sinn3r
339fb8d266
eh, I mean Win2k3 SP0 to SP1
2012-02-23 17:33:49 -06:00
Joshua J. Drake
e262d7a7ff
Add CVE-2012-0500 Sun Java Web Start exploit
2012-02-23 13:30:45 -06:00
Steve Tornio
08fb03276f
add osvdb ref
2012-02-23 07:39:31 -06:00
sinn3r
144fa0dc0e
Comment what \x0b\x04 is for
2012-02-22 22:59:43 -06:00
sinn3r
291e083d65
Add CVE-2011-5001: TrendMicro Control Manager 5.5 CmdProcessor Stack Bof
2012-02-22 19:44:47 -06:00
sinn3r
4ee1f989a6
Merge branch 'CVE-2008-1602_orbit_download_failed_bof' of https://github.com/juanvazquez/metasploit-framework
2012-02-22 19:40:56 -06:00
James Lee
5e6c40edfd
Remove unnecessary space restrictions.
...
This allows using the full range of PHP payloads
2012-02-21 23:21:07 -07:00
James Lee
464cf7f65f
Normalize service names
...
Downcases lots and standardizes a few. Notably, modules that reported a
service name of "TNS" are now "oracle". Modules that report http
now check for SSL and report https instead.
[Fixes #6437 ]
2012-02-21 22:59:20 -07:00
James Lee
7ca573a1b4
Give these two old modules a chance to work by setting a proper arch
...
These must have been broken for quite some time. =/ They should
probably both be ARCH_PHP but I'm reluctant to make that big of a change
without having the target software to test.
2012-02-21 22:59:20 -07:00
HD Moore
4932a9ca25
Dont dump an HTML document to the console
2012-02-21 23:45:25 -06:00
juan
d6310829ea
Added module for CVE-2008-1602
2012-02-21 22:36:57 +01:00
Tod Beardsley
4a631e463c
Module title normalization
...
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/
The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
2012-02-21 11:07:44 -06:00
HD Moore
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
HD Moore
ab92e38628
Small cosmetic change to module descriptions
2012-02-20 19:29:51 -06:00
HD Moore
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00
sinn3r
dc4bade78c
Use OptEnum to validate delivery method
2012-02-17 21:03:05 -06:00
sinn3r
5bb9afe789
Correct disclosure date format
2012-02-16 18:15:51 -06:00
Joshua J. Drake
01a6b02c3e
Add exploit for CVE-2012-0209, thx eromang!
2012-02-16 03:10:55 -06:00
Joshua J. Drake
d2444e1cf6
fix a few typos
2012-02-16 03:10:22 -06:00
juan
e69037959f
Added CVE-2010-0842
2012-02-15 23:32:31 +01:00
Tod Beardsley
829040d527
A bunch of msftidy fixes, no functional changes.
2012-02-10 19:44:03 -06:00
Steve Tornio
daca3e93a5
add osvdb ref
2012-02-10 07:05:42 -06:00
Steve Tornio
782fcb040d
add osvdb ref
2012-02-10 07:05:26 -06:00
Steve Tornio
1a240648fa
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-10 06:51:02 -06:00
sinn3r
5ea20a332b
Clearly I had the wrong disclosure date. This one is based on Adobe's security bulletin.
2012-02-10 00:13:39 -06:00
sinn3r
e5ea2961f5
Add CVE-2011-2140 Adobe Flash SequenceParameterSetNALUnit (mp4) bof
2012-02-10 00:10:28 -06:00
sinn3r
2bd330da33
Add ZDI-12-009 Citrix Provisioning Services 5.6 streamprocess buffer overflow exploit
2012-02-10 00:06:48 -06:00
Steve Tornio
1b7fffbf8a
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-05 07:30:08 -06:00
Patroklos Argyroudis
ed34fd70fd
Modified (and tested) to work on Lion 10.7.2 and 10.7.3
2012-02-03 12:39:22 +02:00
Steve Tornio
d90fe9b9b7
add osvdb ref
2012-02-02 13:43:03 -06:00
sinn3r
aa44eb955e
Correct author e-mail format
2012-02-02 11:27:43 -06:00
sinn3r
6b29af5c23
Add user-agent check. Auto-migrate.
2012-02-02 03:11:10 -06:00
sinn3r
6be65acfe2
Merge branch 'CVE-2008-2551_c6_DownloaderActiveX' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2008-2551_c6_DownloaderActiveX
2012-02-02 02:54:02 -06:00
sinn3r
de675c349a
Upgrade exploit rank, because it fits the description
2012-02-02 02:49:06 -06:00
sinn3r
28b4f4b60d
Add Sunway ForceControl NetDBServer.exe Buffer Overflow (Feature #6331 )
2012-02-02 02:43:32 -06:00
juan
82eacbe2fd
Added module for CVE-2008-2551
2012-02-01 23:26:28 +01:00
Tod Beardsley
e371f0f64c
MSFTidy commits
...
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.
Squashed commit of the following:
commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:58:53 2012 -0600
Break up the multiline SOAP thing
commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:48:16 2012 -0600
More whitespace and indent
commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:39:36 2012 -0600
Whitespace fixes
commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:35:37 2012 -0600
Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
Jonathan Cran
c3bd151197
add a ranking
2012-01-31 20:43:32 -06:00
Jonathan Cran
47c7f47f4e
Merge branch 'master' of r7.github.com:rapid7/metasploit-framework
2012-01-31 20:38:30 -06:00
Jonathan Cran
d9ee43d3dc
add disclosure date
2012-01-31 20:38:05 -06:00
Jonathan Cran
a814a9dce7
add disclosure date
2012-01-31 20:35:58 -06:00
Oliver-Tobias Ripka
0ba7557865
Fix typo in seattlelab_pass.rb exploit.
...
Also remove the $ from the end of the regex which stopped
the exploit from being executed.
2012-01-31 21:09:51 +01:00
Steve Tornio
e392958d90
add osvdb ref
2012-01-31 07:06:33 -06:00
sinn3r
bfd4734cbf
Forgot to add CMD as a datastore option, here it is
2012-01-30 17:34:58 -06:00
sinn3r
08134ad600
Add Exploit-DB reference
2012-01-30 16:17:25 -06:00
sinn3r
f3c340a9ab
Add vBSEO proc_deutf() Remote Code Execution (Feature #6307 )
2012-01-30 16:15:27 -06:00
sinn3r
1dec4c0c45
These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE']
2012-01-30 13:08:35 -06:00
sinn3r
fbac9a7239
Forgot to remove this comment
2012-01-28 13:18:15 -06:00
sinn3r
7b866eee86
Use the proper function for verbose prints
2012-01-27 12:50:01 -06:00
sinn3r
64651e52a8
Credit Shane of X-Force for the discovery
2012-01-27 11:18:34 -06:00
HD Moore
b4e2228404
Fix exitfunc option name
2012-01-27 09:15:31 -06:00
sinn3r
298b94d397
Add MS12-004 MIDI Heap Overflow Remote Code Execution Exploit (CVE-2012-003)
2012-01-27 03:48:39 -06:00
sinn3r
3952a06292
Minor changes
2012-01-26 11:35:43 -06:00
Christopher McBee
1af6740b24
Initial checking of hp_magentservice module
2012-01-25 13:04:30 -05:00
Tod Beardsley
f6a6963726
Msftidy run over the recent changed+added modules
2012-01-24 15:52:41 -06:00
sinn3r
9e5d2ff60e
Improve URI, plus some other minor changes.
2012-01-19 13:26:25 -06:00
sinn3r
ca51492079
Merge branch 'master' of https://github.com/joernchen/metasploit-framework into joernchen-master
2012-01-19 13:17:06 -06:00
Joshua J. Drake
292332d355
Add some error handling for tns_version method
2012-01-19 13:03:19 -06:00
joernchen of Phenoelit
2199cd18d7
fine tuning thx to sinn3r
2012-01-19 19:50:30 +01:00
joernchen of Phenoelit
df9380500a
disclosure date added
2012-01-19 19:19:53 +01:00
Tod Beardsley
8ce47ab832
Changing license for KillBill module
...
Talked with Solar Eclipse, and he's consented to change his module
license from GPL to BSD, thus striking a blow for freedom. Thanks!
2012-01-19 11:39:56 -06:00
joernchen of Phenoelit
197eb16f72
gitorious remote command exec exploit
2012-01-19 11:36:08 +01:00
Tod Beardsley
ad6f8257e1
MSFTidy fixes.
2012-01-18 15:01:32 -06:00
sinn3r
d6e8f0b54d
Add Felipe as an author (plus a reference) because looks like the PoC originally came from him.
2012-01-18 13:33:27 -06:00
sinn3r
064a71fb1d
Add CVE-2011-3167 HP OpenView NNM exploit (Feature #6245 )
2012-01-18 12:05:18 -06:00
sinn3r
e4ed3c968d
Add OSVDB and BID references
2012-01-17 18:16:47 -06:00
sinn3r
75f543f3eb
Hilarious, I forgot to change the disclosure date.
2012-01-17 18:11:18 -06:00
sinn3r
2e8122dc88
Better MSF style compliance
2012-01-17 14:54:50 -06:00
sinn3r
a682e68073
Add CVE-2011-4786 HP Easy Printer Care XMLCacheMgr exploit (Feature #6246 )
2012-01-17 12:28:47 -06:00
sinn3r
4f16caed0f
Change naming style for MS type bug
2012-01-17 03:00:07 -06:00
sinn3r
eb5641820f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-16 19:56:10 -06:00
sinn3r
618097ba3d
Whitespace and keyword cleanup
2012-01-16 19:55:27 -06:00
sinn3r
c15e7da0b8
Add ZDI-12-012 McAfee SaaS ShowReport code execution
2012-01-16 18:44:11 -06:00
sinn3r
4689421201
Correct variable naming style
2012-01-16 16:03:48 -06:00
Tod Beardsley
11fc423339
Merge pull request #102 from cbgabriel/bsplayer-m3u
...
modules/exploits/windows/fileformat/bsplayer_m3u.rb
2012-01-16 11:24:48 -08:00
Steve Tornio
bd31f3f480
add osvdb ref
2012-01-13 13:21:33 -06:00
sinn3r
2eb35728f6
Randomize nops
2012-01-12 18:37:25 -06:00
root
ffe81584d1
updated author
2012-01-12 19:02:34 -05:00
sinn3r
e42e0004a9
Merge branch 'ms05_054_onload' of https://github.com/SamSharps/metasploit-framework into SamSharps-ms05_054_onload
2012-01-12 17:46:50 -06:00
root
a8ef3417b5
Fixed the date
2012-01-12 20:54:55 -06:00
Sam Sharps
e75e23b963
Removed more unused variables and fixed some formatting
2012-01-12 18:13:28 -06:00
Sam Sharps
f22f54034a
Removed unused variables
2012-01-12 18:05:54 -06:00
Sam Sharps
87ee6905df
Modified exploit to not need egg hunter shellcode
2012-01-12 18:01:22 -06:00
root
ad0b745b31
new file: modules/exploits/windows/fileformat/bsplayer_m3u.rb
2012-01-12 16:12:43 -05:00
Tod Beardsley
500cfa6dd1
Removing telnet_encrypt_keyid_bruteforce.rb to unstable
...
can't ship for a few problems, will be fixed up soonish but
about to release a build.
2012-01-11 14:00:42 -06:00
Tod Beardsley
092b226cce
Updating tns_auth_sesskey to use a user-supplied SID
...
Applying the patch suggested by Lukas, here: http://mail.metasploit.com/pipermail/framework/2012-January/008374.html
2012-01-11 07:31:36 -06:00
Tod Beardsley
7e25f9a6cc
Death to unicode
...
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
sinn3r
bc9014e912
Add new v3.4 target by Michael Coppola (Feature #6207 )
2012-01-09 23:51:11 -06:00
sinn3r
90eb2b9a75
Add CVE-2011-4862 encrypt_key_id using the brute-force method (Feature #6202 )
2012-01-09 19:35:06 -06:00
sinn3r
8eee54d1d0
Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb)
2012-01-09 14:23:37 -06:00
Tod Beardsley
e7d7302644
Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a viewer has a Unicode-capable terminal.
2012-01-09 11:22:44 -06:00
Patroklos Argyroudis
5d359785ae
Firefox 3.6.16 mChannel exploit for Mac OS X 10.6.8, 10.6.7 and 10.6.6
2012-01-09 12:10:25 +02:00
sinn3r
03a39f7fe8
Whitespace cleanup, also change print_status usage when verbose
2012-01-09 02:21:39 -06:00
sinn3r
2f9d563067
Update reference
2012-01-09 02:14:29 -06:00
sinn3r
243dbe50f0
Correct author name. Unfortunately not all editors can print unicode correctly.
2012-01-07 15:18:25 -06:00
sinn3r
4e858aba89
Add CVE-2012-0262 Op5 welcome.php Remote Code Execution
2012-01-07 15:13:45 -06:00
sinn3r
4645c1c2b9
Add CVE-2012-0261 Op5 license.php Remote Code Execution
2012-01-07 15:12:49 -06:00
David Maloney
9cf2af6a94
Adds exploit/windows/htt/xampp_webdav_upload_php
...
This exploit abuses weak default passwords on XAMPP
for windows to uplaod a php payload and execute it.
Fixes #2170
2012-01-06 12:00:14 -08:00
Sam Sharps
06414c2413
changed author to my actual name
2012-01-06 01:03:20 -06:00
Sam Sharps
b26ed37467
Added description, urls, and another author
2012-01-06 00:47:01 -06:00
Sam Sharps
5c05cebaf7
Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790
2012-01-06 00:16:45 -06:00
sam
f3a9bc2dad
Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790
2012-01-06 00:12:28 -06:00
HD Moore
8315709fb6
Correct typo and set the disclosure date
2012-01-04 19:46:56 -06:00
sinn3r
8cced0a91e
Add CVE-2011-2462 Adobe Reader U3D exploit
2012-01-04 03:49:49 -06:00
Joshua J. Drake
958ffe6e1d
Fix stack trace from unknown agents
2012-01-02 03:41:49 -06:00
Steve Tornio
7bfdc9eff4
add osvdb ref
2012-01-01 09:10:10 -06:00
sinn3r
d9db03dba6
Add CoCSoft StreamDown buffer overflow (Feature #6168 ; no CVE or OSVDB ref)
2011-12-30 10:16:29 -06:00
sinn3r
b202c29153
Correct e-mail format
2011-12-29 11:27:10 -06:00
sinn3r
d484e18300
Add e-mail for tecr0c
2011-12-29 11:14:15 -06:00
sinn3r
9972f42953
Add e-mail for mr_me for consistency
2011-12-29 11:01:38 -06:00
sinn3r
b5b2c57b9f
Correct e-mail format
2011-12-29 10:57:00 -06:00
sinn3r
a330a5c63a
Add e-mail for Brandon
2011-12-29 10:53:39 -06:00
Steve Tornio
778d396bc6
add osvdb ref
2011-12-29 07:54:15 -06:00
Steve Tornio
6d72dbb609
add osvdb ref
2011-12-29 07:54:01 -06:00
Steve Tornio
a00dad32fe
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2011-12-29 07:50:33 -06:00
Steve Tornio
27d1601028
add osvdb ref
2011-12-29 07:49:16 -06:00
Tod Beardsley
0e3370f1fe
Grammar and spelling on splunk and oracle exploits
2011-12-28 13:42:56 -06:00
HD Moore
5dc647a125
Make it clear that this exploit is for RHEL 3 (White Box 3 uses the same
...
packages)
2011-12-28 02:02:03 -06:00
HD Moore
5d67bd2a5e
Phew. Exhaustive test of all i386 FreeBSD versions complete
2011-12-28 01:38:55 -06:00
HD Moore
1ff0cb2eef
More testing - looks like 5.5 is not exploitable, at least not the same
...
way
2011-12-28 01:30:25 -06:00
HD Moore
e071944a1a
Allow ff in payloads but double them back up
2011-12-28 00:04:24 -06:00
HD Moore
edb9843ef9
Add Linux exploit with one sample target (Whitebox Linux 3)
2011-12-28 00:00:10 -06:00
HD Moore
79103074cb
Add credit for Dan's advice
2011-12-27 23:39:02 -06:00
HD Moore
f9224d6010
Adds basic coverage for CVE-2011-4862. Ported from Jaime Penalba
...
Estebanez's code, mostly written by Brandon Perry, exploit method (jmp
edx) by Dan Rosenberg, and general mangling/targets by hdm.
2011-12-27 23:37:30 -06:00
sinn3r
101eba6aa5
Add CVE-2011-3587 Plone/Zope Remote CMD Injection (Feature #6151 )
2011-12-27 00:59:26 -06:00
Steve Tornio
4215ef3ae1
add osvdb ref
2011-12-24 06:54:39 -06:00
steponequit
69570dada6
Add CVE-2008-2161 OpenTFTP SP 1.4 Buffer Overflow by steponequit
2011-12-23 16:28:36 -06:00
steponequit
84c6739921
added initial opentftp 1.4 windows exploit
2011-12-23 11:27:11 -06:00
sinn3r
41697440c7
Add Oracle Job Scheduler Command Execution (CreateProcessA) - Feature #6079
2011-12-23 01:22:39 -06:00
sinn3r
b5b24a1fbf
Add a check. I decided not to try to login in the check function in order to remain non-malicious.
...
However, this decision doesn't represent how modules should write their own check.
2011-12-22 13:16:54 -06:00
sinn3r
262fe75e0a
Add CVE-2011-4642 - Splunk Remote Code Execution (Feature #6129 )
2011-12-22 13:04:37 -06:00
sinn3r
baaa1f6c82
Add US-Cert references to all these SCADA modules. The refers are based on this list:
...
http://www.scadahacker.com/resources/msf-scada.html
2011-12-20 14:07:29 -06:00
sinn3r
b58097a2a7
Remove junk() because it's never used
2011-12-17 01:28:07 -06:00
sinn3r
fae80f8d49
typo
2011-12-16 11:10:46 -06:00
Steve Tornio
1712f2aa22
add osvdb ref
2011-12-14 07:23:11 -06:00
Steve Tornio
85caabbf5d
add osvdb ref
2011-12-14 07:19:34 -06:00
HD Moore
86b3409d47
Actually return
2011-12-13 20:01:13 -06:00
HD Moore
cb456337a0
Handle invalid http responses better, see #6113
2011-12-13 19:54:10 -06:00
sinn3r
fea4bfb85c
Repair dead milw0rm link to exploit-db
2011-12-13 16:13:53 -06:00
sinn3r
c1a4c4e584
Repair dead milw0rm link to exploit-db
2011-12-13 16:13:34 -06:00
sinn3r
acef9de711
Repair dead milw0rm link to exploit-db
2011-12-13 16:13:15 -06:00
sinn3r
e7ab48693c
Repair dead milw0rm link to exploit-db
2011-12-13 16:12:57 -06:00
sinn3r
94b736c76c
Repair dead milw0rm link to exploit-db
2011-12-13 16:12:38 -06:00
sinn3r
97b74101fb
Repair dead milw0rm link to exploit-db
2011-12-13 16:12:11 -06:00
sinn3r
d246bfa4da
Credit Luigi Auriemma for the original discovery/poc, not Celil
2011-12-13 15:20:26 -06:00
sinn3r
d87d8d5799
Add CVE-2011-4453 (PmWiki Remote code exeuction - Feature #6103 )
2011-12-13 11:45:24 -06:00
Tod Beardsley
a8fad72fce
Merge branch 'msftidy_fixup'
...
Merging a local msftidy cleanup branch, adding a new optional msftidy
test to check for 1.8 compat and cleaning up some whitespace /
file.open()'s.
2011-12-12 17:55:21 -06:00
Tod Beardsley
f402b8598b
Whitespace and File.open binary mode cleanups.
...
Fixes some recent modules: dns_fuzzer, shodan_search,
avidphoneticindexer, and win_privs.
2011-12-12 17:31:28 -06:00
sinn3r
32c8301c19
Add feature #6082 (Traq 2.3 Auth bypass remote code execution)
2011-12-12 15:45:19 -06:00
sinn3r
bacdbb90d7
ugh, stack overflow != stack buffer overflow. Also, metadata format fix.
2011-12-12 15:23:32 -06:00