Commit Graph

5605 Commits (a2e3c6244e05132002e4fae3df207ff85dfe222b)

Author SHA1 Message Date
Tod Beardsley 761042f14b require the deprecated mixin 2013-09-12 15:42:01 -05:00
Tod Beardsley 968f299772 Deprecate A-PDF exploit for filename change
See PT 56796034
See PT 56795804
2013-09-12 15:30:26 -05:00
sinn3r ac90cd1263 Land #2248 - Fix dlink upnp exec noauth 2013-09-12 15:10:20 -05:00
James Lee 58b634dd27 Remove unnecessary requires from post mods 2013-09-12 14:36:01 -05:00
sinn3r 34383661cb Land #2351 - Agnitum Outpost Internet Security Local Privilege Escalation 2013-09-12 14:21:05 -05:00
sinn3r 5aa6a0dd6b Land #2346 - Sophos Web Protection Appliance sblistpack Arbitrary Command Execution 2013-09-12 14:19:02 -05:00
sinn3r f42e6e8bca Land #2345 - Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation 2013-09-12 14:17:24 -05:00
sinn3r 8db66aeb98 Yes, clearly it is. 2013-09-12 14:16:34 -05:00
sinn3r d781f447db Merge branch 'pr2345' into upstream-master 2013-09-12 14:15:18 -05:00
Tod Beardsley d47de46d94 Deprecate brightstor/tape_engine_8A
This module is getting renamed to 8a, instead of 8A.
2013-09-12 13:59:44 -05:00
jvazquez-r7 9ad1be7318 Make junk easier 2013-09-11 09:33:01 -05:00
jvazquez-r7 825eb9d1ca Add module for OSVDB 96208 2013-09-11 00:11:00 -05:00
jvazquez-r7 4f1db80c24 Fix requires in new post modules 2013-09-10 11:13:07 -05:00
jvazquez-r7 bf40dc02ce Add module for CVE-2013-4984 2013-09-09 23:27:24 -05:00
jvazquez-r7 c3ff9a03d8 Add module for CVE-2013-4983 2013-09-09 23:26:10 -05:00
Tod Beardsley aff35a615b Grammar fixes in descriptions 2013-09-09 15:09:53 -05:00
jvazquez-r7 791b6f69c2 Land #2337, @wchen-r7's exploit for MS13-055 2013-09-09 11:12:03 -05:00
sinn3r 0ee0168556 Retabbed
One kills a man, one is an assassin; one kills millions, one is a
conqueror; one kills a tab, one is a Metasploit dev.
2013-09-09 10:01:01 -05:00
sinn3r 6ab905e9e0 Less alignment 2013-09-09 09:39:02 -05:00
sinn3r 992bdcf530 Not from the future 2013-09-09 00:36:28 -05:00
sinn3r c3db41334b Add MS13-055 Internet Explorer Use-After-Free Vulnerability
In IE8 standards mode, it's possible to cause a use-after-free condition by first
creating an illogical table tree, where a CPhraseElement comes after CTableRow,
with the final node being a sub table element. When the CPhraseElement's outer
content is reset by using either outerText or outerHTML through an event handler,
this triggers a free of its child element (in this case, a CAnchorElement, but
some other objects apply too), but a reference is still kept in function
SRunPointer::SpanQualifier. This function will then pass on the invalid reference
to the next functions, eventually used in mshtml!CElement::Doc when it's trying to
make a call to the object's SecurityContext virtual function at offset +0x70, which
results a crash. An attacker can take advantage of this by first creating an
CAnchorElement object, let it free, and then replace the freed memory with another
fake object. Successfully doing so may allow arbitrary code execution under the
context of the user.

This bug is specific to Internet Explorer 8 only. It was originally discovered by
Orange Tsai at Hitcon 2013, but was silently patched in the July 2013 update, so
no CVE as of now.
2013-09-08 20:02:23 -05:00
Joe Vennix 3da9c4a685 Cleans up timeouts, wait before dropping payload, actually call #cleanup#super to kill the dropped file 2013-09-06 13:05:17 -05:00
Tyler Krpata 2aed293d9a Handle locked date and time preference pane
If the date and time preference pane is locked, effects are:
1. systemsetup takes 30 seconds to return
    added a 30-second timeout to cmd_exec
2. Unable to change system date and time settings
    added additional check to see if date change was successful
2013-09-06 10:17:09 -04:00
jvazquez-r7 7d4bf0c739 Retab changes for PR #2327 2013-09-05 23:25:41 -05:00
jvazquez-r7 34b499588b Merge for retab 2013-09-05 23:24:22 -05:00
Meatballs 473f08bbb6 Register cleanup and update check 2013-09-05 22:43:26 +01:00
Meatballs 400b433267 Sort out exception handling 2013-09-05 22:21:44 +01:00
Tyler Krpata 07060e4e69 Add return in check 2013-09-05 16:57:47 -04:00
Meatballs d4043a6646 Spaces and change to filedropper 2013-09-05 20:41:37 +01:00
Meatballs c5daf939d1 Stabs tabassassin 2013-09-05 20:36:52 +01:00
Tab Assassin f780a41f87 Retab changes for PR #2248 2013-09-05 14:12:24 -05:00
Tab Assassin 554d1868ce Merge for retab 2013-09-05 14:12:18 -05:00
Tab Assassin f5a4c05dbc Retab changes for PR #2267 2013-09-05 14:11:03 -05:00
Tab Assassin 4703a10b64 Merge for retab 2013-09-05 14:10:58 -05:00
Meatballs 9787bb80e7 Address @jlee-r7's feedback 2013-09-05 19:57:05 +01:00
jvazquez-r7 206b52ea30 Land #2325, @jlee-r7's Linux PrependFork addition 2013-09-05 13:50:59 -05:00
Tab Assassin 845bf7146b Retab changes for PR #2304 2013-09-05 13:41:25 -05:00
Tab Assassin adf9ff356c Merge for retab 2013-09-05 13:41:23 -05:00
jvazquez-r7 86ceadc53d Fix target description 2013-09-05 13:37:01 -05:00
jvazquez-r7 d43326d0f4 Check 302 while checking too 2013-09-05 13:36:35 -05:00
jvazquez-r7 ab83a12354 Check 302 on anonymous access too 2013-09-05 13:35:52 -05:00
Tab Assassin 896bb129cd Retab changes for PR #2325 2013-09-05 13:24:09 -05:00
Tab Assassin 5ff25d8b96 Merge for retab 2013-09-05 13:23:25 -05:00
Tab Assassin c9c6f84668 Retab changes for PR #2328 2013-09-05 13:16:15 -05:00
Tab Assassin 9bdc274904 Merge for retab 2013-09-05 13:15:07 -05:00
James Lee 50c6f26329 Don't deregister PrependFork 2013-09-05 10:50:36 -05:00
jvazquez-r7 5c06a471f9 Get the call result 2013-09-05 08:33:35 -05:00
jvazquez-r7 3681955f68 Use Msf::Config.data_directory 2013-09-05 08:28:50 -05:00
jvazquez-r7 6b1d7545d6 Refactor, avoid duplicate code 2013-09-05 08:26:49 -05:00
jgor 84e4b42f6b allow 302 redirects 2013-09-04 16:59:42 -05:00
jgor 66d5af5a11 remove dependency on tmpl=component 2013-09-04 16:58:49 -05:00
jvazquez-r7 b6245eea72 Update target info 2013-09-04 16:43:26 -05:00
jvazquez-r7 34b3ee5e17 Update ranking and description 2013-09-04 16:10:15 -05:00
jvazquez-r7 94125a434b Add module for ZDI-13-205 2013-09-04 15:57:22 -05:00
James Lee b913fcf1a7 Add a proper PrependFork for linux
Also fixes a typo bug for AppendExit
2013-09-04 00:15:07 -05:00
Meatballs 3066e7e19d ReverseConnectRetries ftw 2013-09-04 00:16:19 +01:00
Meatballs a8e77c56bd Updates 2013-09-03 22:46:20 +01:00
Meatballs ac0c493cf9 Merge branch 'master' of github.com:rapid7/metasploit-framework into local_win_priv_keyring 2013-09-03 21:33:11 +01:00
Tab Assassin 84aaf2334a Retab new material 2013-09-03 11:47:26 -05:00
Tab Assassin 0c1e6546af Update from master 2013-09-03 11:45:39 -05:00
Tod Beardsley ca8dacb93b Minor module description updates for grammar. 2013-09-03 10:31:45 -05:00
sinn3r ac0b14e793 Add the missing CVE reference
Was looking at all the 2013 exploit modules for missing CVE references
2013-08-31 18:54:16 -05:00
sinn3r 0736677a01 Land #2299 - Add powershell support & removes ADODB.Stream requirement 2013-08-31 00:32:23 -05:00
sinn3r c4aa557364 Land #2292 - Fix the way to get a session over a telnet connection 2013-08-31 00:29:25 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
jvazquez-r7 5b32c63a42 Land #2308, @wchen-r7's exploit for MS13-059 2013-08-30 10:59:36 -05:00
jvazquez-r7 ea8cd2dc46 Update authors list 2013-08-30 10:52:39 -05:00
sinn3r a283f1d4fa Correct module title 2013-08-30 10:50:35 -05:00
sinn3r f4e09100bd Correct file name 2013-08-30 10:50:05 -05:00
sinn3r 38dbab9dd0 Fix typos 2013-08-30 10:43:26 -05:00
sinn3r 7401f83d8e Land #2305 - HP LoadRunner lrFileIOService ActiveX WriteFileString Bug 2013-08-30 03:23:47 -05:00
sinn3r 0a1b078bd8 Add CVE-2013-3184 (MS13-058) CFlatMarkupPointer Use After Free
Please see module description for more info.
2013-08-30 03:16:28 -05:00
jvazquez-r7 657be3a3d9 Fix typo 2013-08-29 14:42:59 -05:00
jvazquez-r7 4a6bf1da7f Add module for ZDI-13-207 2013-08-29 14:09:45 -05:00
James Lee 63adde2429 Fix load order in posts, hopefully forever 2013-08-29 13:37:50 -05:00
Tod Beardsley 7b9314763c Add the require boilerplate
Fixes a bug that sometimes comes up with load order on this module. I
know @jlee-r7 is working on a better overall solution but this should
solve for the short term.

Note, since the problem is practically machine-specific. @jlee-r7
suggested rm'ing all modules but the one under test. Doing that exposes
the bug, and I've verified this fix in that way.
2013-08-29 13:03:11 -05:00
Meatballs a12f5092dd Encode the powershell cmd 2013-08-28 22:37:11 +01:00
Meatballs aa0563244b Update unsafe scripting module 2013-08-28 22:30:46 +01:00
James Lee feae4a41e7 I don't like end-of-line comments 2013-08-28 12:42:26 -05:00
sinn3r 57c7d0679a Land #2295 - Add platform info 2013-08-28 10:38:50 -05:00
jvazquez-r7 26531dbaa7 Land #2100, @ddouhine's exploit for OSVDB 83543 2013-08-28 08:55:59 -05:00
jvazquez-r7 ab572d7d72 Fix Authors metadata section 2013-08-28 08:53:48 -05:00
Vlatko Kosturjak b702a0d353 Fix "A payload has not been selected."
Since platform definition is missing, exploitation fails.
2013-08-28 12:53:08 +02:00
jvazquez-r7 0bfc12ada1 Fix the way to get a session over a telnet connection 2013-08-27 11:38:49 -05:00
sinn3r b0226cab79 Land #2290 - HP LoadRunner lrFileIOService ActiveX Vulnerability 2013-08-27 11:19:43 -05:00
sinn3r 2e4e3fdbe6 Land #2237 - Fix check function 2013-08-27 11:11:54 -05:00
jvazquez-r7 997c5e5516 Land #2291, @todb-r7's patch for oracle_endeca_exec's requires 2013-08-27 11:01:21 -05:00
Tod Beardsley 15b741bb5f Require the powershell mixin explicitly 2013-08-27 10:36:51 -05:00
jvazquez-r7 f59f57e148 Randomize object id 2013-08-27 10:35:06 -05:00
jvazquez-r7 66fa1b41aa Fix logic to spray correctly IE9 2013-08-27 09:57:55 -05:00
g0tmi1k 7efe85dbd6 php_include - added @wchen-r7's code improvements 2013-08-27 14:00:13 +01:00
jvazquez-r7 93c46c4be5 Complete the Author metadata 2013-08-26 23:29:16 -05:00
jvazquez-r7 8efe2d9206 Land #2289, @jlee-r7's exploit for CVE-2013-1662 2013-08-26 23:27:19 -05:00
jvazquez-r7 e1e889131b Add references and comments 2013-08-26 23:26:13 -05:00
James Lee 63786f9e86 Add local exploit for taviso's vmware privesc 2013-08-26 21:06:40 -05:00
sinn3r 7a4d781538 Land #2274 - Firefox XMLSerializer Use After Free 2013-08-26 20:53:42 -05:00
violet 4cbdf38377 updated contact info
MASTER OF DISASTER

ULTRA LASER

:::::::-.  :::::::..        :::::::-.      ...         ...     .        :
 ;;,   `';,;;;;``;;;;        ;;,   `';, .;;;;;;;.   .;;;;;;;.  ;;,.    ;;;
 `[[     [[ [[[,/[[['        `[[     [[,[[     \[[,,[[     \[[,[[[[, ,[[[[,
  $$,    $$ $$$$$$c           $$,    $$$$$,     $$$$$$,     $$$$$$$$$$$"$$$
  888_,o8P' 888b "88bo,d8b    888_,o8P'"888,_ _,88P"888,_ _,88P888 Y88" 888o
  MMMMP"`   MMMM   "W" YMP    MMMMP"`    "YMMMMMP"   "YMMMMMP" MMM  M'  "MMM
2013-08-26 16:14:49 -07:00
Tod Beardsley 6b15a079ea Update for grammar in descriptions on new modules. 2013-08-26 14:52:51 -05:00
jvazquez-r7 252f48aeee Land #2272, @jvennix-r7's exploit for CVE-2013-1775 2013-08-26 13:21:58 -05:00
jvazquez-r7 0baaf989fb Delete on_new_session cleanup, as discusses with @jlee-r7 2013-08-26 13:20:43 -05:00
jvazquez-r7 f8d1d29648 Add module for ZDI-13-182 2013-08-25 23:07:08 -05:00
Christian Mehlmauer 45ad043102 moderated comments are now also working (even for unauthenticated users) 2013-08-25 11:02:15 +02:00
Christian Mehlmauer 035258389f use feed first before trying to bruteforce 2013-08-25 10:16:43 +02:00
Joe Vennix 757886bece Remove some extra wip files. 2013-08-24 14:52:52 -05:00
Joe Vennix 29320f5b7f Fix vn refs. Add juan as an @author. 2013-08-24 13:07:35 -05:00
jvazquez-r7 5b812b0c22 Add references 2013-08-24 12:12:21 -05:00
jvazquez-r7 b4ad8c8867 Beautify module 2013-08-24 12:08:38 -05:00
Joe Vennix 0e116730a1 Polishing module. Tested on 10.8, 10.8.2, and 10.8.4. 2013-08-24 12:01:38 -05:00
Christian Mehlmauer 9af1341179 consistent naming 2013-08-24 18:51:07 +02:00
jvazquez-r7 b13d357000 Add ranking 2013-08-24 11:35:35 -05:00
jvazquez-r7 3ce23ffb49 Make a test before running the payload 2013-08-24 11:20:47 -05:00
jvazquez-r7 ab293d2ad9 Make msftidy happy 2013-08-24 10:51:19 -05:00
jvazquez-r7 82cf812311 Switch to PrependMigrate 2013-08-24 10:46:04 -05:00
jvazquez-r7 480794a9ab Make small fixes 2013-08-24 10:40:08 -05:00
Christian Mehlmauer 9e4a760576 Update payload 2013-08-24 17:30:16 +02:00
jvazquez-r7 832fa8838b Change the command to launch after background the payload job 2013-08-24 09:57:33 -05:00
jvazquez-r7 4532474309 Allow cleanup from the new session 2013-08-24 09:47:40 -05:00
Joe Vennix 3cdc6abec6 Clean up some code, get CMD working. 2013-08-23 20:19:21 -05:00
Joe Vennix 140d8ae42f Need to set timezone first. 2013-08-23 20:09:18 -05:00
Joe Vennix a4c2ba04f3 Pass cmd through /bin/sh to set default /Users/joe/.rvm/gems/ruby-1.9.3-p392@pro-dev/bin /Users/joe/.rvm/gems/ruby-1.9.3-p392@global/bin /Users/joe/.rvm/rubies/ruby-1.9.3-p392/bin /Users/joe/.rvm/bin /usr/local/sbin /usr/local/bin /usr/bin /bin /usr/sbin /sbin /usr/X11/bin /opt/bin /opt/X11/bin. CMD and native payloads now working. 2013-08-23 19:39:21 -05:00
jvazquez-r7 fc91380ebc Add work code 2013-08-23 17:54:21 -05:00
Christian Mehlmauer c40252e0b3 bugfixing 2013-08-24 00:04:16 +02:00
sinn3r 7b5e98d57e Land #2269 - Oracle Endeca Server Remote Command Execution 2013-08-23 15:40:31 -05:00
Christian Mehlmauer e9eb6b2427 simplification 2013-08-23 22:29:31 +02:00
Christian Mehlmauer 576ae50b73 more feedback implemented 2013-08-23 22:22:56 +02:00
jvazquez-r7 a5c9f8d670 Beautify targets metadata 2013-08-23 15:15:04 -05:00
jvazquez-r7 f3415f4147 Make msftidy compliant 2013-08-23 15:14:13 -05:00
jvazquez-r7 413474f417 Move module to the correct path 2013-08-23 15:08:25 -05:00
Christian Mehlmauer de3fc1fa6c first feedback implemented 2013-08-23 21:59:36 +02:00
jvazquez-r7 ad214da3de Switch to powershell to exec payload 2013-08-23 14:39:29 -05:00
jvazquez-r7 a45f49e3b7 Use a new Ranking 2013-08-23 08:49:58 -05:00
jvazquez-r7 ff6ad30be0 Add module for ZDI-13-006 2013-08-22 18:15:35 -05:00
Christian Mehlmauer 556f17c47e Move modules 2013-08-22 17:33:35 +02:00
Christian Mehlmauer 8456d2c0ec remove target_uri 2013-08-22 00:48:42 +02:00
Christian Mehlmauer 959553583f -) revert last commit
-) split into seperate modules
2013-08-22 00:45:22 +02:00
Christian Mehlmauer 009d8796f6 wordpress is now a module, not a mixin 2013-08-22 00:05:58 +02:00
jvazquez-r7 965e2d88fe Use normalize_uri 2013-08-21 16:49:24 -05:00
Christian Mehlmauer 2e9a579a08 implement @limhoff-r7 feedback 2013-08-21 21:05:52 +02:00
jvazquez-r7 b72566b8aa Add module for ZDI-13-190 2013-08-21 12:47:47 -05:00
Christian Mehlmauer ffdd057f10 -) Documentation
-) Added Wordpress checks
2013-08-21 14:27:11 +02:00
Christian Mehlmauer 49ec0d464a msftidy 2013-08-21 13:15:21 +02:00
Christian Mehlmauer 11ef8d077c -) added wordpress mixin
-) fixed typo in web mixin
2013-08-21 12:45:15 +02:00
jvazquez-r7 42f774a064 Fix check method 2013-08-20 12:02:09 -05:00
Charlie Eriksen 533d98bd1b Adding module for CVE 2013-5093, Graphite Web Exploit 2013-08-20 12:56:30 -04:00
jvazquez-r7 7b555679e6 Really delete the telnet target 2013-08-19 15:06:47 -05:00
jvazquez-r7 d64c8748e8 Fix descriptions and names 2013-08-19 15:05:27 -05:00
jvazquez-r7 232289d500 Add new module to exploit to through telnet dlink_upnp_exec_noauth 2013-08-19 15:01:29 -05:00
jvazquez-r7 846925e3ba Delete telnet target from dlink_upnp_exec_noauth 2013-08-19 14:56:12 -05:00
Tod Beardsley ca313806ae Trivial grammar and word choice fixes for modules 2013-08-19 13:24:42 -05:00
m-1-k-3 c902b0ea4b removed user and pass option 2013-08-19 18:07:11 +02:00
m-1-k-3 5fc806e3e0 little fixes 2013-08-18 16:18:27 +02:00
m-1-k-3 9ae977ec80 Merge branch 'raidsonic_telnet' of https://github.com/jvazquez-r7/metasploit-framework into raidsonic-ib5220-exec
Conflicts:
	modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb
2013-08-18 15:56:39 +02:00
Steve Tornio abd4fb778f add osvdb ref for chasys overflow 2013-08-18 06:35:28 -05:00
Steve Tornio 0037ccceed add osvdb ref for openx backdoor 2013-08-18 06:34:50 -05:00
g0tmi1k 02e394e1c3 php_include - fix check 2013-08-17 17:36:43 +01:00
g0tmi1k 98b4c653c0 php_include - uses verbose 2013-08-17 17:35:09 +01:00
sinn3r a75a4906f2 Description update 2013-08-16 23:28:24 -05:00
jvazquez-r7 a8cc15db20 Add module for ZDI-13-178 2013-08-16 18:13:18 -05:00
jvazquez-r7 85b050112a Land #2231, @wchen-r7's patch for [SeeRM #8114] 2013-08-16 12:52:10 -05:00
sinn3r d4dbea5594 Check 200 2013-08-16 11:34:32 -05:00
jvazquez-r7 1a3b4eebdb Fix directory name on ruby 2013-08-15 22:54:31 -05:00
jvazquez-r7 795ad70eab Change directory names 2013-08-15 22:52:42 -05:00
jvazquez-r7 c5c2aebf15 Update references 2013-08-15 22:04:15 -05:00
jvazquez-r7 cc5804f5f3 Add Port for OSVDB 96277 2013-08-15 18:34:51 -05:00
sinn3r 462ccc3d36 Missed these little devils 2013-08-15 16:50:13 -05:00
sinn3r cd734acf3e [See RM 8114] - Reduce false positive if traffic is redirected
Fix complaint for hitting this false positive when the user has
all the traffic redirected.
2013-08-15 16:33:10 -05:00
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
jvazquez-r7 7a8bafd82c Beautify 2013-08-14 13:50:08 -05:00
jvazquez-r7 90aec6cff5 Fix telnet negotiation for the raidsonic case 2013-08-14 13:38:51 -05:00
sinn3r 23c5f02e9a Land #2225 - Fix dlink_dir300_exec_telnet 2013-08-14 13:11:42 -05:00
sinn3r 98e0053dc6 Fix indent level 2013-08-14 13:07:01 -05:00
jvazquez-r7 178a7b0dbb Fix author's email format 2013-08-14 11:56:47 -05:00
jvazquez-r7 2a4b8e4a64 Add useful comment 2013-08-14 11:49:32 -05:00
jvazquez-r7 e6c36864c4 Fix telnet related stuff 2013-08-14 11:47:57 -05:00
bcoles 7145a85fb4 Add MiniWeb (Build 300) Arbitrary File Upload 2013-08-15 01:01:46 +09:30
m-1-k-3 6b87240323 thx to juan ... session stuff looks better 2013-08-14 16:51:09 +02:00
jvazquez-r7 1d82ed176f Update joomla_media_upload_exec references 2013-08-13 23:27:01 -05:00
sinn3r 54cffdb27d Land #2219 - OSVDB-95933: Joomla Media Manager File Upload Vulnerability 2013-08-13 19:04:57 -05:00
sinn3r e912a64ccc Description change 2013-08-13 19:04:25 -05:00
jvazquez-r7 312ff1a20e Delete period from regular expressions 2013-08-13 17:50:26 -05:00
jvazquez-r7 04eed49310 Add support for FileDropper 2013-08-13 16:47:24 -05:00
jvazquez-r7 e4a570d36b Update metadata according to OSVDB 2013-08-13 16:42:53 -05:00
jvazquez-r7 2086c51b67 Add module for Joomla Upload Exploit in the wild 2013-08-13 16:27:27 -05:00
jvazquez-r7 31cbc270fd Favor unless over if for negative condition 2013-08-13 08:46:12 -05:00
jvazquez-r7 bc9a26d4ee Fix condition 2013-08-12 23:05:26 -05:00
jvazquez-r7 568181de84 Add sthetic spaces 2013-08-12 22:33:34 -05:00
jvazquez-r7 6d70d4924e Land #2206, @PsychoSpy module for OSVDB 94097 2013-08-12 22:27:03 -05:00
jvazquez-r7 7981601eb8 Do final cleanup on intrasrv_bof 2013-08-12 22:24:53 -05:00
sinn3r 2d3c2c1c87 Set default target to 0 because there's only one 2013-08-12 20:01:23 -05:00
sinn3r c0335cee26 Land #2214 - CVE-2013-3928: Chasys Draw IES Buffer Overflow 2013-08-12 19:16:02 -05:00
sinn3r 7562324d96 Land #2210 - CVE-2013-5019: Ultra Mini HTTPD Stack Buffer Overflow 2013-08-12 19:13:58 -05:00
sinn3r 51d9c59dcd Extra tabs, bye 2013-08-12 19:13:20 -05:00
Nathan Einwechter db78ffcc46 ... 2013-08-12 18:21:10 -04:00
Nathan Einwechter 49bcec5c92 Additional cleanup 2013-08-12 18:20:03 -04:00
jvazquez-r7 b3f229ff59 Add module for CVE-2013-3928 2013-08-12 17:18:30 -05:00
Nathan Einwechter 7014322dfd Code cleanup 2013-08-12 18:16:00 -04:00
Nathan Einwechter 264fe32705 Added new badchars 2013-08-12 18:08:49 -04:00
Nathan Einwechter bbc93b2a58 msftidy 2013-08-12 15:14:01 -04:00
Nathan Einwechter 28f030494e Use tcp mixin/clean corrupt bytes 2013-08-12 15:12:15 -04:00
jvazquez-r7 b1fc8308c1 Land #2211, @bcoles exploit for CVE-201-2620 2013-08-12 11:23:20 -05:00
jvazquez-r7 8ac01d3b8e Fix description and make it aggressive 2013-08-12 11:19:25 -05:00
Nathan Einwechter 7854c452d2 Added more payload padding 2013-08-12 11:10:10 -04:00
Nathan Einwechter 9f33a59dc2 Fix target ret 2013-08-12 11:04:55 -04:00
Nathan Einwechter 6f96445b42 Change target ret/cleanup 2013-08-12 10:13:48 -04:00
Nathan Einwechter a35d548979 Use HttpClient 2013-08-12 10:01:01 -04:00
bcoles d63d7bc7da Add Open-FTPD 1.2 Writable Directory Traversal Execution 2013-08-12 08:49:49 +09:30
Nathan Einwechter 896320ed42 fix typo 2013-08-11 16:48:43 -04:00
Nathan Einwechter 4b14fa53e0 tidy debugs 2013-08-11 16:39:41 -04:00
Nathan Einwechter 90ef224c46 Implement CVE-2012-5019 2013-08-11 16:33:40 -04:00
jvazquez-r7 f2e5092fd5 Add module for ZDI-13-179 2013-08-10 18:44:33 -05:00
Nathan Einwechter 185ef2ecae msftidy 2013-08-10 16:01:44 -04:00
Nathan Einwechter 6fe4e3dd0e Added Intrasrv 1.0 BOF 2013-08-10 15:56:07 -04:00
sinn3r 5436ec7dd3 Title change for dlink_dir300_exec_telnet
Title change for dlink_dir300_exec_telnet. Also correct the email
format.
2013-08-09 15:41:50 -05:00
sinn3r 5128458c90 Land #2201 - Better check for ppr_flatten_rec 2013-08-09 14:44:23 -05:00
sinn3r 021c358159 Land #2203 - Fix regex for x64 detection 2013-08-09 13:23:38 -05:00
Tod Beardsley 6c0b067d7c Land #2163, known secret session cookie for RoR
From @joernchen, leverages an infoleak to gain a shell on rails
applications. There is no patch, since you are expected to keep your
secrets, well, secret.
2013-08-09 12:30:37 -05:00
Tod Beardsley 969b380d71 More explicit title, grammar check on description 2013-08-09 12:27:45 -05:00
Tod Beardsley 13ea8aaaad VALIDATE_COOKIE better grammar on fail message 2013-08-09 12:26:12 -05:00
Tod Beardsley 94e7164b01 Allow user to choose to validate the cookie or not 2013-08-09 12:22:28 -05:00
joernchen of Phenoelit 376c37d4cc Two more fixes, Arch and unneeded include. 2013-08-09 09:23:50 +02:00
Sagi Shahar 7178633140 Fixed architecture detection in bypassuac modules 2013-08-09 03:42:02 +02:00
Tod Beardsley 155c121cbb More spacing between ends 2013-08-08 16:35:38 -05:00
Tod Beardsley f4fc0ef3fb Moved classes into the Metasploit3 space
I'm just worried about all those naked classes just hanging around in
the top namespace. This shouldn't impact functionality at all.

While most modules don't define their own classes (this is usually the
job of Msf::Exploit and Rex), I can't think of a reason why you
shouldn't (well, aside from reusability). And yet, very rarely do
modules do it. It's not unknown, though -- the drda.rb capture module
defines a bunch of Constants, and the
post/windows/gather/credentials/bulletproof_ftp.rb module defines some
more interesting things.

So, this should be okay, as long as things are defined in the context of
the Metasploit module proper.
2013-08-08 16:22:34 -05:00
Tod Beardsley 4e166f3da4 Adding more blank lines between methods
For readability
2013-08-08 16:20:38 -05:00
jvazquez-r7 567873f3cc Use normalize_uri a little better 2013-08-08 15:12:51 -05:00
jvazquez-r7 4a609504e3 Land #2199, @jlee-r7's exploit for CVE-2013-4211 2013-08-08 14:57:28 -05:00
jvazquez-r7 06ebc686c4 Land #2194, @CharlieEriksen exploit for CVE-2013-5036 2013-08-08 14:50:28 -05:00
jvazquez-r7 40a61ec654 Do minor cleanup 2013-08-08 14:47:46 -05:00
Meatballs 318280fea7 Add 7/2k8 RTM versions 2013-08-08 20:02:14 +01:00
Meatballs d64352652f Adds unsupported Vista versions 2013-08-08 19:58:40 +01:00
Meatballs 08c32c250f File versions 2013-08-08 19:42:14 +01:00
sinn3r a03d71d60e Land #2181 - More targets for hp_sys_mgmt_exec
Thanks mwulftange!
2013-08-08 13:35:33 -05:00
sinn3r a73f87eaa5 No autodetect. Allow the user to manually select. 2013-08-08 13:34:25 -05:00
Charlie Eriksen 28b36ea29b Removing a space at EOL I missed. 2013-08-08 14:30:53 -04:00
Charlie Eriksen 1c6e994fe8 Adding improvements based on Juan's feedback 2013-08-08 14:29:35 -04:00
James Lee 080ca0b1b1 Use fail_with when failing instead of print_error 2013-08-08 13:12:39 -05:00
jvazquez-r7 5d0e868701 Land #2192 after cleanup 2013-08-08 08:44:17 -05:00
jvazquez-r7 74eeacf9f2 Fix regex 2013-08-08 08:40:45 -05:00
James Lee ca7c0defe1 No need to rescue if we're just re-raising 2013-08-07 17:36:07 -05:00
James Lee c808930f15 Add module for CVE-2013-4211, openx backdoor 2013-08-07 17:24:47 -05:00
root 3a24765585 Adding CVE ID 2013-08-07 18:11:43 -04:00
jvazquez-r7 0f975da5f4 Update target info and something else... 2013-08-07 16:00:06 -05:00
jvazquez-r7 d1beb313f6 Add module for 2013-1690 2013-08-07 15:36:54 -05:00
jvazquez-r7 821673c4d2 Try to fix a little description 2013-08-07 10:26:39 -05:00
jvazquez-r7 33ac0c5c3f Make exploit more print friendly 2013-08-07 10:21:14 -05:00
jvazquez-r7 32436973e4 Land #2192, @m-1-k-3's exploit for OSVDB-89861 2013-08-07 10:16:49 -05:00
jvazquez-r7 ae685ac41d Beautify description 2013-08-07 09:52:29 -05:00
jvazquez-r7 afb8a95f0a Land #2179, @m-1-k-3's exploit for OSVDB-92698 2013-08-07 09:00:41 -05:00
root 7412981138 Adding an OSVDB reference 2013-08-07 07:15:00 -04:00
root 36bab2fdfa Adding a space between init and check 2013-08-06 16:14:21 -04:00