Commit Graph

420 Commits (97ab9fa8df077128921ea368e5ad6f79e35cdd44)

Author SHA1 Message Date
midnitesnake ad2b457fda Added linux port for postgres payload 2012-08-14 17:46:35 +01:00
HD Moore f72f334124 Fix an odd issue with search due to use of the builtin Proxies option 2012-08-12 23:22:38 -05:00
RageLtMan 3711297719 dd Opt::Proxies and opthash[:proxies] to exploits 2012-08-12 16:29:39 -04:00
Tod Beardsley 955a5af8cf Adding OSVDB ref 2012-08-07 12:56:29 -05:00
Steve Tornio 54ed27c1b3 add osvdb ref 2012-08-05 09:02:54 -05:00
bcoles 2bf0899d09 minor improvements to Zenoss showdaemonxmlconfig exploit 2012-08-01 20:15:45 +09:30
bcoles bdf8f1a543 Clean up Zenoss exploit + minor improvements
Changed send_request_raw() to send_request_cgi()
 - Removed redundant request headers 'Content-Length'

Added rescue error message for connection failures

Changed username to the default 'admin' account
2012-07-30 18:04:14 +09:30
bcoles 8d3700cc3c Add Zenoss <= 3.2.1 exploit and Python payload
- modules/exploits/linux/http/zenoss_3.2.1_showdaemonxmlconfig_exec.rb
 - modules/payloads/singles/cmd/unix/reverse_python.rb
2012-07-30 01:24:27 +09:30
sinn3r e483af64e4 Random text 2012-07-26 15:14:02 -05:00
sinn3r 6c3b05f1c4 Add CVE-2012-2953 Symantec Web Gateway proxy_file() cmd exec bug 2012-07-26 13:11:05 -05:00
sinn3r 3cb60fb42a Fix 1.8-specific regexp syntax bug
The bug was:
line 343: warning: regexp has invalid interval
line 343: warning: regexp has '}' without escape
2012-07-26 02:19:13 -05:00
sinn3r b662881613 Enforce a check before firing the exploit 2012-07-19 16:43:52 -05:00
James Lee d238debb2f Add disclo date, discoverers, and better description 2012-07-18 16:14:32 -06:00
James Lee ebe48ecf16 Add Rank for schelevator, update sock_sendpage's 2012-07-18 11:16:29 -06:00
James Lee 7091d1c65b Add an exploit for sock_sendpage
Unfortunately, adds a dep on bionic for runtime compilation.

Gets ring0, sets the (res)uid to 0 and jumps to the payload.  Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into.  Single payloads work fine, though.

Also cleans up and improves local exploits' ability to compile C.

[SEERM #3038]
2012-07-15 20:29:48 -06:00
James Lee 6d6b4bfa92 Merge remote branch 'rapid7/master' into omg-post-exploits 2012-07-08 17:32:39 -06:00
sinn3r e5dd6fc672 Update milw0rm references.
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links.  Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
James Lee 6913440d67 More progress on syscall wrappers
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
2012-06-22 17:45:49 -06:00
James Lee fd8b1636b9 Add the first bits of a sock_sendpage exploit
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.

Baby steps.
2012-06-22 00:03:29 -06:00
HD Moore d40e39b71b Additional exploit fail_with() changes to remove raise calls 2012-06-19 19:43:41 -05:00
HD Moore fb7f6b49f0 This mega-diff adds better error classification to existing modules 2012-06-19 12:59:15 -05:00
James Lee 7eebc671ba Put the curly braces back and drop a comma
The curly braces make extra commas at the end ok in 1.8. So fe39642e
broke this module for 1.8. Having braces doesn't hurt anything and
protects against syntax errors if a module author is not dilligent with
their commas, especially after copy-pasting another module.
2012-06-16 01:17:33 -06:00
Tod Beardsley fe39642e27 Dropping extra curly braces on f5 module
Also dropping extra whitespace.
2012-06-15 12:23:34 -05:00
sinn3r 45eb531c23 Add Jun as an author for the initial discovery 2012-06-13 15:50:45 -05:00
Tod Beardsley ae59f03ac9 Fixing print message in snort module 2012-06-13 14:04:05 -05:00
James Lee 1138290a64 Return nil when an error occurred
Avoids anti-pattern of testing for a specific class.
2012-06-13 09:41:20 -06:00
HD Moore a2aaca5e85 Correct a fp with this exploit module (would always print success) 2012-06-13 10:38:05 -05:00
HD Moore 00aa8c0452 Add missing ExploitRank 2012-06-12 15:35:53 -05:00
HD Moore 4ea5712140 Add a timeout for wonky systems that hang during negotiation 2012-06-12 15:24:13 -05:00
Steve Tornio 5775fa9e67 add osvdb ref 2012-06-12 14:53:55 -05:00
James Lee a91085d6cd Add a disclosure date and more detailed desc 2012-06-12 13:07:53 -06:00
James Lee 11df90c98e Call update_info
Not sure why all modules don't do this. Or none of them.
2012-06-12 13:01:36 -06:00
James Lee c564e9dcc4 Fix 1.8 compat error
Net::SSH expects +key_data+ to be an array of strings. Giving it just a
string works in 1.9 but not 1.8, presumably due to some errant use of
+each+.
2012-06-12 12:50:46 -06:00
James Lee 539deabef5 Clean up title, options 2012-06-12 12:08:58 -06:00
James Lee 85e1555e13 Payload compat to work with unix/interact 2012-06-12 11:46:21 -06:00
James Lee 3d5417e574 Initial commit of F5 exploit 2012-06-12 11:37:22 -06:00
jvazquez-r7 b908ccff0f Added module for CVE-2012-0297 2012-06-10 22:38:58 +02:00
sinn3r 8f6457661d Change description 2012-06-10 01:52:26 -05:00
jvazquez-r7 f0082ba38f Added module for CVE-2012-0299 2012-06-09 22:27:27 +02:00
sinn3r d9c39d3798 Fix the rest of nil res from get_once 2012-06-04 17:26:15 -05:00
Christian Mehlmauer 3752c10ccf Adding FireFart's RPORT(80) cleanup
This was tested by creating a resource script to load every changed
module and displaying the options, like so:

````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````

...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.

Thanks FireFart!

Squashed commit of the following:

commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Fri May 25 22:09:42 2012 +0200

    Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
2012-06-02 09:53:19 -05:00
James Lee 4681ed1c1e Whitespace, thanks msftidy.rb! 2012-05-31 18:18:27 -06:00
Steve Tornio fe86ab9914 =Add osvdb ref 2012-05-29 13:31:20 -05:00
sinn3r d615e3bcb8 Print target IP/Port when restoring currencies.php 2012-05-28 01:33:45 -05:00
sinn3r 712a21717a Totally forgot about disclosure date, damn it 2012-05-28 01:31:13 -05:00
sinn3r 7c1442c4b4 Merge pull request #421 from wchen-r7/symantec_web_gateway
Add CVE-2012-0297 Symantec Web Gateway
2012-05-27 23:28:59 -07:00
sinn3r 34c93d8e44 Fix check 2012-05-28 00:51:46 -05:00
sinn3r 96d70e5fb6 Add CVE-2012-0297 Symantec Web Gateway 2012-05-27 22:47:39 -05:00
jvazquez-r7 e774df5c32 target info plus relocation 2012-05-25 20:16:13 +02:00
sinn3r f9bcb95952 Correct EDB references 2012-05-19 02:24:29 -05:00
HD Moore f6c88377f4 Fixes #362 by changing the exitfunction arguments to be the correct type 2012-05-07 02:41:08 -05:00
Steve Tornio 92e07aab12 Add osvdb ref 2012-05-05 10:13:18 -05:00
Tod Beardsley 43d730d564 Squashed commit of minor cosmetic fixes:
commit eed15ea9ecc88683c8d922fe155d4777a7ce1286
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed May 2 21:55:56 2012 -0500

    Whitespace at EOL. Dangit.

commit 8159b27728d1a4fd0ad94ff56c4b4f2b995646f8
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed May 2 16:38:01 2012 -0500

    Disambiguating 'WebCalendar'
2012-05-02 21:57:41 -05:00
sinn3r 46ad599673 Add CVE-2012-1495 WebCalendar settings.php code injection 2012-04-28 02:32:04 -05:00
sinn3r 9a00823828 Merge branch '0a2940-CVE-2008-5499_adobe_flashplayer_aslaunch' 2012-04-19 18:08:22 -05:00
sinn3r f5e8f57497 Minor fixes 2012-04-19 18:07:35 -05:00
sinn3r 1065111817 Correct TARGETURI description 2012-04-18 18:57:37 -05:00
Tod Beardsley 4bcbdc54c9 Cutting over rails3 to master.
This switches the Metasploit Framework to a Rails 3 backend. If you run
into new problems (especially around Active Record or your postgresql
gem) you should try first updating your Ruby installation to 1.9.3 and
use a more recent 'pg' gem.

If that fails, we'd love to see your bug report (just drop all the
detail you can into an issue on GitHub). In the meantime, you can
checkout the rails2 branch, which was branched from master immediately
before this cutover.

Squashed commit of the following:

commit 5802ec851580341c6717dfea529027c12678d35f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 23:30:12 2012 -0500

    Enable MSF_BUNDLE_GEMS mode by default (set to N/F/0 to disable)

commit 8102f98dce9eb0c73c4374e40dce09af7b51d060
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 23:30:03 2012 -0500

    Add a method to expand win32 file paths

commit bda6479d154cf75572dd5de8b66bfde661a55de9
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:53:44 2012 -0500

    Fix 1.8.x compatibility

commit 101ce4eb17bfdf755ef8c0a5198174668b6cd6fd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:40:59 2012 -0500

    Use verbose instead of stringio

commit 5db467ffb593488285576d183b1662093e454b3e
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:30:06 2012 -0500

    Hide the iconv warning, were stuck with it due to EBCDIC support

commit 63b9cb20eb6a61daf4effb4c8d2761c16ff0c4e0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:29:58 2012 -0500

    Dont use GEM_HOME by default

commit ca49271c22c314a4465fff934334df18c704cbc0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:23:34 2012 -0500

    Move Gemfile to root (there be dragons, lets find them) and catch failed bundler loads

commit 34af04076a068e9f60c5526045ddbba5fca359fd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:18:29 2012 -0500

    Fallback to bundler when not running inside of a installer env

commit ed1066a4f3f12fae7d4afc03eb1ab70ffe2f9cf3
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 16:26:55 2012 -0500

    Remove a mess of gems that were not actually required

commit 21290a73926809e9049a59359449168f740d13d2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:59:10 2012 -0500

    Hack around a gem() call that is well-intentioned but an obstacle in this case

commit 8e414a8bfab9641c81088d22f73033be5b37a700
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 15:06:08 2012 -0500

    Ruby, come on. Ducktype this. Please.

    Use interpolated strings to get the to_s behavior you don't get with
    just plussing.

commit 0fa92c58750f8f84edbecfaab72cd2da5062743f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:05:42 2012 -0500

    Add new eventmachine/thin gems

commit 819d5e7d45e0a16741d3852df3ed110b4d7abc44
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:01:18 2012 -0500

    Purge (reimport in a second)

commit ea6f3f6c434537ca15b6c6674e31081e27ce7f86
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:54:42 2012 -0500

    Cleanup uncessary .so files (ext vs lib)

commit d219330a3cc563e9da9f01fade016c9ed8cda21c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:53:02 2012 -0500

    PG gems built against the older installation environment

commit d6e590cfa331ae7b25313ff1471c6148a6b36f3b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:06:35 2012 -0500

    Rename to include the version

commit a893de222b97ce1222a55324f1811b0262aae2d0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 13:56:47 2012 -0500

    Detect older installation environments and load the arch-lib directories into the search path

commit 6444bba0a421921e2ebe2df2323277a586f9736f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 13:49:25 2012 -0500

    Merge in windows gems

commit 95efbcfde220917bc7ee08e6083d7b383240d185
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 13:49:33 2012 -0500

    Report_vuln shouldn't use :include in finder

    find_or_create_by doesn't take :include as a param.

commit c5f99eb87f0874ef7d32fa42828841c9a714b787
Author: David Maloney <DMaloney@rapid7.com>
Date:   Sun Apr 15 12:44:09 2012 -0500

    One more msised Mdm namespace issue

commit 2184e2bbc3dd9b0993e8f21d2811a65a0c694d68
Author: David Maloney <DMaloney@rapid7.com>
Date:   Sun Apr 15 12:33:41 2012 -0500

    Fixes some mroe Mdm namespace confusion
    Fixes #6626

commit 10cee17f391f398bb2be3409137ff7348c7a66ee
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 03:40:44 2012 -0500

    Add robots gem (required by webscan)

commit 327e674c83850101364c9cca8f8d16da1de3dfb5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 03:39:05 2012 -0500

    Fix missing error checks

commit a5a24641866e47e611d7636a3f19ba3b3ed10ac5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 01:15:37 2012 -0500

    Reorder requires and add a method for injecting a new migration path

commit 250a5fa5ae8cb05807af022aa4168907772c15f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:56:09 2012 -0500

    Remove missing constant (use string) and add gemcache cleaner

commit 37ad6063fce0a41dddedb857fa49aa2c4834a508
Merge: d47ee82 4be0361
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 00:40:16 2012 -0500

    Merge branch 'master-clone' into rails3-clone

commit d47ee82ad7e66de53dd3d3a65649cc37299a2479
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:30:03 2012 -0500

    cleanup leftovers from gems

commit 6d883b5aa8a3a7ddbcde5bfd4521d57c5b30d3c2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:25:47 2012 -0500

    MDM update with purged DBSave module

commit 71e4f2d81f6da221b76150562a16c730888f5925
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 23:19:37 2012 -0500

    Add new mdm

commit 651cd5adac8211d65e0c8079371d8264e549533a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 23:19:13 2012 -0500

    Update mdm

commit 0191a8bd0acec30ddb2a9e9c291111a12378537f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 22:30:40 2012 -0500

    This fixes numerous cases of missed Mdm:: prefixes on db objects

commit a2a9bb3f2148622c135663dead80b3367b6f7695
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 18:30:18 2012 -0500

    Add eventmachine

commit 301ddeb12b906ed3c508613ca894347bedc3b499
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 18:18:12 2012 -0500

    A nicer error for folks who need to upgrade pg

commit fa6bde1e67b12e2d3d9978f59bbc98e0c1a1a707
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:54:55 2012 -0500

    Remove bundler requirements

commit 2e3ab9ed211303f1116e602b9a450141b71e56a4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:35:38 2012 -0500

    Pull in eventmachine with actual .so's this time

commit 901fb33ff6b754ce2c2cfd51e3b0b669f6ec600b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:19:12 2012 -0500

    Update deps, still need to add eventmachine

commit 6b0e17068e8caa0601f3ef81e8dbdb672758fcbe
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 13:07:06 2012 -0500

    Handle older installer environments and only allow binary gems when the
    environment specifically asks for it

commit b98eb7873a6342834840424699caa414a5cb172a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 04:05:13 2012 -0500

    Bump version to -testing

commit 6ac508c4ba3fdc278aaf8cfe2c58d01de3395431
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:25:09 2012 -0500

    Remove msf3 subdir

commit a27dac5067635a95b4cbb773df1985f2a2dc2c5a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:24:39 2012 -0500

    Remove the old busted external

commit 5fb5a0fc642b6c301934c319db854cc3145427a1
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:03:10 2012 -0500

    Add the gemcache loader

commit 09e2d89dfd09b9ac0c123fcc4e19816c86725627
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:02:23 2012 -0500

    Purge gemfile/bundler configure in exchange for new gemcache setup

commit 3cc0264e1cfb027b515d7f24b95a74b023bd905c
Author: Tod Beardsley <todb@metasploit.com>
Date:   Thu Apr 12 14:11:45 2012 -0500

    Mode change on modicon_ladder.apx

commit c18b3d56efd639e461137acdc76b4b283fe978d4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Thu Apr 12 01:38:56 2012 -0500

    The go faster button

commit ca2a67d51d6d4c7c3ca2e745f8b018279aef668a
Merge: 674ee09 b8129f9
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Apr 9 15:50:33 2012 -0500

    Merge branch 'master-clone' into rails3-clone

    Picking up Packetfu upstream changes, all pretty minor

commit 674ee097ab8a6bc9608bf377479ccd0b87e7302b
Merge: e9513e5 a26e844
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Apr 9 13:57:26 2012 -0500

    Merge branch 'master-clone' into rails3-clone

    Conflicts:
    	lib/msf/core/handler/reverse_http.rb
    	lib/msf/core/handler/reverse_https.rb
    	modules/auxiliary/scanner/discovery/udp_probe.rb
    	modules/auxiliary/scanner/discovery/udp_sweep.rb

    Resolved conflicts with the reverse_http handlers and the udp probe /
    scanners byt favoring the more recent changes (which happened to be the
    intent anyway). The reverse_http and reverse_https changes were mine so
    I know what the intent was, and @dmaloney-r7 changed udp_probe and
    udp_sweep to use pcAnywhere_stat instead of merely pcAnywhere, so the
    intent is clear there as well.

commit e9513e54f984fdb100c13b44a1724246779ccb76
Author: David Maloney <dmaloney@melodie.gateway.2wire.net>
Date:   Fri Apr 6 18:21:46 2012 -0500

    Some fixes to how services get reported to prevent issues with the web interface

commit adeb44e9aaf1a329a0e587d2b26e678398730422
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Mon Apr 2 15:39:46 2012 -0500

    Some corrections to pcAnywhere discovery modules to distinguish between the two services

commit b13900176484fea8f5217a2ef925ae2ad9b7af47
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 31 12:03:21 2012 -0500

    Enable additional migration-path parameters, use a temporary directory to bring the database online

commit 526b4c56883f461417f71269404faef38639917c
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Wed Mar 28 23:24:56 2012 -0500

    A bunch of Mdsm fixes for .kind_of? calls, to make sure we ponit to the right place

commit 2cf3143370af808637d164ce59400605300f922c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 16:22:09 2012 -0500

    Check for ruby 2.0 as well as 1.9 for encoding override

commit 4d0f51b76d89f00f7acbce6b1f00dc6e4c4545ee
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 15:36:04 2012 -0500

    Remove debug statement

commit f5d2335e7745aa1a354f4d6c8fc9d0b3876c472a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 15:01:55 2012 -0500

    Be explicit about the Mdm namespace

commit bc8be225606d6ea38dd2a85ab4310c1c181a94ee
Author: hdm <hdm@hypo.(none)>
Date:   Mon Mar 26 11:49:51 2012 -0500

    Precalculate some uri strings in case the 1000-round generation fails

commit 4254f419723349ffb93e4aebdaeabbd7d66bf8c0
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Sat Mar 24 14:03:44 2012 -0500

    Removed some non-namespaced calls to Host

commit c8190e1bb8ad365fb0d7a1c4a9173e6c739be85c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Mar 20 00:37:00 2012 -0500

    Purge the rvmrc, this is causing major headaches

commit 76df18588917b7150a3bedf2569710a80bab51f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Mar 20 00:31:52 2012 -0500

    Switch .rvmrc to the shipping 1.9.3 version

commit 7124971d0032b268f4ddf89aca125f15e284f345
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Mon Mar 12 16:56:40 2012 -0500

    Adds mixin for looking up Mime Types by extension

commit b7ca8353164c43db6bacb2f3f16afa1269f66e43
Merge: a0b0c75 6b9a219
Author: Matt Buck <techpeace@gmail.com>
Date:   Tue Mar 6 19:38:53 2012 -0600

    Merge from develop.

commit a0b0c7528d2b8fabb76b2246a15004bc89239cf0
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Mar 6 11:08:59 2012 -0600

    Somehow migration file is new?

commit 84d2b3cb1ad6290413c3ea3222ddf9932270b105
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Wed Feb 29 16:38:55 2012 -0600

    Added ability to specify headers to redirects in http server

commit e50d27cda83872c616722adb03dc1a6a5e685405
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Feb 4 04:44:50 2012 -0600

    Tweak the event dispatcher to enable customer events without a category
    and trigger http request events from the main exploit mixin.
    Experimental

commit 0e4fd2040df49df2e6cb0e8d2c6240a03d108033
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Thu Feb 2 22:09:05 2012 -0600

    Change Msm -> Mdm in migrations. This is what was preventing migrations from finishing on first boot.

commit c94a2961d04eee84adfd42bb01ed7a3e3846b83a
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Wed Feb 1 12:48:48 2012 -0600

    Changed Gemfile to use new gem name

commit 245c2063f06b4fddbfc607d243796669ef236136
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Wed Feb 1 12:47:42 2012 -0600

    Did find/replace for final namespace of Mdm

commit 6ed9bf8430b555dcbe62daeddb2f33bd400ab5bc
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 24 10:47:44 2012 -0600

    Fix a bunch of namespace issues

commit 2fe08d9e4226c27e78d07a00178c58f528cbc72e
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Fri Jan 20 14:37:37 2012 -0600

    Update Msm contstants in migrations for initial DB builds.

commit 4cc6b8fb0440c6258bf70de77a9153468fea4ea5
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Fri Jan 20 14:37:25 2012 -0600

    Update Gemfile.lock.

commit 1cc655b678f0a054a9a783da119237fe3f67faa4
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Thu Jan 19 11:48:29 2012 -0600

    Errant Workspaces needed namespace

commit 607a78285582c530a68985add33ccf4d899c467a
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 17 15:44:02 2012 -0600

    Refactored all models to use the new namespace

    * Every model using DBManager::* namespace is now Msm namespace
    * Almost all of this in msf/base/core
    * Some in modules

commit a690cd959b3560fa2284975ca7ecca10c228fb05
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 17 13:41:44 2012 -0600

    Move bundler setup

commit dae115cc8f7619ca7a827123079cb67fb4d9354b
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Mon Jan 9 15:51:07 2012 -0600

    Moved ActiveSupport dep to gem

commit d32f8edb6e7f82079b775ffbc2b9a405d1f32b3b
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Mon Jan 9 14:40:05 2012 -0600

    Removed model require file

commit d0c74cff8c44771e566ec63b03eda10d03b25c42
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 3 16:06:10 2012 -0600

    Update some more finds

commit 4eb79ea6b58b74c309ab1f1bb0bd35fe9041de46
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 3 14:21:15 2012 -0600

    Yet another dumb commit

commit a75febcb593d52fdfe930306b4275829759d81d1
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Thu Dec 29 19:20:51 2011 -0600

    Fixing deletion

commit dc139ff2fdfc4e7cdee3901dfb863e70913d6b92
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Wed Dec 7 17:06:45 2011 -0600

    Fixed erroneous commit

commit 531c1e611cf4d23aeb9c48350dabf7630d662d25
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Mon Nov 21 16:11:35 2011 -0600

    Remove AR patch stuff; attempting to debug non-connection between MSF and Pro

commit 458611224189c7aa27e500aabd373d85dc2dc5c0
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Fri Nov 18 16:17:27 2011 -0600

    Drop ActiveRecord/ActiveSupport in preparation for upgrade
2012-04-15 23:35:38 -05:00
sinn3r 2d069f8013 Add CVE-2011-4828 module 2012-04-13 18:12:16 -05:00
sinn3r 860add8dfe Code cleanup 2012-04-11 20:26:52 -05:00
sinn3r 443f19abcf Merge branch 'CVE-2008-5499_adobe_flashplayer_aslaunch' of https://github.com/0a2940/metasploit-framework into 0a2940-CVE-2008-5499_adobe_flashplayer_aslaunch 2012-04-11 10:04:01 -05:00
0a2940 654701f1b2 new file: data/exploits/CVE-2008-5499.swf
new file:   external/source/exploits/CVE-2008-5499/Exploit.as
	new file:   modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb
2012-04-10 20:58:22 +01:00
sinn3r 51bdfe14fd 2012, not 2011, oops 2012-04-08 13:21:37 -05:00
sinn3r 24478e9eb5 Add Dolibarr ERP & CRM Command Injection Exploit 2012-04-08 13:20:22 -05:00
Tod Beardsley 2f3bbdc00c Sed replacement of exploit-db links with EDB refs
This is the result of:

find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/\([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
sinn3r cdd7a16603 Apply egypt's fix for "\n" 2012-03-19 10:19:10 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
Tod Beardsley 9144c33345 MSFTidy check for capitalization in modules
And also fixes up a dozen or so failing modules.
2012-03-15 16:38:12 -05:00
Steve Tornio ef4cdb516d add osvdb ref 2012-02-26 07:13:13 -06:00
sinn3r 7281a0ebdd Add CVE-2011-0923: HP Data Protector CMD_EXEC module (submitted by wireghoul) 2012-02-24 12:06:47 -06:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
HD Moore af56807668 Cleanup the titles of many exploit modules 2012-02-20 19:25:55 -06:00
Tod Beardsley 829040d527 A bunch of msftidy fixes, no functional changes. 2012-02-10 19:44:03 -06:00
sinn3r 1dec4c0c45 These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE'] 2012-01-30 13:08:35 -06:00
HD Moore 8315709fb6 Correct typo and set the disclosure date 2012-01-04 19:46:56 -06:00
sinn3r a330a5c63a Add e-mail for Brandon 2011-12-29 10:53:39 -06:00
Steve Tornio 6d72dbb609 add osvdb ref 2011-12-29 07:54:01 -06:00
HD Moore 5dc647a125 Make it clear that this exploit is for RHEL 3 (White Box 3 uses the same
packages)
2011-12-28 02:02:03 -06:00
HD Moore edb9843ef9 Add Linux exploit with one sample target (Whitebox Linux 3) 2011-12-28 00:00:10 -06:00
HD Moore 86b3409d47 Actually return 2011-12-13 20:01:13 -06:00
HD Moore cb456337a0 Handle invalid http responses better, see #6113 2011-12-13 19:54:10 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
Wei Chen e767214411 Fix: whitespaces, svn propset, author e-mail format
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 22:02:26 +00:00
Joshua Drake 62c8c6ea9f big msftidy pass, ping me if there are issues
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
Tod Beardsley 3c36b0c975 Msftidy: knocking out all those trailing spaces. Screw those guys.
git-svn-id: file:///home/svn/framework3/trunk@13967 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 03:49:49 +00:00
Wei Chen 14d7db1641 Add disclosure dates to all the exploit modules that didn't have one
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 21:09:17 +00:00
Joshua Drake 79c7fc7c70 fix up a typo
git-svn-id: file:///home/svn/framework3/trunk@13598 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-20 05:41:59 +00:00
Wei Chen f47a2c7565 Format dictatorship round 2: Fix author e-mail format for all exploit modules
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 20:17:58 +00:00
David Rude a8b6c43636 reverting the disclosure dates for now need to clean up the patch
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 20:43:19 +00:00
David Rude 3b7ea08f6a Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:17:31 +00:00
Wei Chen 03ac21e5be Updated disclosure date
git-svn-id: file:///home/svn/framework3/trunk@12387 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 04:34:31 +00:00
Steve Tornio cd9b742960 add osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@12202 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-01 14:00:49 +00:00
James Lee ca21393c4b remove debug print.
git-svn-id: file:///home/svn/framework3/trunk@12168 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-28 17:30:02 +00:00
James Lee 1096d1c076 add a combined module for exploiting DRb. thanks joernchen!
git-svn-id: file:///home/svn/framework3/trunk@12161 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-27 20:00:06 +00:00
David Rude e5ff1b030a fixed Platform and Arch to be compatible with command payloads
git-svn-id: file:///home/svn/framework3/trunk@12125 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-24 15:53:20 +00:00
James Lee e866eafb06 add keywords
git-svn-id: file:///home/svn/framework3/trunk@12106 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 16:59:19 +00:00
David Rude ea47253814 Changed title for consistency
git-svn-id: file:///home/svn/framework3/trunk@12093 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 14:24:48 +00:00
David Rude 139102de80 Removed testing file extension
git-svn-id: file:///home/svn/framework3/trunk@12068 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-22 17:24:16 +00:00
David Rude 23d89cd137 Added drb syscall exploit
git-svn-id: file:///home/svn/framework3/trunk@12067 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-22 16:09:03 +00:00
HD Moore a69278710a Commit an exploit for the Accellion File Transfer appliance default encryption key vulnerability.
git-svn-id: file:///home/svn/framework3/trunk@11935 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-11 17:37:23 +00:00
Joshua Drake c29bca4fb8 add keywords, oops
git-svn-id: file:///home/svn/framework3/trunk@11868 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-03 01:04:47 +00:00
Joshua Drake c7f6324fbd add cve-2011-0404 exploit from Evan
git-svn-id: file:///home/svn/framework3/trunk@11867 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-03 01:04:24 +00:00
Joshua Drake 1e951f6245 fix check method
git-svn-id: file:///home/svn/framework3/trunk@11526 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-09 23:33:53 +00:00
Joshua Drake db1f63eb1a remove stray comma
git-svn-id: file:///home/svn/framework3/trunk@11525 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-09 23:33:24 +00:00
Joshua Drake 0b43172413 add exploit for cve-2006-5815, oldy but often requested!
git-svn-id: file:///home/svn/framework3/trunk@11523 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-09 23:23:25 +00:00
Joshua Drake 59974635b1 fix cve reference
git-svn-id: file:///home/svn/framework3/trunk@11208 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-02 21:10:03 +00:00
Joshua Drake cf25de6658 fix argument error due to bad override
git-svn-id: file:///home/svn/framework3/trunk@11114 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-23 18:12:08 +00:00
Joshua Drake d0d4e0b8a4 remove unecessary instruction, thx StalkR!
git-svn-id: file:///home/svn/framework3/trunk@11034 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-14 03:41:12 +00:00
Joshua Drake a758dfe37d style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@10988 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 18:20:52 +00:00
Joshua Drake 470fed6609 add cookie bruting with ubuntu 10.04 target
git-svn-id: file:///home/svn/framework3/trunk@10951 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-08 17:16:32 +00:00
Joshua Drake 2a69811344 raise RuntimeError instead of return
git-svn-id: file:///home/svn/framework3/trunk@10932 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-06 18:09:28 +00:00
Joshua Drake 0b565d8619 add linux version (Debian unstable), update freebsd version
git-svn-id: file:///home/svn/framework3/trunk@10922 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-05 21:41:37 +00:00
Joshua Drake 2d6b995623 rename/clarify PrintfUtil encoder, fixes #2308
git-svn-id: file:///home/svn/framework3/trunk@10729 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-18 15:41:13 +00:00
Joshua Drake ae04e34cf7 fix some non-full-namespace includes
git-svn-id: file:///home/svn/framework3/trunk@10617 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-09 06:55:52 +00:00
Joshua Drake 7a04ce32ca demote due to interaction requirement
git-svn-id: file:///home/svn/framework3/trunk@10556 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-05 23:13:04 +00:00
HD Moore 748f2d3acd Make the title consistent with other modules
git-svn-id: file:///home/svn/framework3/trunk@10457 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-24 16:55:38 +00:00
Joshua Drake 4590844871 tons of indentation fixes, some other style tweaks
git-svn-id: file:///home/svn/framework3/trunk@10394 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 08:06:27 +00:00
Joshua Drake cef87782d7 fix some typos
git-svn-id: file:///home/svn/framework3/trunk@10238 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-04 02:10:22 +00:00
Joshua Drake 45303646d4 switch to using jmp ecx :-/
git-svn-id: file:///home/svn/framework3/trunk@9854 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-17 04:34:39 +00:00
Joshua Drake 899ecc2604 use a more indirect method, more reliable
git-svn-id: file:///home/svn/framework3/trunk@9852 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-17 01:28:27 +00:00
Joshua Drake 3b4c732ec0 typos
git-svn-id: file:///home/svn/framework3/trunk@9843 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-16 03:34:22 +00:00
Joshua Drake f4f1c1105d add exploit for cve-2010-2063
git-svn-id: file:///home/svn/framework3/trunk@9841 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-16 02:31:37 +00:00
HD Moore bb67f56ee8 Clean up two samba modules to prevent them from brute forcing invalid targets
git-svn-id: file:///home/svn/framework3/trunk@9828 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-14 17:27:23 +00:00
Joshua Drake 663b863b6d http fingerprint checking update
git-svn-id: file:///home/svn/framework3/trunk@9719 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-07 17:38:59 +00:00
Joshua Drake d84c519678 switch to HttpClient, check fingerprint first
git-svn-id: file:///home/svn/framework3/trunk@9702 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-07 01:33:38 +00:00
Joshua Drake a3d901a6b9 various minor fixes, some added fingerprinting
git-svn-id: file:///home/svn/framework3/trunk@9671 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 06:21:31 +00:00
Joshua Drake 7d945ed9dc add lots of disclosure dates from OSVDB
git-svn-id: file:///home/svn/framework3/trunk@9669 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 03:13:45 +00:00
Joshua Drake 9984b662e0 switch some URL references to US-CERT-VU type
git-svn-id: file:///home/svn/framework3/trunk@9666 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 01:09:32 +00:00
Joshua Drake 0882838491 ensure binary mode when opening files, whitespace fixes
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 23:33:07 +00:00
HD Moore 816b769b3f Add a 10 second timeout, remove Wfs
git-svn-id: file:///home/svn/framework3/trunk@9624 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-25 16:09:33 +00:00
HD Moore 453c9fc3c4 Increases the WfsDelay
git-svn-id: file:///home/svn/framework3/trunk@9623 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-25 15:03:09 +00:00
Joshua Drake 3cb116db99 clarify limitations, update to use PrintfUtil encoder
git-svn-id: file:///home/svn/framework3/trunk@9614 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-24 22:39:54 +00:00
Tod Beardsley 9d46383040 Fixes #2134. Subs select for sleep in exploit modules.
git-svn-id: file:///home/svn/framework3/trunk@9583 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-22 19:11:05 +00:00
Joshua Drake 121fe70e65 oops, fix error when printing error message
git-svn-id: file:///home/svn/framework3/trunk@9552 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-17 22:11:43 +00:00
Joshua Drake 30f3e8fda2 silly minor fix
git-svn-id: file:///home/svn/framework3/trunk@9524 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-15 07:16:51 +00:00
Joshua Drake 0bc6d38294 tested succesfully on rh9 w/samba, see #2
git-svn-id: file:///home/svn/framework3/trunk@9515 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-14 22:54:03 +00:00
Joshua Drake b8c8880e44 re-enable exploitation of cve-2003-0201 on linux, see #2
git-svn-id: file:///home/svn/framework3/trunk@9500 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-12 04:28:01 +00:00
Joshua Drake 128e0515ef stop perpetuating the ambiguity!
git-svn-id: file:///home/svn/framework3/trunk@9262 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-09 17:45:00 +00:00
Joshua Drake 0ea6eca4bc big module whitespace/formatting cleanup pass
git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-30 08:40:19 +00:00
Joshua Drake 2fe1dcbaa1 comment out debug print
git-svn-id: file:///home/svn/framework3/trunk@9109 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-20 00:07:38 +00:00
Joshua Drake 7788873235 fix typos
git-svn-id: file:///home/svn/framework3/trunk@9066 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-14 00:37:06 +00:00
HD Moore 7af2fdf42e Remove silly cases of print_good
git-svn-id: file:///home/svn/framework3/trunk@9021 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-05 23:34:10 +00:00
Joshua Drake f649c4a92c raise exception if unable to login
git-svn-id: file:///home/svn/framework3/trunk@8932 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-26 19:00:23 +00:00
Joshua Drake b419a40c45 finished periodic missing CVE reference check (hint vulns w/o CVEs here!)
also some minor cleanups here and there

git-svn-id: file:///home/svn/framework3/trunk@8762 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 05:58:01 +00:00
Joshua Drake e3b009471b move code in autofilter into check
git-svn-id: file:///home/svn/framework3/trunk@8589 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-22 22:26:28 +00:00
Joshua Drake b4ead057f6 add exploit module for cve-2000-0917
git-svn-id: file:///home/svn/framework3/trunk@8530 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 00:56:28 +00:00
Joshua Drake a996668cfa added payload notes
git-svn-id: file:///home/svn/framework3/trunk@8511 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 00:27:45 +00:00
Joshua Drake 8c59c9cfdc fix typos
git-svn-id: file:///home/svn/framework3/trunk@8508 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 22:42:16 +00:00
Joshua Drake b1ef6075c0 add exploit module for cve-2007-5208
git-svn-id: file:///home/svn/framework3/trunk@8507 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 22:38:50 +00:00
Patrick Webster f9ae031055 Added piranha_passwd_exec exploit module.
git-svn-id: file:///home/svn/framework3/trunk@8497 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 20:27:24 +00:00
Joshua Drake 0fbe42395f added automatic target detection
git-svn-id: file:///home/svn/framework3/trunk@8287 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 07:34:47 +00:00
Joshua Drake 008755b025 add exploit module for yassl CertDecoder::GetName vuln
also renames old mysql_yassl exploit to _hello

git-svn-id: file:///home/svn/framework3/trunk@8282 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 23:24:44 +00:00
Joshua Drake 48c2184fb2 reinstated linux bruteforce target from msf2 exploit
git-svn-id: file:///home/svn/framework3/trunk@8025 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 22:57:02 +00:00
Joshua Drake 2070bd4756 took notes on targets from various other exploits
git-svn-id: file:///home/svn/framework3/trunk@7884 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 20:37:34 +00:00
Joshua Drake d81c581f21 oops, remove hard coded payload
git-svn-id: file:///home/svn/framework3/trunk@7873 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 05:32:52 +00:00
Joshua Drake 4c1034ad7f add exploit module for cve-2006-2502
git-svn-id: file:///home/svn/framework3/trunk@7871 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 04:41:31 +00:00
Joshua Drake ff83f1cd2f add ranking to every exploit module, pfew!
git-svn-id: file:///home/svn/framework3/trunk@7724 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 05:50:37 +00:00
Joshua Drake 2cf9c3ce2b revision fixups
git-svn-id: file:///home/svn/framework3/trunk@7723 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 05:16:11 +00:00
James Lee 07543fd526 fix potential hang when server doesn't respond
git-svn-id: file:///home/svn/framework3/trunk@7602 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 02:01:27 +00:00
Joshua Drake 3bca7d14c4 payload compatability: no findsock allowed
git-svn-id: file:///home/svn/framework3/trunk@7597 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-24 19:35:05 +00:00
HD Moore 0d8eaa9190 Fix up a typo in the ddwrt exploit
git-svn-id: file:///home/svn/framework3/trunk@7481 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-12 16:13:51 +00:00
HD Moore a0fbc2914f Remove the milw0rm references, as the links are no longer valid.
git-svn-id: file:///home/svn/framework3/trunk@7237 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-24 18:13:07 +00:00
HD Moore 255379c2d0 Fixes #378. Still need to reorganize the modules and fix the lorcon2 mixin for 1.9.1
git-svn-id: file:///home/svn/framework3/trunk@7235 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-23 15:59:13 +00:00
Mario Ceballos 8e365c17fa fixed the cve entrys.
git-svn-id: file:///home/svn/framework3/trunk@7156 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-14 11:45:14 +00:00
HD Moore 5972666f63 See #339. Massive cleanup of author names, make them consistent across modules
git-svn-id: file:///home/svn/framework3/trunk@7075 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-27 21:30:45 +00:00
HD Moore 7d122ceb02 Fixes #269. Specifically wrap EOFError
git-svn-id: file:///home/svn/framework3/trunk@7045 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-20 19:49:03 +00:00
James Lee 9ace8f33eb OSVDB references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7030 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-12 04:22:58 +00:00
Patrick Webster ff317936db Added alcatel_omnipcx_mastercgi command execution module.
git-svn-id: file:///home/svn/framework3/trunk@6990 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-01 03:43:16 +00:00
HD Moore 876a80f601 Updated osvdb references from Steve Tornio, updated capture/eth_spoof modules
git-svn-id: file:///home/svn/framework3/trunk@6907 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-27 14:05:23 +00:00
HD Moore ad68502ef6 Add credit to the milw0rm exploit author
git-svn-id: file:///home/svn/framework3/trunk@6886 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-23 11:51:24 +00:00
HD Moore ed024f82aa Remove the extraneous \r\n (thanks Shuyao!)
git-svn-id: file:///home/svn/framework3/trunk@6884 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-23 11:45:32 +00:00
HD Moore e70ac6cc19 Added a new set of match flags for cmd injection exploits (RequiredCmds). This reduces the number of 'bad' payloads listed for explot modules. A good example is disabling the netcat -e payloads for old Solaris exploits
git-svn-id: file:///home/svn/framework3/trunk@6854 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-21 15:20:35 +00:00
HD Moore 47ebd62092 Adds coverage for the DD-WRT web interface command execution flaw, adds two netcat -e payloads to work with it
git-svn-id: file:///home/svn/framework3/trunk@6852 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-21 12:56:42 +00:00
HD Moore f8c2a203fd OSVDB references updates from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6812 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-16 16:02:24 +00:00
HD Moore a5f567e76e Massive OSVDB reference update from Steve Tornio.
git-svn-id: file:///home/svn/framework3/trunk@6629 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-07 20:20:42 +00:00
HD Moore 1eddbbf332 More references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6551 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-14 19:56:07 +00:00
HD Moore 9d8581a17e More osvdb references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6550 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-13 17:39:42 +00:00
kris 37c2e301ed replacing defunct framework URL in header comments in most modules and pcap_log
git-svn-id: file:///home/svn/framework3/trunk@6479 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-13 14:33:26 +00:00
kris 9482b4080e set a few more modules' Versions to Revision, only did aux by accident last time
git-svn-id: file:///home/svn/framework3/trunk@6439 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-30 01:09:09 +00:00
kris 248f1e9fc3 Remove "#{xxx.to_s}" redundancies ('s/\(#{[^}]*\)\.to_s}/\1}/g')
git-svn-id: file:///home/svn/framework3/trunk@6022 4d416f70-5f16-0410-b530-b9f4589650da
2008-12-19 07:11:08 +00:00
HD Moore 3266bd9ecd Add a better autofilter() / check()
git-svn-id: file:///home/svn/framework3/trunk@5950 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-18 20:15:20 +00:00
Ramon de C Valle c66d6c4e46 Set property 'svn:keywords'
git-svn-id: file:///home/svn/framework3/trunk@5783 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-23 02:43:21 +00:00
Ramon de C Valle f124597a56 Code cleanups
git-svn-id: file:///home/svn/framework3/trunk@5773 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 21:03:39 +00:00
HD Moore fd256ec4a1 This massive commit changes the metasploit 3 module format. The new syntax allows for greater scalability and future improvements to the metasploit module loader. This change also makes it easier for users to add new modules, since the class name no longer needs to match the directory structure.
git-svn-id: file:///home/svn/framework3/trunk@5709 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-02 05:23:59 +00:00
HD Moore b0225127cf Patch for Ruby 1.9 compat (not there yet)
git-svn-id: file:///home/svn/framework3/trunk@5674 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-22 15:52:18 +00:00
HD Moore 87c9cd9547 New module from Julien TINNES for Linksys Apply.CGI overflow
git-svn-id: file:///home/svn/framework3/trunk@5659 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-15 18:51:45 +00:00
Patrick Webster 301b1514f3 Added pop2 mixin, aux module, typos.
git-svn-id: file:///home/svn/framework3/trunk@5550 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-08 14:21:48 +00:00
Patrick Webster 4459fdd71d Added imap_uw_lsub.rb module.
git-svn-id: file:///home/svn/framework3/trunk@5549 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-06 08:27:41 +00:00
Patrick Webster 1c6a33cb01 Added gld_postfix.rb module
git-svn-id: file:///home/svn/framework3/trunk@5528 4d416f70-5f16-0410-b530-b9f4589650da
2008-06-07 02:16:34 +00:00
HD Moore 82330fff7e Importing two new wireless DoS modules, setting svn:keywords flags where needed.
git-svn-id: file:///home/svn/framework3/trunk@5482 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-21 05:27:06 +00:00
Mario Ceballos d41a814ed5 added exploit modules mysql_yassl(win32/linux) and realplayer_console from EB.
git-svn-id: file:///home/svn/framework3/trunk@5463 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-01 11:22:32 +00:00
HD Moore 8da8522fc1 New module from <yann.senotier@cyber-networks.fr>
git-svn-id: file:///home/svn/framework3/trunk@5222 4d416f70-5f16-0410-b530-b9f4589650da
2007-12-18 04:39:59 +00:00
HD Moore 3a06bf9ad5 Remove julien's test path :)
git-svn-id: file:///home/svn/framework3/trunk@5211 4d416f70-5f16-0410-b530-b9f4589650da
2007-11-30 20:21:24 +00:00
Ramon de C Valle 5d1bf914bf Added InterBase/Firebird stuff.
git-svn-id: file:///home/svn/framework3/trunk@5136 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-04 03:03:13 +00:00
Ramon de C Valle 6462ede937 Fixes #106. Added new single shell_bind_tcp payload module for Linux x86. See #106.
git-svn-id: file:///home/svn/framework3/trunk@5068 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-31 02:10:49 +00:00
Ramon de C Valle e4aeff2f71 Added Borland Interbase 2007 Create Request Buffer Overflow exploit module for linux x86
git-svn-id: file:///home/svn/framework3/trunk@5065 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-30 01:38:14 +00:00
HD Moore c2baae789a Adding the first exploit to use metasm
git-svn-id: file:///home/svn/framework3/trunk@5009 4d416f70-5f16-0410-b530-b9f4589650da
2007-06-30 22:08:19 +00:00
HD Moore 40511cffb7 This adds a Linux-payload specific mixin which allows for new advanced options, such as setuid/chroot prepends.
git-svn-id: file:///home/svn/framework3/trunk@4984 4d416f70-5f16-0410-b530-b9f4589650da
2007-06-09 02:25:31 +00:00
HD Moore aa4066f5c5 Adding Mandriva targets
git-svn-id: file:///home/svn/framework3/trunk@4959 4d416f70-5f16-0410-b530-b9f4589650da
2007-05-22 01:46:25 +00:00
HD Moore 01bb0a25db 3.0.20 -> 3.0.21
git-svn-id: file:///home/svn/framework3/trunk@4955 4d416f70-5f16-0410-b530-b9f4589650da
2007-05-21 21:03:12 +00:00
HD Moore 26ccc3be69 Adds the first version of the new samba module. Adds keywords to MC's new modules.
git-svn-id: file:///home/svn/framework3/trunk@4953 4d416f70-5f16-0410-b530-b9f4589650da
2007-05-21 20:51:13 +00:00
Matt Miller d42194e14a updated modules to use base class rand_xxx methods
git-svn-id: file:///home/svn/framework3/trunk@4498 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-01 08:21:36 +00:00
HD Moore abbeb2e87e Adding an Id tag and a standard header to all modules
git-svn-id: file:///home/svn/framework3/trunk@4419 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-18 00:10:39 +00:00
Matt Miller 114050ef6b foo
git-svn-id: file:///home/svn/framework3/trunk@4302 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-30 04:11:14 +00:00
Matt Miller 52f27ab10b poptop ported
git-svn-id: file:///home/svn/framework3/trunk@4297 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-28 19:02:22 +00:00
HD Moore b278bef22d Reference updates
git-svn-id: file:///home/svn/framework3/trunk@4266 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 14:44:09 +00:00
HD Moore e60e7bede3 No longer use the HTTP API
git-svn-id: file:///home/svn/framework3/trunk@4240 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-28 20:22:22 +00:00
Matt Miller 1c12ab1178 switch to use rex for base64
git-svn-id: file:///home/svn/framework3/trunk@4239 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-28 19:58:57 +00:00
Matt Miller 6ea76fdfbc squid ntlm authenticate ported, fixed bugs in brute force mixni
git-svn-id: file:///home/svn/framework3/trunk@4192 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-14 00:23:56 +00:00
HD Moore 810f80612b Reference updates
git-svn-id: file:///home/svn/framework3/trunk@4154 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-28 17:18:43 +00:00
HD Moore d086a1bedf BSD license the default for non-msfdev created modules.
git-svn-id: file:///home/svn/incoming/trunk@3636 4d416f70-5f16-0410-b530-b9f4589650da
2006-05-06 16:34:39 +00:00
HD Moore 86671cef89 PeerCast exploits
git-svn-id: file:///home/svn/incoming/trunk@3583 4d416f70-5f16-0410-b530-b9f4589650da
2006-03-30 21:05:42 +00:00
HD Moore e249d9ebe5 Massive update to tab indentation (used ./dev/tabify.rb)
git-svn-id: file:///home/svn/incoming/trunk@3450 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 05:00:35 +00:00
HD Moore 1bffccf605 New licensing terms, revision bump to v3
git-svn-id: file:///home/svn/incoming/trunk@3425 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-21 22:10:20 +00:00
Matt Miller 68a8a5262b change unknown license to GPL
git-svn-id: file:///home/svn/incoming/trunk@3379 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-16 03:48:36 +00:00
Matt Miller 2e19a86843 added license to all modules
git-svn-id: file:///home/svn/incoming/trunk@3377 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-16 02:59:47 +00:00
HD Moore 97129d0303 New modules, module renames
git-svn-id: file:///home/svn/incoming/trunk@3254 4d416f70-5f16-0410-b530-b9f4589650da
2005-12-26 14:34:22 +00:00
HD Moore 412629e5c3 Stuff.. more changes to come
git-svn-id: file:///home/svn/incoming/trunk@3253 4d416f70-5f16-0410-b530-b9f4589650da
2005-12-25 22:47:38 +00:00
HD Moore 219fbc90d9 Still mostly broken, but oh well
git-svn-id: file:///home/svn/incoming/trunk@3247 4d416f70-5f16-0410-b530-b9f4589650da
2005-12-18 08:05:12 +00:00
HD Moore ca3fe88c87 Snort exploit
git-svn-id: file:///home/svn/incoming/trunk@3246 4d416f70-5f16-0410-b530-b9f4589650da
2005-12-18 07:59:00 +00:00