d54a228f65
Correct version number
2012-05-15 01:16:41 -05:00
a8b534ddec
Cisco Secure ACS Module - Updated error handling
2012-05-14 20:03:26 -04:00
2e49e56126
Made suggested changes
2012-05-14 19:50:34 -04:00
6bbf018423
Fix bug #6815 : A race condition that results in an invalid handle.
...
Under certain conditions, the module may run into an "The handle
is invalid" while obtaining registry keys and values from the
victim machine. The fix is to retry a couple of times, and hope
we don't hit the race condition again.
2012-05-14 17:44:35 -05:00
84269f399b
Correct EDB reference
2012-05-14 15:10:21 -05:00
f4a446a6c1
Add module CVE-2011-4404
2012-05-14 15:08:43 -05:00
7690e86a89
add osvdb ref
2012-05-14 07:14:10 -05:00
bcfa96ced8
add osvdb ref
2012-05-14 07:13:49 -05:00
6b6dc60b25
Cisco Secure ACS Auth Bypass Module
2012-05-13 16:16:18 -04:00
dc10fac885
Ported my Hashcollision Script to Ruby
2012-05-13 20:59:42 +02:00
79a590ccf7
Merge pull request #380 from wchen-r7/bmerinofe-telnet_ruggedcom
...
Modified version of pull request #379 - RuggedCom Telnet Password Generator by bmerinofe
2012-05-13 11:13:27 -07:00
d2c26f989c
Cleanup whitespace
2012-05-13 04:42:22 -05:00
c1fbf1f931
Merge branch 'mozilla_attribchildremoved' of https://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-mozilla_attribchildremoved
2012-05-13 04:37:49 -05:00
dd42c3096e
added exploit for Firefox 8&9 AttributeChildRemoved UAF
2012-05-13 11:31:46 +02:00
15fbb1e86c
This the modified version of pull request #379 . Changes include:
...
* Add more references
* Update description
* MSF license disclaimer
* Remove the to() function. Instead it's in run_host()
* Put 'info' in the :proof key
* Remove ::Exception handling, so we can see the original that's also logged in framework.log
2012-05-13 04:09:17 -05:00
bc1c9a7fe4
Prepend all messages with victim host:port
...
Redefining print_status locally to handle this. Seems like an easy way
to do this kind of thing for a particular module.
[Closes #272 ]
2012-05-11 17:48:54 -05:00
ab655677b4
Fixed typo, converted to OptEnum for fakedns targetaction
2012-05-11 17:12:31 -05:00
af71cdafe2
Update modules/auxiliary/server/fakedns.rb
2012-05-11 17:01:14 -05:00
1d6b2eb3fe
Added TARGETACTION options and wildcard support
2012-05-11 17:01:13 -05:00
5d8fbefc3d
Merge pull request #378 from wchen-r7/distinct
...
Add OSVDB-80984 - Distinct TFTP Directory traversal
2012-05-11 13:14:19 -07:00
653d7e5923
Add OSVDB-80984
2012-05-11 15:07:31 -05:00
aa3930fcb9
Typo on fixed tftp module
2012-05-10 21:42:33 -05:00
36c805c5ff
Move the context setting to the module
...
Apparently you can't hit the framework object before running the module
any more. Bummer.
[Fixes #6843 ]
2012-05-10 21:21:32 -05:00
7eabce8872
Add comment for PrependEncoder
2012-05-10 12:18:50 -05:00
2b13330483
Merge pull request #376 from wchen-r7/wikkawiki
...
Add CVE-2011-4449
2012-05-10 10:13:56 -07:00
6e8c3ad1e3
It's "inject", not "upload"... because technically that's what really happens.
2012-05-10 12:06:02 -05:00
c69e34d407
Update description
2012-05-10 12:02:55 -05:00
86c3ad5e0c
Add CVE-2011-4449
2012-05-10 11:57:40 -05:00
65800f7c6e
Whitespace on solarwinds
2012-05-09 12:47:22 -05:00
536fa39ae8
Keep the client and the server on tracked tcp sessions
2012-05-08 16:38:12 -06:00
452cead1e9
Merge psnuffle ntlmv2 support from Alex Malateaux
...
Testing this with smbclient requires setting "client ntlmv2 auth = yes"
in /etc/samba/smb.conf
Squashed commit of the following:
commit 7acc32f5f00914fed355a080ca237543448f80ca
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date: Thu Apr 12 01:52:49 2012 +0100
psnuffle : move protocol filtering in load function
commit 9c9ae9711c760b4f072271b7e5993f9bf8366671
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date: Thu Apr 12 01:50:48 2012 +0100
psnuffle : add hash exctratiopn from smbv2 session
[Closes #327 ]
2012-05-08 13:41:42 -06:00
86500aad47
Author is always singular.
2012-05-08 08:47:52 -05:00
91a8ff2766
Use print_good when SQL injection is found
2012-05-08 01:30:13 -05:00
fa9d23d839
When a blind SQL injection, it's a good thing (for the attacker), so we should use print_good
2012-05-08 01:26:39 -05:00
ce16ab662c
Cosmetic changes. Also lower the rank for now, because I picked up a state where it can be less stable.
2012-05-08 00:22:19 -05:00
22585ad935
Merge branch 'firefox_exploit' of https://github.com/lincoln-corelan/metasploit-framework into lincoln-corelan-firefox_exploit
2012-05-08 00:00:03 -05:00
b8227b8a2e
Firefox Exploit
2012-05-07 19:41:03 -07:00
1a30e221a0
See #362 by changing the exitfunc arguments to be the correct type
2012-05-07 02:42:29 -05:00
f6c88377f4
Fixes #362 by changing the exitfunction arguments to be the correct type
2012-05-07 02:41:08 -05:00
ba4ae384d7
add osvdb ref
2012-05-05 10:14:07 -05:00
cef2da6110
add osvdb ref
2012-05-05 10:13:42 -05:00
92e07aab12
Add osvdb ref
2012-05-05 10:13:18 -05:00
18a44148dc
Randomize case for ini true/false values
2012-05-04 17:32:32 -06:00
9c3d2355b1
Allow this module to be more verbose for future debugging
2012-05-04 15:47:30 -05:00
f48d36ca31
Output changes. #6511
2012-05-04 15:11:54 -05:00
454a20b079
Fix bug #6438
2012-05-04 14:52:27 -05:00
457ca44f27
Fix #6511
2012-05-04 14:33:49 -05:00
babababeb1
1. Fix enum_dns: .txt is not (or no longer a method)
...
2. Patch snmp_enum: bug #6500
2012-05-04 13:23:27 -05:00
8b3b952ccd
Fix bug #6761 - false negative when OWA brings the user to the Options page insetad of inbox
2012-05-04 12:30:43 -05:00
423437c620
Woops, small typo in disable_functions
2012-05-04 12:17:41 -05:00
c6b39e8e5c
Add additional definitions to disable safe_mode, open_basedir, suhosin. (thanks @i0n1c)
2012-05-04 12:15:46 -05:00
69b60b88f8
Fix bug #6801 : Error handling for get_imperstoken()
2012-05-04 11:44:05 -05:00
2ce3558bb4
Bump the rank
2012-05-04 10:19:37 -05:00
bed4846763
A little more module cleanup
2012-05-04 10:06:18 -05:00
d668e2321d
Rename this to a more suitable location
2012-05-04 09:59:40 -05:00
6cf6a9548d
Fix up the PHP CGI exploit, remove debug lines
2012-05-04 09:58:10 -05:00
d5d35551ab
Add EDB reference
2012-05-04 00:11:29 -05:00
6d5ceb07b6
Merge pull request #359 from wchen-r7/solarwinds_storage_manager_sql
...
Add Solarwinds Storage Manager 5.1.0 SQL Injection (code execution)
2012-05-03 22:02:12 -07:00
9a36017271
no unicode
2012-05-04 00:01:03 -05:00
25b11a02b5
Update the comment for check()
2012-05-03 20:37:36 -05:00
4bf674ece6
Pff, and of course, I had to make a typo on that one
2012-05-03 20:34:52 -05:00
1a4d3f849c
A little change to the description
2012-05-03 20:33:28 -05:00
1cdc376f2b
Merge branch 'msfvenom_nomethoderror' of https://github.com/silviupopescu/metasploit-framework into silviupopescu-msfvenom_nomethoderror
2012-05-03 20:29:06 -05:00
7ca69f00b0
Add Solarwinds Storage Manager 5.1.0 SQL Injection (code execution)
2012-05-03 20:24:42 -05:00
2d1f4d4f3e
Add hdm's better check method
2012-05-03 19:00:40 -06:00
40ec3d9d40
Add an exploit module for the recent php cgi bug (CVE-2012-1823)
2012-05-03 18:51:54 -06:00
605e1929e4
Fixed msfvenom NoMethodError with alpha_mixed encoder.
...
The issue was reported on Github[1] and Redmine[2].
The error consisted of trying to use the supports?() method
on an Array instead of a PlatformList.
[1] https://github.com/rapid7/metasploit-framework/issues/357
[2] http://dev.metasploit.com/redmine/issues/6826
Reported by: Brandon Perry
Signed off by: Silviu Popescu <silviupopescu1990@gmail.com>
2012-05-03 17:47:25 +03:00
5151a4c530
Cosmetic
2012-05-03 00:33:09 -05:00
99d7b2601c
Cosmetic
2012-05-03 00:31:50 -05:00
43d730d564
Squashed commit of minor cosmetic fixes:
...
commit eed15ea9ecc88683c8d922fe155d4777a7ce1286
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed May 2 21:55:56 2012 -0500
Whitespace at EOL. Dangit.
commit 8159b27728d1a4fd0ad94ff56c4b4f2b995646f8
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed May 2 16:38:01 2012 -0500
Disambiguating 'WebCalendar'
2012-05-02 21:57:41 -05:00
dd7bc23d16
Whitespace
2012-05-02 18:06:39 -06:00
c26dff4cff
Clear whitespace
2012-05-01 17:29:27 -05:00
1c03c2b157
Fix indentation
2012-05-01 15:21:42 -06:00
194c0906c2
Fix a stack trace when SMBUser is nil
2012-05-01 15:21:42 -06:00
6ab66dc59e
Fix a stack trace when the SMBUser isn't set
...
For some reason an invalid user/pass don't seem to trigger
STATUS_ACCESS_DENIED responses, but an empty user does.
2012-05-01 15:21:42 -06:00
d68d832c9d
Squashed commit of the following:
...
commit a0b50c394962fc90afc8d6232e1875588ed7ecb3
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date: Fri Apr 20 01:45:06 2012 +0100
enumshare: add srvsvc netshareenum request for compatibility with win 7 / 2008r2
[Closes #346 ]
2012-05-01 15:21:42 -06:00
3e72f555ae
Forgot... I don't need to print the client's IP manually anymore
2012-05-01 12:56:03 -05:00
3099236059
We no longer have to print the client's IP, because it's now a built-in feature.
2012-05-01 12:47:55 -05:00
01b0d85526
module for cve-2012-1775 added
2012-05-01 16:39:30 +02:00
9988d6a430
Tabs. Sweet sweet tabs
2012-05-01 00:35:01 -05:00
5fec29e6b7
Add McAfee Virtual Technician ActiveX MVTControl vulnerability
2012-04-30 16:23:52 -05:00
fd2e4c12a2
Fix possible "can't convert Fixnum into String" error
2012-04-30 13:49:53 -05:00
348da8e5a6
Fixes an issue with mysql probes not timing out properly.
2012-04-30 12:22:49 -05:00
e12c29a5dc
Fix up the check so it doesn't throw a marshal exception
2012-04-29 18:40:01 -05:00
ffd91793b9
Make RMI easier to correlate, add a vulnerability check to the scanner module
2012-04-29 18:11:28 -05:00
46ad599673
Add CVE-2012-1495 WebCalendar settings.php code injection
2012-04-28 02:32:04 -05:00
7904fe5bba
Fixes load error for post/multi/general/execute.rb
...
Need to require 'msf/core/post/common' before including
Msf::Post::Common
2012-04-27 20:16:24 -05:00
f1cd488f19
Overrirdes the autofilter results from the HTTPServer mixin for the rmi
...
exploit
2012-04-27 15:22:40 -05:00
67fe5b775a
Bump this up
2012-04-27 01:23:40 -05:00
ec831a1658
Smarter RMI class loader logic
2012-04-27 01:02:18 -05:00
4c2e1c2859
Small updates to the rmi modules
2012-04-27 00:07:00 -05:00
63ed7fcc8f
Whitespace, be gone!
2012-04-26 02:38:29 -05:00
d985ba5e5d
Clean up whitespace
2012-04-26 02:36:29 -05:00
91763dd063
Fix 1.8 compatibility
2012-04-25 15:54:42 -05:00
cc76438a75
Merge branch 'jlee-r7-http-print-standardization'
2012-04-25 15:38:46 -05:00
711fb73048
Fix more print_*
2012-04-25 15:01:50 -05:00
f77efbf89e
Change the rest of print_*
2012-04-25 14:24:17 -05:00
9189dea4e4
Merge branch 'http-print-standardization' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-http-print-standardization
2012-04-25 13:53:30 -05:00
4a8068905f
Add a generic execute module and update migrate to handle a process name too
2012-04-25 12:40:20 -05:00
2a5a80a485
Rename and updates
2012-04-25 12:09:23 -05:00
03117ffa95
Add a version scanner for RMI
2012-04-25 11:24:28 -05:00
5bebd01eb0
Tabs vs spaces war round 2
2012-04-24 16:06:08 -05:00
bc42375565
Fix spaces to proper hard tabs. Not very fun to do.
2012-04-24 16:03:41 -05:00
0671fc9ea1
Merge branch 'axis2_mods' of https://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-axis2_mods
2012-04-24 15:49:34 -05:00
9c9b74cae2
Small change with the description
2012-04-24 15:47:31 -05:00
ecd7762df9
Merge branch 'shadow-exploit-module' of https://github.com/b0telh0/metasploit-framework into b0telh0-shadow-exploit-module
2012-04-24 15:30:09 -05:00
c27195b189
Merge pull request #347 from wchen-r7/wol
...
Add wake-on-lan module
2012-04-24 11:50:05 -07:00
5bf5e8888d
Minor changes
2012-04-24 13:48:45 -05:00
e57ba79402
Merge branch 'cve-2012-0158_mscomctl_bof' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-cve-2012-0158_mscomctl_bof
2012-04-24 13:46:24 -05:00
ac6247963c
Fix a missing require
2012-04-24 11:54:07 -05:00
4c72193922
Fix undefined method `[something]' for nil:NilClass
2012-04-24 01:46:03 -05:00
bfbfc19116
Cosmetic
2012-04-23 21:59:44 -05:00
e8ac6521d1
Cosmetic
2012-04-23 21:59:09 -05:00
86a1a58d2c
Fixes #6689 by moving to 7za which is included in the installer
2012-04-23 16:25:24 -05:00
cca97f2989
added module for CVE-2012-0158
2012-04-23 22:59:25 +02:00
90a7458b56
Lower the rank a little to favor other modules in BAP
2012-04-23 15:15:08 -05:00
a1f9d2c27a
Bump up the wait_timeout (works with the recent AR patch) and fix a typo in the http_version commit
2012-04-23 02:44:56 -05:00
59ecc8584d
Force http_version to always make a new request, even if the information is in the DB
2012-04-23 02:39:02 -05:00
66ecf28451
Shadow stream recorder exploit.
2012-04-22 19:19:40 -03:00
1d2581ebf4
Cosmetic
2012-04-21 14:51:20 -05:00
b0a76a1aa1
Add wake-on-lan module
2012-04-21 03:29:49 -05:00
9cdd8912c5
Remove spurious cli.peerhost in output
2012-04-20 13:31:42 -06:00
37e75dc644
Make this description a little more sense
2012-04-20 12:25:51 -05:00
b955569b10
Update the use of get2() in order to support ruby 1.9.3
2012-04-20 01:37:24 -05:00
c68a775106
Fix EDB references
2012-04-19 23:53:32 -05:00
12bf301d2b
Correct file name
2012-04-19 21:17:19 -05:00
05459ca3ff
Change module description
2012-04-19 21:17:19 -05:00
072faa65ec
Massive code cleanup
2012-04-19 21:17:19 -05:00
93134e6fd2
Change default target
2012-04-19 21:17:19 -05:00
47ecd36805
Implemented Changes suggested by wchen-r7 (sinn3r)
2012-04-19 21:17:19 -05:00
feb625cab0
Updated module
2012-04-19 21:17:19 -05:00
8caec4777f
TFTPserverST addition
2012-04-19 21:17:18 -05:00
93390fa6e2
Fix metadata and some cosmetic stuff
2012-04-19 19:12:27 -05:00
bce6c9abcf
Verify checksum to avoid jumping to a corrupt payload
2012-04-19 18:52:43 -05:00
ae7c2acf9d
Merge branch 'xradio-exploit-module' of https://github.com/b0telh0/metasploit-framework into b0telh0-xradio-exploit-module
2012-04-19 18:09:20 -05:00
9a00823828
Merge branch '0a2940-CVE-2008-5499_adobe_flashplayer_aslaunch'
2012-04-19 18:08:22 -05:00
f5e8f57497
Minor fixes
2012-04-19 18:07:35 -05:00
8d1d63dda8
Correct OSVDB reference, thanks modpr0be
2012-04-19 12:04:11 -05:00
45997b8dd4
Fix typos
2012-04-19 10:54:05 -05:00
ce3d98bc88
vcms_login.rb description
2012-04-19 07:44:28 -05:00
5fde6b759f
Add VCMS brute-force module
2012-04-19 02:25:03 -05:00
81b6e76619
Correct CVE/OSVDB/BID references, thanks Chad.
2012-04-19 00:24:56 -05:00
946ab1514e
Correct module naming style
2012-04-18 20:45:25 -05:00
1065111817
Correct TARGETURI description
2012-04-18 18:57:37 -05:00
7071c30b4b
These modules don't really print anything out with print_status(), which makes it weird to look now that we've implemented egypt's output style changes
2012-04-18 16:07:41 -05:00
0e45b6c06c
Avoid printing ip:port twice
2012-04-18 16:01:10 -05:00
1f577b24b2
Merge branch 'rapid7' into http-print-standardization
2012-04-18 08:51:42 -06:00
f3ebe284ca
Minor cosmetic changes
2012-04-18 02:38:25 -05:00
15539c633b
Merge branch 'chap0-gsm' of https://github.com/chap0/metasploit-framework into chap0-chap0-gsm
2012-04-18 02:32:42 -05:00
e52f40daf1
Cosmetic changes
2012-04-18 02:25:43 -05:00
sinn3r
pyoor
Steve Tornio
Christian Mehlmauer
sinn3r
Peter Van Eeckhoutte (corelanc0d3r)
Tod Beardsley
Jose Selvi
James Lee
Alexandre Maloteaux
lincoln-corelan
HD Moore
Silviu-Mihai Popescu
juan
David Maloney
David Maloney
Leonardo Botelho
unknown