f311b0cd1e
Add user-controlled verbs.
...
GET, HEAD, POST, and PROPFIND were tested on WebRick, all successful.
2013-11-25 12:29:05 -06:00
6a28aa298e
Module for CVE-2013-4164
...
So far, just a DoS. So far, just tested on recent Rails with Webrick and
Thin front ends -- would love to see some testing on ngix/apache with
passenger/mod_rails but I don't have it set up at the moment.
2013-11-22 16:51:02 -06:00
f963f960cb
Update title
2013-11-18 15:07:59 -06:00
274247bfcd
Land #2647 , @jvennix-r7's module for Gzip Memory Bomb DoS
2013-11-18 15:06:46 -06:00
589660872e
Kill FILEPATH datastore option.
2013-11-18 14:13:25 -06:00
8e889c61f7
Update description.
2013-11-17 15:48:27 -06:00
f7820139dc
Add a content_type datastore option.
2013-11-17 15:38:55 -06:00
43d2711b98
Default to 1 round compression.
2013-11-17 15:35:35 -06:00
1e3860d648
Add gzip bomb dos aux module.
2013-11-17 14:44:33 -06:00
2c485c509e
Fix caps on module titles (first pass)
2013-11-15 00:03:42 -06:00
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
9045eb06b0
Various title and description updates
2013-10-28 14:00:19 -05:00
6989f16661
Land #2548 , @titanous's aux module for CVE-2013-4450
2013-10-22 15:02:54 -05:00
bdf07456ba
Last cleanup for nodejs_pipelining
2013-10-22 15:00:58 -05:00
db447b65f9
Add exploit for Node.js HTTP Pipelining DoS
2013-10-22 15:12:14 -04:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
ba2c52c5de
Fixed up some more weird splat formatting.
2013-10-16 16:25:48 -05:00
ed0b84b7f7
Another round of re-splatting.
2013-10-15 14:14:15 -05:00
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
7b82c64983
ms12-020 stack print resolve
2013-10-12 16:49:03 +05:00
e1b9f1a3c4
modified ms12-020 module to resolve stack print
2013-10-12 16:36:37 +05:00
291b90405d
Merge branch 'master' of https://github.com/darknight007/metasploit-framework
...
Conflicts:
modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids.rb
2013-10-12 16:23:09 +05:00
602fd276bc
using theirs
2013-10-12 16:20:26 +05:00
4e50c574c5
Update ms12_020_maxchannelids.rb
...
ms12_020_maxchannelids.rb produces a call stack when the connection is timed out.
To reproduct, just run the module against a system having no RDP enabled.
2013-10-12 15:39:13 +05:00
c460f943f7
Merge branch 'master' into data_dir
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
plugins/sounds.rb
scripts/meterpreter/powerdump.rb
scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
f1ab7b51b1
Update ms12_020_maxchannelids.rb
...
ms12_020_maxchannelids.rb produces a call stack when the connection is timed out.
To reproduct, just run the module against a system having no RDP enabled.
2013-09-30 13:43:26 +05:00
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
09fa7b7692
remove rport methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:50:34 +02:00
84ec2cbf11
remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:42:44 +02:00
b4b7cecaf4
Various minor desc fixes, also killed some tabs.
2013-09-16 15:50:00 -05:00
a40e0ba704
Clean up read_nttrans_ea_list
2013-09-07 16:11:00 -05:00
597f337d1b
Retab changes for PR #2298
2013-09-05 13:52:10 -05:00
acfef429c2
Merge for retab
2013-09-05 13:52:05 -05:00
a23c1f1ad4
added additional "include"
2013-09-03 19:34:37 +04:00
9a33c674aa
RHOST, RPORT removed, Tries option added
2013-09-01 22:58:22 +04:00
28ca62d60f
New option added. Names now random. Dos check added
2013-08-31 13:18:22 +04:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
b3ec8f741f
File moved to auxiliary with some bug fixes
2013-08-29 00:11:34 +04:00
bc24f99f8d
Various description and title updates
2013-07-01 15:37:37 -05:00
6168eb7590
Land #1981 - Canon Wireless Printer Denial of Service
2013-06-18 19:04:48 -05:00
7d15dc379d
Make msftidy happy
2013-06-18 19:04:03 -05:00
0533ca68dc
Added DoS result checking
...
Lowered the http timeout
2013-06-18 19:48:21 -04:00
8c28631d4b
Fixed the date format
...
Removed the rport option
These are items that were code-review for my other related module, so
I figured they should be done here too
2013-06-18 12:17:50 -04:00
6c2d99c2bc
Land #1972 , @wchen-r7's patch for [FixRM:#4704]
2013-06-17 23:17:22 -05:00
4ca9a88324
Tidying up grammar and titles
2013-06-17 16:49:14 -05:00
d877e4d489
Added CVE and disclosure date
2013-06-17 17:41:50 -04:00
8bdd89f68b
[FixRM:#4704] - Fix EOFError in filezilla_server_port
...
If login fails, the module shouldn't continue sending commands to
the server, otherwise this causes an EOF.
2013-06-17 14:24:01 -05:00
3923bbeee9
Update
2013-06-15 18:28:58 -04:00
0494ac9218
Added Canon Wireless Printer DoS module
2013-06-15 18:23:04 -04:00
fd74390952
Clean monkey_headers
2013-06-13 18:07:35 -05:00
73aff97053
Land #1950 - Monkey HTTPD Header Parsing Denial-of-Service
...
This is the reviewed/updated version of pull request #1950 . We're
landing this one instead because the other one has a lot of
unnecessary commit messages.
2013-06-13 15:56:34 -05:00
f58e279066
Cleanup on module names, descriptions.
2013-06-10 10:52:22 -05:00
3fbbe3e7b3
Make msftidy happy
2013-06-10 08:16:15 -05:00
3c05cf4382
Land #1842 , @viris DoS module for cve-2013-0229
2013-06-10 08:15:45 -05:00
154894bda6
Added comments and merged jvazquez-r7-miniupnp_dos_clean branch.
2013-06-10 10:18:26 +02:00
ec52795182
Clean for miniupnp_dos.rb
2013-06-06 11:19:26 -05:00
2fe704ce38
Deleted undeeded comments and spaces.
2013-06-04 09:00:53 +02:00
055e0a222c
Land #1902 , OSVDB reference for memcached
2013-06-03 14:57:43 -05:00
4cf682691c
New module title and description fixes
2013-06-03 14:40:38 -05:00
b087951118
Add OSVDB reference 92867 for Memcached DoS module
2013-06-03 12:41:33 -05:00
116e2bb418
Landing #1782 - Added Memcached Remote Denial of Service module
2013-06-03 12:30:37 -05:00
3d9dcbf5bd
Add a check to see if the host is down
2013-06-03 12:26:57 -05:00
217b263af7
Moved the module to different location and make it msftidy.rb compliant.
2013-06-03 10:35:10 +02:00
e3384439ed
64-bit, not '64 bits'
2013-05-13 15:40:17 -05:00
d37d211ecc
Fix short escape sequences error
2013-05-09 17:29:55 -05:00
b18a98259b
Modify default rport
2013-05-09 16:24:54 -05:00
3e1d1a3f98
Land #1659 , @nmonkee's sap_soap_rfc_eps_delete_file module
2013-05-09 16:22:54 -05:00
7b960a4f18
Add OSVDB reference
2013-05-06 00:54:00 -05:00
a17062405d
Clean up for sap_soap_rfc_eps_delete_file
2013-05-06 00:53:07 -05:00
5adc2879bf
Change module filename
2013-05-06 00:51:23 -05:00
66a5eb74c5
Move file to auxiliary/dos/sap
2013-05-06 00:50:50 -05:00
76e70adcff
Added Memcached Remote Denial of Service module
...
https://code.google.com/p/memcached/issues/detail?id=192
2013-04-30 17:45:09 +03:00
a09b3b8023
Lands #1169 - Adds a check
...
[Closes #1169 ]
Conflicts:
modules/auxiliary/dos/http/apache_range_dos.rb
2013-04-22 15:50:15 -05:00
882b084cba
Changes the default action
2013-04-22 15:47:38 -05:00
7e28a4ddb0
Uses "ACTIONS" keys instead of datastore options
...
It's better to use ACTIONS instead of datastore in this case. Also,
did some cleanup.
2013-04-22 15:41:47 -05:00
225342ce8f
final cleanup for sysax_sshd_kexchange
2013-04-08 20:28:37 +02:00
5bc454035c
Merge remote-tracking branch 'origin/pr/1710' into landing-pr1710
2013-04-08 20:20:11 +02:00
f96baa7e7e
Code Review Feedback
...
made the CLIENTVERSION always include the "SSH-2.0-OpenSSH_5.1p1 " to trigger DoS
2013-04-08 10:58:35 -04:00
4c8e19ad1a
Added reference
...
Removed final debug print statement
2013-04-08 08:28:53 -04:00
9086c53751
Not an HttpClient, so doesn't have normalize_uri
...
[FixRM #7851 ]
2013-03-28 13:16:21 -05:00
fd5bd52e6d
Added some error handling if the connection dies.
2013-03-18 17:26:40 -04:00
66dcbca562
Sysax Multi-Server SSHD DoS
...
This exploit affects Sysax Multi-Server version 6.10. It causes a
Denial of Service by sending a specially crafted Key Exchange, which
causes the service to crash.
2013-03-18 17:16:12 -04:00
02f90b5bbd
cleanup for dopewars
2013-03-14 15:53:19 +01:00
4d9f2bbb06
Merge branch 'master' of https://github.com/dougsko/metasploit-framework into dougsko-master
2013-03-14 15:51:47 +01:00
2f11796dfa
Fix typo
...
[SeeRM #7800 ]
2013-03-13 16:10:20 -05:00
22133ba8ff
removed version number
2013-03-12 16:36:14 -04:00
70da739666
fixed errors in dopewars.rb shown by msftidy
2013-03-12 15:47:31 -04:00
c8c50a6407
cleaned up dopewars module
2013-03-12 12:56:12 -04:00
a199c397e4
...
2013-03-11 17:09:17 -04:00
4d6e19b40b
small edits to dopewars.rb
2013-03-11 17:07:05 -04:00
0e607f8252
added dopewars module
2013-03-11 16:52:49 -04:00
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
781132b1cf
cleanup for openssl_aesni
2013-03-05 22:41:16 +01:00
867875b445
Beautified OpenSSL-AESNI module
...
Modifed the CVE-2012-2686 module to follow
suggestions by @jvazquez-r7:
* Added description for all fields in the
SSL packets
* MAX_TRIES now required
* use get_once instead of timeout
2013-03-04 19:09:50 +01:00
e7015985e7
Added CVE-2012-2686
...
Added Module for a DoS issue in OpenSSL (pre 1.0.1d). Can be exploited
with services that use TLS >= 1.1 and AES-NI. Because of improper
length computation, an integer underflow occurs leading to a
segmentation fault. This module brute-forces serveral encrypted
messages - when the decrypted message coincidentally specifies a
certain value for the size, the integer underflow occurs. Though this
could be accomplished more effectively (e.g. implementing or
maninpulating and TLS implementation), this module still does what it
should do.
2013-02-27 22:57:53 +01:00
92093cd7d8
There's no HttpClient, so it shouldn't be using normalize_uri
2013-02-19 15:04:18 -06:00
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
e4a6669927
msftidy: remove $Revision$
2013-01-03 01:05:45 +01:00
4d8a2a0885
msftidy: remove $Revision$
2013-01-03 01:01:18 +01:00
95948b9d7c
msftidy: remove $Revision$
2013-01-03 00:58:09 +01:00
ca890369b1
msftidy: remove $Id$
2013-01-03 00:54:48 +01:00
1714fa21b1
adjusted DOS part to use HttpClient
2012-12-17 15:46:39 +01:00
a48c14124b
added CHECK functionality to the existing module
2012-12-13 16:54:50 +01:00
64a8b59ff9
Change CVE forma
...
Although the original text should work perfectly, for better
consistency, it's best to remove the "CVE" part. This may not
be a big deal in framework, but stands out a lot in Pro.
2012-12-09 01:09:21 -06:00
93a69ea62e
Fix instances of invalid lower-case datastore use
2012-11-29 00:05:36 -06:00
6b4c131cf5
Avoiding a future conflict with release
2012-11-20 13:24:19 -06:00
e8fe6031e9
Let default timeout for send_request_cgi
2012-11-16 18:09:47 +01:00
51f238ec38
up to date
2012-11-16 16:03:09 +01:00
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
2c4273e478
Correct some modules with res nil
2012-10-29 04:41:30 -05:00
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
39e81d3e53
Arch/Platform cleanup: aux modules need neither
2012-10-22 20:28:02 +02:00
f75ff8987c
updated all my authour refs to use an alias
2012-09-19 21:46:14 -05:00
9d97dc8327
Add Metasploit blogs as references, because they're useful.
2012-09-03 15:57:27 -05:00
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
e5dd6fc672
Update milw0rm references.
...
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links. Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
e31a09203d
Take into account an integer-normalized datastore
2012-06-24 22:59:14 -05:00
c388cba421
Fix up modules calling report_vuln() to use new syntax
2012-06-17 23:39:20 -05:00
3f0431cf51
Massive whitespace destruction
...
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
b282901b08
Correct emails for aux and exploit modules
2012-06-04 21:58:01 -05:00
0fcc53b0a2
Handle nil for get_once
2012-06-04 15:31:10 -05:00
6ae17db7d3
Adding FireFart's hashcollision DoS module
...
Have some minor edits below, looks like it all works now though.
Squashed commit of the following:
commit b7befd4889f12105f36794b1caca316d1691b335
Author: Tod Beardsley <todb@metasploit.com>
Date: Fri Jun 1 14:31:32 2012 -0500
Removing ord in favor of unpack.
Also renaming a 'character' variable to 'c' rather than 'i' which is
easy to mistake for an Integer counter variable.
commit e80f6a5622df2136bc3557b2385822ba077e6469
Author: Tod Beardsley <todb@metasploit.com>
Date: Fri Jun 1 14:24:41 2012 -0500
Cleaning up print msgs
commit 5fd65ed54cb47834dc646fdca8f047fca4b74953
Author: Tod Beardsley <todb@metasploit.com>
Date: Fri Jun 1 14:19:10 2012 -0500
Clean up hashcollision_dos description
Caps, mostly. One sentence I still don't get but it's not really a show
stopper.
commit bec0ee43dc9078d34a328eb416970cdc446e6430
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Thu May 24 19:11:32 2012 +0200
Removed RPORT, ruby 1.8 safe, no case insensitive check, error handling
commit 20793f0dfd9103c4d7067a71e81212b48318d183
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Tue May 22 23:11:53 2012 +0200
Hashcollision Script (again)
2012-06-01 14:51:11 -05:00
4772c1258e
Removing hashcollision_dos module due to license violation
...
The description text is a copy-paste of
http://www.ocert.org/advisories/ocert-2011-003.html , which has a
specific creative commons liscence prohibiting derivative works.
Since I have no idea what else in this module is a license violating,
I'm pulling it completely. I suspect a lot, though -- there are weird
all-caps methods in the module that look like copy-pastes as well.
Next time, please contribute original work, or at least work that is not
encumbered by restrictive licensing.
2012-05-21 11:28:58 -05:00
eea20e773b
Capitalization fixups on hashcollision_dos
2012-05-21 11:06:18 -05:00
8428d16db3
Format correction
2012-05-15 19:21:16 -05:00
19e32c210a
Added more references
2012-05-15 23:59:30 +02:00
46e58f8618
Ruby naming style
2012-05-15 23:53:33 +02:00
5f0075e24f
Revert API change
2012-05-15 23:28:51 +02:00
b298597218
Switched to Http Library, Code formatting issues
2012-05-15 19:43:28 +02:00
dc10fac885
Ported my Hashcollision Script to Ruby
2012-05-13 20:59:42 +02:00
f77efbf89e
Change the rest of print_*
2012-04-25 14:24:17 -05:00
9c8e6ac9da
Ruby 1.8 compat for the SCADA modules.
...
But really, you should be using Ruby 1.9 by now.
2012-04-05 17:05:03 -05:00
14d9953634
Adding DigitalBond SCADA modules
2012-04-05 12:35:48 -05:00
2f3bbdc00c
Sed replacement of exploit-db links with EDB refs
...
This is the result of:
find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/ \([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
8f17cc3f5c
MS12-020 not MS12-002
2012-03-21 13:58:18 -05:00
4391c24d2f
Trivial touchups on RDP DoS module.
...
Dropping a line about what it can't do, adding freenode comment.
2012-03-19 14:27:27 -05:00
3a851ef2c2
Fix typo
2012-03-19 13:20:59 -05:00
3d72d52625
Add reporting to MS12-020
2012-03-19 13:18:51 -05:00
fa4504e1f6
Let's make this clear, it's just a DoS
2012-03-19 13:00:29 -05:00
13f16daca7
Actually, that date is way off. Corrected.
2012-03-19 12:58:52 -05:00
d8be328b89
Ported Daniel/Alex/jduck's MS12-020 PoC as a Metasploit module
2012-03-19 12:53:34 -05:00
aeb691bbee
Massive whitespace cleanup
2012-03-18 00:07:27 -05:00
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00
f6a6963726
Msftidy run over the recent changed+added modules
2012-01-24 15:52:41 -06:00
be906023dc
one register_options() should be fine.
2012-01-20 13:02:54 -06:00
d6566aa818
Add CVE-2011-4050 7-Technologies IGSS 9 IGSSdataServer.exe DoS module (Feature #6267 )
2012-01-20 12:57:13 -06:00
b202c29153
Correct e-mail format
2011-12-29 11:27:10 -06:00
Tod Beardsley
jvazquez-r7
joev
William Vu
jvazquez-r7
Jonathan Rudenberg
sinn3r
darknight007
Meatballs
FireFart
Tab Assassin
Boris
Matt Andreko
Dejan Lukan
Gregory Man
James Lee
Doug P
Wolfgang Ettlinger
sinn3r
Tod Beardsley
T0X1C-1
HD Moore
Chris John Riley
Michael Schierl
David Maloney