7563c0bd0e
Use Gem::Version
2014-09-04 14:40:13 -05:00
2615a7a3be
Favor \&\& and || operands
2014-09-04 14:35:37 -05:00
0e18d69aab
Add extended mode to prevent service from dying.
2014-09-03 16:07:27 -05:00
4293500a5e
Implement running exe in multi.
2014-09-03 15:56:21 -05:00
f0e3fa18a3
Restore the original filename
2014-09-03 21:32:05 +01:00
268d42cf07
Add PrependFork to payload options.
2014-09-03 14:56:22 -05:00
ded085f5cc
Add CVE ID
2014-09-03 07:22:10 +01:00
ee3e5c9159
Add check method
2014-09-02 21:35:47 -05:00
c672fad9ef
Add OSVDB ID, remove comma from Author field
2014-09-02 23:17:10 +01:00
d69049008c
Refactor and rename desktopcentra_file_upload
...
- Rewrite check method
- Declare that v7 is also exploitable (tested and it works)
- Rename to dc_agentlogupload_file_upload to match the other DC module's naming convention
- Add CVE / OSVDB / Full disclosure references
2014-09-02 23:12:33 +01:00
05856016c9
Add exploit for CVE-2014-5005
2014-09-02 23:09:10 +01:00
f7617183d9
Revert "Add initial firefox xpi prompt bypass."
...
This reverts commit ebcf972c08
2014-09-02 12:27:41 -05:00
d480a5e744
Credit h0ng10 properly
2014-09-01 07:58:26 +01:00
59847eb15b
Remove newline at the top
2014-09-01 07:56:53 +01:00
6a370a5f69
Add exploit for eventlog analyzer file upload
2014-09-01 07:56:01 +01:00
c05edd4b63
Delete debug print_status
2014-08-31 01:34:47 -05:00
8b1791da22
Modify modules to keep old behavior
2014-08-31 01:18:53 -05:00
559ec4adfe
Add module for ZDI-14-299
2014-08-31 01:11:46 -05:00
438f0e6365
typos
2014-08-30 09:22:58 -05:00
f72cce9ff2
Update railo_cfml_rfi.rb
2014-08-29 17:33:15 -05:00
1cdf1c2c6e
Land #3709 , @nnam's wing ftp admin console cmd exec
2014-08-29 13:46:01 -04:00
8095b4893c
Rename and apply rubocop style to wing_ftp_admin_exec
2014-08-29 13:42:11 -04:00
02bbd53b82
Fix failure messages for check().
2014-08-28 12:09:35 -07:00
6c90a50e47
Handle res.nil case in check(). Revert check for res.nil in
...
execute_command() because it was failing prior to the reverse_shell
connecting.
2014-08-28 10:57:52 -07:00
0788ce9745
Removed unused require and import. Handle the res.nil case in
...
execute_command() and authenticate().
2014-08-28 10:30:30 -07:00
58091b9e2b
Land #3708 , @pedrib fix for manage_engine_dc_pmp_sqli
2014-08-28 10:47:03 -05:00
9d3d25a3b3
Solve conflicts
2014-08-28 10:19:12 -05:00
f4965ec5cf
Create railo_cfml_rfi.rb
2014-08-28 08:42:07 -05:00
633eaab466
Land #3714 - Firefox 22-27 WebIDL Privileged Javascript Injection
2014-08-27 01:45:18 -05:00
26cfed6c6a
Rename exploit module.
2014-08-26 23:05:41 -05:00
96276aa6fa
Get the disclosure date right.
2014-08-26 20:36:58 -05:00
52f33128cd
Add Firefox WebIDL Javascript exploit.
...
Also removes an incorrect reference from another FF exploit.
2014-08-26 20:35:17 -05:00
9f6a40dfd6
Fix bad pack in mswin_tiff_overflow
...
Reported by @egyjuzer in #3706 .
2014-08-26 11:14:44 -05:00
40b66fae33
Add Wing FTP Server post-auth remote command execution module
2014-08-26 07:28:41 -07:00
a8d03aeb59
Fix bug with PMP db paths
2014-08-26 12:54:31 +01:00
473341610c
Update name to mention DC; correct servlet name
2014-08-26 12:39:48 +01:00
6d3255a3b5
Update bad config error.
2014-08-25 14:43:23 -05:00
b652ebb44f
Add other gdb-supported platforms that run on allowed arches.
2014-08-25 14:15:20 -05:00
c4a173e943
Remove automatic target, couldn't figure out generic payloads.
2014-08-25 14:14:47 -05:00
6313b29b7a
Add #arch method to Msf::EncodedPayload.
...
This allows exploits with few one automatic target to support many
different architectures.
2014-08-24 02:22:15 -05:00
88f626184c
Remove linux platform limitation, target depends on arch only.
2014-08-24 01:39:04 -05:00
04d0b87067
Reorder module title.
2014-08-24 01:18:21 -05:00
c65ba20017
Fix incorrect Platforms key.
2014-08-24 01:15:34 -05:00
4e63faea08
Get a shell from a loose gdbserver session.
2014-08-24 01:10:30 -05:00
0031913b34
Fix nil accesses
2014-08-22 16:19:11 -05:00
38e6576990
Update
2014-08-22 13:22:57 -05:00
e93fbbd904
Land #3685 , @pedrib's exploit for CVE-2014-3996
2014-08-22 11:45:41 -05:00
cf147254ad
Use snake_case in the filename
2014-08-22 11:44:35 -05:00
823649dfa9
Clean exploit, just a little
2014-08-22 11:43:58 -05:00
9815b1638d
Refactor pick_target
2014-08-22 11:31:06 -05:00
ecace8beec
Refactor check method
2014-08-22 11:05:36 -05:00
05f0d09828
Merge branch staging/electro-release into master
...
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc6382760bf5b319ba7772f362b81d681448f0743d1b
2014-08-22 10:50:38 -05:00
ced65734e9
Make some datastore options advanced
2014-08-22 10:26:04 -05:00
b4e3e84f92
Use CamelCase for target keys
2014-08-22 10:23:36 -05:00
b58550fe00
Indent description and fix title
2014-08-22 10:21:08 -05:00
19ba7772f3
Revert "Various merge resolutions from master <- staging"
...
This reverts commit 149c3ecc63
2014-08-22 10:17:44 -05:00
7e2d474a26
Ranking, Version, Spacing Edit
2014-08-22 11:06:42 -04:00
da752b0134
Add exploit for CVE-2014-3996
2014-08-21 15:30:28 +01:00
e2e2dfc6a3
Undo FF
2014-08-19 17:47:44 -05:00
777efb5e48
Land #3669 - Deprecate ff 17 svg exploit
2014-08-19 17:42:31 -05:00
c73ec66c7a
Land #3659 - Add HybridAuth install.php PHP Code Execution
2014-08-19 17:19:01 -05:00
b93fda5cef
Remove browser_autopwn hook from deprecated FF module.
2014-08-18 15:33:43 -05:00
87aa63de6e
Deprecate FF17 SVG exploit.
...
This exploit needs flash, the tostring_console injection one does not.
2014-08-18 15:32:51 -05:00
564431fd41
Use arrays in refs for consistency
2014-08-18 18:54:54 +00:00
cad281494f
Minor caps, grammar, desc fixes
2014-08-18 13:35:34 -05:00
d8e82b9394
Lands #3655 , fixes pack operators
...
the commit.
he commit.
2014-08-17 17:25:52 -05:00
b8b2e3edff
Add HybridAuth install.php PHP Code Execution module
2014-08-16 23:31:46 +00:00
6d92d701d7
Merge feature/recog into post-electro master for this PR
2014-08-16 01:19:08 -05:00
e656a81c63
Land #3656 - FF toString console.time Privileged Javascript Injection
2014-08-15 17:07:23 -05:00
6d958475d6
Oops, this doesn't work on 23, only 22.
2014-08-15 17:00:58 -05:00
fb1fe7cb8b
Add some obfuscation.
2014-08-15 16:54:30 -05:00
b574a4c4c5
Wow, this gets a shell all the way back to 15.0.
2014-08-15 16:39:36 -05:00
5706371c77
Update browser autopwn settings.
2014-08-15 16:32:06 -05:00
8c63c8f43d
Add browserautopwn hook now that this is not user-assisted.
2014-08-15 16:28:21 -05:00
694d917acc
No need for web console YESSSS
2014-08-15 16:02:26 -05:00
738a295f0a
Rename module to tostring_console*.
2014-08-15 15:17:37 -05:00
0cc3bdfb35
Moar bad packs
2014-08-15 21:11:37 +01:00
f182613034
Invalid CVE format.
2014-08-15 15:09:45 -05:00
edb9d32e5c
Add module for toString() injection in firefox.
2014-08-15 15:08:10 -05:00
7972da350d
Files move to appropriate directories and have proper formatting
2014-08-15 14:37:29 -04:00
904c1b20b1
Land #3654 , update to 4.10-dev (electro)
2014-08-15 12:51:28 -05:00
149c3ecc63
Various merge resolutions from master <- staging
...
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
4cfd2abd8d
Land #3621 , @kaospunk's exploit for gitlab-shell CVE-2013-4490 command injection
2014-08-15 09:17:16 -05:00
4e0f6dfcc7
Do minor cleanup
2014-08-15 09:10:08 -05:00
b55f425ec0
Merge in changes from @todb-r7.
2014-08-14 17:22:07 -04:00
f91116a8e8
Land #3634 - Virtual box 3D Acceleration OpenGL Host escape
2014-08-13 20:08:13 -05:00
5ed3e6005a
Implement suggestions
...
This commit addresses feedback such as adding a check
function and changing the login fail case by being
more specific on what is checked for. The failing
ARCH_CMD payloads were addressed by adding BadChars.
Last, an ARCH_PYTHON target was added based on
@zerosteiner's feedback.
2014-08-13 20:26:48 -04:00
127d094a8d
Dont share once device is opened
2014-08-13 16:13:38 -05:00
558cea6017
Land #3638 - Add VMTurbo Operations Manager 'vmtadmin.cgi' RCE
2014-08-13 11:55:56 -05:00
05a198bc96
Correct spelling
2014-08-13 14:06:25 +01:00
4a01c27ed4
Use get_env and good pack specifier
2014-08-13 10:59:22 +01:00
4ff73a1467
Add version build check
2014-08-13 09:53:43 +02:00
da4b572a0d
Change module name
2014-08-12 17:17:26 -05:00
3eccc12f50
Switch from vprint to print
2014-08-12 17:11:24 -05:00
f203fdebcb
Use Msf::Exploit::Local::WindowsKernel
2014-08-12 17:09:39 -05:00
e1debd68ad
Merge to update
2014-08-12 16:21:39 -05:00
183b27ee27
There is only one target
2014-08-12 16:14:41 -05:00
c8e4048c19
Some style fixes
2014-08-12 16:11:31 -05:00
ea3d2f727b
Dont fail_with while checking
2014-08-12 16:09:59 -05:00
3440f82b2e
Minor description adjustment
2014-08-12 22:18:59 +02:00
9e38ffb797
Add the check for the manual payload setting
2014-08-12 21:55:42 +02:00
5b6be55c50
Fix (properly) 'execute_command()' missing 'opts' parameter
2014-08-12 19:49:27 +02:00
3af17ffad0
Fixed 'execute_command()' missing 'opts' parameter
2014-08-12 19:24:24 +02:00
042423088c
Make sure which the full payload is used
2014-08-12 11:41:29 -05:00
f71589f534
Simplify payload upload using 'CmdStager' mixin
2014-08-12 10:49:17 +02:00
4e6a04d3ad
Modifications for login and key addition
...
This commit adds additional support for logging in
on multiple versions of Gitlab as well as adding a
key to exploit the vulnerability.
2014-08-11 19:54:10 -04:00
cc5770558d
Remove local payload saving used for debugging
2014-08-11 19:16:14 +02:00
4790b18424
Use FileDropper mixin to delete uploaded file
2014-08-11 19:02:09 +02:00
ac526ca9bd
Fix print_* to vprint_* in check method
2014-08-11 18:58:11 +02:00
4b4b24b79d
Fix errors printing
2014-08-11 18:54:43 +02:00
c97cd75beb
Rephrase 'Author' section
2014-08-11 18:52:21 +02:00
0138f3648d
Add VMTurbo Operations Manager 'vmtadmin.cgi' Remote Command Execution module.
2014-08-11 16:57:39 +02:00
a995bcf2ef
Fix URI building and failure cases
...
This update uses the normalize_uri method for building
URIs. Additionally, failure cases have been modified
for a less generic version.
2014-08-10 19:53:33 -04:00
351b687759
Land #3612 , Windows Local Kernel exploits refactor
2014-08-10 22:05:06 +01:00
486b5523ee
Refactor set_version
2014-08-09 02:17:07 -05:00
d959affd6e
Delete debug message
2014-08-09 01:58:42 -05:00
da04b43861
Add module for CVE-2014-0983
2014-08-09 01:56:38 -05:00
b259e5b464
Update description again
2014-08-07 09:21:25 -05:00
4af0eca330
Update target description
2014-08-07 09:11:01 -05:00
91bb0b6e10
Metasploit Framework 4.9.3-2014072301
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
/lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
aJ0QgKJz8thZgafZc89I
=e1z9
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
AjGcfOzhhcsY+WAQ7OG+
=Pjob
-----END PGP SIGNATURE-----
Merge tag '2014072301' into staging/electro-release
Conflicts:
Gemfile.lock
modules/post/windows/gather/credentials/gpp.rb
This removes the active flag in the gpp.rb module. According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
b602e47454
Implement improvements based on feedback
2014-08-05 21:24:37 -07:00
48359faaaf
Add gitlab-shell command injection module
...
This request adds a module for gitlab-shell command
injection for versions prior to 1.7.4. This has been
tested by installing version 7.1.1 on Ubuntu and then
using information at http://intelligentexploit.com/view-details.html?id=17746
to modify the version of gitlab-shell to a vulnerable one. This
was done as I could not find a better method for downloading
and deploying an older, vulnerable version of Gitlab.
2014-08-05 23:21:57 -04:00
f25bb735a0
Land #3543 , @todb-r7's Rubocop cleanup of MS08-067
2014-08-04 14:35:30 -07:00
9cd6353246
Update mqac_write to use the mixin and restore pointers
2014-08-04 12:15:39 -07:00
a523898909
Apply rubocop suggestions for ms_ndproxy
2014-08-04 11:49:01 -07:00
86e2377218
Switch ms_ndproxy to use the new WindowsKernel mixin
2014-08-04 11:49:01 -07:00
58d29167e8
Refactor MS11-080 to use the mixin and for style
2014-08-04 11:49:01 -07:00
6c2b8f54cf
rubocop cleanup, long lines, etc
2014-08-03 23:19:08 -05:00
2b021e647d
Minor tidies to conform to standards
2014-08-03 23:19:08 -05:00
31c51eeb63
Move error messages to `check`
2014-08-03 23:19:08 -05:00
cbf15660bf
Add some small fixes to the MQAC local exploit
...
* Check for `INVALID_HANDLE_VALUE` when attempting to open the
device, as this is what is returned when the device doesn't exist.
* Make sure that we only run the exploit against tartgets that we
support directly to make sure we don't BSOD machines (such as what
happens with SP1/SP2).
* Add a call to `check` in the exploit code.
2014-08-03 23:19:08 -05:00
add5cefe17
Change runas method to use lib
...
Changed runas method to use the new runas lib. Also did some rubocop
changes.
2014-08-01 17:13:24 -07:00
df98098b0c
New shell_execute_option command
...
Also removed upload option
2014-08-01 17:12:04 -07:00
5c2b074264
Matched bypassuac to upstream
2014-08-01 14:40:23 -07:00
def652a50e
Merge https://github.com/rapid7/metasploit-framework into bypassuac/psh_option
2014-08-01 14:32:55 -07:00
73ca8c0f6d
Work on jboss refactoring
2014-08-01 14:28:26 -05:00
15c1ab64cd
Quick rubocop
2014-07-31 23:11:00 +01:00
d336c56b99
Merge remote-tracking branch 'upstream/master' into land_2551
2014-07-31 23:06:37 +01:00
bff8a734ae
Fix and be Architecture Agnostic
2014-07-31 22:58:43 +01:00
5a25120660
Apply rubocop changes to multi/script/web_delivery
2014-07-31 16:16:23 -04:00
8af4c496c9
Add a missing include and require statement for psh
2014-07-31 16:08:25 -04:00
53b66f3b4a
Land #2075 , Powershell Improvements
2014-07-31 00:49:39 +01:00
a79eec84ac
Land #3584 , @FireFart's update for wp_asset_manager_upload_exec
2014-07-30 10:28:51 -05:00
9de8297848
Use [] for References
2014-07-30 10:28:00 -05:00
58fbb0b421
Use [] for References
2014-07-30 10:24:14 -05:00
75057b5df3
Fixed variable
2014-07-29 21:02:15 +02:00
cc3285fa57
Updated checkcode
2014-07-29 20:53:54 +02:00
61ab88b2c5
Updated wp_asset_manager_upload_exec module
2014-07-29 20:53:18 +02:00
e438c140ab
Updated wp_property_upload_exec module
2014-07-29 20:34:34 +02:00
e00d892f99
rubocop cleanup, long lines, etc
2014-07-28 22:04:45 -05:00
9e9244830a
Added spec for lib/msf/http/jboss
...
Also renamed get_undeploy_bsh and get_undeploy_stager to
gen_undeploy_bsh and gen_undeploy_stager to be consistent
with the other functions
2014-07-29 01:57:04 +02:00
621e85a32d
Correct version
2014-07-28 22:45:04 +02:00
d334797116
Updated foxpress module
2014-07-28 22:23:22 +02:00
79fe342688
Land #3558 , @FireFart's improvements to wordpress mixin
2014-07-28 09:52:20 -05:00
210342df5b
Minor tidies to conform to standards
2014-07-25 09:32:54 +10:00
9fe2dd59aa
Move error messages to `check`
2014-07-25 07:57:09 +10:00
cd2ec0a863
Refactored jboss mixin and modules
...
Moved fail_with() from mixin to modules. Added PACKAGE datastore to
lib/msf/http/jboss/bsh.rb.
2014-07-24 22:58:58 +02:00
3ec30bdf78
Add some small fixes to the MQAC local exploit
...
* Check for `INVALID_HANDLE_VALUE` when attempting to open the
device, as this is what is returned when the device doesn't exist.
* Make sure that we only run the exploit against tartgets that we
support directly to make sure we don't BSOD machines (such as what
happens with SP1/SP2).
* Add a call to `check` in the exploit code.
2014-07-24 14:48:29 +10:00
042278ed6a
Update code to reflect @OJ code suggestions
2014-07-23 11:01:43 -04:00
534a5d964b
Add CVE-2014-4971 BthPan local privilege escalation
...
Add CVE-2014-4971 BthPan local privilege escalation for Windows XP SP3
2014-07-22 18:17:06 -04:00
b526fc50f8
Refactored jboss mixin and modules
...
Moved VERB option to the mixin. Replaced "if datastore['VERBOSE']"
by vprint_status().
2014-07-22 23:08:42 +02:00
f6f8d7b993
Delete debug print_status
2014-07-22 15:00:03 -05:00
b086462ed6
More cleanups of modules which REALLY need the 'old' generic encoder
2014-07-22 14:57:53 -05:00
3d7ed10ea0
Second review of modules which shouldn't be affected by changes
2014-07-22 14:33:57 -05:00
5e8da09b2d
Allow some modules to use the old encoder
2014-07-22 14:28:11 -05:00
0db3a0ec97
Update code to reflect @jlee-r7's code review
2014-07-22 15:14:24 -04:00
125b2df8f5
Update code to reflect @hdmoore code suggestions
2014-07-22 14:53:24 -04:00
7f79e58e7f
Lots and cleanups based on PR feed back
2014-07-22 14:45:00 -04:00
b0f8d8eaf1
Delete debug print_status
2014-07-22 13:29:00 -05:00
f546eae464
Modify encoders to allow back compatibility
2014-07-22 13:27:12 -05:00
a6479a77d6
Implented feedback from @jhart-r7
2014-07-22 19:49:58 +02:00
5d9c6bea9d
Fix a typo and use the execute_shellcode function
2014-07-22 13:06:57 -04:00
12904edf83
Remove unnecessary target info and add url reference
2014-07-22 11:20:07 -04:00
baff003ecc
extracted check version to module
...
also added some wordpress specs and applied
rubocop
2014-07-22 17:02:35 +02:00
ca0dcf23b0
Add a simple check method for cve-2014-4971
2014-07-22 10:54:10 -04:00
6a545c2642
Clean up the mqac escalation module
2014-07-22 10:39:34 -04:00
da4eb0e08f
First commit of MQAC arbitrary write priv escalation
2014-07-22 10:04:12 -04:00
ae2cd63391
Refactored Jboss mixin
...
Moved TARGETURI option to the JBoss mixin. The mixin now includes
Msf::Exploit::Remote::HttpClient which provides USERNAME and PASSWORD
2014-07-21 23:41:58 +02:00
6048f21875
Land #3552 - Correct DbVisualizer title name
2014-07-21 13:07:33 -05:00
a41768fd7d
Correct DbVisualizer title name
...
I think "DbVis Software" is the name of the company and the product
itself is called DbVisualizer.
Also fixed the description on the WPTouch module.
2014-07-21 12:35:01 -05:00
b0a596b4a1
Update newer modules
2014-07-20 21:59:10 +01:00
474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-20 21:01:54 +01:00
a809c9e0b5
Changed to vprint and added comment
2014-07-18 22:15:56 +02:00
c6e129c622
Fix rubocop warnings
2014-07-18 21:58:33 +02:00
088f208c7c
Added auxiliary module jboss_bshdeployer
...
The module allows to deploy a WAR (a webshell for instance) using the
BSHDeployer.
Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to
use the new Mixin (lib/msf/http/jboss).
2014-07-18 11:51:46 +02:00
58adc350b5
Refactor: Creation of a JBoss mixin
...
The jboss_bsheployer as is does not allow to deploy a custom WAR file.
It is convenient when ports are blocked to be able to deploy a webshell
instead of just launching a payload. This will require a auxiliary
module which will use the JBoss mixin methods.
2014-07-18 00:56:32 +02:00
2be6eb16a2
Add in exploit check and version checks
...
Move the initial checking for the vboxguest device and os checks
into the MSF check routine.
2014-07-17 14:56:34 -04:00
b050b5d1df
Rubocop -a on MS08-067
...
This reduces the number of style guide violations from 230ish to 36.
Nearly all of it has to do with errant parameters, element alignment,
and comment blocks.
Obviously, since this was all automatically fixed, some pretty severe
testing should occur before landing this.
I kind of don't like the automatic styling of the arrays for the
references, but maybe I can get used to it. It's open for discussion.
@jhart-r7 please take a look at this as well -- anything jumping out at
you on this that we should be avoiding for Rubocop?
2014-07-17 12:29:20 -05:00
bea660ad4d
Added possibility to upload a custom WAR file
...
Added 2 options, one for uploading a custom WAR file. The other
to specify if you want or not to undeploy the war at the end of
the exploit.
The module as is does not allow to deploy a custom WAR file. It is
convenient when ports are blocked to be able to deploy a webshell
instead of just launching a payload.
2014-07-17 17:13:19 +02:00
bebf11c969
Resolves some Login::Status migration issues
...
MSP-10730
2014-07-16 21:52:08 -05:00
a07656fec6
Land #3536 , msftidy INFO messages aren't blockers
2014-07-16 17:57:48 -05:00
58558e8dfa
Allow INFO msftidy messages
...
INFO level messages should not block commits or be complained about on
merges. They should merely inform the user.
2014-07-16 15:29:23 -05:00
8733dcb2f8
Land #3531 - Windows 2008 Update for HP AutoPass License
2014-07-16 15:13:05 -05:00
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
b6ded9813a
Remove EOL whitespace
2014-07-16 14:56:34 -05:00
25f74b79b8
Land #3484 , bad pack/unpack specifier fix
2014-07-16 14:52:23 -05:00
7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-16 20:34:34 +01:00
6d49f6ecdd
Update code to reflect hdmoore's code review.
2014-07-16 14:29:17 -04:00
82abe49754
Mark windows/misc/psh_web_delivery as deprecated
2014-07-16 14:02:05 -04:00
52a29856b3
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-16 09:38:44 -05:00
cef2c257dc
Add CVE-2014-2477 local privilege escalation
2014-07-16 05:49:19 -04:00
6d05a24653
Add target information
2014-07-15 17:45:45 -05:00
f8e47a5c61
Land #3524 - WPTouch fileupload exploit
2014-07-15 16:29:59 -05:00
e58100fe85
Land #3419 , multi script delivery module by @jakxx
2014-07-15 17:07:51 -04:00
1a8d73fca8
Minor whitespace and grammar changes
2014-07-15 17:00:28 -04:00
604a612393
Have into account differences between windows default installs
2014-07-15 15:03:07 -05:00
c1f612b82a
Use vprint_ instead of print_
2014-07-15 06:58:33 +02:00
144c6aecba
Added WPTouch fileupload exploit
2014-07-14 21:35:18 +02:00
6c595f28d7
Set up a proper peer method
2014-07-14 13:29:07 -05:00
5c101794d6
Fix Solaris sadmind_exec.rb
2014-07-13 17:49:46 +01:00
1b7008dafa
typo in name
2014-07-13 13:24:54 +02:00
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
eb9d2f130c
Change title
2014-07-11 12:03:09 -05:00
a356a0e818
Code cleanup
2014-07-11 12:00:31 -05:00
6fd1ff6870
Merge master
2014-07-11 11:40:39 -05:00
d637171ac0
Change module filename
2014-07-11 11:39:32 -05:00
c55117d455
Some cleanup
2014-07-11 11:39:01 -05:00
a7a700c70d
Land #3502 , @m-1-k-3's DLink devices HNAP Buffer Overflow CVE-2014-3936
2014-07-11 11:25:03 -05:00
b9cda5110c
Add target info to message
2014-07-11 11:24:33 -05:00
dea68c66f4
Update title and description
2014-07-11 10:38:53 -05:00
f238c2a93f
change module filename
2014-07-11 10:30:50 -05:00
f7d60bebdc
Do clean up
2014-07-11 10:28:31 -05:00
8f3197c192
Land #3496 , @m-1-k-3's switch to CmdStager on dlink_upnp_exec_noauth
2014-07-11 09:50:57 -05:00
4ea2daa96a
Minor cleanup
2014-07-11 09:50:22 -05:00
51cfa168b1
Fix deprecation information
2014-07-11 09:47:30 -05:00
611b8a1b6d
Modify title and ranking
2014-07-11 09:35:21 -05:00
a9b92ee581
Change module filename
2014-07-11 09:17:56 -05:00
36c6e74221
Do minor fixes
2014-07-11 09:17:34 -05:00
62a2f1dc0a
Credential -> Model for realm key constants
2014-07-10 14:30:25 -05:00
109201a5da
little auto detect fix
2014-07-10 20:45:49 +02:00
781149f13f
little auto detect fix
2014-07-10 20:40:39 +02:00
755dec1629
msftidy up splunk_upload_app_exec
2014-07-10 00:24:48 -04:00
c14b96f02e
Add #3463 commits from @ghost
2014-07-09 17:56:06 -04:00
f068006f05
auto target
2014-07-09 21:53:11 +02:00
6a765ae3b0
small cleanup
2014-07-09 21:16:29 +02:00
0674314c74
auto target included
2014-07-09 20:56:04 +02:00
b4812c1b7d
auto target included
2014-07-09 20:53:24 +02:00
f89f47c4d0
dlink_dspw215_info_cgi_rop
2014-07-08 22:29:57 +02:00
6fbd6bb4a0
stager
2014-07-08 22:17:02 +02:00
ac727dae89
dlink_dsp_w215_hnap_exploit
2014-07-08 22:13:13 +02:00
579ce0a858
cleanup
2014-07-08 21:58:15 +02:00
51001f9cb3
Merge branch 'master' of git://github.com/rapid7/metasploit-framework into dlink_upnp_msearch_command_injection
2014-07-08 21:39:53 +02:00
84d6d56e15
cleanup, deprecated
2014-07-08 21:36:07 +02:00
10bcef0c33
cleanup, deprecated
2014-07-08 21:34:28 +02:00
6719aea332
The module has been updated again
2014-07-08 17:03:24 +02:00
aeda74f394
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-07 16:41:23 -05:00
9fef2ca0f3
Description/whitespace changes (minor)
...
Four modules updated for the weekly release with minor cosmetic fixes.
- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
2014-07-07 12:39:05 -05:00
cd6b83858b
Add new Yokogawa SCADA exploit
2014-07-07 11:20:49 -05:00
e7ade9f84d
migrate from wget to echo mechanism
2014-07-06 21:45:53 +02:00
43d65cc93a
Merge branch 'master' into feature/recog
...
Resolves conflicts:
Gemfile
data/js/detect/os.js
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
d5843f8eaf
Updated Mailpoet exploit to work with another version
2014-07-06 10:53:40 +02:00
cf5d29c53b
Add EOF newline to satisfy msftidy
2014-07-05 13:51:12 -05:00
6d9bf83ded
Small fixes for the recent WP MailPoet module
...
Correct casing in the title
Anchor the use of ::File
Force body.to_s since it can be nil in corner cases
2014-07-05 13:17:23 -05:00
98a82bd145
Land #3486 , @brandonprry's exploit for CVE-2014-4511 gitlist RCE
2014-07-04 16:41:04 -05:00
59881323b9
Clean code
2014-07-04 16:40:16 -05:00
a33a6dc79d
add bash to requiredcmd
2014-07-03 16:52:52 -05:00
806f26424c
&& not and
2014-07-03 16:50:21 -05:00
6fb2fc85a0
address @jvasquez-r7 review points
2014-07-03 16:43:01 -05:00
2efa3d6bc0
Land #3487 , @FireFart's exploit for WordPress MailPoet file upload
2014-07-03 14:34:58 -05:00
79c433e7ea
Land #3480 - Oracle Event Processing FileUploadServlet Arbitrary File Upload
2014-07-03 14:09:12 -05:00
c207d14d1f
Update description
2014-07-03 14:08:31 -05:00
97a6b298a8
Use print_warning
2014-07-03 13:38:20 -05:00
dcba357ec3
implement feedback
2014-07-03 20:27:08 +02:00
86a31b1896
Update gitlist_exec.rb
2014-07-03 12:40:37 -05:00
aeb4fff796
Added FileDropper
2014-07-03 19:25:31 +02:00
5e0211016d
Merge to solve conflicts
2014-07-03 09:16:04 -05:00
071f236946
Changed check method
2014-07-02 22:31:02 +02:00
a58ff816c5
Changed check method
2014-07-02 22:29:00 +02:00
e5b441314c
removed wrong edit ...
2014-07-02 21:33:49 +02:00
8f55af5f9d
UPnP check included
2014-07-02 21:28:39 +02:00
ac2e84bfd6
check included
2014-07-02 21:24:50 +02:00
40175d3526
added check method
2014-07-02 11:07:58 +02:00
54a28a103c
Updated description
2014-07-02 10:49:28 +02:00
1ff549f9c1
Replaced Tab
2014-07-02 10:35:30 +02:00
09131fec28
Added wysija file upload exploit
2014-07-02 10:24:27 +02:00
a735fd3c59
Update web_delivery.rb
2014-07-01 16:52:18 -04:00
21f6e7bf6c
Change description
2014-07-01 10:44:21 -05:00
449fde5e7c
Description update
2014-07-01 10:26:52 -05:00
c43006f820
Update cogent module description, fix msftidy warnings
2014-07-01 10:06:33 -05:00
db6524106e
one more typo, last one I swear
2014-06-30 22:33:19 -05:00
d7dfa67e94
typo
2014-06-30 20:15:25 -05:00
acedf5e847
Update gitlist_exec.rb
...
Fix EDB ref and no twitter handles.
2014-06-30 20:12:08 -05:00
ecc1b08994
Create gitlist_exec.rb
...
This adds a metasploit module for CVE-2014-4511
2014-06-30 20:10:24 -05:00
c9b6c05eab
Fix improper use of host-endian or signed pack/unpack
...
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.
When in doubt, please use:
```
ri pack
```
2014-06-30 02:50:10 -05:00
6e8415143c
Fix msftidy and tweak a few modules missing timeouts
2014-06-30 00:46:28 -05:00
1acd5e76cb
Add check code for event processing 12
2014-06-29 15:47:57 -05:00
a94396867c
Add module for ZDI-14-106, Oracle Event Processing
2014-06-29 15:44:20 -05:00
faa9c11450
Dont deregister an option that is in use
2014-06-28 18:22:17 -04:00
748589f56a
Make cmdstager flavor explicit or from info
...
Every module that uses cmdstager either passes the flavor
as an option to the execute_cmdstager function or relies
on the module / target info now.
2014-06-28 17:40:49 -04:00
e806222512
Fix bad copypast, sock.get usage, HTTP mistakes
2014-06-28 16:18:16 -05:00
baa877ef17
Switch to get_once for consistency
2014-06-28 16:10:49 -05:00
c8e44c341c
Fix use of sock.get vs sock.get_once
2014-06-28 16:10:18 -05:00
7f06d10ba6
Dont blindly strip a possible nil return value
2014-06-28 16:08:06 -05:00
5e900a9f49
Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse
2014-06-28 16:06:46 -05:00
6e80481384
Fix bad use of sock.get() and check() implementations
...
Many of these modules uses sock.get() when they meant get_once()
and their HTTP-based checks were broken in some form. The response
to the sock.get() was not being checked against nil, which would
lead to stack traces when the service did not reply (a likely
case given how malformed the HTTP requests were).
2014-06-28 16:05:05 -05:00
3868348045
Fix incorrect use of sock.get that leads to indefinite hang
2014-06-28 15:48:58 -05:00
bd49d3b17b
Explicitly use the echo stager and deregister options
...
Certain modules will only work with the echo cmd stager so
specify that one as a parameter to execute_cmdstager and
remove the datastore options to change it.
2014-06-28 16:21:08 -04:00
b680674b95
Merge branch 'master' into staging/electro-release
2014-06-27 11:55:57 -05:00
42ac3a32fe
Multi-fy two new linux/http/dlink exploits
2014-06-27 08:40:27 -04:00
41d721a861
Update two modules to use the new unified cmdstager
2014-06-27 08:34:57 -04:00
952c935730
Use a semi-intelligent OptEnum for CMDSTAGER::FLAVOR
2014-06-27 08:34:57 -04:00
219153c887
Raise NotImplementedError and let :flavor be guessed
2014-06-27 08:34:56 -04:00
4d4c5e5d6e
Update two modules to use the new cmd stager
2014-06-27 08:34:56 -04:00
45248dcdec
Add YARD documentation for methods
2014-06-27 08:34:56 -04:00
870fa96bd4
Allow quotes in CmdStagerFlavor metadata
2014-06-27 08:34:56 -04:00
91e2e63f42
Add CmdStagerFlavor to metadata
2014-06-27 08:34:55 -04:00
dd7b2fc541
Use constants
2014-06-27 08:34:55 -04:00
9e413670e5
Include the CMDStager
2014-06-27 08:34:55 -04:00
d47994e009
Update modules to use the new generic CMDstager mixin
2014-06-27 08:34:55 -04:00
8bf36e5915
AutoDetection should work
2014-06-27 08:34:55 -04:00
778f34bab6
Allow targets and modules to define compatible stagers
2014-06-27 08:34:55 -04:00
7ced5927d8
Use One CMDStagermixin
2014-06-27 08:34:55 -04:00
2a442aac1f
No long needs to extend bourne, and specify a flavor.
2014-06-27 08:34:55 -04:00
1a392e2292
Multi-fy the hyperic_hq_script_console exploit.
2014-06-27 08:34:55 -04:00
80bdf750e9
Multi-fy the new printf stager and add to sshexec.
2014-06-27 08:34:55 -04:00
ae25c300e5
Initial attempt to unify the command stagers.
2014-06-27 08:34:55 -04:00
a60dfdaacb
Land #3471 - HP AutoPass License Server File Upload
2014-06-26 14:34:32 -05:00
ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape
2014-06-26 13:48:28 -05:00
0b6f7e4483
Land #3404 - MS14-009 .NET Deployment Service IE Sandbox Escape
2014-06-26 11:45:47 -05:00
6075c795e9
Land #3467 - failure message for nil payload
2014-06-26 11:12:37 -05:00
9cec330f05
Merge branch 'master' into staging/electro-release
2014-06-26 10:22:30 -05:00
4da28f1708
updated platform
2014-06-25 22:01:19 -04:00
54ccc261d1
Updates
...
Updated spacing, ranking, php command, platform, and merged *nix and
windows cmds
2014-06-25 16:34:51 -04:00
3ed7050b67
Lands 3420 after wrapping most lines at 80
2014-06-24 17:37:43 -05:00
3fe162a8b1
wraps most lines at 80
2014-06-24 17:36:10 -05:00
0219c4974a
Release fixups, word choice, refs, etc.
2014-06-23 11:17:00 -05:00
267642aa4b
Fix description
2014-06-23 09:20:47 -05:00
cc3c06440f
Add module for ZDI-14-195, HP AutoPass License Traversal
2014-06-23 09:19:56 -05:00
e8b914a62f
Download rankings for reliable exploit, but depending on a specific version without autodetection
2014-06-20 14:33:02 -05:00
191c871e9b
[SeeRM #8815 ] Dont try to exploit when generate_payload_exe fails
2014-06-20 14:07:49 -05:00
99b1702559
Merge branch 'master' into staging/electro-release
...
Conflicts:
lib/msfenv.rb
2014-06-20 11:38:47 -05:00
f0d04fe77e
Do some randomizations
2014-06-20 11:38:10 -05:00
f26f8ae5db
Change module filename
2014-06-20 11:27:49 -05:00
33eaf643aa
Fix usage of :concat_operator operator
2014-06-20 11:27:23 -05:00
5542f846d6
Merge to solve conflicts
2014-06-20 11:24:08 -05:00
4203e75777
Land #3408 , @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950
2014-06-20 10:27:32 -05:00
f74594c324
Order metadata
2014-06-20 10:26:50 -05:00
a081beacc2
Use Gem::Version for string versions comparison
2014-06-20 09:44:29 -05:00
45dc197827
Lands 3454, exploits/linux/ids/alienvault_centerd_soap_exec
2014-06-19 15:58:33 -05:00
d28ced5b7b
change module filename
2014-06-19 15:56:55 -05:00
a0386f0797
Fix cmd_concat_operator
2014-06-19 15:52:55 -05:00
86f523f00c
concator handling
2014-06-18 18:15:58 +02:00
2b0bb608b1
Merge branch 'master' into staging/electro-release
2014-06-18 10:49:58 -05:00
45ea59050c
Fix the if cleanup
2014-06-17 23:40:00 -05:00
288430d813
wraps some long lines
2014-06-17 22:30:28 -05:00
5879ca3340
Merge branch 'upstream/master' into meatballs x64_injection
2014-06-18 10:24:33 +10:00
bab1e30557
Land #3460 , Ericom AccessNow Server BOF exploit
2014-06-17 19:10:34 -05:00
9af9d2f5c2
slight cleanup
2014-06-17 19:08:31 -05:00
1133332702
Finish module
2014-06-17 15:01:35 -05:00
8f8af0e93a
Add draft version
2014-06-17 14:21:49 -05:00
jvazquez-r7
Joe Vennix
Pedro Ribeiro
Brandon Perry
Spencer McIntyre
nnam
sinn3r
William Vu
Brandon Turner
inkrypto
joev
Brendan Coles
Tod Beardsley
HD Moore
Meatballs
Samuel Huckins
Jay Smith
kaospunk
Emilio Pinna
Jon Hart
Joshua Smith
OJ
b00stfr3ak
Christian Mehlmauer
us3r777
Trevor Rosen
David Maloney
midnitesnake
Michael Messner
James Lee
Rob Fuller
Gary Blosser
Ahmed Elhady Mohamed
jakxx