infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,321 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

7979 Commits (a43b218917448c8806f5383ca38e8a71f8dd2ea7)

Author SHA1 Message Date
Christian Mehlmauer d36c966931 spaces 2013-01-12 14:22:38 +01:00
Christian Mehlmauer 93b5980210 fix 2013-01-12 14:13:54 +01:00
Christian Mehlmauer 0b8094eb5d w3_total_cache 2013-01-12 14:09:59 +01:00
kernelsmith 0b130e49e7 Squashed commit of the following: 
commit 1beebe758c32a277e0a77f7d1011a56fda707732
Author: kernelsmith <kernelsmith@kernelsmith>
Date:   Fri Jan 11 17:55:27 2013 -0600

    fixes missing word in descript. of rails exploit

    simple omission fix in description

[Closes #1295]
 2013-01-11 19:02:06 -06:00
sinn3r ef6eec949c Move impersonate_ssl 
To 'gather', because it grabs stuff, not scans.
 2013-01-11 17:22:27 -06:00
sinn3r 4adf429c31 Adds one more ref 2013-01-11 01:33:26 -06:00
sinn3r 23ef8280be Merge branch 'java_0day_refs' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-java_0day_refs 
Conflicts:
	modules/exploits/multi/browser/java_jre17_jmxbean.rb
 2013-01-11 01:33:11 -06:00
HD Moore 6471a70053 Pass the X-HTTP-Method-Override parameter for compat 2013-01-10 20:27:13 -06:00
sinn3r e709811c5a CVE update 2013-01-10 19:51:04 -06:00
jvazquez-r7 2c05af721c module also updated with refs 2013-01-11 00:57:05 +01:00
jvazquez-r7 6a7f8758e0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-01-11 00:14:22 +01:00
jvazquez-r7 8c5847a13c Make output compatible with an scanner module 2013-01-11 00:10:15 +01:00
HD Moore 9c652d1d55 Add a note about ruby 1.9 requirements 2013-01-10 17:10:03 -06:00
jvazquez-r7 0e950997e6 Merge branch 'wordpress-pingback-access' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-wordpress-pingback-access 2013-01-10 23:57:22 +01:00
James Lee c89b2b2ec6 Once more, with feeling 2013-01-10 15:29:54 -06:00
James Lee 7fd3440c1a Fix hd's attempt to rename ruby payloads 2013-01-10 15:25:50 -06:00
James Lee 4fcb8b6f8d Revert "Rename again to be consistent with payload naming" 
This reverts commit 0fa2fcd811.
 2013-01-10 15:24:25 -06:00
HD Moore 0fa2fcd811 Rename again to be consistent with payload naming 2013-01-10 14:16:37 -06:00
HD Moore 88b08087bf Renamed and made more robust 2013-01-10 14:05:29 -06:00
smilingraccoon 0c58a118ff Found the issue I believe, fixed two issues. One with 301/302 responses getting a bad URI due to switch from ip to dns in location header and other from res.to_s rather than res.body being passed to regex 2013-01-10 11:32:48 -05:00
smilingraccoon fc5a0e22b2 stupid push, forgot to remove test puts 2013-01-10 10:43:57 -05:00
smilingraccoon ed9d290a85 added status messages, made var blog_posts initalize as nil rather than empty string 2013-01-10 10:41:25 -05:00
smilingraccoon 5bafd6ddcc added status message 2013-01-10 09:43:37 -05:00
jvazquez-r7 ea000d6ee0 updated authors 2013-01-10 20:48:54 +01:00
jvazquez-r7 876d889d82 added exploit for j7u10 0day 2013-01-10 20:30:43 +01:00
Bouke van der Bijl 3b491ab998 Change charlisome in the list of authors to charliesome 2013-01-10 16:12:07 +01:00
HD Moore 42ea64c21b Merge in Rails2 support now that its in master 2013-01-10 02:14:08 -06:00
HD Moore 0b74f98946 Rescue errors and update credits 2013-01-10 01:06:46 -06:00
HD Moore e05f4ba927 Thread wrappers were causing instant session closure 2013-01-10 00:41:58 -06:00
HD Moore 1e94b090e7 The __END__ trick is no longer needed 2013-01-10 00:29:11 -06:00
HD Moore acabc14ec3 This restores functionality across all rails 3.x 2013-01-10 00:28:12 -06:00
HD Moore 0e92de8f61 This works against a wider range of RoR 3.x targets 2013-01-10 00:10:26 -06:00
HD Moore 5e7a4f154e Fix platform/arch 2013-01-09 23:24:37 -06:00
HD Moore e15c731651 Clarify credit 2013-01-09 23:22:40 -06:00
HD Moore 4c1e501ed0 Exploit for CVE-2013-0156 and new ruby-platform modules 2013-01-09 23:10:13 -06:00
jvazquez-r7 ad3ca3a6bb regex to check version fixed 2013-01-09 23:48:55 +01:00
jvazquez-r7 5901058a61 Merge branch 'ms11_081' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms11_081 2013-01-09 23:24:14 +01:00
sinn3r 2776047553 Merge branch 'smb_cap' of github.com:Meatballs1/metasploit-framework into Meatballs1-smb_cap 2013-01-09 16:09:35 -06:00
sinn3r fe8b9c24cf Merge branch 'jvazquez-r7-honeywell_tema_exec' 2013-01-09 16:08:19 -06:00
sinn3r f3b88d34c1 Add MS11-081 2013-01-09 15:52:33 -06:00
jvazquez-r7 5fe2f967da this rescue is done in the mixin 2013-01-09 21:28:06 +01:00
HD Moore 07f8eb6a07 Fix up a typo 2013-01-09 13:05:27 -06:00
HD Moore adb4c89602 Add a scanner module for CVE-2013-0156 2013-01-09 12:50:38 -06:00
jvazquez-r7 52157b9124 extplorer_upload_exec cleanup 2013-01-09 19:45:17 +01:00
jvazquez-r7 8f91352c4a Merge branch 'extplorer_upload_exec' of https://github.com/bcoles/metasploit-framework into bcoles-extplorer_upload_exec 2013-01-09 19:44:43 +01:00
jvazquez-r7 7a1a9985d5 Merge branch 'mysql_login_exceptions' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mysql_login_exceptions 2013-01-09 18:21:03 +01:00
smilingraccoon a0a4ef843b added error msgs to rescue 2013-01-09 11:22:36 -05:00
Meatballs 4cadffc06a msftidy 2013-01-09 10:37:40 +00:00
Meatballs 46139849a9 Move to .empty? over length 2013-01-09 10:36:06 +00:00
Meatballs a8400030f8 Also correct outut of hash when length is 0 2013-01-09 10:26:57 +00:00
Meatballs d36fcd5441 Fix smb capture error 2013-01-09 09:50:21 +00:00
jvazquez-r7 736f8db6c0 Deleting from browser autopwn 2013-01-09 09:58:20 +01:00
jvazquez-r7 377905be7f Avoid FileDropper in this case 2013-01-09 09:15:38 +01:00
sinn3r 4e70f7d888 Merge branch 'bug/rm7139-smtp_enum-false-positive' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-bug/rm7139-smtp_enum-false-positive 2013-01-09 01:13:43 -06:00
Thomas McCarthy f45739933e Update modules/auxiliary/scanner/http/wordpress_pingback_access.rb 
Changed name var in initialize
 2013-01-08 19:20:02 -05:00
jvazquez-r7 52982c0785 Added BrowserAutopwn info 2013-01-08 19:53:34 +01:00
jvazquez-r7 0e475dfce1 improvements and testing 2013-01-08 19:43:58 +01:00
lmercer 69485ba261 made changes as specified in Redmine Bug #7139 2013-01-08 12:14:57 -05:00
jvazquez-r7 b2575f0526 Added module for OSVDB 76681 2013-01-08 17:46:31 +01:00
Joshua J. Drake 3ceb313752 Fixes format string issue in smb_login - FixRM #7657 2013-01-07 22:17:49 -06:00
Joshua J. Drake c74d258509 Revert "Fixes format string issue in smb_login - FixRM #7657" 
Will replay on separate branch.

This reverts commit a12b628ccc.
 2013-01-07 22:03:57 -06:00
Joshua J. Drake 60987de854 Merge branch 'master' of github.com:rapid7/metasploit-framework 2013-01-07 21:20:20 -06:00
Joshua J. Drake a12b628ccc Fixes format string issue in smb_login - FixRM #7657 2013-01-07 21:20:09 -06:00
sinn3r 2a1ab2c99a Improve the module 2013-01-07 19:03:58 -06:00
sinn3r 1d3c1ec7fc Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master 2013-01-07 19:03:35 -06:00
Charlie Eriksen 4e0fca6d0f Adding DB error handling 
As per sinn3r's suggestion, adding handling for the most common MySQL
errors.

Also adding HostNotPrivileged, which I encountered during my testing.
 2013-01-07 23:52:13 +00:00
sinn3r 5bc1066c69 Change how modules use the mysql login functions 2013-01-07 16:12:10 -06:00
sinn3r a59c474e3e Merge branch 'jvazquez-r7-ibm_cognos_tm1admsd_bof' 2013-01-07 13:34:52 -06:00
smilingraccoon 9f69dbbd30 update unless statements, targeturi, and resolve var 2013-01-07 13:17:49 -05:00
Tod Beardsley 36adf86184 Various and sundry fixes for normalize_uri 2013-01-07 12:02:08 -06:00
Tod Beardsley 6a9445966a Caught missing paren 2013-01-07 11:21:55 -06:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes 
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
 2013-01-07 11:16:58 -06:00
Charlie Eriksen a8df3d71ff Changes based on Sinn3r's feedback 
A bucket-load of changes!

- Added a fallback for if there is no Set-Cookie header
- Added a check if the cookie we produce is simply empty, meaning we
failed something :(
- Removed use of flatten. Though I may look into making that extraction
better
- Changed cgi requests to use vars_(post|get)
- Clarified a few status prints
- A few EOL space fixes
 2013-01-06 12:34:27 +00:00
Charlie Eriksen a5113f0da4 Adding a check function 
Because it makes sense. The non-vulnerable versions doesn't have
/libs/pdf.php.

So pretty simple.
 2013-01-05 18:37:29 +00:00
Charlie Eriksen ae72022777 Improvement for CVE 2012-4915 
Made two tiny improvements based on Meatballs' points

- Added handling for 127.0.0.1 as DB_HOST
- Added a note in the description about it changing the pasword
 2013-01-05 18:23:00 +00:00
Charlie Eriksen 25cadf8b87 Adding exploit for CVE 2012-4915 
Initial commit.

Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
 2013-01-05 14:21:02 +00:00
jvazquez-r7 883b3446f3 license text 2013-01-05 08:03:25 +01:00
jvazquez-r7 0a13f01f23 Added module for ZDI-12-101 2013-01-05 07:40:32 +01:00
smilingraccoon 0de23a7edb fixed description 2013-01-04 21:16:56 -05:00
smilingraccoon e35afdce5d added wordpress-pingback scanner 2013-01-04 20:59:33 -05:00
smilingraccoon 3936725958 added wordpress-pingback scanner 2013-01-04 20:44:40 -05:00
Christian Mehlmauer 6654faf55e Msftidy fixes 2013-01-04 09:29:34 +01:00
sinn3r b50e040e69 Fix e-mail format, and the extra comma 2013-01-04 01:11:40 -06:00
sinn3r d17a6f99e5 Merge branch 'feature/deprecated-module-mixin' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/deprecated-module-mixin 2013-01-04 00:38:01 -06:00
sinn3r 6d4abe947d Merge branch 'id_revision' of github.com:FireFart/metasploit-framework into FireFart-id_revision 2013-01-04 00:23:03 -06:00
sinn3r 6f50410e5f Merge branch 'patch-1' of github.com:mubix/metasploit-framework into mubix-patch-1 2013-01-03 17:51:54 -06:00
sinn3r 38de5d63d8 Merge branch 'master' of github.com:rapid7/metasploit-framework 2013-01-03 17:49:24 -06:00
Christian Mehlmauer 8f2dd8e2ce msftidy: Remove $Revision$ 2013-01-04 00:48:10 +01:00
sinn3r b061a0f9c1 Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof 2013-01-03 17:45:24 -06:00
Christian Mehlmauer 25aaf7a676 msftidy: Remove $Id$ 2013-01-04 00:41:44 +01:00
jvazquez-r7 a0b4045b4b trying to fix the variable offset length 2013-01-04 00:25:34 +01:00
James Lee 9e912a23ff Merge branch 'rapid7' into FireFart-msftidy_aux_1 2013-01-03 16:54:25 -06:00
James Lee aa9f7dac6a Merge branch 'rapid7' into tkisason-patch-1 2013-01-03 16:13:32 -06:00
sinn3r 724fa62019 Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof 2013-01-03 15:35:29 -06:00
Tonimir Kisasondi 39e81fb07f Update modules/auxiliary/scanner/http/wordpress_login_enum.rb 
Simple fix for msfconsole start error.
 2013-01-03 21:52:10 +01:00
sinn3r 6fd35482cc This exploit should be in browser auto pwn 2013-01-03 14:45:00 -06:00
James Lee 011ff18c98 Remove $ 2013-01-03 14:06:32 -06:00
James Lee 233378f0fb Remove stupid debugging load() 2013-01-03 14:05:45 -06:00
jvazquez-r7 9cea2d9af9 reference updated 2013-01-03 19:39:18 +01:00
jvazquez-r7 45808a3a44 Added module for ZDI-11-350 2013-01-03 19:17:45 +01:00