54233e9fba
Better entropy
2013-04-26 17:46:43 +01:00
c8da13cfa0
Add some entropy in request
2013-04-26 17:34:17 +01:00
2fa16f4d36
Rewrite relative script URLs to be absolute.
...
* Adds rescue clauses around URI parsing/pulling
* Actually use the URI_PATH datastore option.
2013-04-26 11:25:20 -05:00
a043d3b456
Fix auth check and cookie handling
2013-04-26 17:10:24 +01:00
025315e4e4
Move to http
2013-04-26 15:42:26 +01:00
9ad19ed2bf
Final tidyup
2013-04-26 15:41:28 +01:00
99b46202b9
Do final cleanup for sap_configservlet_exec_noauth
2013-04-26 08:45:34 -05:00
308b880d79
Land #1759 , @andrewkabai's exploit for SAP Portal Command Execution
2013-04-26 08:44:11 -05:00
c7ac647e4e
Initial attempt lfi
2013-04-26 14:32:18 +01:00
5839e7bb16
simplify code
2013-04-26 12:14:42 +02:00
4aadd9363d
improve description
2013-04-26 12:13:45 +02:00
2a41422276
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-25 20:24:17 -05:00
f3f60f3e02
Fixes P/P/R for target 0 (BadBlue 2.72b)
...
Target 1, which covers 2.72b, uses an invalid P/P/R from some unknown
DLL, and appears to be broken. Because 2.72b actually uses the same
ext.dll as BadBlue EE 2.7 (and that target 0 actually also works
against 2.72b), we might as well just use the same P/P/R again.
[FixRM #7875 ]
2013-04-25 20:20:24 -05:00
bf0375f0e9
Fix @jlee-r7's feedback
2013-04-25 18:43:21 -05:00
8eea476cb8
Build the jnlp uri when resource is available
2013-04-25 18:43:21 -05:00
cc961977a2
Add bypass for click2play
2013-04-25 18:43:21 -05:00
9b5e96b66f
Fix @jlee-r7's feedback
2013-04-25 14:53:09 -05:00
52b721c334
Update description
2013-04-25 14:47:35 -05:00
84e9f80ffa
Add check for WP-Super-Cache
2013-04-25 14:43:16 -05:00
9dd9b2d1ba
implement cleanup functionality
...
register DELETE_FILES advanced option to take control of the cleanup
functionality of CmdStagerVBS and FileDropper, implement the necessary
changes
2013-04-25 20:02:24 +02:00
15c8d92148
Fix version checked and add reference
2013-04-25 12:48:36 -05:00
a28ef1847b
update references
2013-04-25 18:26:13 +02:00
993356c73e
Add safari webarchive uxss to framework as an aux module.
2013-04-25 11:14:16 -05:00
7bf4aa317f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-25 10:31:51 -05:00
b67fcd3219
Add OSVDB ref to sap_configservlet_exec_noauth
2013-04-25 08:13:32 -05:00
7d317e5933
Switch from post to get on check
2013-04-25 07:51:28 -05:00
d55faa14d3
Add check function
2013-04-25 07:44:37 -05:00
676f2f5f4a
implement "check" functionality
2013-04-25 07:47:30 +02:00
3b46d5d4cd
fix typos
2013-04-25 07:22:16 +02:00
2759ef073e
correction on error handling
2013-04-25 07:19:27 +02:00
6b14ac5e71
add rank to module
2013-04-25 07:07:35 +02:00
51fd07a145
Add BID reference
2013-04-24 21:48:05 -05:00
378c2079a2
Add hdm also as author
2013-04-24 17:37:29 -05:00
b816dd569c
Update description
2013-04-24 17:34:25 -05:00
573e880a62
Use the correct post id when posting
2013-04-24 17:30:24 -05:00
ded0269ba0
Add POST ID bruteforcing capabality
2013-04-24 17:21:36 -05:00
fca4c3b8b2
Add sha1 sum check to allow execution
2013-04-24 16:10:49 -05:00
d2e29b846c
Add module for Wordpress Total Cache PHP Injection
2013-04-24 15:29:40 -05:00
f22d19a10c
remove unused code block
...
ARCH_CMD was implemented in previous version of this code.
2013-04-24 21:51:35 +02:00
38e41f20fe
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-24 13:24:13 -05:00
0339be229a
implement dynamic timeout handling
2013-04-24 18:22:37 +02:00
6f8fc81497
improve error handling
2013-04-24 17:59:11 +02:00
2b4144f20f
Add module for US-CERT-VU 345260
2013-04-24 10:47:16 -05:00
57113bee80
fine correction
...
add license
remove one unnecessary tab to make msftidy happy
2013-04-24 15:07:32 +02:00
6485124cdf
fix module name
2013-04-24 10:54:52 +02:00
358b8934bf
clarify description
2013-04-24 10:31:40 +02:00
00e6eeca54
implement command line magick to prevent bad char usage
...
commas in the HTTP queries are not allowed but the VBS stager contains
some, therefore it was necessary to find a way to echo out commas
without directly use them.
thanks to Laszlo Toth to help me figure out this windows command line
trick.
2013-04-24 09:46:36 +02:00
783cca6c17
allow only ARCH_X86 payloads
2013-04-24 09:29:47 +02:00
cae30bec23
Clean up all the whitespace found
2013-04-23 18:27:11 -05:00
1761b1ad7b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-23 17:35:35 -05:00
ece36c0610
Update references for the las Java exploit
2013-04-22 21:55:04 -05:00
96b66d3856
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-22 21:49:59 -05:00
1529dff3f3
Do final cleanup for sap_configservlet_exec_noauth
2013-04-22 21:43:41 -05:00
8c9715c2ed
Land #1751 , @andrewkabai's SAP Portal remote OS command exec
2013-04-22 21:41:53 -05:00
5f5e772f7c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-22 21:31:16 -05:00
a09b3b8023
Lands #1169 - Adds a check
...
[Closes #1169 ]
Conflicts:
modules/auxiliary/dos/http/apache_range_dos.rb
2013-04-22 15:50:15 -05:00
882b084cba
Changes the default action
2013-04-22 15:47:38 -05:00
7e28a4ddb0
Uses "ACTIONS" keys instead of datastore options
...
It's better to use ACTIONS instead of datastore in this case. Also,
did some cleanup.
2013-04-22 15:41:47 -05:00
dfff20a3fc
Landing #1692 - Handles OSQL banners and responses
...
[Close #1692 ]
2013-04-22 13:58:44 -05:00
79eb2ff62d
add EDB ID to references
2013-04-22 18:37:28 +02:00
15b06c43aa
sap_configservlet_exec_noauth auxiliary module
...
the final module was moved from my master branch to here because of the
pull request needs
2013-04-22 17:40:27 +02:00
b4f1f3efbb
remove aux module from master branch
2013-04-22 17:34:01 +02:00
750638e4d6
note on bad characters
2013-04-22 17:24:08 +02:00
b6365db0b5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-22 09:38:32 -05:00
a1e52b5b27
command execution needs cmd /c
2013-04-22 10:20:45 +02:00
0115833724
SyntaxError fixes
2013-04-21 20:22:41 +00:00
d26289e05a
proper output handling in case of CMD payloads
2013-04-20 17:38:58 +02:00
d59ba37e6d
resize linemax
2013-04-20 17:37:50 +02:00
e36b58169b
implement CmbStagerVBS payload execution
2013-04-20 16:37:47 +02:00
8244c4dcac
multiple payload types, different paths to execute payloads
2013-04-20 14:20:30 +02:00
7b6a784a84
basic payload execution through OS command execution
2013-04-20 13:02:22 +02:00
223556a4e6
switch to exploit module environment
...
switch to Msf::Exploit, change the necessary declarations, start to
change the exploitation process
2013-04-20 12:30:44 +02:00
cff47771a2
initial commit
...
the original aux module will be the base of the exploit module
2013-04-20 11:32:05 +02:00
1365dfe68c
Add Oracle url
2013-04-20 01:43:14 -05:00
b99fc06b6f
description updated
2013-04-20 01:43:14 -05:00
19f2e72dbb
Added module for Java 7u17 sandboxy bypass
2013-04-20 01:43:13 -05:00
d1c5179b83
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-19 17:48:12 -05:00
49b055e5fd
make msftidy happy
2013-04-20 00:26:04 +02:00
e4d9c45ce9
remove unnecessary rank rating
2013-04-20 00:23:55 +02:00
c7fcd6931a
Use vprint_error
2013-04-19 16:22:07 -05:00
4ef33197dc
Land #1745 - @FireFart's improvement for MediaWiki aux module
2013-04-19 16:20:33 -05:00
ffb71ff61b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-19 16:03:55 -05:00
19a158dce9
Do final cleanup for netgear_dgn2200b_pppoe_exec
2013-04-19 15:50:23 -05:00
c1819e6ecc
Land #1700 , @m-1-k-3's exploit for Netgear DGN2200B
2013-04-19 15:49:30 -05:00
eaff87879e
added text
2013-04-19 22:03:05 +02:00
a6be72b019
fixes for mediawiki aux module
2013-04-19 21:43:12 +02:00
763d1ac2f1
remove unnecessary option declaration
2013-04-19 21:42:28 +02:00
85932a2445
improve URI path and parameter handling
...
switch from PATH to TARGETURI datastore;
use normalize_uri to build uri;
use query in send_request_cgi to to prepare query string (instead of
vars_get that escapes the necessary semicolons)
2013-04-19 21:37:39 +02:00
d4fa2ba96d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-19 14:14:36 -05:00
c52588f579
remove Scanner mixin
...
remove Scanner mixin because this module is not a scanner modul
2013-04-19 20:28:44 +02:00
7fdf84ac45
Landing #1744 - Checks nil before using resp.headers['Server']
...
[Closes #1744 ]
2013-04-19 10:37:05 -05:00
31586770a0
Added module for OSVDB 92490
2013-04-18 14:34:02 -05:00
8f76c436d6
SAP ConfigServlet OS Command Execution module
...
This module allows execution of operating system commands throug the
SAP ConfigServlet without any authentication.
2013-04-18 20:26:48 +02:00
15c6df1482
Check for nil before calling on value
2013-04-18 00:32:37 -04:00
2713991c64
timeout and HTTP_Delay
2013-04-17 20:25:59 +02:00
bbf7cc4394
up to date
2013-04-17 11:54:12 -05:00
59045f97fb
more testing, reworking of config restore, rework of execution
2013-04-17 18:10:27 +02:00
48def7dbdb
up to date
2013-04-17 06:36:44 -05:00
088eb8618d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-16 21:11:55 -05:00
83ec9757ec
Addressed feedback from PR#1717
2013-04-16 19:00:26 -07:00
4e8d32a89a
cleanup for freefloatftp_user
2013-04-16 20:43:38 -05:00
eedeb37047
Landing #1731 , @dougsko's freefloat ftp server bof exploit
2013-04-16 20:42:01 -05:00
cc35591723
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-15 17:43:15 -05:00
830715dc07
Applying changes
2013-04-16 00:28:39 +02:00
a36c6d2434
Lands #1730 , adds a VERBOSE option checker
...
Also removes VERBOSE options from extant modules. There were only 5 of
them, and one was a commented option.
2013-04-15 15:32:56 -05:00
29101bad41
Removing VERBOSE offenders
2013-04-15 15:29:56 -05:00
be39079830
Trailing whitespace fix
...
Note that this commit needed a --no-verify because of the erroneous
check in msftidy for writing to stdout. The particular syntax of this
payload makes it look like we're doing that when we're really not.
So don't sweat it.
2013-04-15 13:58:06 -05:00
efdf4e3983
Lands #1485 , fixes for Windows-based Ruby targets
2013-04-15 13:56:41 -05:00
873bdbab57
Removing APSB13-03, not ready.
...
This was landed by @todb-r7 on #1709 but that was premature. #1717 was
a proposed set of fixes, but it didn't go far enough.
@jhart-r7 and @jvazquez-r7 should revisit this module for sure, there's
some good stuff in there, but it's not ready for a real release quite
yet. Take a look at the issues discussed in those PRs and open a new PR
with a new module?
Sorry for the switcheroo, not trying to be a jerk.
[Closes #1717 ]
2013-04-15 13:36:47 -05:00
513b3b1455
Minor cleanup on DLink module
2013-04-15 13:27:47 -05:00
9c0862ad7b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-11 21:53:07 +02:00
7e5d4bc893
Landing #1614 , @jwpari nagios nrpe exploit
2013-04-11 17:53:52 +02:00
e3eef76372
Land #1223
...
This adds rc4-encrypting stagers for Windows.
[Closes #1223 ]
2013-04-10 12:14:52 -05:00
6c980981db
Break up long lines and add magic encoding comment
2013-04-10 09:28:45 -05:00
4959e03864
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-10 11:29:37 +02:00
a1605184ed
Landing #1719 , @m-1-k-3 dlink_diagnostic_exec_noauth exploit module
2013-04-10 11:17:29 +02:00
4f2e3f0339
final cleanup for dlink_diagnostic_exec_noauth
2013-04-10 11:15:32 +02:00
8fbade4cbd
OSVDB
2013-04-10 10:45:30 +02:00
1d4096cc19
Merge branch 'dlink_dir645_command_exec_noauth' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_dir645_command_exec_noauth
2013-04-10 09:15:06 +02:00
2ab7552a85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-10 09:11:41 +02:00
0d2746fb4c
defs should have parens when taking args
...
While it's allowed in ruby to drop most parens, many are useful for
readability.
Also adds a missing CVE.
2013-04-09 17:57:52 -05:00
90e986860e
Adding most suggested changes to jhart's adobe module
2013-04-09 17:55:28 -05:00
2d09aa2a91
Landing #1709 .
2013-04-09 10:55:21 -05:00
ba7603e66c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-09 17:34:23 +02:00
76d4538d2a
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-04-09 10:24:54 -05:00
1e258170dc
It's a filename, so not trying to match any single char
2013-04-09 10:20:52 -05:00
50cf039170
Merge branch 'cve-2013-1899-not-auth' of github.com:jhart-r7/metasploit-framework into jhart-r7-cve-2013-1899-not-auth
2013-04-09 10:19:15 -05:00
79620ed660
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-09 17:12:16 +02:00
65e5ed8950
Merge #1716 , version checker fix for UAC bypass
2013-04-09 09:00:30 -05:00
ba86e14d43
Whitespace and caps fixes
2013-04-09 08:57:53 -05:00
0cef2f6453
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-09 12:51:15 +02:00
157f25788b
final cleanup for linksys_wrt54gl_apply_exec
2013-04-09 12:39:57 +02:00
b090495ffb
Landing pr #1703 , m-1-k-3's linksys_wrt54gl_apply_exec exploit
2013-04-09 12:38:49 +02:00
b93ba58d79
EDB, BID
2013-04-09 11:56:53 +02:00
e2b8d5ed23
Fix from David Kennedy, enable Windows 8 support
2013-04-09 02:07:40 -05:00
a2d6f7bb17
Landing #1714 - Don't bomb out if there are no wireless interfaces
...
No redmine ticket reported.
2013-04-08 17:17:47 -05:00
f369584bbd
Timeout added
2013-04-08 23:32:07 +02:00
cbefc44a45
correct waiting
2013-04-08 21:40:50 +02:00
ef63a4f5cf
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-08 21:29:01 +02:00
225342ce8f
final cleanup for sysax_sshd_kexchange
2013-04-08 20:28:37 +02:00
5bc454035c
Merge remote-tracking branch 'origin/pr/1710' into landing-pr1710
2013-04-08 20:20:11 +02:00
b1152d1567
Improve Postgres CVE-2013-1899 to detect unauthorized connections
2013-04-08 09:55:23 -07:00
d65bf8bab9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-08 18:19:41 +02:00
d24371eaff
Merge branch 'hp_imc_reportimgservlt_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_reportimgservlt_traversal
2013-04-08 10:18:30 -05:00
1b5c34db1a
Merge branch 'hp_imc_ictdownloadservlet_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_ictdownloadservlet_traversal
2013-04-08 10:17:19 -05:00
11253c8f3e
Merge branch 'hp_imc_faultdownloadservlet_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_faultdownloadservlet_traversal
2013-04-08 10:16:52 -05:00
f96baa7e7e
Code Review Feedback
...
made the CLIENTVERSION always include the "SSH-2.0-OpenSSH_5.1p1 " to trigger DoS
2013-04-08 10:58:35 -04:00
4c8e19ad1a
Added reference
...
Removed final debug print statement
2013-04-08 08:28:53 -04:00
8a98b1af4a
Added command mode, plus fixed the dropping of payloads
2013-04-07 15:39:38 -07:00
955efc7009
final cleanup
2013-04-07 17:59:57 +02:00
9f89a996b2
final regex, dhcp check and feedback from juan
2013-04-07 17:57:18 +02:00
0e69edc89e
fixing use of regex
2013-04-07 11:39:29 +02:00
f482496795
Initial commit of an exploit module for the CVEs covered by APSB13-03.
...
Not complete but will currently get command execution on Coldfusion 9.x
instances with CSRF protection disabled
2013-04-06 20:08:50 -07:00
6a410d984d
adding get_config where I forgot
2013-04-06 19:13:42 +02:00
0c25ffb4de
Landing #1695 , agix's smhstart local root exploit
2013-04-06 17:32:12 +02:00
55302ee07f
Merge remote-tracking branch 'origin/pr/1695' into landing-pr1695
2013-04-06 17:30:02 +02:00
2533d0b714
up to date
2013-04-06 17:25:12 +02:00
6f1fb4a873
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-06 17:23:24 +02:00
9a2f409974
first cleanup for linksys_wrt54gl_apply_exec
2013-04-06 01:05:09 +02:00
ecaaaa34bf
dlink diagnostic - initial commit
2013-04-05 19:56:15 +02:00
dccf0751a3
up to date
2013-04-05 11:41:10 +02:00
2367c90e74
Merge branch 'hp_system_management_root' of https://github.com/agix/metasploit-framework
2013-04-05 11:18:18 +02:00
daba48035d
fix DEPTH description and basename
2013-04-05 11:05:46 +02:00
b6edad1f1d
fix DEPTH description and basename
2013-04-05 11:04:43 +02:00
d163e96d6a
fix DEPTH description and basename
2013-04-05 11:02:59 +02:00
ad46b46684
Landing #1463 , Meatballs' cdecl fixes
2013-04-04 22:58:59 -05:00
d823f724cd
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-04 22:16:35 +02:00
30f44c3a24
final cleanup for dlink_dir_615h_http_login
2013-04-04 22:02:45 +02:00
8f60d12e46
Merge branch 'dlink_login_dir_615H' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login_dir_615H
2013-04-04 22:01:49 +02:00
b75d038fc2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-04 21:54:36 +02:00
7d1e9af728
final cleanup for dlink_dir_session_cgi_http_login
2013-04-04 21:41:42 +02:00
0b9fe53919
module filename changed
2013-04-04 21:41:10 +02:00
6ec6638568
Merge branch 'dlink_login_dir_300B_600B' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login_dir_300B_600B
2013-04-04 21:40:21 +02:00
498a0dc309
final cleanup for dlink_dir_300_615_http_login
2013-04-04 21:15:22 +02:00
cff70e41be
Merge branch 'dlink_login' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login
2013-04-04 21:14:56 +02:00
96b444c79e
ManualRanking
2013-04-04 17:40:53 +02:00
67f0b1b6ee
little cleanump
2013-04-04 17:33:46 +02:00
f07117fe7d
replacement of wrt54gl auxiliary module - initial commit
2013-04-04 17:30:36 +02:00
fe2b598503
Add the advisory URL
2013-04-04 10:22:31 -05:00
c8a6dfbda2
Add scanner module for the new PostgreSQL flaw
2013-04-04 10:19:47 -05:00
7b4cdf4671
make msftidy happy
2013-04-04 13:22:01 +02:00
78c492da20
is_dlink, more feedback included, msftidy
2013-04-04 13:18:32 +02:00
2f96a673cd
is_dlink, more feedback included
2013-04-04 13:17:45 +02:00
64f3e68310
is_dlink and some more feedback included
2013-04-04 13:01:18 +02:00
358c43f6f6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-03 19:17:53 +02:00
e4d901d12c
Space at EOL (msftidy)
2013-04-03 09:20:01 -05:00
08b96f0186
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-03 15:39:30 +02:00
b947dc71e9
english :) "must be"
2013-04-03 13:47:57 +02:00
60dfece55c
add opcode description
2013-04-03 13:46:56 +02:00
ce88d8473a
cleanup for netgear_dgn1000b_setup_exec
2013-04-03 12:44:04 +02:00
3c27678168
Merge branch 'netgear-dgn1000b-exec-exploit' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-netgear-dgn1000b-exec-exploit
2013-04-03 12:43:42 +02:00
a93ec3aea3
fix name
2013-04-03 10:40:52 +02:00
2ceecabede
make msftidy happy
2013-04-03 10:34:28 +02:00
91b0e5f800
netgear dgn2200b pppoe exec exploit - initial commit
2013-04-03 10:32:52 +02:00
89de9fdf22
cleanup for dlink_dir_300_615_http_login
2013-04-03 10:04:01 +02:00
b4b3c82c86
delete space
2013-04-03 00:31:00 +02:00
54120a2d3a
delete space
2013-04-03 00:30:24 +02:00
85d9e3e9ee
delete space
2013-04-03 00:29:38 +02:00
0b4eab2499
added module for ZDI-13-053
2013-04-03 00:24:11 +02:00
018e147063
added module for ZDI-13-052
2013-04-03 00:22:38 +02:00
Meatballs
Joe Vennix
jvazquez-r7
Andras Kabai
sinn3r
Antoine
Christian Mehlmauer
RageLtMan
m-1-k-3
Jon Hart
root
Tod Beardsley
James Lee
sinn3r
HD Moore
Matt Andreko
agix