jvazquez-r7
f8d1d29648
Add module for ZDI-13-182
2013-08-25 23:07:08 -05:00
Christian Mehlmauer
45ad043102
moderated comments are now also working (even for unauthenticated users)
2013-08-25 11:02:15 +02:00
Christian Mehlmauer
035258389f
use feed first before trying to bruteforce
2013-08-25 10:16:43 +02:00
Joe Vennix
757886bece
Remove some extra wip files.
2013-08-24 14:52:52 -05:00
Joe Vennix
29320f5b7f
Fix vn refs. Add juan as an @author.
2013-08-24 13:07:35 -05:00
jvazquez-r7
5b812b0c22
Add references
2013-08-24 12:12:21 -05:00
jvazquez-r7
b4ad8c8867
Beautify module
2013-08-24 12:08:38 -05:00
Joe Vennix
0e116730a1
Polishing module. Tested on 10.8, 10.8.2, and 10.8.4.
2013-08-24 12:01:38 -05:00
Christian Mehlmauer
9af1341179
consistent naming
2013-08-24 18:51:07 +02:00
jvazquez-r7
b13d357000
Add ranking
2013-08-24 11:35:35 -05:00
jvazquez-r7
3ce23ffb49
Make a test before running the payload
2013-08-24 11:20:47 -05:00
jvazquez-r7
ab293d2ad9
Make msftidy happy
2013-08-24 10:51:19 -05:00
jvazquez-r7
82cf812311
Switch to PrependMigrate
2013-08-24 10:46:04 -05:00
jvazquez-r7
480794a9ab
Make small fixes
2013-08-24 10:40:08 -05:00
Christian Mehlmauer
9e4a760576
Update payload
2013-08-24 17:30:16 +02:00
jvazquez-r7
832fa8838b
Change the command to launch after background the payload job
2013-08-24 09:57:33 -05:00
jvazquez-r7
4532474309
Allow cleanup from the new session
2013-08-24 09:47:40 -05:00
Joe Vennix
3cdc6abec6
Clean up some code, get CMD working.
2013-08-23 20:19:21 -05:00
Joe Vennix
140d8ae42f
Need to set timezone first.
2013-08-23 20:09:18 -05:00
Joe Vennix
a4c2ba04f3
Pass cmd through /bin/sh to set default /Users/joe/.rvm/gems/ruby-1.9.3-p392@pro-dev/bin /Users/joe/.rvm/gems/ruby-1.9.3-p392@global/bin /Users/joe/.rvm/rubies/ruby-1.9.3-p392/bin /Users/joe/.rvm/bin /usr/local/sbin /usr/local/bin /usr/bin /bin /usr/sbin /sbin /usr/X11/bin /opt/bin /opt/X11/bin. CMD and native payloads now working.
2013-08-23 19:39:21 -05:00
jvazquez-r7
fc91380ebc
Add work code
2013-08-23 17:54:21 -05:00
Christian Mehlmauer
c40252e0b3
bugfixing
2013-08-24 00:04:16 +02:00
sinn3r
7b5e98d57e
Land #2269 - Oracle Endeca Server Remote Command Execution
2013-08-23 15:40:31 -05:00
Christian Mehlmauer
e9eb6b2427
simplification
2013-08-23 22:29:31 +02:00
Christian Mehlmauer
576ae50b73
more feedback implemented
2013-08-23 22:22:56 +02:00
jvazquez-r7
a5c9f8d670
Beautify targets metadata
2013-08-23 15:15:04 -05:00
jvazquez-r7
f3415f4147
Make msftidy compliant
2013-08-23 15:14:13 -05:00
jvazquez-r7
413474f417
Move module to the correct path
2013-08-23 15:08:25 -05:00
Christian Mehlmauer
de3fc1fa6c
first feedback implemented
2013-08-23 21:59:36 +02:00
jvazquez-r7
ad214da3de
Switch to powershell to exec payload
2013-08-23 14:39:29 -05:00
jvazquez-r7
a45f49e3b7
Use a new Ranking
2013-08-23 08:49:58 -05:00
jvazquez-r7
ff6ad30be0
Add module for ZDI-13-006
2013-08-22 18:15:35 -05:00
Christian Mehlmauer
556f17c47e
Move modules
2013-08-22 17:33:35 +02:00
Christian Mehlmauer
8456d2c0ec
remove target_uri
2013-08-22 00:48:42 +02:00
Christian Mehlmauer
959553583f
-) revert last commit
...
-) split into seperate modules
2013-08-22 00:45:22 +02:00
Christian Mehlmauer
009d8796f6
wordpress is now a module, not a mixin
2013-08-22 00:05:58 +02:00
jvazquez-r7
965e2d88fe
Use normalize_uri
2013-08-21 16:49:24 -05:00
Christian Mehlmauer
2e9a579a08
implement @limhoff-r7 feedback
2013-08-21 21:05:52 +02:00
jvazquez-r7
b72566b8aa
Add module for ZDI-13-190
2013-08-21 12:47:47 -05:00
Christian Mehlmauer
ffdd057f10
-) Documentation
...
-) Added Wordpress checks
2013-08-21 14:27:11 +02:00
Christian Mehlmauer
49ec0d464a
msftidy
2013-08-21 13:15:21 +02:00
Christian Mehlmauer
11ef8d077c
-) added wordpress mixin
...
-) fixed typo in web mixin
2013-08-21 12:45:15 +02:00
jvazquez-r7
42f774a064
Fix check method
2013-08-20 12:02:09 -05:00
Charlie Eriksen
533d98bd1b
Adding module for CVE 2013-5093, Graphite Web Exploit
2013-08-20 12:56:30 -04:00
jvazquez-r7
7b555679e6
Really delete the telnet target
2013-08-19 15:06:47 -05:00
jvazquez-r7
d64c8748e8
Fix descriptions and names
2013-08-19 15:05:27 -05:00
jvazquez-r7
232289d500
Add new module to exploit to through telnet dlink_upnp_exec_noauth
2013-08-19 15:01:29 -05:00
jvazquez-r7
846925e3ba
Delete telnet target from dlink_upnp_exec_noauth
2013-08-19 14:56:12 -05:00
Tod Beardsley
ca313806ae
Trivial grammar and word choice fixes for modules
2013-08-19 13:24:42 -05:00
m-1-k-3
c902b0ea4b
removed user and pass option
2013-08-19 18:07:11 +02:00
m-1-k-3
5fc806e3e0
little fixes
2013-08-18 16:18:27 +02:00
m-1-k-3
9ae977ec80
Merge branch 'raidsonic_telnet' of https://github.com/jvazquez-r7/metasploit-framework into raidsonic-ib5220-exec
...
Conflicts:
modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb
2013-08-18 15:56:39 +02:00
Steve Tornio
abd4fb778f
add osvdb ref for chasys overflow
2013-08-18 06:35:28 -05:00
Steve Tornio
0037ccceed
add osvdb ref for openx backdoor
2013-08-18 06:34:50 -05:00
g0tmi1k
02e394e1c3
php_include - fix check
2013-08-17 17:36:43 +01:00
g0tmi1k
98b4c653c0
php_include - uses verbose
2013-08-17 17:35:09 +01:00
sinn3r
a75a4906f2
Description update
2013-08-16 23:28:24 -05:00
jvazquez-r7
a8cc15db20
Add module for ZDI-13-178
2013-08-16 18:13:18 -05:00
jvazquez-r7
85b050112a
Land #2231 , @wchen-r7's patch for [SeeRM #8114 ]
2013-08-16 12:52:10 -05:00
sinn3r
d4dbea5594
Check 200
2013-08-16 11:34:32 -05:00
jvazquez-r7
1a3b4eebdb
Fix directory name on ruby
2013-08-15 22:54:31 -05:00
jvazquez-r7
795ad70eab
Change directory names
2013-08-15 22:52:42 -05:00
jvazquez-r7
c5c2aebf15
Update references
2013-08-15 22:04:15 -05:00
jvazquez-r7
cc5804f5f3
Add Port for OSVDB 96277
2013-08-15 18:34:51 -05:00
sinn3r
462ccc3d36
Missed these little devils
2013-08-15 16:50:13 -05:00
sinn3r
cd734acf3e
[See RM 8114] - Reduce false positive if traffic is redirected
...
Fix complaint for hitting this false positive when the user has
all the traffic redirected.
2013-08-15 16:33:10 -05:00
HD Moore
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
jvazquez-r7
7a8bafd82c
Beautify
2013-08-14 13:50:08 -05:00
jvazquez-r7
90aec6cff5
Fix telnet negotiation for the raidsonic case
2013-08-14 13:38:51 -05:00
sinn3r
23c5f02e9a
Land #2225 - Fix dlink_dir300_exec_telnet
2013-08-14 13:11:42 -05:00
sinn3r
98e0053dc6
Fix indent level
2013-08-14 13:07:01 -05:00
jvazquez-r7
178a7b0dbb
Fix author's email format
2013-08-14 11:56:47 -05:00
jvazquez-r7
2a4b8e4a64
Add useful comment
2013-08-14 11:49:32 -05:00
jvazquez-r7
e6c36864c4
Fix telnet related stuff
2013-08-14 11:47:57 -05:00
bcoles
7145a85fb4
Add MiniWeb (Build 300) Arbitrary File Upload
2013-08-15 01:01:46 +09:30
m-1-k-3
6b87240323
thx to juan ... session stuff looks better
2013-08-14 16:51:09 +02:00
jvazquez-r7
1d82ed176f
Update joomla_media_upload_exec references
2013-08-13 23:27:01 -05:00
sinn3r
54cffdb27d
Land #2219 - OSVDB-95933: Joomla Media Manager File Upload Vulnerability
2013-08-13 19:04:57 -05:00
sinn3r
e912a64ccc
Description change
2013-08-13 19:04:25 -05:00
jvazquez-r7
312ff1a20e
Delete period from regular expressions
2013-08-13 17:50:26 -05:00
jvazquez-r7
04eed49310
Add support for FileDropper
2013-08-13 16:47:24 -05:00
jvazquez-r7
e4a570d36b
Update metadata according to OSVDB
2013-08-13 16:42:53 -05:00
jvazquez-r7
2086c51b67
Add module for Joomla Upload Exploit in the wild
2013-08-13 16:27:27 -05:00
jvazquez-r7
31cbc270fd
Favor unless over if for negative condition
2013-08-13 08:46:12 -05:00
jvazquez-r7
bc9a26d4ee
Fix condition
2013-08-12 23:05:26 -05:00
jvazquez-r7
568181de84
Add sthetic spaces
2013-08-12 22:33:34 -05:00
jvazquez-r7
6d70d4924e
Land #2206 , @PsychoSpy module for OSVDB 94097
2013-08-12 22:27:03 -05:00
jvazquez-r7
7981601eb8
Do final cleanup on intrasrv_bof
2013-08-12 22:24:53 -05:00
sinn3r
2d3c2c1c87
Set default target to 0 because there's only one
2013-08-12 20:01:23 -05:00
sinn3r
c0335cee26
Land #2214 - CVE-2013-3928: Chasys Draw IES Buffer Overflow
2013-08-12 19:16:02 -05:00
sinn3r
7562324d96
Land #2210 - CVE-2013-5019: Ultra Mini HTTPD Stack Buffer Overflow
2013-08-12 19:13:58 -05:00
sinn3r
51d9c59dcd
Extra tabs, bye
2013-08-12 19:13:20 -05:00
Nathan Einwechter
db78ffcc46
...
2013-08-12 18:21:10 -04:00
Nathan Einwechter
49bcec5c92
Additional cleanup
2013-08-12 18:20:03 -04:00
jvazquez-r7
b3f229ff59
Add module for CVE-2013-3928
2013-08-12 17:18:30 -05:00
Nathan Einwechter
7014322dfd
Code cleanup
2013-08-12 18:16:00 -04:00
Nathan Einwechter
264fe32705
Added new badchars
2013-08-12 18:08:49 -04:00
Nathan Einwechter
bbc93b2a58
msftidy
2013-08-12 15:14:01 -04:00
Nathan Einwechter
28f030494e
Use tcp mixin/clean corrupt bytes
2013-08-12 15:12:15 -04:00
jvazquez-r7
b1fc8308c1
Land #2211 , @bcoles exploit for CVE-201-2620
2013-08-12 11:23:20 -05:00
jvazquez-r7
8ac01d3b8e
Fix description and make it aggressive
2013-08-12 11:19:25 -05:00
Nathan Einwechter
7854c452d2
Added more payload padding
2013-08-12 11:10:10 -04:00
Nathan Einwechter
9f33a59dc2
Fix target ret
2013-08-12 11:04:55 -04:00
Nathan Einwechter
6f96445b42
Change target ret/cleanup
2013-08-12 10:13:48 -04:00
Nathan Einwechter
a35d548979
Use HttpClient
2013-08-12 10:01:01 -04:00
bcoles
d63d7bc7da
Add Open-FTPD 1.2 Writable Directory Traversal Execution
2013-08-12 08:49:49 +09:30
Nathan Einwechter
896320ed42
fix typo
2013-08-11 16:48:43 -04:00
Nathan Einwechter
4b14fa53e0
tidy debugs
2013-08-11 16:39:41 -04:00
Nathan Einwechter
90ef224c46
Implement CVE-2012-5019
2013-08-11 16:33:40 -04:00
jvazquez-r7
f2e5092fd5
Add module for ZDI-13-179
2013-08-10 18:44:33 -05:00
Nathan Einwechter
185ef2ecae
msftidy
2013-08-10 16:01:44 -04:00
Nathan Einwechter
6fe4e3dd0e
Added Intrasrv 1.0 BOF
2013-08-10 15:56:07 -04:00
sinn3r
5436ec7dd3
Title change for dlink_dir300_exec_telnet
...
Title change for dlink_dir300_exec_telnet. Also correct the email
format.
2013-08-09 15:41:50 -05:00
sinn3r
5128458c90
Land #2201 - Better check for ppr_flatten_rec
2013-08-09 14:44:23 -05:00
sinn3r
021c358159
Land #2203 - Fix regex for x64 detection
2013-08-09 13:23:38 -05:00
Tod Beardsley
6c0b067d7c
Land #2163 , known secret session cookie for RoR
...
From @joernchen, leverages an infoleak to gain a shell on rails
applications. There is no patch, since you are expected to keep your
secrets, well, secret.
2013-08-09 12:30:37 -05:00
Tod Beardsley
969b380d71
More explicit title, grammar check on description
2013-08-09 12:27:45 -05:00
Tod Beardsley
13ea8aaaad
VALIDATE_COOKIE better grammar on fail message
2013-08-09 12:26:12 -05:00
Tod Beardsley
94e7164b01
Allow user to choose to validate the cookie or not
2013-08-09 12:22:28 -05:00
joernchen of Phenoelit
376c37d4cc
Two more fixes, Arch and unneeded include.
2013-08-09 09:23:50 +02:00
Sagi Shahar
7178633140
Fixed architecture detection in bypassuac modules
2013-08-09 03:42:02 +02:00
Tod Beardsley
155c121cbb
More spacing between ends
2013-08-08 16:35:38 -05:00
Tod Beardsley
f4fc0ef3fb
Moved classes into the Metasploit3 space
...
I'm just worried about all those naked classes just hanging around in
the top namespace. This shouldn't impact functionality at all.
While most modules don't define their own classes (this is usually the
job of Msf::Exploit and Rex), I can't think of a reason why you
shouldn't (well, aside from reusability). And yet, very rarely do
modules do it. It's not unknown, though -- the drda.rb capture module
defines a bunch of Constants, and the
post/windows/gather/credentials/bulletproof_ftp.rb module defines some
more interesting things.
So, this should be okay, as long as things are defined in the context of
the Metasploit module proper.
2013-08-08 16:22:34 -05:00
Tod Beardsley
4e166f3da4
Adding more blank lines between methods
...
For readability
2013-08-08 16:20:38 -05:00
jvazquez-r7
567873f3cc
Use normalize_uri a little better
2013-08-08 15:12:51 -05:00
jvazquez-r7
4a609504e3
Land #2199 , @jlee-r7's exploit for CVE-2013-4211
2013-08-08 14:57:28 -05:00
jvazquez-r7
06ebc686c4
Land #2194 , @CharlieEriksen exploit for CVE-2013-5036
2013-08-08 14:50:28 -05:00
jvazquez-r7
40a61ec654
Do minor cleanup
2013-08-08 14:47:46 -05:00
Meatballs
318280fea7
Add 7/2k8 RTM versions
2013-08-08 20:02:14 +01:00
Meatballs
d64352652f
Adds unsupported Vista versions
2013-08-08 19:58:40 +01:00
Meatballs
08c32c250f
File versions
2013-08-08 19:42:14 +01:00
sinn3r
a03d71d60e
Land #2181 - More targets for hp_sys_mgmt_exec
...
Thanks mwulftange!
2013-08-08 13:35:33 -05:00
sinn3r
a73f87eaa5
No autodetect. Allow the user to manually select.
2013-08-08 13:34:25 -05:00
Charlie Eriksen
28b36ea29b
Removing a space at EOL I missed.
2013-08-08 14:30:53 -04:00
Charlie Eriksen
1c6e994fe8
Adding improvements based on Juan's feedback
2013-08-08 14:29:35 -04:00
James Lee
080ca0b1b1
Use fail_with when failing instead of print_error
2013-08-08 13:12:39 -05:00
jvazquez-r7
5d0e868701
Land #2192 after cleanup
2013-08-08 08:44:17 -05:00
jvazquez-r7
74eeacf9f2
Fix regex
2013-08-08 08:40:45 -05:00
James Lee
ca7c0defe1
No need to rescue if we're just re-raising
2013-08-07 17:36:07 -05:00
James Lee
c808930f15
Add module for CVE-2013-4211, openx backdoor
2013-08-07 17:24:47 -05:00
root
3a24765585
Adding CVE ID
2013-08-07 18:11:43 -04:00
jvazquez-r7
0f975da5f4
Update target info and something else...
2013-08-07 16:00:06 -05:00
jvazquez-r7
d1beb313f6
Add module for 2013-1690
2013-08-07 15:36:54 -05:00
jvazquez-r7
821673c4d2
Try to fix a little description
2013-08-07 10:26:39 -05:00
jvazquez-r7
33ac0c5c3f
Make exploit more print friendly
2013-08-07 10:21:14 -05:00
jvazquez-r7
32436973e4
Land #2192 , @m-1-k-3's exploit for OSVDB-89861
2013-08-07 10:16:49 -05:00
jvazquez-r7
ae685ac41d
Beautify description
2013-08-07 09:52:29 -05:00
jvazquez-r7
afb8a95f0a
Land #2179 , @m-1-k-3's exploit for OSVDB-92698
2013-08-07 09:00:41 -05:00
root
7412981138
Adding an OSVDB reference
2013-08-07 07:15:00 -04:00
root
36bab2fdfa
Adding a space between init and check
2013-08-06 16:14:21 -04:00
root
be683d5dc6
Fixing the TARGETURI variable, adding check
2013-08-06 16:13:44 -04:00
root
a745ec8fa6
Adding reference
2013-08-06 14:43:25 -04:00
root
cfd5f29220
Fixing the use of APIKEY, which is not needed
2013-08-06 14:10:48 -04:00
root
69a86b60e2
Added initial squash RCE exploit
2013-08-06 14:00:17 -04:00
m-1-k-3
885417c9d9
removing config file from target
2013-08-06 15:11:54 +02:00
HD Moore
c73e417531
Merge pull request #2171 from frederic/master
...
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-08-05 18:31:41 -07:00
m-1-k-3
dd35495fb8
dir 300 and 600 auxiliary module replacement
2013-08-05 22:28:59 +02:00
m-1-k-3
786f16fc91
feedback included
2013-08-05 21:55:30 +02:00
m-1-k-3
2efc2a79bf
fail with
2013-08-05 21:41:28 +02:00
jvazquez-r7
9790181dd2
Land #2176 , @wchen-r7's fix for [TestRM #8272 ]
2013-08-05 13:10:25 -05:00
Tod Beardsley
40f015f596
Avoid require race with powershell
2013-08-05 09:56:32 -05:00
Tod Beardsley
a885ff9bcc
Use consistent caps for 'PowerShell'
2013-08-05 09:33:49 -05:00
Tod Beardsley
5ea67586c8
Rewrite description for MS13-005
...
The first part of the description was copy-pasted from
http://packetstormsecurity.com/files/122588/ms13_005_hwnd_broadcast.rb.txt
which contained some grammatical errors. Please try to avoid cribbing
other researchers' descriptions directly for Metasploit modules.
2013-08-05 09:29:29 -05:00
Tod Beardsley
e7206af5b5
OSVDB and comment doc fixes
2013-08-05 09:08:17 -05:00
m-1-k-3
34134b2e11
feedback included
2013-08-04 14:45:55 +02:00
Markus Wulftange
9955899d9a
Minor formal fixes
2013-08-04 08:03:02 +02:00
m-1-k-3
b8ed364cb8
telnet user working
2013-08-03 15:07:10 +02:00
m-1-k-3
62e3c01190
raidsonic nas - command execution
2013-08-02 21:04:19 +02:00
Markus Wulftange
8cc07cc571
Merge Linux and Windows exploit in multi platform exploit
2013-08-02 18:49:03 +02:00
m-1-k-3
a19afd163a
feedback included
2013-08-02 17:30:39 +02:00
Ruslaideemin
f927d1d7d3
Increase exploit reliability
...
From some limited testing, it appears that this exploit is
missing \x0d\x0a in the bad chars. If the generated payload / hunter
or egg contain that combination, it seems to cause reliability issues
and exploitation fails.
The home page for this software can be found at
http://www.leighb.com/intrasrv.htm
2013-08-02 09:06:20 +10:00
Markus Wulftange
4a127c2ed2
Add hp_sys_mgmt_exec module for Linux and enhance module for Windows
...
The hp_sys_mgmt_exec module for Linux is a port of the Windows module with minor changes due to the requirement of quotes. It also uses Perl instead of PHP as PHP may not always be in the environment PATH. Although the Windows module works perfectly, it now uses the same technique to encode the command (thankfully, PHP adopted major syntax characteristics and functions from Perl).
2013-07-31 22:05:25 +02:00
m-1-k-3
15906b76db
dir300 and 615 command injection
2013-07-31 14:36:51 +02:00
m-1-k-3
6b514bb44a
dir300 and 615 command injection telnet session
2013-07-31 14:34:03 +02:00
sinn3r
8c47f1df2d
We don't need this option anymore
2013-07-31 03:30:34 -05:00
sinn3r
af0046658b
Change the way file is stored
2013-07-31 03:28:24 -05:00
Frederic Basse
5e1def26aa
remove Axis M1011 fingerprint, may not be specific enough to be used automatically.
2013-07-30 09:54:33 +02:00
Tod Beardsley
7e539332db
Reverting disaster merge to 593363c5f
with diff
...
There was a disaster of a merge at 6f37cf22eb
that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).
What this commit does is simulate a hard reset, by doing thing:
git checkout -b reset-hard-ohmu
git reset --hard 593363c5f9
git checkout upstream-master
git checkout -b revert-via-diff
git diff --no-prefix upstream-master..reset-hard-ohmy > patch
patch -p0 < patch
Since there was one binary change, also did this:
git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf
Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
Frederic Basse
63940d438e
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-07-30 01:56:10 +02:00
jvazquez-r7
05be76ecb7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 16:41:22 -05:00
sinn3r
ab75d00f8a
Land #2169 - Description update
2013-07-29 14:24:57 -05:00
sinn3r
5efcbbd474
Land #2167 - PineApp Mail-SeCure livelog.html Exec
2013-07-29 13:18:18 -05:00
sinn3r
7967426db1
Land #2166 - PineApp Mail-SeCure ldapsyncnow.php EXEC
2013-07-29 13:16:42 -05:00
Meatballs
7801eadbc2
psh description
2013-07-29 19:14:12 +01:00
sinn3r
baa0b983c8
Land #2165 - PineApp Mail-SeCure test_li_connection.php CMD EXEC
2013-07-29 13:13:55 -05:00
jvazquez-r7
455569aee8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 12:10:12 -05:00
jvazquez-r7
3a05993f16
Make msftidy happy and warn user about long times
2013-07-29 11:45:30 -05:00
Tod Beardsley
37312f2aa9
Module, singular
2013-07-29 10:58:36 -05:00
Tod Beardsley
11e9cca855
Spelling and description touch ups.
2013-07-29 10:57:19 -05:00
joernchen of Phenoelit
ac28dbe734
Minor typo fix
2013-07-28 19:44:44 +02:00
jvazquez-r7
a1d9ed300e
Add module for ZDI-13-184
2013-07-28 09:57:41 -05:00
joernchen of Phenoelit
8cdd163150
Module polishing, thanks @todb-r7.
...
Two test-apps (Rails 3/4) are available for this module. Ping me if you want to use them.
2013-07-28 13:52:27 +02:00
jvazquez-r7
f4e35b62ac
Add module for ZDI-13-185
2013-07-27 12:12:06 -05:00
jvazquez-r7
fab9d33092
Fix disclosure date
2013-07-27 12:10:21 -05:00
jvazquez-r7
ac7bb1b07f
Add module for ZDI-13-188
2013-07-27 03:25:39 -05:00
Meatballs
234e49d982
Add type technique
2013-07-26 23:33:16 +01:00
jvazquez-r7
805a9675a7
Modify the check for Integrity Level and Allow dropt o fs
2013-07-26 14:54:50 -05:00
joernchen of Phenoelit
7f3eccd644
Rails 3/4 RCE w/ token
2013-07-26 20:23:18 +02:00
Meatballs
12a58c730a
Small fix
2013-07-26 10:15:47 +01:00
Meatballs
6a13ed0371
Missing include
2013-07-26 03:18:17 +01:00
Meatballs
72b8891ba3
Check for low integrity
2013-07-26 03:16:45 +01:00
Meatballs
030640d5bc
back to cmd
2013-07-26 03:00:36 +01:00
Meatballs
d3f3e5d63e
Working with psh download
2013-07-26 02:29:55 +01:00
Meatballs
b99ad41a64
Add api constants and tidy
2013-07-26 01:48:39 +01:00
Meatballs
0235e6803d
Initial working
2013-07-25 23:24:11 +01:00
jvazquez-r7
5014919198
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 09:02:20 -05:00
Sean Verity
dff35c0820
Minor update to Target Selection. Refer to comments on #2128 .
2013-07-24 19:02:47 -04:00
Sean Verity
d478df520f
Merge remote-tracking branch 'rapid7/master'
...
Starting fresh.
2013-07-24 18:31:53 -04:00
William Vu
93a63081a5
Land #2151 , @jvazquez-r7's Struts pwnage
2013-07-24 16:49:06 -05:00
jvazquez-r7
7641aa3e63
Delete stop_service calls
2013-07-24 16:35:15 -05:00
jvazquez-r7
e9a4f6d5da
Merge branch 'dll_fix' of https://github.com/Meatballs1/metasploit-framework
2013-07-24 14:00:52 -05:00
Meatballs
44cae75af1
Cleanup
2013-07-24 19:52:59 +01:00
jvazquez-r7
dbad1a5e4c
Clean up description
2013-07-24 12:02:33 -05:00
jvazquez-r7
18dbdb828f
Land #2133 , @Meatballs1's exploit for PSH Web Delivery
2013-07-24 12:01:37 -05:00
Meatballs
f79d3f7591
Shorten cmd
2013-07-24 17:48:03 +01:00
jvazquez-r7
47c21dfe85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 11:42:11 -05:00
Meatballs
8103baf21a
Update title
2013-07-24 17:29:23 +01:00
Meatballs
18ac83bec1
Final updates and tidy
2013-07-24 17:28:19 +01:00
jvazquez-r7
8dd7a664b4
Give a chance to FileDropper too
2013-07-24 08:57:43 -05:00
jvazquez-r7
04b9e3a3e6
Add module for CVE-2013-2251
2013-07-24 08:52:02 -05:00
jvazquez-r7
b0c17fdebc
Land #2002 , @jlee-r7's patch for better handling uri resources
2013-07-23 15:49:21 -05:00
Tod Beardsley
147d432b1d
Move from DLink to D-Link
2013-07-23 14:11:16 -05:00
jvazquez-r7
e828517ed8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 17:10:45 -05:00
jvazquez-r7
af1bd01b62
Change datastore options names for consistency
2013-07-22 16:57:32 -05:00
jvazquez-r7
99a345f8d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 13:54:26 -05:00
Tod Beardsley
5e55c506cd
Land #2140 , add CWS as a first-class reference.
2013-07-22 13:50:38 -05:00
Tod Beardsley
164153f1e6
Minor updates to titles and descriptions
2013-07-22 13:04:54 -05:00
jvazquez-r7
77e8250349
Add support for CWE
2013-07-22 12:13:56 -05:00
jvazquez-r7
0fdfe866a7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 12:07:44 -05:00
jvazquez-r7
6158415bd3
Clean CWE reference, will ad in new pr
2013-07-22 12:03:55 -05:00
jvazquez-r7
da4fda6cb1
Land #2110 , @rcvalle's exploit for Foreman Ruby Injection
2013-07-22 12:02:43 -05:00
jvazquez-r7
8015938b9a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 11:20:12 -05:00
Ramon de C Valle
04e9398ddd
Fix CSRF regular expressions as per review
2013-07-22 13:10:56 -03:00
jvazquez-r7
de6e2ef6f4
Final cleanup for dlink_upnp_exec_noauth
2013-07-22 10:53:09 -05:00
jvazquez-r7
c1c72dea38
Land @2127, @m-1-k-3's exploit for DLink UPNP SOAP Injection
2013-07-22 10:52:13 -05:00
Ramon de C Valle
11ef4263a4
Remove call to handler as per review
2013-07-22 12:49:42 -03:00
jvazquez-r7
15b0e39617
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-21 13:47:40 -05:00
sinn3r
e7e712fa01
EOL fix
2013-07-20 19:54:05 -05:00
sinn3r
ab515fb66d
Add the file format version of CVE-2013-1017
2013-07-20 19:50:09 -05:00
Meatballs
fe405d2187
Tidyup info
2013-07-19 23:50:59 +01:00
Meatballs
6fab3f6308
Add powershell cmdline
2013-07-19 23:24:54 +01:00
jvazquez-r7
4beea52449
Use instance variables
2013-07-19 14:46:17 -05:00
Meatballs
d1fdcfff91
Initial commit
2013-07-19 19:33:55 +01:00
Ramon de C Valle
6761f95892
Change print_error/ret to fail_with as per review
2013-07-19 12:19:29 -03:00
Sean Verity
f16ed32848
Added '2003 R2 SP2' to target selection
2013-07-19 09:57:09 -04:00
m-1-k-3
e93eef4534
fixing server header check
2013-07-19 08:00:02 +02:00
m-1-k-3
f26b60a082
functions and some tweaking
2013-07-19 07:57:27 +02:00
jvazquez-r7
bdfad076b4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 15:43:58 -05:00
jvazquez-r7
cb108a8253
Add module for ZDI-13-147
2013-07-18 15:37:11 -05:00
William Vu
6885ef8aa4
Land #2123 , mutiny_frontend_upload code cleanup
2013-07-18 14:38:03 -05:00
jvazquez-r7
a1a6aac229
Delete debug code from mutiny_frontend_upload
2013-07-18 14:03:19 -05:00
jvazquez-r7
efb8591a49
Update apple_quicktime_rdrf references
2013-07-18 13:57:31 -05:00
jvazquez-r7
1a5e0e10a5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 13:53:57 -05:00
sinn3r
b90e1d54e2
Land #2117 - HP Managed Printing Administration jobAcct Command Exec
2013-07-18 13:21:11 -05:00
sinn3r
280529f885
Make some changes to the description
2013-07-18 13:20:36 -05:00
jvazquez-r7
52079c960f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 12:52:42 -05:00
sinn3r
b94cde1d65
Name change for pyoor
2013-07-18 10:50:25 -05:00
jvazquez-r7
104edd8e93
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 10:38:53 -05:00
jvazquez-r7
3780b1b59f
Add module for ZDI-11-352
2013-07-18 09:39:55 -05:00
jvazquez-r7
bf023f261a
Delete comma
2013-07-17 20:46:03 -05:00
jvazquez-r7
7ee4855345
Fix msftidy and delete duplicate stack adjustment
2013-07-17 20:45:54 -05:00
sinn3r
6713fb1609
Fix typos
2013-07-17 18:06:40 -05:00
jvazquez-r7
458ac5f289
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-17 15:02:33 -05:00
sinn3r
9ae7c80b15
Add more targets plus some other corrections
2013-07-17 14:43:41 -05:00
sinn3r
c85b994c07
Add CVE-2013-1017: Apple Quicktime Invalid Atom Length BoF
...
This module exploits a vulnerability found in Apple Quicktime. The
flaw is triggered when Quicktime fails to properly handle the data
length for certain atoms such as 'rdrf' or 'dref' in the Alis record,
which may result a buffer overflow by loading a specially crafted .mov
file, and allows arbitrary code execution under the context of the user.
2013-07-17 13:45:05 -05:00
jvazquez-r7
c7361043ae
up to date
2013-07-17 11:47:06 -05:00
jvazquez-r7
11f8b351c0
Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework
2013-07-17 11:44:42 -05:00
jvazquez-r7
73fd14a500
Fix [SeeRM #8239 ] NoMethodError undefined method
2013-07-16 15:59:52 -05:00
Ramon de C Valle
8fd6dd50de
Check session and CSRF variables as per review
2013-07-16 14:30:55 -03:00
Ramon de C Valle
dc51c8a3a6
Change URIPATH option to TARGETURI as per review
2013-07-16 14:27:47 -03:00
Ramon de C Valle
3dbe8fab2c
Add foreman_openstack_satellite_code_exec.rb
...
This module exploits a code injection vulnerability in the 'create'
action of 'bookmarks' controller of Foreman and Red Hat
OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
2013-07-16 12:07:31 -03:00
jvazquez-r7
3a8856ae7f
Apply review to spip_connect_exec
2013-07-15 09:44:05 -05:00
jvazquez-r7
bc44d42888
Move module to unix/webapps
2013-07-15 09:43:28 -05:00
jvazquez-r7
19b11cd6e2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-15 08:23:38 -05:00
m-1-k-3
f594c4b128
small cleanup
2013-07-15 08:48:18 +02:00
m-1-k-3
393c1b2a99
session stuff
2013-07-15 07:57:30 +02:00
m-1-k-3
a6b48f3082
HTTP GET
2013-07-14 19:02:53 +02:00
m-1-k-3
9f65264af4
make msftidy happy
2013-07-14 15:45:14 +02:00
m-1-k-3
47ca4fd48f
session now working
2013-07-14 15:42:41 +02:00
m-1-k-3
9133dbac4a
some feedback included and some playing
2013-07-14 14:14:06 +02:00
James Lee
94f8b1d177
Land #2073 , psexec_psh
2013-07-12 16:14:17 -05:00
James Lee
f81369a10d
Don't make promises about AV detection
2013-07-12 16:13:02 -05:00
James Lee
bc88732400
Prints don't need to be rescued
2013-07-12 15:56:04 -05:00
jvazquez-r7
e2f6218104
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-12 08:38:08 -05:00
sinn3r
529471ed53
Land #2081 - MediaCoder .M3U Buffer Overflow
2013-07-11 23:57:43 -05:00
sinn3r
1341d6ec6b
Remove extra commas and try to keep a line in 100 columns
2013-07-11 23:54:54 -05:00
jvazquez-r7
937642762f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-11 15:20:33 -05:00
sinn3r
1cf65623d6
Small desc update
2013-07-11 13:20:39 -05:00
jvazquez-r7
d9107d2bd9
Add module for CVE-2013-3248
2013-07-11 12:30:08 -05:00
Davy Douhine
4d120f49ba
added exploit module for PHP inj in SPIP CMS
2013-07-11 17:28:31 +02:00
modpr0be
16c9effcb4
make msftidy happy
2013-07-11 00:32:32 +07:00
modpr0be
8de88cbd05
change target from win7 sp1 to win7 sp0, fix description
2013-07-11 00:14:30 +07:00
m-1-k-3
49c70911be
dlink upnp command injection
2013-07-09 13:24:12 +02:00
jvazquez-r7
64b2f3f7a0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-08 16:55:39 -05:00
Tod Beardsley
8d7396d60a
Minor description changes on new modules
2013-07-08 16:24:40 -05:00
jvazquez-r7
6a9a9ac20a
Merge branch 'module-mediacoder-m3u' of https://github.com/modpr0be/metasploit-framework
2013-07-08 15:53:36 -05:00
jvazquez-r7
8ab8eb8e59
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-08 15:52:31 -05:00
modpr0be
b2a18c37ee
add dll references for rop
2013-07-09 03:20:05 +07:00
jvazquez-r7
3f874f504c
Use metadata
2013-07-08 09:25:02 -05:00
jvazquez-r7
512dd7d15a
Update title
2013-07-08 09:11:31 -05:00
jvazquez-r7
c60aeaa202
Add module for CVE-2013-3482
2013-07-08 09:11:10 -05:00
modpr0be
ed6d88a28b
credit to mona.py for rop
2013-07-07 18:07:05 +07:00
modpr0be
ecb2667401
remove seh mixin and fix the rop nop address
2013-07-06 23:08:51 +07:00
Meatballs
fc5e5a5aad
Fixup description
2013-07-06 09:29:32 +01:00
Meatballs
22601e6cc7
Exit process when complete
2013-07-06 09:27:27 +01:00
modpr0be
23d2bfc915
add more author
2013-07-06 11:52:16 +07:00
modpr0be
b8354d3d6c
Added MediaCoder exploit module
2013-07-06 11:07:11 +07:00
Meatballs
0e84886bce
Spawn 32bit process
2013-07-05 22:56:21 +01:00
Meatballs
2bfe8b3b29
msftidy
2013-07-05 22:35:22 +01:00
Meatballs
5dc2492b20
Renamed module
2013-07-05 22:32:15 +01:00
Meatballs
0ce3fe2e7c
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
2013-07-05 22:25:04 +01:00
Meatballs
66c2b79177
Initial commit
2013-07-05 19:48:27 +01:00
jvazquez-r7
7f645807f6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-05 10:25:41 -05:00
jvazquez-r7
ad94f434ab
Avoid a fix address for the final userland payload
2013-07-05 10:21:11 -05:00
jvazquez-r7
9b7567cd0f
Land #2071 , @wchen-r7's patch to use the Msf::Post::Windows::Process mixin
2013-07-05 10:19:56 -05:00
jvazquez-r7
a4f90ffadd
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-05 09:01:30 -05:00
Thorsten Fischer
e96a5d0237
Fixed a "NameError uninitialized constant" error.
...
On startup of msfconsole, the following error occurred:
modules/exploits/freebsd/local/mmap.rb: NameError uninitialized constant Msf::Post::Common
The addition of a corresponding 'require' line removed that error.
Signed-off-by: Thorsten Fischer <thorsten@froschi.org>
2013-07-05 11:56:15 +02:00
jvazquez-r7
c4485b127c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-04 19:43:38 -05:00
jvazquez-r7
8772cfa998
Add support for PLESK on php_cgi_arg_injection
2013-07-04 08:24:25 -05:00
Meatballs
479664b5aa
Remove redundant file
2013-07-04 12:07:14 +01:00
Meatballs
cd159960e1
Tidy
2013-07-04 12:02:32 +01:00
Meatballs
9c1a43a417
Check payload arch
2013-07-04 11:46:34 +01:00
Meatballs
83bc32abb4
Remove Exploit::Exe
2013-07-04 11:01:01 +01:00
Meatballs
7d6a78bf1f
Remove report aux
2013-07-04 10:36:32 +01:00
Meatballs
555140b85a
Add warning for persist
2013-07-04 10:30:03 +01:00
Meatballs
44cdc0a1c8
Move options to lib
2013-07-04 10:25:37 +01:00
Meatballs
1368c1c27f
Move options to lib
2013-07-04 10:25:08 +01:00
Meatballs
8590720890
Use fail_with
2013-07-04 10:21:24 +01:00
Meatballs
3eab7107b8
Remove opt supplied by lib
2013-07-04 10:16:03 +01:00
Meatballs
7d273b2c8b
Refactor to psexec lib
2013-07-04 10:11:13 +01:00
Meatballs
1569a15856
Msf license
2013-07-04 10:08:29 +01:00
Meatballs
052c23b980
Add missing require
2013-07-04 09:58:48 +01:00
Meatballs
6fa60be76f
Merge branch 'psexec_psh' of https://github.com/sempervictus/metasploit-framework into psexec_psh
2013-07-04 09:42:18 +01:00
sinn3r
226f4dd8cc
Use execute_shellcode for novell_client_nicm.rb
2013-07-03 13:57:41 -05:00
sinn3r
f9cfba9021
Use execute_shellcode for novell_client_nwfs.rb
2013-07-03 13:55:50 -05:00
jvazquez-r7
6e44cb56bf
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-03 12:44:47 -05:00
jvazquez-r7
f3f3a8239e
Land #2043 , @ricardojba exploit for InstantCMS
2013-07-03 12:11:30 -05:00
jvazquez-r7
2f77e8626f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-03 11:56:25 -05:00
sinn3r
7ef5695867
[FixRM:#8129] - Remove invalid metasploit.com references
...
These "metasploit.com" references aren't related to the vulns,
shouldn't be in them.
2013-07-03 11:52:10 -05:00
jvazquez-r7
c07e65d16e
Improve and clean instantcms_exec
2013-07-03 11:37:57 -05:00
g0tmi1k
2a6056fd2a
exploits/s4u_persistence~Fixed typos+default values
2013-07-03 00:38:50 +01:00
Ricardo Almeida
dd876008f9
Update instantcms_exec.rb
2013-07-02 17:26:14 +01:00
jvazquez-r7
146d1eb27d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-02 10:06:00 -05:00
jvazquez-r7
1110aefe49
Land #2038 , @modpr0be exploit for ABBS Audio Media Player
2013-07-01 23:20:50 -05:00
modpr0be
2e5398470b
remove additional junk, tested and not needed
2013-07-02 09:23:42 +07:00
jvazquez-r7
72f19181d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-01 16:38:19 -05:00
Ricardo Almeida
dafa333e57
Update instantcms_exec.rb
2013-07-01 22:03:37 +01:00
Tod Beardsley
bc24f99f8d
Various description and title updates
2013-07-01 15:37:37 -05:00
modpr0be
9b8bfa6290
change last junk from rand_text_alpha_upper to rand_text
2013-07-01 23:49:19 +07:00
modpr0be
c631778a38
make a nice way to fill the rest of buffer
2013-07-01 23:39:08 +07:00