32436973e4
Land #2192 , @m-1-k-3's exploit for OSVDB-89861
2013-08-07 10:16:49 -05:00
ae685ac41d
Beautify description
2013-08-07 09:52:29 -05:00
afb8a95f0a
Land #2179 , @m-1-k-3's exploit for OSVDB-92698
2013-08-07 09:00:41 -05:00
885417c9d9
removing config file from target
2013-08-06 15:11:54 +02:00
dd35495fb8
dir 300 and 600 auxiliary module replacement
2013-08-05 22:28:59 +02:00
786f16fc91
feedback included
2013-08-05 21:55:30 +02:00
2efc2a79bf
fail with
2013-08-05 21:41:28 +02:00
e7206af5b5
OSVDB and comment doc fixes
2013-08-05 09:08:17 -05:00
34134b2e11
feedback included
2013-08-04 14:45:55 +02:00
b8ed364cb8
telnet user working
2013-08-03 15:07:10 +02:00
62e3c01190
raidsonic nas - command execution
2013-08-02 21:04:19 +02:00
a19afd163a
feedback included
2013-08-02 17:30:39 +02:00
15906b76db
dir300 and 615 command injection
2013-07-31 14:36:51 +02:00
6b514bb44a
dir300 and 615 command injection telnet session
2013-07-31 14:34:03 +02:00
5efcbbd474
Land #2167 - PineApp Mail-SeCure livelog.html Exec
2013-07-29 13:18:18 -05:00
7967426db1
Land #2166 - PineApp Mail-SeCure ldapsyncnow.php EXEC
2013-07-29 13:16:42 -05:00
a1d9ed300e
Add module for ZDI-13-184
2013-07-28 09:57:41 -05:00
f4e35b62ac
Add module for ZDI-13-185
2013-07-27 12:12:06 -05:00
fab9d33092
Fix disclosure date
2013-07-27 12:10:21 -05:00
ac7bb1b07f
Add module for ZDI-13-188
2013-07-27 03:25:39 -05:00
147d432b1d
Move from DLink to D-Link
2013-07-23 14:11:16 -05:00
af1bd01b62
Change datastore options names for consistency
2013-07-22 16:57:32 -05:00
5e55c506cd
Land #2140 , add CWS as a first-class reference.
2013-07-22 13:50:38 -05:00
164153f1e6
Minor updates to titles and descriptions
2013-07-22 13:04:54 -05:00
77e8250349
Add support for CWE
2013-07-22 12:13:56 -05:00
6158415bd3
Clean CWE reference, will ad in new pr
2013-07-22 12:03:55 -05:00
da4fda6cb1
Land #2110 , @rcvalle's exploit for Foreman Ruby Injection
2013-07-22 12:02:43 -05:00
04e9398ddd
Fix CSRF regular expressions as per review
2013-07-22 13:10:56 -03:00
de6e2ef6f4
Final cleanup for dlink_upnp_exec_noauth
2013-07-22 10:53:09 -05:00
c1c72dea38
Land @2127, @m-1-k-3's exploit for DLink UPNP SOAP Injection
2013-07-22 10:52:13 -05:00
11ef4263a4
Remove call to handler as per review
2013-07-22 12:49:42 -03:00
4beea52449
Use instance variables
2013-07-19 14:46:17 -05:00
6761f95892
Change print_error/ret to fail_with as per review
2013-07-19 12:19:29 -03:00
e93eef4534
fixing server header check
2013-07-19 08:00:02 +02:00
f26b60a082
functions and some tweaking
2013-07-19 07:57:27 +02:00
a1a6aac229
Delete debug code from mutiny_frontend_upload
2013-07-18 14:03:19 -05:00
8fd6dd50de
Check session and CSRF variables as per review
2013-07-16 14:30:55 -03:00
dc51c8a3a6
Change URIPATH option to TARGETURI as per review
2013-07-16 14:27:47 -03:00
3dbe8fab2c
Add foreman_openstack_satellite_code_exec.rb
...
This module exploits a code injection vulnerability in the 'create'
action of 'bookmarks' controller of Foreman and Red Hat
OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
2013-07-16 12:07:31 -03:00
f594c4b128
small cleanup
2013-07-15 08:48:18 +02:00
393c1b2a99
session stuff
2013-07-15 07:57:30 +02:00
a6b48f3082
HTTP GET
2013-07-14 19:02:53 +02:00
9f65264af4
make msftidy happy
2013-07-14 15:45:14 +02:00
47ca4fd48f
session now working
2013-07-14 15:42:41 +02:00
9133dbac4a
some feedback included and some playing
2013-07-14 14:14:06 +02:00
49c70911be
dlink upnp command injection
2013-07-09 13:24:12 +02:00
4df943d1a2
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
b86b4d955a
Make random strings also length random
2013-06-24 12:01:30 -05:00
6672679530
Add local privilege escalation for ZPanel zsudo abuse
2013-06-23 11:00:39 -05:00
81b4efcdb8
Fix requires for PhpEXE
...
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
f58e279066
Cleanup on module names, descriptions.
2013-06-10 10:52:22 -05:00
f55edac0ca
Title and description update
2013-06-07 22:38:53 -05:00
a510084f1c
Description change.
2013-06-07 22:35:46 -05:00
600494817d
Fix typo and target name
2013-06-07 21:08:38 -05:00
9025b52951
make the payload build more clear
2013-06-07 18:05:11 -05:00
d76e14fc9c
Add module for OSVDB 93004 - Exim Dovect exec
2013-06-07 17:59:04 -05:00
4d26299de3
add osvdb ref 93881 and edb ref 21191
2013-06-05 18:57:33 -05:00
3111013991
Minor cleanup for miniupnpd_soap_bof
2013-06-04 08:53:52 -05:00
6497e5c7a1
Move exploit under the linux tree
2013-06-04 08:53:18 -05:00
c705928052
Landing #1899 - Add OSVDB ref 85462 for esva_exec.rb
2013-06-03 10:40:31 -05:00
76faba60b7
add osvdb ref 85462
2013-06-03 06:16:43 -05:00
e612a3d017
add osvdb ref 77183
2013-06-03 05:42:56 -05:00
e74c1d957f
Landing #1897 - Add OSVDB ref 93444 for mutiny_frontend_upload.rb
2013-06-03 02:15:35 -05:00
093830d725
Landing #1896 - Add OSVDB ref 82925 for symantec_web_gateway_exec.rb
2013-06-03 02:13:34 -05:00
c2c630c338
add osvdb ref 93444
2013-06-02 21:03:44 -05:00
bc993b76fc
add osvdb ref 82925
2013-06-02 20:43:16 -05:00
ae17e9f7b5
add osvdb ref 56992
2013-06-02 18:32:46 -05:00
61c8861fcf
add osvdb ref
2013-06-02 08:33:42 -05:00
90117c322c
Landing #1874 - Post API cleanup
2013-05-31 16:15:23 -05:00
e7a1f06fbc
Modules shouldn't be +x
2013-05-29 15:11:35 -05:00
f3ff5b5205
Factorize and remove includes
...
Speeds up compilation and removes dependency on bionic source
2013-05-28 15:46:06 -05:00
75d6c8079a
Spelling, whitespace
...
Please be sure to run msftidy.rb on new modules. Thanks!
2013-05-28 10:03:37 -05:00
bfcd86022d
Add code cleanup for nginx_chunked_size.
2013-05-22 14:37:42 -05:00
81b690ae4b
Initial check in of nginx module
2013-05-22 13:52:00 -04:00
f4498c3916
Remove $Id tags
...
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
94bc3bf8eb
Fix msftidy warning
2013-05-20 10:35:59 -05:00
395aac90c2
Do minor cleanup for linksys_wrt160nv2_apply_exec
2013-05-20 10:34:39 -05:00
08b2c9db1e
Land #1801 , @m-1-k-3's linksys wrt160n exploit
2013-05-20 10:33:44 -05:00
1a904ccf7d
tftp download
2013-05-19 20:37:46 +02:00
dfa19cb46d
Do minor cleanup for dlink_dir615_up_exec
2013-05-19 12:43:01 -05:00
348705ad46
Land #1800 , @m-1-k-3's exploit for DLINK DIR615
2013-05-19 12:42:02 -05:00
f3a2859bed
removed user,pass in request
2013-05-19 18:50:12 +02:00
aee5b02f65
tftp download check
2013-05-19 18:45:01 +02:00
4816925f83
feeback included
2013-05-19 16:19:45 +02:00
3009bdb57e
Add a few more references for those without
2013-05-16 14:32:02 -05:00
649a8829d3
Add modules for Mutiny vulnerabilities
2013-05-15 09:02:25 -05:00
5e925f6629
Description update
2013-05-14 14:20:27 -05:00
42cfa72f81
Update data after test kloxo 6.1.12
2013-05-13 19:09:06 -05:00
58f2373171
Added module for EDB 25406
2013-05-13 18:08:23 -05:00
981cc891bc
description
2013-05-12 20:07:32 +02:00
09bf23f4d6
linksys wrt160n tftp download module
2013-05-06 16:18:15 +02:00
22d850533a
dir615 down and exec exploit
2013-05-06 15:33:45 +02:00
60e0cfb17b
Trivial description cleanup
2013-04-29 14:11:20 -05:00
2b4144f20f
Add module for US-CERT-VU 345260
2013-04-24 10:47:16 -05:00
0115833724
SyntaxError fixes
2013-04-21 20:22:41 +00:00
19a158dce9
Do final cleanup for netgear_dgn2200b_pppoe_exec
2013-04-19 15:50:23 -05:00
c1819e6ecc
Land #1700 , @m-1-k-3's exploit for Netgear DGN2200B
2013-04-19 15:49:30 -05:00
2713991c64
timeout and HTTP_Delay
2013-04-17 20:25:59 +02:00
59045f97fb
more testing, reworking of config restore, rework of execution
2013-04-17 18:10:27 +02:00
513b3b1455
Minor cleanup on DLink module
2013-04-15 13:27:47 -05:00
7e5d4bc893
Landing #1614 , @jwpari nagios nrpe exploit
2013-04-11 17:53:52 +02:00
a1605184ed
Landing #1719 , @m-1-k-3 dlink_diagnostic_exec_noauth exploit module
2013-04-10 11:17:29 +02:00
4f2e3f0339
final cleanup for dlink_diagnostic_exec_noauth
2013-04-10 11:15:32 +02:00
8fbade4cbd
OSVDB
2013-04-10 10:45:30 +02:00
157f25788b
final cleanup for linksys_wrt54gl_apply_exec
2013-04-09 12:39:57 +02:00
b090495ffb
Landing pr #1703 , m-1-k-3's linksys_wrt54gl_apply_exec exploit
2013-04-09 12:38:49 +02:00
b93ba58d79
EDB, BID
2013-04-09 11:56:53 +02:00
cbefc44a45
correct waiting
2013-04-08 21:40:50 +02:00
955efc7009
final cleanup
2013-04-07 17:59:57 +02:00
9f89a996b2
final regex, dhcp check and feedback from juan
2013-04-07 17:57:18 +02:00
0e69edc89e
fixing use of regex
2013-04-07 11:39:29 +02:00
6a410d984d
adding get_config where I forgot
2013-04-06 19:13:42 +02:00
0c25ffb4de
Landing #1695 , agix's smhstart local root exploit
2013-04-06 17:32:12 +02:00
55302ee07f
Merge remote-tracking branch 'origin/pr/1695' into landing-pr1695
2013-04-06 17:30:02 +02:00
9a2f409974
first cleanup for linksys_wrt54gl_apply_exec
2013-04-06 01:05:09 +02:00
ecaaaa34bf
dlink diagnostic - initial commit
2013-04-05 19:56:15 +02:00
96b444c79e
ManualRanking
2013-04-04 17:40:53 +02:00
67f0b1b6ee
little cleanump
2013-04-04 17:33:46 +02:00
f07117fe7d
replacement of wrt54gl auxiliary module - initial commit
2013-04-04 17:30:36 +02:00
b947dc71e9
english :) "must be"
2013-04-03 13:47:57 +02:00
60dfece55c
add opcode description
2013-04-03 13:46:56 +02:00
ce88d8473a
cleanup for netgear_dgn1000b_setup_exec
2013-04-03 12:44:04 +02:00
3c27678168
Merge branch 'netgear-dgn1000b-exec-exploit' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-netgear-dgn1000b-exec-exploit
2013-04-03 12:43:42 +02:00
a93ec3aea3
fix name
2013-04-03 10:40:52 +02:00
2ceecabede
make msftidy happy
2013-04-03 10:34:28 +02:00
91b0e5f800
netgear dgn2200b pppoe exec exploit - initial commit
2013-04-03 10:32:52 +02:00
642d8b846f
netgear_dgn1000b_setup_exec - initial commit
2013-04-02 14:41:50 +02:00
7f3c6f7629
netgear_dgn1000b_setup_exec - initial commit
2013-04-02 14:39:04 +02:00
1b27d39591
netgear dgn1000b mipsbe exploit
2013-04-02 14:34:09 +02:00
7359151c14
decrement esp to fix crash in the middle of shellcode
2013-04-02 13:25:31 +02:00
6a6fa5b39e
module filename changed
2013-04-02 10:50:50 +02:00
b3feb51c49
cleanup for linksys_e1500_up_exec
2013-04-02 10:49:09 +02:00
5e42b8472b
Merge branch 'linksys_e1500_exploit' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys_e1500_exploit
2013-04-02 10:48:28 +02:00
579c499f43
Juans SRVHOST check included
2013-04-02 07:50:51 +02:00
08ba2c70d3
update title and descr for mongod_native_helper
2013-04-01 21:44:08 +02:00
81bca2c45a
cleanup for mongod_native_helper
2013-04-01 21:35:34 +02:00
c386d54445
check SRVHOST
2013-04-01 18:12:13 +02:00
cc598bf977
Resolv a problem with mmap64 libc function and its unknown last argument
2013-04-01 17:38:09 +02:00
6b639ad2ee
add memcpy to the ropchain due to the zeroed mmap function under ubuntu
2013-04-01 14:13:19 +02:00
baf1ce22b3
increase mmap RWX size
2013-03-31 21:04:39 +02:00
0f965ddaa3
waiting for payload download on linksys_e1500_more_work
2013-03-31 16:07:14 +02:00
30111e3d8b
hpsmh smhstart local exploit BOF
2013-03-31 13:04:34 +02:00
1d6184cd63
fixed author details
2013-03-30 12:41:31 +01:00
cd8bc2f87d
description, blind exploitation info on cmd payload
2013-03-30 12:03:14 +01:00
b0a61adc23
juans feedback included
2013-03-30 11:43:10 +01:00
5fd996f775
added osvdb reference
2013-03-30 10:42:58 +01:00
3bf0046e3e
Merge branch 'hp_system_management' of https://github.com/agix/metasploit-framework into agix-hp_system_management
2013-03-30 10:42:06 +01:00
7965f54890
juans feedback included
2013-03-30 08:40:42 +01:00
607b1c5c14
little cleanup for e1500_up_exec
2013-03-29 23:16:13 +01:00
1b563ad915
stop_service
2013-03-29 22:38:06 +01:00
813ff1e61e
removed payload stuff
2013-03-29 22:32:57 +01:00
c5e358c9c3
compatible payloads
2013-03-29 20:54:35 +01:00
0164cc34be
msftidy, generate exe, register_file_for_cleanup
2013-03-29 19:00:04 +01:00
c55a3870a8
cleanup for hp_system_management
2013-03-29 18:02:23 +01:00
cfeddf3f34
cmd payload working, most feedback included
2013-03-29 14:43:48 +01:00
4a683ec9a4
Fix msftidy WARNING
2013-03-28 13:36:35 +01:00
139926a25b
Fix msftidy Warning
2013-03-28 13:22:26 +01:00
eec386de60
fail in git usage... sorry
2013-03-28 12:05:49 +01:00
4bcadaabc1
hp system management homepage DataValidation?iprange buffer overflow
2013-03-28 12:00:17 +01:00
69fb465293
Put gadgets in Target
2013-03-28 11:15:13 +01:00
dee5835eab
Create mongod_native_helper.rb
...
metasploit exploit module for CVE-2013-1892
2013-03-28 03:10:38 +01:00
dfd451f875
make msftidy happy
2013-03-27 17:46:02 +01:00
cd58a6e1a1
cleanup for nagios_nrpe_arguments
2013-03-20 19:22:48 +01:00
21e9f7dbd2
Added module for CVE-2013-1362
...
Module exploits a shell code metacharacter escaping vulnerability in
poorly configured Nagios Remote Plugin Executor installations.
2013-03-19 01:43:46 -07:00
6ccfa0ec18
cleanup for dreambox_openpli_shell
2013-03-14 15:02:21 +01:00
9366e3fcc5
last adjustment
2013-03-14 11:18:52 +01:00
0140caf1f0
Merge branch 'master' of git://github.com/rapid7/metasploit-framework into openpli-shell
2013-03-14 10:55:52 +01:00
4852f1b9f7
modify exploits to be compatible with the new netcat payloads
2013-03-11 18:35:44 +01:00
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
3ab5585107
make msftidy happy
2013-02-16 20:49:32 +01:00
121a736e28
initial commit
2013-02-16 20:42:02 +01:00
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
690ef85ac1
Fix trailing slash problem
...
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.
Related to: [SeeRM: #7727 ]
2013-01-28 13:19:31 -06:00
f50c7ea551
A version number helps deciding which exploit to use
2013-01-23 11:43:39 -06:00
ca144b9e84
msftidy fix
2013-01-23 11:40:12 -06:00
dd0fdac73c
fix indent
2013-01-23 18:19:14 +01:00
9c9a0d1664
Added module for cve-2012-0432
2013-01-23 10:51:29 +01:00
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
6654faf55e
Msftidy fixes
2013-01-04 09:29:34 +01:00
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
20cc2fa38d
Make Windows postgres_payload more generic
...
* Adds Exploit::EXE to windows/postgres/postgres_payload. This gives us
the ability to use generate_payload_dll() which generates a generic dll
that spawns rundll32 and runs the shellcode in that process. This is
basically what the linux version accomplishes by compiling the .so on
the fly. On major advantage of this is that the resulting DLL will
work on pretty much any version of postgres
* Adds Exploit::FileDropper to windows version as well. This gives us
the ability to delete the dll via the resulting session, which works
because the template dll contains code to shove the shellcode into a
new rundll32 process and exit, thus leaving the file closed after
Postgres calls FreeLibrary.
* Adds pre-auth fingerprints for 9.1.5 and 9.1.6 on Ubuntu and 9.2.1 on
Windows
* Adds a check method to both Windows and Linux versions that simply
makes sure that the given credentials work against the target service.
* Replaces the version-specific lo_create method with a generic
technique that works on both 9.x and 8.x
* Fixes a bug when targeting 9.x; "language C" in the UDF creation query
gets downcased and subsequently causes postgres to error out before
opening the DLL
* Cleans up lots of rdoc in Exploit::Postgres
2012-12-22 00:30:09 -06:00
e762ca0d9b
Merge remote branch 'jlee-r7/midnitesnake-postgres_payload'
2012-12-12 15:30:56 -06:00
f5193b595c
Update references
2012-12-10 11:42:21 -06:00
17d8d3692b
Merge branch 'rapid7' into midnitesnake-postgres_payload
2012-11-27 11:14:54 -06:00
35b3bf4aa5
back to the original Brute mixin
2012-11-19 14:13:49 +01:00
24fe043960
Merge branch 'samba' of https://github.com/mephos/metasploit-framework into mephos-samba
2012-11-19 14:13:15 +01:00
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
ac1b60e6db
Remove debug load
2012-11-07 20:00:41 -06:00
e170c1e3e3
typo in centos5 range
2012-10-31 18:28:26 +01:00
f7481b160c
add centos5 target
2012-10-31 18:21:41 +01:00
3e3c518753
remove SessionTypes as per egypt
2012-10-30 17:13:57 +01:00
3855ba88b1
add meterpreter/command support to samba exploit using ROP
2012-10-29 17:33:00 +01:00
799c22554e
Warn user if a file/permission is being modified during new session
2012-10-24 00:54:17 -05:00
be9a954405
Merge remote branch 'jlee-r7/cleanup/post-requires'
2012-10-23 15:08:25 -05:00
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
9c95c7992b
Require's for all the include's
2012-10-23 13:24:05 -05:00
jvazquez-r7
m-1-k-3
Tod Beardsley
sinn3r
Ramon de C Valle
James Lee
Steve Tornio
LinuxGeek247
Antoine
Tod Beardsley
agix
Joel Parish
David Maloney
sinn3r
Christian Mehlmauer
Chris John Riley
m m
Michael Schierl