9bcf5eadb7
Changes to alienvault module
2014-05-01 10:10:15 +07:00
9a1b216fdb
Move module to new location
2014-04-28 11:55:26 -05:00
51a5a901a8
Fix typo
2014-04-28 11:55:06 -05:00
887dfc5f40
Fix RequiredCmd
2014-04-28 11:54:56 -05:00
245b591247
Do module clean up
2014-04-28 11:45:40 -05:00
2e04bc9e4e
AlienVault OSSIM 4.3.1 unauthenticated SQLi RCE
2014-04-28 10:59:15 +07:00
f086655075
Land #2913 , @bcoles Exploit for Simple E-Document
2014-01-27 08:09:45 -06:00
861126fdbd
Clean exploit code
2014-01-27 08:09:18 -06:00
a7fa4e312b
This module fails to load due to the missing end
2014-01-24 17:56:47 -06:00
9db295769d
Land #2905 , @wchen-r7's update of exploit checks
2014-01-24 16:49:33 -06:00
cdc425e4eb
Update some checks
2014-01-24 12:08:23 -06:00
32d6032893
Add Simple E-Document Arbitrary File Upload module
2014-01-24 19:19:25 +10:30
c403c521b3
Change check code
2014-01-23 11:03:40 -06:00
0a10c1297c
Address nil
2014-01-23 11:00:28 -06:00
333229ea7e
Throw Unknown if connection times out
2014-01-23 10:54:45 -06:00
7f560a4b41
Oops, I broke this module
2014-01-22 11:23:18 -06:00
c83053ba9b
Progress
2014-01-22 11:20:10 -06:00
646f7835a3
Saving progress
2014-01-21 17:14:55 -06:00
85396b7af2
Saving progress
...
Progress group 4: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 14:10:35 -06:00
b3b51eb48c
Pre-release fixup
...
* Updated descriptions to be a little more descriptive.
* Updated store_loot calls to inform the user where the
loot is stored.
* Removed newlines in print_* statments -- these will screw
up Scanner output when dealing with multiple hosts.
Of the fixed newlines, I haven't see any output, so I'm not sure what
the actual message is going to look like -- I expect it's a whole bunch
of newlines in there so it'll be kinda ugly as is (not a blocker for
this but should clean up eventually)
2014-01-21 13:29:08 -06:00
689999c8b8
Saving progress
...
Progress group 3: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 13:03:36 -06:00
fe767f3f64
Saving progress
...
Progress group 2: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 11:07:03 -06:00
7cc3c47349
Land #2891 - HP Data Protector Backup Client Service Directory Traversal
2014-01-20 20:08:01 -06:00
e5dc6a9911
Update exploit checks
...
Progress group 1: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-20 14:26:10 -06:00
e2fa581b8c
Delete empty line
2014-01-17 22:05:14 -06:00
57318ef009
Fix nil bug in jboss_invoke_deploy.rb
...
If there is a connection timeout, the module shouldn't access the
"code" method because that does not exist.
2014-01-17 11:47:18 -06:00
c670259539
Fix protocol handling
2014-01-17 00:49:44 -06:00
eaf1b0caf6
Add minor clean up
2014-01-16 17:55:45 -06:00
f3c912bd32
Add module for ZDI-14-003
2014-01-16 17:49:49 -06:00
ac9e634cbb
Land #2874 , @mandreko's sercomm exploit fixes
2014-01-16 16:35:32 -06:00
272fe5ddfd
Delete debug comments
2014-01-16 16:12:12 -06:00
8213eed49f
Delete Netgear N150 target, ist's a Netgear DGN1000 model
2014-01-16 15:14:31 -06:00
139119d32c
Add Manual targets to sercomm_exec
2014-01-16 12:44:26 -06:00
0922aef8d1
Update module description
2014-01-16 11:16:11 -06:00
5d387c96ec
Land #2879 , minor code formatting missed in #2863
2014-01-14 11:22:09 -06:00
b4280f2876
Very minor code formatting
2014-01-14 13:35:00 +01:00
b7b1ddf1e8
Sercomm Exploit module fixes
...
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
2014-01-13 16:58:32 -05:00
24c57b34a7
Have into account endianess
2014-01-13 15:04:23 -06:00
671027a126
Pre-release title/desc fixes
2014-01-13 13:57:34 -06:00
771bd039a0
Land #2863 - Update realplayer_ver_attribute_bof.rb
...
Refs & ROP
2014-01-13 11:29:52 -06:00
bc9c865c25
Land #2865 - js payload to firefox_svg_plugin & add BA support for FF JS exploits
2014-01-13 11:17:36 -06:00
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
e7cc3a2345
Removed unnecessary target
2014-01-13 13:17:16 +01:00
26d17c03b1
Replaced ROP chain
2014-01-13 02:54:49 +01:00
b3b04c4159
Fix both firefox js exploits to use browser_autopwn.
2014-01-11 17:34:38 -06:00
d657a2efd3
Added DEP Bypass
2014-01-11 20:31:28 +01:00
72d15645df
Added more references
2014-01-11 20:30:50 +01:00
8449005b2a
Fixed CVE identifier.
2014-01-10 23:45:34 +01:00
cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells
2014-01-10 14:29:32 -06:00
9d14dd59eb
Delete parentheses
2014-01-09 15:17:13 -06:00
xistence
jvazquez-r7
sinn3r
bcoles
Tod Beardsley
William Vu
sgabe
Matt Andreko
Joe Vennix