Meatballs
d36fcd5441
Fix smb capture error
2013-01-09 09:50:21 +00:00
jvazquez-r7
736f8db6c0
Deleting from browser autopwn
2013-01-09 09:58:20 +01:00
jvazquez-r7
377905be7f
Avoid FileDropper in this case
2013-01-09 09:15:38 +01:00
sinn3r
4e70f7d888
Merge branch 'bug/rm7139-smtp_enum-false-positive' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-bug/rm7139-smtp_enum-false-positive
2013-01-09 01:13:43 -06:00
Thomas McCarthy
f45739933e
Update modules/auxiliary/scanner/http/wordpress_pingback_access.rb
...
Changed name var in initialize
2013-01-08 19:20:02 -05:00
jvazquez-r7
52982c0785
Added BrowserAutopwn info
2013-01-08 19:53:34 +01:00
jvazquez-r7
0e475dfce1
improvements and testing
2013-01-08 19:43:58 +01:00
lmercer
69485ba261
made changes as specified in Redmine Bug #7139
2013-01-08 12:14:57 -05:00
jvazquez-r7
b2575f0526
Added module for OSVDB 76681
2013-01-08 17:46:31 +01:00
Joshua J. Drake
3ceb313752
Fixes format string issue in smb_login - FixRM #7657
2013-01-07 22:17:49 -06:00
Joshua J. Drake
c74d258509
Revert "Fixes format string issue in smb_login - FixRM #7657"
...
Will replay on separate branch.
This reverts commit a12b628ccc
.
2013-01-07 22:03:57 -06:00
Joshua J. Drake
60987de854
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-01-07 21:20:20 -06:00
Joshua J. Drake
a12b628ccc
Fixes format string issue in smb_login - FixRM #7657
2013-01-07 21:20:09 -06:00
sinn3r
2a1ab2c99a
Improve the module
2013-01-07 19:03:58 -06:00
sinn3r
1d3c1ec7fc
Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master
2013-01-07 19:03:35 -06:00
Charlie Eriksen
4e0fca6d0f
Adding DB error handling
...
As per sinn3r's suggestion, adding handling for the most common MySQL
errors.
Also adding HostNotPrivileged, which I encountered during my testing.
2013-01-07 23:52:13 +00:00
sinn3r
5bc1066c69
Change how modules use the mysql login functions
2013-01-07 16:12:10 -06:00
sinn3r
a59c474e3e
Merge branch 'jvazquez-r7-ibm_cognos_tm1admsd_bof'
2013-01-07 13:34:52 -06:00
smilingraccoon
9f69dbbd30
update unless statements, targeturi, and resolve var
2013-01-07 13:17:49 -05:00
Tod Beardsley
36adf86184
Various and sundry fixes for normalize_uri
2013-01-07 12:02:08 -06:00
Tod Beardsley
6a9445966a
Caught missing paren
2013-01-07 11:21:55 -06:00
Tod Beardsley
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Charlie Eriksen
a8df3d71ff
Changes based on Sinn3r's feedback
...
A bucket-load of changes!
- Added a fallback for if there is no Set-Cookie header
- Added a check if the cookie we produce is simply empty, meaning we
failed something :(
- Removed use of flatten. Though I may look into making that extraction
better
- Changed cgi requests to use vars_(post|get)
- Clarified a few status prints
- A few EOL space fixes
2013-01-06 12:34:27 +00:00
Charlie Eriksen
a5113f0da4
Adding a check function
...
Because it makes sense. The non-vulnerable versions doesn't have
/libs/pdf.php.
So pretty simple.
2013-01-05 18:37:29 +00:00
Charlie Eriksen
ae72022777
Improvement for CVE 2012-4915
...
Made two tiny improvements based on Meatballs' points
- Added handling for 127.0.0.1 as DB_HOST
- Added a note in the description about it changing the pasword
2013-01-05 18:23:00 +00:00
Charlie Eriksen
25cadf8b87
Adding exploit for CVE 2012-4915
...
Initial commit.
Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00
jvazquez-r7
883b3446f3
license text
2013-01-05 08:03:25 +01:00
jvazquez-r7
0a13f01f23
Added module for ZDI-12-101
2013-01-05 07:40:32 +01:00
smilingraccoon
0de23a7edb
fixed description
2013-01-04 21:16:56 -05:00
smilingraccoon
e35afdce5d
added wordpress-pingback scanner
2013-01-04 20:59:33 -05:00
smilingraccoon
3936725958
added wordpress-pingback scanner
2013-01-04 20:44:40 -05:00
Christian Mehlmauer
6654faf55e
Msftidy fixes
2013-01-04 09:29:34 +01:00
sinn3r
b50e040e69
Fix e-mail format, and the extra comma
2013-01-04 01:11:40 -06:00
sinn3r
d17a6f99e5
Merge branch 'feature/deprecated-module-mixin' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/deprecated-module-mixin
2013-01-04 00:38:01 -06:00
sinn3r
6d4abe947d
Merge branch 'id_revision' of github.com:FireFart/metasploit-framework into FireFart-id_revision
2013-01-04 00:23:03 -06:00
sinn3r
6f50410e5f
Merge branch 'patch-1' of github.com:mubix/metasploit-framework into mubix-patch-1
2013-01-03 17:51:54 -06:00
sinn3r
38de5d63d8
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-01-03 17:49:24 -06:00
Christian Mehlmauer
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
sinn3r
b061a0f9c1
Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof
2013-01-03 17:45:24 -06:00
Christian Mehlmauer
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
jvazquez-r7
a0b4045b4b
trying to fix the variable offset length
2013-01-04 00:25:34 +01:00
James Lee
9e912a23ff
Merge branch 'rapid7' into FireFart-msftidy_aux_1
2013-01-03 16:54:25 -06:00
James Lee
aa9f7dac6a
Merge branch 'rapid7' into tkisason-patch-1
2013-01-03 16:13:32 -06:00
sinn3r
724fa62019
Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof
2013-01-03 15:35:29 -06:00
Tonimir Kisasondi
39e81fb07f
Update modules/auxiliary/scanner/http/wordpress_login_enum.rb
...
Simple fix for msfconsole start error.
2013-01-03 21:52:10 +01:00
sinn3r
6fd35482cc
This exploit should be in browser auto pwn
2013-01-03 14:45:00 -06:00
James Lee
011ff18c98
Remove $
2013-01-03 14:06:32 -06:00
James Lee
233378f0fb
Remove stupid debugging load()
2013-01-03 14:05:45 -06:00
jvazquez-r7
9cea2d9af9
reference updated
2013-01-03 19:39:18 +01:00
jvazquez-r7
45808a3a44
Added module for ZDI-11-350
2013-01-03 19:17:45 +01:00
sinn3r
06b937ec11
Implements WTFUzz's no-spray technique
...
Do not try to bend the spoon, that is impossible. Instead, only
try to realize the truth: there is no spoon.
2013-01-03 11:57:47 -06:00
sinn3r
fedd9f29a0
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2013-01-03 11:56:56 -06:00
Tod Beardsley
1406f7cb0a
Msftidy on sap_router_info_request
2013-01-03 10:55:11 -06:00
Christian Mehlmauer
8cada447b2
msftidy: remove $Id$
2013-01-03 10:21:10 +01:00
James Lee
d9947a1515
Add a mixin for marking deprecated modules
...
* This mixin standardizes the previously ad-hoc deprecation warnings on
modules that have been moved.
* Uses the mixin in 3 existing modules that already have (or should have
had) deprecation warnings.
2013-01-02 19:14:44 -06:00
Christian Mehlmauer
e4a6669927
msftidy: remove $Revision$
2013-01-03 01:05:45 +01:00
Christian Mehlmauer
4d8a2a0885
msftidy: remove $Revision$
2013-01-03 01:01:18 +01:00
Christian Mehlmauer
95948b9d7c
msftidy: remove $Revision$
2013-01-03 00:58:09 +01:00
Christian Mehlmauer
ca890369b1
msftidy: remove $Id$
2013-01-03 00:54:48 +01:00
sinn3r
c86c6f1ba0
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2013-01-02 17:26:42 -06:00
jvazquez-r7
758edd7aed
make msftidy happy
2013-01-03 00:02:03 +01:00
Charlie Eriksen
97253d46a1
Multiple change for Juan
...
Incooperated changes as per Juan's suggestions.
- Removed redundant space option for the payload
- Doing the uri more intelligently
- Detecting allow_url_include being disabled and reporting it
- Moved to unix/webapp
- Removed redundant handler call
- Adding to description that this requires allow_url_include to be
enabled
2013-01-02 21:19:06 +00:00
Charlie Eriksen
78c6d04b31
Fixing from crlf to lf
...
By accident the line endings changed to crlf.
Mihi pointed out that the last diff was funky because the commit by
accident had crlf rather than the lf from the initial commits.
Also adding an email, as per the HACKING guide and since hdm pointed out
the usefulness of it.
2013-01-02 20:14:09 +00:00
Charlie Eriksen
ef3f15e881
Adding a PLUGINSPATH option
...
Adding a PUGINSPATH option as per FireFart's comment.
Because the path to plugins(and wp-content) can be changed, I've added a
PLUGINSPATH options.
This allows for targeting of sites where either folder has been moved,
by specifying the relative path to where all plugins are stored.
2013-01-02 18:56:49 +00:00
Rob Fuller
88d12da3db
hilight positive results in WebDAV scanner
...
As suggested by Lee Baird
2013-01-02 13:27:25 -05:00
Charlie Eriksen
6fb2130265
Adding a damn space
...
It suddenly jumped at me that there was a missing space in the module
info. Couldn't unsee.
2013-01-01 23:40:01 +00:00
Charlie Eriksen
4ba5b45ad3
Fixed the check
...
Turns out the export returns a 500 by default. Fixing.
2013-01-01 23:15:10 +00:00
Charlie Eriksen
dd0482cb9d
Code style fix!
...
Now variable names are in-line with the coding guidelines!
2013-01-01 23:01:14 +00:00
Charlie Eriksen
2fe2d5d3dd
Adding exploit for OSVDB 87353
...
Adding an exploit for OSVDB 87353, which allows for a remote file
inclusion in the Advanced Custom Fields plugin for Wordpress. and shell
given that url include is enabled in the php installation.
2013-01-01 22:52:55 +00:00
sinn3r
38157b86a9
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-31 11:15:44 -06:00
sinn3r
f7543e18fe
Your def of commit apparently is a little different than mine, git.
2012-12-31 00:35:13 -06:00
sinn3r
2b3f7c4430
Module rename
...
Sorry, Tod, this must be done.
2012-12-31 00:29:19 -06:00
sinn3r
5703274bc4
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-30 20:34:57 -06:00
sinn3r
1084334d5e
Randomness
2012-12-30 20:34:14 -06:00
sinn3r
7cb42a5eb4
Add BID ref
2012-12-30 18:14:22 -06:00
sinn3r
cc52e2c533
Where's Juan's name?
2012-12-30 12:58:16 -06:00
jvazquez-r7
14f21c0a29
using the rop as expected
2012-12-30 16:13:48 +01:00
jvazquez-r7
eed5a74f32
description updated and reference added
2012-12-30 16:08:01 +01:00
bcoles
8e543cf5f5
Add eXtplorer v2.1 auth bypass exploit module
2012-12-30 23:51:41 +10:30
Christian Mehlmauer
f7d6594314
re-deleted comma
2012-12-30 13:39:14 +01:00
jvazquez-r7
6be8ed6168
readd fix for #1219
2012-12-30 13:25:42 +01:00
jvazquez-r7
cd58cc73d9
fixed rop chain for w2003
2012-12-30 13:12:55 +01:00
Christian Mehlmauer
cab84b5c27
Fix for issue #1219
2012-12-30 13:02:13 +01:00
Christian Mehlmauer
dcf018c339
Comma
2012-12-30 12:54:44 +01:00
Christian Mehlmauer
14d197eeb2
Added Windows Server 2003
2012-12-30 11:35:29 +01:00
jvazquez-r7
6cb9106218
Added module for CVE-2012-4792
2012-12-30 01:46:56 +01:00
sinn3r
33ea21e415
Merge branch '403labs-zgrace-wordpress_login_enum'
2012-12-28 17:47:05 -06:00
sinn3r
d92b3bd2e1
Apply fixes
2012-12-28 17:46:17 -06:00
Tod Beardsley
e5eb8c6301
Fix connected in sap_router_info_request
...
See #1028 comments
2012-12-28 16:34:59 -06:00
sinn3r
2746a57093
Merge branch 'zgrace-wordpress_login_enum' of git://github.com/403labs/metasploit-framework into 403labs-zgrace-wordpress_login_enum
2012-12-28 15:42:09 -06:00
Tod Beardsley
3daea913b1
Merge branch 'sap_router_info_request'
2012-12-28 15:22:44 -06:00
Tod Beardsley
35604ac1aa
Normalizing caps and expanding description a bit
...
Be nice to have a couple more lines on the description
2012-12-28 15:12:40 -06:00
Tod Beardsley
5d7197d8ba
Moved shout outs, organized includes
...
include Msf::Exploit::Remote::Tcp must precede the include for the
Scanner mixin -- otherwise you end up with some undesired effects, like
having an RHOST and RHOSTS on the datastore.
Also, took out the block of shout outs and gave references and credits
to the people / url's mentioned.
2012-12-28 14:51:23 -06:00
sinn3r
eb2037bdba
Merge branch 'inotes_dwa85w_bof' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-inotes_dwa85w_bof
2012-12-28 12:16:06 -06:00
sinn3r
e778730a6a
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-28 10:32:31 -06:00
jvazquez-r7
9ffb0dcf79
switch to some random data
2012-12-28 12:48:36 +01:00
jvazquez-r7
8f62cd5561
swith to some random data
2012-12-28 12:47:20 +01:00
jvazquez-r7
af61438b0b
added module for zdi-12-132
2012-12-28 11:45:32 +01:00
jvazquez-r7
8ea5c993a2
added module for zdi-12-134
2012-12-28 11:44:30 +01:00
sinn3r
707784f2ae
Last fix
2012-12-28 03:46:59 -06:00
sinn3r
fc4da53be4
More fixes
2012-12-28 03:27:04 -06:00
sinn3r
ddd4b7ef60
Applying fixes
2012-12-28 02:26:40 -06:00
sinn3r
5369f88c5d
Merge branch 'local_admin_search_enum.rb' of git://github.com/zeknox/metasploit-framework into zeknox-local_admin_search_enum.rb
...
Conflicts:
modules/post/windows/gather/local_admin_search_enum.rb
2012-12-28 02:25:39 -06:00
Tod Beardsley
c2586d0907
Instead of raising, offer advice on BPF filtering
...
Many people don't know how to disable ICMP echo responses off the top of
their head. However, the problem is solvable with a decent BPF filter.
2012-12-27 15:18:18 -06:00
Tod Beardsley
c6533621a0
Oops removing debug prints
2012-12-27 14:58:52 -06:00
Tod Beardsley
c695f429d5
Mirror upstream PacketFu fix on ICMP size
2012-12-27 14:56:49 -06:00
Tod Beardsley
121353b360
Fixing EOLs to unix
...
In vim:
:set fileformat=unix
:wq
ta-da
2012-12-27 13:54:50 -06:00
Tod Beardsley
9fa6c9f4c4
Merge remote branch 'ChrisJohnRiley/icmp_exfil' into icmp_exfil
2012-12-27 13:52:19 -06:00
sinn3r
30c1286795
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-27 10:45:19 -06:00
sinn3r
0f6b72dad5
Final touchup
2012-12-26 21:16:04 -06:00
sinn3r
919d6daa41
Even if there's password, we should prolly keep the username
2012-12-26 21:14:26 -06:00
sinn3r
4ce1df2214
Change module title for consistency
2012-12-26 21:13:02 -06:00
sinn3r
da49f67079
Only show the password when exists
2012-12-26 21:10:52 -06:00
sinn3r
d3d595da95
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 21:08:03 -06:00
Brandon McCann
6e520e7a2a
converted split into a scan
2012-12-26 21:06:48 -06:00
sinn3r
eb424195ca
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 20:42:24 -06:00
Brandon McCann
e3c1d5a5c0
fixed config.close bug
2012-12-26 20:40:11 -06:00
sinn3r
17b41adfec
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 20:35:46 -06:00
Brandon McCann
b71729bf5f
fixed multi stored creds issue
2012-12-26 20:32:41 -06:00
sinn3r
6ecaabc9cc
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 20:08:34 -06:00
Brandon McCann
d70d2c4a19
typo
2012-12-26 19:54:35 -06:00
Brandon McCann
bcc651a1b2
modified password parsing, and utf encoding
2012-12-26 19:49:25 -06:00
sinn3r
c75f48b404
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 18:58:34 -06:00
Brandon McCann
073565c001
modified port and sname in db logging
2012-12-26 18:33:10 -06:00
sinn3r
b483e76065
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 18:03:24 -06:00
Brandon McCann
7147e7a09b
added spark_im post exploit module
2012-12-26 17:28:23 -06:00
sinn3r
771460fa4c
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-26 11:35:52 -06:00
sinn3r
d2dc7ebc2d
Merge branch 'feature/windows-postgres-payload-dll' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/windows-postgres-payload-dll
2012-12-26 11:18:21 -06:00
sinn3r
8223df375d
Avoid making the title sound too generic.
2012-12-26 11:15:37 -06:00
sinn3r
0b2ea3e55e
Fix weird tabs vs spaces prob
2012-12-26 11:14:48 -06:00
jvazquez-r7
e895ccb6b1
added random string functions
2012-12-25 18:13:02 +01:00
jvazquez-r7
fec989026f
Added module for CVE-2012-5691
2012-12-25 18:05:10 +01:00
sinn3r
2682908ff2
Small corrections here and there
2012-12-24 18:20:46 -06:00
sinn3r
6a3bf6a2a6
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-24 17:57:02 -06:00
sinn3r
38f0886058
James has more modules that need to be updated.
...
e-mail update.
2012-12-24 17:51:58 -06:00
jvazquez-r7
5b8492fc0d
module cleanup by juan
2012-12-24 23:26:40 +01:00
jvazquez-r7
ac6f34dc09
module name renamed
2012-12-24 23:26:06 +01:00
jvazquez-r7
bf036c97ad
added initial submission from james fitts
2012-12-24 23:25:25 +01:00
Zach Grace
d4bdf1b6b4
Added user name enumeration based on author id enumeration
2012-12-24 16:09:03 -06:00
jvazquez-r7
7173c9b598
update james email address
2012-12-24 22:46:47 +01:00
sinn3r
d69e506221
Final changes
2012-12-24 15:08:52 -06:00
sinn3r
3d27397429
This error will still show even if we get a shell
2012-12-24 15:06:15 -06:00
jvazquez-r7
0950240d9a
module cleanup by juan
2012-12-24 18:59:45 +01:00
jvazquez-r7
9020c96373
module renamed
2012-12-24 18:59:25 +01:00
jvazquez-r7
09568f255e
Submission by James Fitts
2012-12-24 18:58:53 +01:00
sinn3r
076c8aa995
Merge branch 'nullbind-mssql_linkcrawler'
2012-12-24 11:14:28 -06:00
sinn3r
677b9718da
Finalizing module
2012-12-24 11:13:51 -06:00
sinn3r
0822e8eae2
Merge branch 'kost-mipsle-shell_reverse_tcp'
2012-12-24 10:52:19 -06:00
jvazquez-r7
4c897c5181
added module for ZDI-12-154
2012-12-24 16:23:19 +01:00
sinn3r
d2e3e5defb
Merge branch 'jlee-r7-cleanup/post-windows-services'
2012-12-22 13:29:48 -06:00