 +01:00
6b1bb9e1e8
Added module for OSVDB 90222
2013-02-16 13:11:46 +01:00
221ce22f53
make msftidy happy
2013-02-15 19:01:58 +01:00
ade2c9ef56
msftidy - fix line endings.
2013-02-14 11:42:02 -06:00
4c90cacffe
Send iframe when URIPATH isnt '/'
2013-02-14 11:23:08 -06:00
947aa24d44
MS13-009 / CVE-2013-0025 ie_slayout_uaf.rb by Scott Bell
2013-02-14 11:18:19 -06:00
7b2c1afadb
I'm an idiot, fix logon xpath
2013-02-14 09:16:47 -05:00
e78cbdd14d
missed one line
2013-02-13 18:17:38 -05:00
bbf8fe0213
Use Post::File methods and fail_with
2013-02-13 18:10:05 -05:00
4074a12fd7
Randomize some gadgets
2013-02-13 14:12:52 -06:00
f58cc6a2e0
more fix version info
2013-02-12 18:51:04 +01:00
96b1cb3cfb
fix version info
2013-02-12 18:50:36 +01:00
69267b82b0
Make stable #1318 foxit reader exploit
2013-02-12 18:44:19 +01:00
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
9040fcd5ae
Merge branch 'darkoperator-post2localexploit' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-post2localexploit
2013-02-12 01:52:05 +01:00
42a6d96ff4
using Post::File methods plus little more cleanup
2013-02-12 01:33:07 +01:00
97edbb7868
using always a vbs file to drop exe
2013-02-12 00:58:26 +01:00
5edb138a8f
fixed nil issue
2013-02-11 11:51:33 -04:00
3a499b1a6d
added s4u_persistence.rb
2013-02-10 14:22:36 -05:00
17b349ab50
added crash to comments
2013-02-09 17:49:57 +01:00
5b576c1ed0
fix ident and make happy msftidy
2013-02-09 17:40:45 +01:00
fea84cad10
Fix additional typos per recomendation
2013-02-08 14:47:16 -04:00
5b3b0a8b6d
Merge branch 'dmaloney-r7-http/auth_methods' into rapid7
2013-02-08 12:45:35 -06:00
b8f0a94c3f
Fixed typos mentioned by Egypt
2013-02-08 14:42:10 -04:00
98457c0a4d
Merge branch 'sonicwall_gms' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-sonicwall_gms
2013-02-08 19:18:57 +01:00
9b6f2fcd1d
Use the install path to tell us the separator
...
Fixes the java target on windows victims
2013-02-08 12:10:42 -06:00
5b398076ae
Couple of fixes for windows
...
* Catch IOError when chmod doesn't exist (i.e. Windows)
* Proper escaping for paths
2013-02-08 11:52:50 -06:00
071df7241b
Merge branch 'rapid7' into sonicwall_gms
...
Conflicts:
modules/exploits/multi/http/sonicwall_gms_upload.rb
Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
1f9a09d5dd
Add a method to upload and exec in one step
2013-02-07 21:09:32 -06:00
0ad548a777
I expect people to know what a share is.
2013-02-07 19:16:44 -06:00
9415e55211
Merge branch 'feature/rm5455-patch-smb_relay' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm5455-patch-smb_relay
2013-02-07 19:12:58 -06:00
c131b7ef0e
Added exception handing and return checking as requested by Sinn3r
2013-02-07 21:06:05 -04:00
19e989dff9
Initial commit fo the migrated module
2013-02-07 19:11:44 -04:00
13d1045989
Works for java and native linux targets
2013-02-07 16:56:38 -06:00
b6c6397da3
typo
2013-02-06 19:21:20 -06:00
1095fe198b
Merge branch 'rapid7' into dmaloney-r7-http/auth_methods
2013-02-06 16:57:50 -06:00
0186e290d3
Merge branch 'ovftool_format_string_fileformat' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_fileformat
2013-02-05 15:13:51 -06:00
b706af54a0
Merge branch 'ovftool_format_string_browser' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_browser
2013-02-05 15:12:24 -06:00
80a8bab02f
Correct the CVE reference
2013-02-05 10:37:24 -06:00
42912bf286
Merge branch 'jjarmoc-rails_methods' of github.com:jjarmoc/metasploit-framework into jjarmoc-jjarmoc-rails_methods
2013-02-04 16:50:01 -06:00
44d4e298dc
Attempting to cleanup winrm auth
2013-02-04 15:48:31 -06:00
9b30e354ea
Updates HTTP_METHOD option to use OptEnum.
2013-02-04 15:32:36 -06:00
45db43d2b3
Merge branch 'msftidy/no-twitter-handles' of github.com:todb-r7/metasploit-framework into todb-r7-msftidy/no-twitter-handles
2013-02-04 14:21:40 -06:00
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
2c3de43f4b
datastore opts cleanup
...
cleanuo digestauth datastore options in modules
2013-02-04 12:10:44 -06:00
9ce5f39bc6
added migrate as initial script
2013-02-04 16:42:56 +01:00
e0d4bb5799
Added module for cve-2012-3569, browser version
2013-02-04 16:37:42 +01:00
135718a97b
Added module for cve-2012-3569, fileformat version
2013-02-04 16:36:33 +01:00
4c8811bb8a
Add a debug target
2013-02-03 23:24:44 -06:00
191eed88bc
Fix liberal matching expression on target
2013-02-03 21:50:03 -06:00
9379c68e51
Fix typo, auto-fingerprint, unconnected sockets
2013-02-03 21:23:05 -06:00
42c8a2d265
Add VU and blog references
2013-02-03 18:17:51 -06:00
c24da99104
Update authors, add Richard (thanks!)
2013-02-03 18:13:28 -06:00
9e491f0b1c
Add a fingerprint string and more comments
2013-02-03 18:03:32 -06:00
1f227243b8
Make it clear BadChars are ignored
2013-02-03 17:54:25 -06:00
214a60aa01
iFix spacing
2013-02-03 17:52:33 -06:00
94953d0450
Fix idents from copypasta
2013-02-03 17:48:13 -06:00
975230c9e7
Add the first module for unique_service_name()
2013-02-03 17:46:20 -06:00
ffb88baf4a
initial module import from SV rev_ssl branch
2013-02-03 15:06:24 -05:00
e8def29b4f
Dropping all twitter handles
...
Also adds "pbot" as an accepted lowercase word. This will come up pretty
routinley for functions and stuff.
2013-02-01 16:33:52 -06:00
027ba28e70
Merge branch 'jvazquez-r7-datalife_template'
2013-02-01 16:27:18 -06:00
a63cf6977c
Fix 1.8 support
2013-02-01 14:39:32 -06:00
bf7bb9952e
added template stuff improve
2013-02-01 11:53:42 +01:00
de8572d934
Use normalize_uri for URI
2013-01-31 16:57:48 -06:00
70b252dc7b
Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2
2013-01-31 22:32:50 +01:00
1a01d6d033
Fix scrutinizer checks
2013-01-31 14:48:54 -06:00
5332e80ae9
Fix errant use of .to_s instead of .path
2013-01-31 14:18:42 -06:00
b2ce9302c6
uri normalization in the old way
2013-01-31 16:59:49 +01:00
365e1b0557
added module for cve-2013-1412
2013-01-31 16:09:14 +01:00
4de5e475c3
Fix check
2013-01-31 02:15:50 -06:00
66ca906bfb
This is a string, not a variable
2013-01-31 01:56:05 -06:00
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
ec0db66fcb
Merge branch 'patch-2' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-2
2013-01-30 12:36:53 -06:00
09fd224763
Merge branch 'patch-1' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-1
2013-01-30 12:33:40 -06:00
aaf18f0257
EOL whitespace, yo.
2013-01-29 14:22:30 -06:00
deb9385181
Patch for smb_relay.rb to allow the share written to, to be defined in an option
...
As described in Redmine Feature #5455
2013-01-29 15:19:35 -05:00
6002e35460
Merge pull request #1397 from wchen-r7/target_uri_fix
...
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
55600ce276
Update modules/exploits/multi/http/rails_xml_yaml_code_exec.rb
...
Remove unecessary include. Tested against rails 3.2.10.
2013-01-29 11:46:02 -06:00
929814dabf
Update modules/exploits/multi/http/rails_json_yaml_code_exec.rb
...
Removes unnecessary include. Tested on 3.0.19 and 2.3.15.
2013-01-29 11:04:20 -06:00
38785015e1
Missing period in description
2013-01-28 23:08:53 -06:00
464d048eca
Remove debugging print
2013-01-28 22:25:57 -06:00
dc19968555
Minor cleanups
2013-01-28 22:21:03 -06:00
c0757ce905
Add support for 2.x
2013-01-28 21:41:15 -06:00
92c736a6a9
Move fork stuff out of exploit into payload mixin
...
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
ee2579607a
Working against 3.0.19
2013-01-28 21:05:14 -06:00
690ef85ac1
Fix trailing slash problem
...
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.
Related to: [SeeRM: #7727 ]
2013-01-28 13:19:31 -06:00
044fefd02a
Initial support for Java target
...
Still some debugging junk, needs some more love.
2013-01-28 00:02:26 -06:00
49aac302e6
normalize_uri() breaks URI parsing
...
Please see: http://dev.metasploit.com/redmine/issues/7727
2013-01-26 22:57:01 -06:00
3faf4b3aca
adding sinn3r as author
2013-01-24 18:13:30 +01:00
f1f8782a5d
Merge branch 'payload_inject.rb' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-payload_inject.rb
2013-01-24 18:13:00 +01:00
2cedcad810
Check PID
2013-01-24 10:46:23 -06:00
1bccc410a3
Merge branch 'module-movabletype_upgrade_exec' of https://github.com/kacpern/metasploit-framework into kacpern-module-movabletype_upgrade_exec
2013-01-24 15:02:48 +01:00
ba41ee9c83
- applied all the changes from #1363
...
- some extra escaping for the sake of it
- removed the timeout in http_send_raw
2013-01-24 13:15:42 +00:00
96d0b13de2
Merge branch 'excellentrankings' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-excellentrankings
2013-01-24 13:00:01 +01:00
3146b7ce77
Change default target
...
ExcellentRanking requires the module to auto-target. If the payload
is universal, that works too.
2013-01-23 23:40:47 -06:00
0c0f4a3e66
Lower ranking because they cannot auto-target
...
In order to be qualified as ExcellentRanking, auto-target is a must,
or the module has to default to a payload that's universal for
multiple platforms. Otherwise you're wasting time in Pro.
2013-01-23 23:35:31 -06:00
75f3a62ac4
Explain why we need this empty on_new_session
2013-01-23 16:43:36 -06:00
9c3e9f798f
Lower the ranking, because it cannot auto-target.
...
When it's excellent, Pro will fire this first, and that will only
generate more traffic than actually popping a shell.
2013-01-23 16:39:24 -06:00
53599e4c45
It's better to have a version # in the title, easier to find
2013-01-23 16:32:57 -06:00
d1736b8880
Merge branch 'sonicwall_upload' of github.com:julianvilas/metasploit-framework into julianvilas-sonicwall_upload
2013-01-23 16:32:06 -06:00
ad108900d5
Why yes I know it's a module
2013-01-23 16:23:41 -06:00
22f7619892
Improve Carlos' payload injection module - See #1201
...
Lots of changes, mainly:
* Description update
* Avoid accessing protected methods
* More careful exception & return value handling
2013-01-23 16:15:14 -06:00
e93b7ffcaf
Add Carlos Perez's payload injection module
...
See #1201
2013-01-23 14:07:48 -06:00
f50c7ea551
A version number helps deciding which exploit to use
2013-01-23 11:43:39 -06:00
a1f8da9ff6
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-01-23 11:41:35 -06:00
ca144b9e84
msftidy fix
2013-01-23 11:40:12 -06:00
dd0fdac73c
fix indent
2013-01-23 18:19:14 +01:00
c47392f5d1
normalize_uri and path fix
2013-01-23 16:57:30 +00:00
ff875d04e0
- RPATH changed to TARGETURI
...
- both CVE numbers referenced
- sightly changed exception handling
2013-01-23 16:50:35 +00:00
8bcf4a86ef
Update modules/exploits/multi/browser/java_jre17_method_handle.rb
...
Wrong reference type (URL instead of OSVDB)
2013-01-23 17:14:53 +01:00
a3fa7cc6bc
adjusted disclosure date
2013-01-23 12:49:08 +00:00
e78174297e
assuring stdapi loads on meterpreter
2013-01-23 12:44:55 +01:00
5d6ca30422
removed spaces at EOL
2013-01-23 10:33:55 +00:00
17d1c9f996
- expanded description
...
- updated references
2013-01-23 10:29:11 +00:00
9c9a0d1664
Added module for cve-2012-0432
2013-01-23 10:51:29 +01:00
8819059499
Merge branch 'zoneminder_packagecontrol_exec' of github.com:bcoles/metasploit-framework into bcoles-zoneminder_packagecontrol_exec
2013-01-22 14:41:40 -06:00
807bd6e88a
Merge branch 'java_jre17_glassfish_averagerangestatisticimpl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_glassfish_averagerangestatisticimpl
2013-01-22 15:33:39 +01:00
c498930644
Merge branch 'java_jre17_method_handle' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_method_handle
2013-01-22 15:33:07 +01:00
8a59c7b8fb
removed extra print_status() calls
2013-01-22 12:31:40 +00:00
970591a85f
Add ZoneMinder arbitrary command execution exploit
2013-01-22 22:56:50 +10:30
08a5f467b1
added URL for developer site
2013-01-22 12:14:38 +00:00
cd29a88c18
added Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
2013-01-22 11:58:24 +00:00
eb92070df8
added module for CVE-2013-1359
2013-01-22 01:54:41 +01:00
967c04e727
finally it doesn't use FileDropper atm
2013-01-20 19:54:24 +01:00
76edbb9e1c
Merge branch 'module-jenkins-script-console' of https://github.com/zeroSteiner/metasploit-framework into zeroSteiner-module-jenkins-script-console
2013-01-20 19:53:44 +01:00
Tod Beardsley
jvazquez-r7
m-1-k-3
HD Moore
Jon Hart
agix
sinn3r
bwall
nmonkee
heyder
bwall
Nathan Einwechter
Console
dougsko
Joel Parish
Spencer McIntyre
James Lee
Enrique A. Sanchez Montellano
David Maloney
Joe Rozner
bcoles
Thomas McCarthy
Jeff Jarmoc
smilingraccoon
Carlos Perez
RageLtMan
lmercer
Tod Beardsley
Kacper Nowak
booboule
Julian Vilas