e3384439ed
64-bit, not '64 bits'
2013-05-13 15:40:17 -05:00
d37d211ecc
Fix short escape sequences error
2013-05-09 17:29:55 -05:00
b18a98259b
Modify default rport
2013-05-09 16:24:54 -05:00
3e1d1a3f98
Land #1659 , @nmonkee's sap_soap_rfc_eps_delete_file module
2013-05-09 16:22:54 -05:00
7b960a4f18
Add OSVDB reference
2013-05-06 00:54:00 -05:00
a17062405d
Clean up for sap_soap_rfc_eps_delete_file
2013-05-06 00:53:07 -05:00
5adc2879bf
Change module filename
2013-05-06 00:51:23 -05:00
66a5eb74c5
Move file to auxiliary/dos/sap
2013-05-06 00:50:50 -05:00
a09b3b8023
Lands #1169 - Adds a check
...
[Closes #1169 ]
Conflicts:
modules/auxiliary/dos/http/apache_range_dos.rb
2013-04-22 15:50:15 -05:00
882b084cba
Changes the default action
2013-04-22 15:47:38 -05:00
7e28a4ddb0
Uses "ACTIONS" keys instead of datastore options
...
It's better to use ACTIONS instead of datastore in this case. Also,
did some cleanup.
2013-04-22 15:41:47 -05:00
225342ce8f
final cleanup for sysax_sshd_kexchange
2013-04-08 20:28:37 +02:00
5bc454035c
Merge remote-tracking branch 'origin/pr/1710' into landing-pr1710
2013-04-08 20:20:11 +02:00
f96baa7e7e
Code Review Feedback
...
made the CLIENTVERSION always include the "SSH-2.0-OpenSSH_5.1p1 " to trigger DoS
2013-04-08 10:58:35 -04:00
4c8e19ad1a
Added reference
...
Removed final debug print statement
2013-04-08 08:28:53 -04:00
9086c53751
Not an HttpClient, so doesn't have normalize_uri
...
[FixRM #7851 ]
2013-03-28 13:16:21 -05:00
fd5bd52e6d
Added some error handling if the connection dies.
2013-03-18 17:26:40 -04:00
66dcbca562
Sysax Multi-Server SSHD DoS
...
This exploit affects Sysax Multi-Server version 6.10. It causes a
Denial of Service by sending a specially crafted Key Exchange, which
causes the service to crash.
2013-03-18 17:16:12 -04:00
02f90b5bbd
cleanup for dopewars
2013-03-14 15:53:19 +01:00
4d9f2bbb06
Merge branch 'master' of https://github.com/dougsko/metasploit-framework into dougsko-master
2013-03-14 15:51:47 +01:00
2f11796dfa
Fix typo
...
[SeeRM #7800 ]
2013-03-13 16:10:20 -05:00
22133ba8ff
removed version number
2013-03-12 16:36:14 -04:00
70da739666
fixed errors in dopewars.rb shown by msftidy
2013-03-12 15:47:31 -04:00
c8c50a6407
cleaned up dopewars module
2013-03-12 12:56:12 -04:00
a199c397e4
...
2013-03-11 17:09:17 -04:00
4d6e19b40b
small edits to dopewars.rb
2013-03-11 17:07:05 -04:00
0e607f8252
added dopewars module
2013-03-11 16:52:49 -04:00
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
781132b1cf
cleanup for openssl_aesni
2013-03-05 22:41:16 +01:00
867875b445
Beautified OpenSSL-AESNI module
...
Modifed the CVE-2012-2686 module to follow
suggestions by @jvazquez-r7:
* Added description for all fields in the
SSL packets
* MAX_TRIES now required
* use get_once instead of timeout
2013-03-04 19:09:50 +01:00
e7015985e7
Added CVE-2012-2686
...
Added Module for a DoS issue in OpenSSL (pre 1.0.1d). Can be exploited
with services that use TLS >= 1.1 and AES-NI. Because of improper
length computation, an integer underflow occurs leading to a
segmentation fault. This module brute-forces serveral encrypted
messages - when the decrypted message coincidentally specifies a
certain value for the size, the integer underflow occurs. Though this
could be accomplished more effectively (e.g. implementing or
maninpulating and TLS implementation), this module still does what it
should do.
2013-02-27 22:57:53 +01:00
92093cd7d8
There's no HttpClient, so it shouldn't be using normalize_uri
2013-02-19 15:04:18 -06:00
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
e4a6669927
msftidy: remove $Revision$
2013-01-03 01:05:45 +01:00
4d8a2a0885
msftidy: remove $Revision$
2013-01-03 01:01:18 +01:00
95948b9d7c
msftidy: remove $Revision$
2013-01-03 00:58:09 +01:00
ca890369b1
msftidy: remove $Id$
2013-01-03 00:54:48 +01:00
1714fa21b1
adjusted DOS part to use HttpClient
2012-12-17 15:46:39 +01:00
a48c14124b
added CHECK functionality to the existing module
2012-12-13 16:54:50 +01:00
64a8b59ff9
Change CVE forma
...
Although the original text should work perfectly, for better
consistency, it's best to remove the "CVE" part. This may not
be a big deal in framework, but stands out a lot in Pro.
2012-12-09 01:09:21 -06:00
93a69ea62e
Fix instances of invalid lower-case datastore use
2012-11-29 00:05:36 -06:00
6b4c131cf5
Avoiding a future conflict with release
2012-11-20 13:24:19 -06:00
e8fe6031e9
Let default timeout for send_request_cgi
2012-11-16 18:09:47 +01:00
51f238ec38
up to date
2012-11-16 16:03:09 +01:00
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
2c4273e478
Correct some modules with res nil
2012-10-29 04:41:30 -05:00
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
39e81d3e53
Arch/Platform cleanup: aux modules need neither
2012-10-22 20:28:02 +02:00
f75ff8987c
updated all my authour refs to use an alias
2012-09-19 21:46:14 -05:00
Tod Beardsley
jvazquez-r7
sinn3r
Matt Andreko
James Lee
Doug P
Wolfgang Ettlinger
sinn3r
Tod Beardsley
Christian Mehlmauer
T0X1C-1
HD Moore
Chris John Riley
Michael Schierl
David Maloney