infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,218 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

3375 Commits (a93c7836bdc201c1a115e25e4bd3b207dfc32321)

Author SHA1 Message Date
sinn3r 7221420267 When it hangs, it's actually the correct behavior, not a failure. 2012-08-07 15:00:08 -05:00
Tod Beardsley 955a5af8cf Adding OSVDB ref 2012-08-07 12:56:29 -05:00
sinn3r ddcee6fee0 And the war between spaces and tabs goes on.... 2012-08-07 12:36:53 -05:00
sinn3r 540f6253ef Merge branch 'pbot_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-pbot_exec 2012-08-07 12:26:07 -05:00
sinn3r 57c32c9c7b Slip Plixer's name in there, because it's their product. 2012-08-07 12:20:44 -05:00
jvazquez-r7 fb452d75a3 Added module for pbot RCE 2012-08-07 19:20:32 +02:00
sinn3r 0f37c1704d Add vendor's name in there fore better searching 2012-08-07 12:17:41 -05:00
sinn3r 5f4297a68a I tested it 9.5.2 too 2012-08-07 11:01:08 -05:00
sinn3r 3ba73c4f7f Fix check() function 2012-08-07 11:00:12 -05:00
sinn3r 6b4ae94dce Add CVE-2012-3951 Scrutinizer NetFlow and sFlow Analyzer exploit 
This uses a default MySQL admin credential to write a php file to
the web directory, extracts our malicious executable, and then
finally execute it. We get SYSTEM.
 2012-08-07 03:19:44 -05:00
jvazquez-r7 44dd8b0cc5 Merge branch 'update_juan_author' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-update_juan_author 2012-08-06 19:04:26 +02:00
jvazquez-r7 c2cc4b3b15 juan author name updated 2012-08-06 18:59:16 +02:00
sinn3r 349c841f6b Blah, OSVDB ref shouldn't be a link 2012-08-06 11:57:59 -05:00
sinn3r 647b587f75 Merge branch 'Meatballs1-uplay' 2012-08-06 11:54:51 -05:00
sinn3r 69ff9e7c1c Lots of changes before commit. 2012-08-06 11:54:08 -05:00
sinn3r 25b2b2de68 Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay 2012-08-06 11:33:27 -05:00
sinn3r 13aca3fe4c Merge branch 'oracle_autovue_setmarkupmode' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_autovue_setmarkupmode 2012-08-06 03:13:27 -05:00
Steve Tornio 54ed27c1b3 add osvdb ref 2012-08-05 09:02:54 -05:00
Steve Tornio b646dcc87f add osvdb ref 2012-08-05 09:02:32 -05:00
Steve Tornio 79e04bb793 add osvdb ref 2012-08-05 09:02:11 -05:00
Steve Tornio eb963ae52a add osvdb ref 2012-08-05 09:01:46 -05:00
jvazquez-r7 4e8a6f6508 Added module for CVE-2012-0549 2012-08-05 12:13:23 +02:00
Tod Beardsley d5b165abbb Msftidy.rb cleanup on recent modules. 
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
 2012-08-04 12:18:00 -05:00
Meatballs1 1aacea951d Serve files as hidden 2012-08-04 18:03:12 +01:00
Meatballs1 833999b2c3 Changed blacklist to 404 all files that are not our share and executable - this allows windows/exec payload to work 2012-08-04 17:59:45 +01:00
Daniel Miller 31510167e6 Make setuid_nmap more robust 
Squashed commit of the following:

commit e1a1f84f9b1ce6466e82c72e39070c34607d6769
Author: James Lee <egypt@metasploit.com>
Date:   Fri Aug 3 14:13:33 2012 -0600

    Fix 1.8 compat

commit 26533219896b6e874b2f2113e7cbc6d5d7d1ac79
Author: Daniel Miller <bonsaiviking@gmail.com>
Date:   Thu Aug 2 09:50:38 2012 -0500

    Handle early Nmap versions that don't take absolute paths

commit 00db80131deba1f4a3bcc289b394feb5057fbbe9
Author: Daniel Miller <bonsaiviking@gmail.com>
Date:   Fri Jul 27 11:58:36 2012 -0500

    Add compatibility args to setuid_nmap command

    Nmap before 4.75 would not run a script without a port scan being
    performed. Example: 4.53 installed on Metasploitable would not work.
    Added "-p80 localhost" to the command to ensure it works with these
    older versions.

[Closes #649]
 2012-08-03 14:15:09 -06:00
h0ng10 8872ea693c real support for cve-2010-0738/verb bypass 2012-08-03 14:22:40 -04:00
h0ng10 52b1919315 Additional cleanups, verb tampering 2012-08-02 17:33:17 -04:00
James Lee 227d0dbc47 Add jabra to authors. I'm a jerk 2012-08-02 11:13:53 -06:00
James Lee 1a2a1e70f7 Replace load with require, *facepalm* 2012-08-01 22:51:36 -06:00
sinn3r 2f1022a5a3 Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay 2012-08-01 16:24:23 -05:00
sinn3r f6a2ba094d Merge branch 'sonicwall_scrutinizer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sonicwall_scrutinizer 2012-08-01 15:14:34 -05:00
sinn3r 74a6c724a6 Merge branch 'cisco_playerpt_setsource_surl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cisco_playerpt_setsource_surl 2012-08-01 15:13:15 -05:00
sinn3r 6ae863cdff Forgot two extra spaces, how dare me! 2012-08-01 15:11:33 -05:00
sinn3r 227c3afed3 Merge branch 'bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec' 2012-08-01 15:08:51 -05:00
sinn3r 7af9979687 Merge branch 'zenoss_3.2.1_showdaemonxmlconfig_exec' of https://github.com/bcoles/metasploit-framework into bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec 2012-08-01 15:06:42 -05:00
sinn3r 48533dc392 Merge branch 'current-user-psexec' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-current-user-psexec 2012-08-01 15:02:10 -05:00
sinn3r 92d1d26288 Add CVE-2012-2962 : Dell SonicWall Scrutinizer exploit 2012-08-01 15:00:24 -05:00
jvazquez-r7 4c28b2a310 modified autopwn_info to add ie9 2012-08-01 19:36:20 +02:00
jvazquez-r7 d3c10d5d39 Added module for CVE-2012-0284 2012-08-01 19:34:37 +02:00
bcoles 2bf0899d09 minor improvements to Zenoss showdaemonxmlconfig exploit 2012-08-01 20:15:45 +09:30
James Lee 0707730fe0 Remove superfluous method 
Obsoleted by session.session_host, which does the same thing
 2012-08-01 01:07:21 -06:00
James Lee 47eb387886 Add current_user_psexec module 
Tested against a 2k8 domain controller.
 2012-08-01 01:05:10 -06:00
sinn3r 8a40ef397d Merge branch 'webpagetest' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webpagetest 2012-07-31 17:29:42 -05:00
sinn3r d66678e7ee Forgot to randomize element ID 2012-07-31 17:25:50 -05:00
jvazquez-r7 7a0b5a6169 Added module for CVE-2012-1876 2012-07-31 23:14:29 +02:00
Meatballs1 75a9283fbf Removed auto migrate as exploit loads in a seperate process to browser anyway 2012-07-31 20:44:14 +01:00
Meatballs1 6f697ce519 Working with WebDAV 2012-07-31 20:26:47 +01:00
sinn3r 9815faec37 Add OSVDB-83822 2012-07-31 13:31:06 -05:00
sinn3r 20489864fc Merge branch 'zenoss_3.2.1_showdaemonxmlconfig_exec' of https://github.com/bcoles/metasploit-framework into bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec 2012-07-31 08:42:34 -05:00
sinn3r e7db0ebcef Blah, removed the wrong ref. 2012-07-30 12:47:32 -05:00
sinn3r edfe43e7e0 When I say to remove BID ref, I mean it... 2012-07-30 12:46:27 -05:00
sinn3r e84214d1e1 Remove some references to avoid confusion. 
rgod's poc and Mikado aren't actually the same thing, despite the
fact they both use the same method. To avoid confusion, refs to
Secunia and CVE are removed, but OSVDB/EDB are kept unless OSVDB
decides rgod's and Mikado's are separate issues.
 2012-07-30 12:42:27 -05:00
Meatballs1 f298dbbd04 Fixed to work with browser_autopwn 2012-07-30 16:43:21 +01:00
Meatballs1 066020e572 Msftidy 2012-07-30 15:51:56 +01:00
Meatballs1 404909cb95 Check as IE crashes if length > 693 2012-07-30 15:41:58 +01:00
Meatballs1 690c381abd Initial commit 2012-07-30 14:49:34 +01:00
bcoles bdf8f1a543 Clean up Zenoss exploit + minor improvements 
Changed send_request_raw() to send_request_cgi()
 - Removed redundant request headers 'Content-Length'

Added rescue error message for connection failures

Changed username to the default 'admin' account
 2012-07-30 18:04:14 +09:30
jvazquez-r7 2fa88366be Added module for MS10-104 2012-07-30 09:01:38 +02:00
bcoles 8d3700cc3c Add Zenoss <= 3.2.1 exploit and Python payload 
- modules/exploits/linux/http/zenoss_3.2.1_showdaemonxmlconfig_exec.rb
 - modules/payloads/singles/cmd/unix/reverse_python.rb
 2012-07-30 01:24:27 +09:30
Matt Andreko 2f7b5f35af Added Sysax 5.64 Create Folder exploit 2012-07-29 10:40:02 -04:00
h0ng10 36be7cd9c4 removed unnecessary cleanup 2012-07-27 16:32:08 -04:00
sinn3r d67234bd03 Better regex and email format correction 2012-07-27 01:14:32 -05:00
sinn3r 2939e3918e Rename file 2012-07-27 01:06:57 -05:00
bcoles cec15aa204 Added CuteFlow v2.11.2 Arbitrary File Upload 
- modules/exploits/multi/http/cuteflow_2.11.2_upload_exec.rb
 2012-07-27 12:30:20 +09:30
sinn3r 80e0688c68 Merge branch 'symantec_pbcontrol' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-symantec_pbcontrol 2012-07-26 15:16:23 -05:00
sinn3r e483af64e4 Random text 2012-07-26 15:14:02 -05:00
sinn3r 6c3b05f1c4 Add CVE-2012-2953 Symantec Web Gateway proxy_file() cmd exec bug 2012-07-26 13:11:05 -05:00
jvazquez-r7 0bbcac96ea cleanup: delete revision metadata plus fix disc date 2012-07-26 15:04:15 +02:00
jvazquez-r7 e885b84347 Added module for CVE-2012-0284 2012-07-26 13:08:24 +02:00
sinn3r 3cb60fb42a Fix 1.8-specific regexp syntax bug 
The bug was:
line 343: warning: regexp has invalid interval
line 343: warning: regexp has '}' without escape
 2012-07-26 02:19:13 -05:00
jvazquez-r7 d2e1f4b448 Added module for OSVDB 83745 2012-07-25 19:24:09 +02:00
sinn3r b527356e00 This check can be handy 2012-07-22 03:34:16 -05:00
sinn3r 5fd58eda71 Merge branch 'sws_connection_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sws_connection_bof 2012-07-22 03:29:33 -05:00
jvazquez-r7 2f66aa7c4f Added module for OSVDB 83891 2012-07-21 12:14:29 +02:00
jvazquez-r7 beb1fbb55d Added module for Simple Web Server Connection header bof 2012-07-21 12:07:36 +02:00
jvazquez-r7 f4e4675dc5 Avoid unpack with native endian types 2012-07-20 22:07:12 +02:00
sinn3r b662881613 Enforce a check before firing the exploit 2012-07-19 16:43:52 -05:00
jvazquez-r7 37f14f76b7 Descriptions updated 2012-07-19 17:38:01 +02:00
sinn3r 2bb36f5ef9 Remove repeating words 2012-07-19 10:17:05 -05:00
sinn3r 898530dd54 Fix description 2012-07-19 10:15:26 -05:00
sinn3r 2c648b1c5b Merge branch 'zenworks_preboot_op6c_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6c_bof 2012-07-19 10:14:10 -05:00
sinn3r 8f867b5b0d 100 columns or each line in the description 2012-07-19 10:12:22 -05:00
jvazquez-r7 d51209a3cf Beautify 2012-07-19 15:53:47 +02:00
jvazquez-r7 d69a46a9f0 Beautify 2012-07-19 15:53:09 +02:00
jvazquez-r7 83b7b90c61 Added module for CVE-2011-3175 2012-07-19 15:30:51 +02:00
jvazquez-r7 48f8145d97 Added module for CVE-2011-3176 2012-07-19 15:29:10 +02:00
James Lee d238debb2f Add disclo date, discoverers, and better description 2012-07-18 16:14:32 -06:00
James Lee ebe48ecf16 Add Rank for schelevator, update sock_sendpage's 2012-07-18 11:16:29 -06:00
sinn3r f4547527a8 Merge branch 'omg-post-exploits' of https://github.com/jlee-r7/metasploit-framework 2012-07-17 17:43:40 -05:00
sinn3r b3e11f2e6b Merge branch 'zenworks_preboot_op6_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6_bof 2012-07-17 17:42:58 -05:00
jvazquez-r7 80bfd48535 Added module for ZDI-010-090 Opcode 0x6 2012-07-17 23:25:55 +02:00
jvazquez-r7 0514756e92 Added module for ZDI-010-090 Opcode 0x21 2012-07-17 23:25:04 +02:00
James Lee efe478f847 Merge branch 'master' into omg-post-exploits 2012-07-16 09:20:23 -06:00
HD Moore a57e712630 Be less verbose 2012-07-15 22:19:12 -05:00
HD Moore b133428bc1 Better error handling in two web app modules 2012-07-15 21:56:00 -05:00
HD Moore 7f3aeca501 Put lipstick on this pig for the time being 2012-07-15 21:35:29 -05:00
James Lee 7091d1c65b Add an exploit for sock_sendpage 
Unfortunately, adds a dep on bionic for runtime compilation.

Gets ring0, sets the (res)uid to 0 and jumps to the payload.  Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into.  Single payloads work fine, though.

Also cleans up and improves local exploits' ability to compile C.

[SEERM #3038]
 2012-07-15 20:29:48 -06:00
HD Moore 44e56c87f1 Make super sure that blank creds are not reported 2012-07-15 20:56:31 -05:00
jvazquez-r7 8cf08c6ca3 Target W7 updated 2012-07-15 17:45:58 +02:00