e7db0ebcef
Blah, removed the wrong ref.
2012-07-30 12:47:32 -05:00
edfe43e7e0
When I say to remove BID ref, I mean it...
2012-07-30 12:46:27 -05:00
e84214d1e1
Remove some references to avoid confusion.
...
rgod's poc and Mikado aren't actually the same thing, despite the
fact they both use the same method. To avoid confusion, refs to
Secunia and CVE are removed, but OSVDB/EDB are kept unless OSVDB
decides rgod's and Mikado's are separate issues.
2012-07-30 12:42:27 -05:00
f298dbbd04
Fixed to work with browser_autopwn
2012-07-30 16:43:21 +01:00
066020e572
Msftidy
2012-07-30 15:51:56 +01:00
404909cb95
Check as IE crashes if length > 693
2012-07-30 15:41:58 +01:00
690c381abd
Initial commit
2012-07-30 14:49:34 +01:00
bdf8f1a543
Clean up Zenoss exploit + minor improvements
...
Changed send_request_raw() to send_request_cgi()
- Removed redundant request headers 'Content-Length'
Added rescue error message for connection failures
Changed username to the default 'admin' account
2012-07-30 18:04:14 +09:30
2fa88366be
Added module for MS10-104
2012-07-30 09:01:38 +02:00
8d3700cc3c
Add Zenoss <= 3.2.1 exploit and Python payload
...
- modules/exploits/linux/http/zenoss_3.2.1_showdaemonxmlconfig_exec.rb
- modules/payloads/singles/cmd/unix/reverse_python.rb
2012-07-30 01:24:27 +09:30
2f7b5f35af
Added Sysax 5.64 Create Folder exploit
2012-07-29 10:40:02 -04:00
36be7cd9c4
removed unnecessary cleanup
2012-07-27 16:32:08 -04:00
d67234bd03
Better regex and email format correction
2012-07-27 01:14:32 -05:00
2939e3918e
Rename file
2012-07-27 01:06:57 -05:00
cec15aa204
Added CuteFlow v2.11.2 Arbitrary File Upload
...
- modules/exploits/multi/http/cuteflow_2.11.2_upload_exec.rb
2012-07-27 12:30:20 +09:30
80e0688c68
Merge branch 'symantec_pbcontrol' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-symantec_pbcontrol
2012-07-26 15:16:23 -05:00
e483af64e4
Random text
2012-07-26 15:14:02 -05:00
6c3b05f1c4
Add CVE-2012-2953 Symantec Web Gateway proxy_file() cmd exec bug
2012-07-26 13:11:05 -05:00
0bbcac96ea
cleanup: delete revision metadata plus fix disc date
2012-07-26 15:04:15 +02:00
e885b84347
Added module for CVE-2012-0284
2012-07-26 13:08:24 +02:00
3cb60fb42a
Fix 1.8-specific regexp syntax bug
...
The bug was:
line 343: warning: regexp has invalid interval
line 343: warning: regexp has '}' without escape
2012-07-26 02:19:13 -05:00
d2e1f4b448
Added module for OSVDB 83745
2012-07-25 19:24:09 +02:00
b527356e00
This check can be handy
2012-07-22 03:34:16 -05:00
5fd58eda71
Merge branch 'sws_connection_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sws_connection_bof
2012-07-22 03:29:33 -05:00
2f66aa7c4f
Added module for OSVDB 83891
2012-07-21 12:14:29 +02:00
beb1fbb55d
Added module for Simple Web Server Connection header bof
2012-07-21 12:07:36 +02:00
f4e4675dc5
Avoid unpack with native endian types
2012-07-20 22:07:12 +02:00
b662881613
Enforce a check before firing the exploit
2012-07-19 16:43:52 -05:00
37f14f76b7
Descriptions updated
2012-07-19 17:38:01 +02:00
2bb36f5ef9
Remove repeating words
2012-07-19 10:17:05 -05:00
898530dd54
Fix description
2012-07-19 10:15:26 -05:00
2c648b1c5b
Merge branch 'zenworks_preboot_op6c_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6c_bof
2012-07-19 10:14:10 -05:00
8f867b5b0d
100 columns or each line in the description
2012-07-19 10:12:22 -05:00
d51209a3cf
Beautify
2012-07-19 15:53:47 +02:00
d69a46a9f0
Beautify
2012-07-19 15:53:09 +02:00
83b7b90c61
Added module for CVE-2011-3175
2012-07-19 15:30:51 +02:00
48f8145d97
Added module for CVE-2011-3176
2012-07-19 15:29:10 +02:00
d238debb2f
Add disclo date, discoverers, and better description
2012-07-18 16:14:32 -06:00
ebe48ecf16
Add Rank for schelevator, update sock_sendpage's
2012-07-18 11:16:29 -06:00
f4547527a8
Merge branch 'omg-post-exploits' of https://github.com/jlee-r7/metasploit-framework
2012-07-17 17:43:40 -05:00
b3e11f2e6b
Merge branch 'zenworks_preboot_op6_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6_bof
2012-07-17 17:42:58 -05:00
80bfd48535
Added module for ZDI-010-090 Opcode 0x6
2012-07-17 23:25:55 +02:00
0514756e92
Added module for ZDI-010-090 Opcode 0x21
2012-07-17 23:25:04 +02:00
efe478f847
Merge branch 'master' into omg-post-exploits
2012-07-16 09:20:23 -06:00
a57e712630
Be less verbose
2012-07-15 22:19:12 -05:00
b133428bc1
Better error handling in two web app modules
2012-07-15 21:56:00 -05:00
7f3aeca501
Put lipstick on this pig for the time being
2012-07-15 21:35:29 -05:00
7091d1c65b
Add an exploit for sock_sendpage
...
Unfortunately, adds a dep on bionic for runtime compilation.
Gets ring0, sets the (res)uid to 0 and jumps to the payload. Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into. Single payloads work fine, though.
Also cleans up and improves local exploits' ability to compile C.
[SEERM #3038 ]
2012-07-15 20:29:48 -06:00
44e56c87f1
Make super sure that blank creds are not reported
2012-07-15 20:56:31 -05:00
8cf08c6ca3
Target W7 updated
2012-07-15 17:45:58 +02:00
e1ff6b0cef
Nicer cleanup
2012-07-14 17:57:32 -05:00
bdf009d7a8
Review of pull request #606
2012-07-15 00:20:12 +02:00
6c8ee443c8
datastore cleanup according to sinn3r
2012-07-12 09:31:22 +02:00
65d15df9f9
Merge branch 'jboss-revision' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-revision
2012-07-12 09:25:37 +02:00
87f5002516
added datastore cleanup
2012-07-11 12:56:23 -04:00
0d38a7e45f
switched to Rex::Text.encode_base64()
2012-07-11 12:52:09 -04:00
32fa8bdfcf
Fixed typo in Stefan's last name
2012-07-11 14:53:26 +10:00
61ec07a10c
additional targets, meterpreter, bugfixes
2012-07-10 13:33:28 -04:00
06974cbc43
This bug is now patched
2012-07-10 12:28:46 -05:00
4af75ff7ed
Added module for CVE-2011-4542
2012-07-10 18:40:18 +02:00
6f97b330e7
Merge branch 'LittleLightLittleFire-module-cve-2012-1723'
2012-07-10 00:50:31 -05:00
5b7d1f17c0
Correct juan's name and comments
2012-07-10 00:43:46 -05:00
54576a9bbd
Last touch-up
...
The contents of this pull request are very similar to what the msf
dev had in private, so everybody is credited for the effort.
2012-07-10 00:37:07 -05:00
c532d4307a
Use the right failure reason
2012-07-10 00:26:14 -05:00
e9ac90f7b0
added CVE-2012-1723
2012-07-10 12:20:37 +10:00
73fcf73419
Added module for CVE-2011-2657
2012-07-09 18:03:16 +02:00
6d6b4bfa92
Merge remote branch 'rapid7/master' into omg-post-exploits
2012-07-08 17:32:39 -06:00
44290c2c89
add osvdb ref
2012-07-07 08:40:25 -05:00
70c718a5ed
Fix indent level
2012-07-06 12:44:03 -05:00
24c57b61a8
Add juan as an author too for improving the module a lot
2012-07-06 10:41:06 -05:00
9fecc80459
User of TARGETURI plus improve of description
2012-07-06 15:47:25 +02:00
7751c54a52
references updates
2012-07-06 11:56:03 +02:00
f8ca5b4234
Revision of pull request #562
2012-07-06 11:52:43 +02:00
1e6c4301b6
We worked on it, so we got credit
2012-07-06 02:12:10 -05:00
f8123ef316
Add a "#" in the end after the payload
2012-07-06 02:09:31 -05:00
187731f2cb
Add a check function to detect the vuln
2012-07-06 01:58:01 -05:00
dcddc712d2
Missing a "&"
2012-07-06 01:50:18 -05:00
3c8a836091
Add lcashdol's module from #568
...
Initial version being worked on by sinn3r & juan
2012-07-06 01:41:34 -05:00
260cea934d
Add more reference
2012-07-05 16:48:43 -05:00
850242e733
Remove the extra comma and a tab char
2012-07-05 14:05:23 -05:00
aee7d1a966
Added module for CVE-2012-0911
2012-07-05 20:58:27 +02:00
ff4a0bc3aa
poisonivy_bof description updated
2012-07-05 00:18:13 +02:00
8bdf3b56f5
tries updated
2012-07-04 15:48:32 +02:00
d8a5af7084
last changes done by gal, added RANDHEADER to single_exploit
2012-07-04 15:25:12 +02:00
644d5029d5
add bruteforce target as optional
2012-07-04 13:02:47 +02:00
7214a6c969
check function updated
2012-07-04 12:16:30 +02:00
c531bd264b
brute force version of the exploit
2012-07-04 11:37:36 +02:00
da2105787d
no rop versio of the exploit, metadata used, check and description fixed
2012-07-04 10:54:35 +02:00
8bcc0ba440
Review of pull request #559
2012-07-03 23:49:47 +02:00
600ca5b1dd
Added module for CVE-2012-0708
2012-07-03 19:03:58 +02:00
77d6fe16f0
Merge branch 'Winlog-CVE-resource' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-Winlog-CVE-resource
2012-07-02 16:04:02 -05:00
e2a2789f78
Support Ruby 1.8 syntax. Thanks M M.
2012-07-02 14:15:14 -05:00
e06ca8e654
Winlog-CVE-resource
2012-07-02 20:33:15 +02:00
9d49052c52
hp_dataprotector_new_folder: added support for hpdp 6
2012-07-02 18:32:19 +02:00
3bb7405b09
Only report auth if the username is not blank
2012-07-02 04:11:29 -05:00
a3d74f5b10
Correct dead milw0rm references
2012-06-30 16:50:04 -05:00
2874768539
Also add juan as author. And links to the vulnerable setup.
2012-06-30 13:12:13 -05:00
5dbfb7b9aa
last cleanup
2012-06-30 14:18:25 +02:00
19d476122b
versions affected corrected
2012-06-29 20:23:17 +02:00
533111c6da
irfanview_jpeg2000_bof: review of pull req #543
2012-06-29 20:13:02 +02:00
196e1b7f70
Update title & description to match what ZDI has.
...
ZDI publishes a new advisory that's closer to what we actually
see in a debugger. So we update the reference, as well as the
description + title to better match up theirs.
2012-06-29 11:10:28 -05:00
19b6ebbfbf
Merge branch 'apple_quicktime_texml_zdi' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-apple_quicktime_texml_zdi
2012-06-29 10:59:11 -05:00
0e87238e58
Space space
2012-06-29 10:56:12 -05:00
c79312547a
Added module for CVE-2012-0124
2012-06-29 17:50:21 +02:00
5efb459616
updated zdi reference
2012-06-29 16:36:11 +02:00
e5dd6fc672
Update milw0rm references.
...
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links. Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
7c9a8ba699
Add OSVDB reference
2012-06-28 02:09:12 -05:00
cf9a6d58cc
Update missing OSVDB ref
2012-06-28 00:44:01 -05:00
f63a3959e0
Update web app module references
2012-06-28 00:37:37 -05:00
869aec5e3e
Update CVE/OSVDB/Milw0rm references for browser modules
2012-06-28 00:26:20 -05:00
7dcdd205bb
Update CVEs for fileformat exploits
2012-06-28 00:21:03 -05:00
b83c02d8e3
Update CVE reference
2012-06-28 00:06:41 -05:00
d85ce8db5c
Update CVEs for HTTP exploits
2012-06-28 00:00:53 -05:00
e8102284ff
Add missing CVEs for misc exploit modules
2012-06-27 22:17:34 -05:00
f5faccfa07
Add missing CVEs for SCADA modules
2012-06-27 22:10:24 -05:00
e605a35433
Make sure the check func is always returning the same data type
2012-06-27 17:07:55 -05:00
cb1af5ab79
Final cleanup
2012-06-27 16:57:04 -05:00
73360dfae3
minor fixes
2012-06-27 23:38:52 +02:00
245205c6c9
changes on openfire_auth_bypass
2012-06-27 23:15:40 +02:00
6ec990ed85
Merge branch 'Openfire-auth-bypass' of https://github.com/h0ng10/metasploit-framework into h0ng10-Openfire-auth-bypass
2012-06-27 23:09:26 +02:00
2f733ff8b9
Add CVE-2012-0663 Apple QuickTime TeXML Exploit
2012-06-27 14:41:45 -05:00
94e28933c8
Whitespace fixes. msftidy.rb yall
2012-06-27 10:06:15 -05:00
9ea6d84a7a
Make it clear the exploit doesn't like certain PDF formats
...
If the exploit cannot fetch certain xref fields, we warn the user
we don't like their PDF, and recommend them to try a different
one.
2012-06-26 16:32:10 -05:00
6cc8390da9
Module rewrite, included Java support, direct upload, plugin deletion
2012-06-26 11:56:44 -04:00
b966dda980
Update missing CVE reference
2012-06-26 01:26:09 -05:00
8f355554c8
Update missing CVE reference
2012-06-26 01:21:24 -05:00
0d7b6d4053
Update missing CVE reference
2012-06-26 01:20:28 -05:00
c7935e0e99
Update OSVDB reference
2012-06-26 01:18:25 -05:00
9980c8f416
Add rh0's analysis
2012-06-25 21:32:45 -05:00
7698b2994d
Correct OSVDB typo
2012-06-25 18:32:35 -05:00
8927c8ae57
Make it more verbose, and do some exception handling for cleanup
2012-06-25 17:27:33 -05:00
7b0f3383d2
delete default credentials
2012-06-25 23:53:56 +02:00
7dc1a572e5
trying to fix serialization issues
2012-06-25 23:25:38 +02:00
4c453f9b87
Added module for CVE-2012-0694
2012-06-25 17:21:03 +02:00
807f7729f0
Merge branch 'master' into feature/vuln-info
2012-06-25 10:10:20 -05:00
5d2655b0ce
add osvdb ref
2012-06-25 09:00:03 -05:00
348a0b8f6e
Merge branch 'master' into feature/vuln-info
2012-06-24 23:00:13 -05:00
c28d47dc70
Take into account an integer-normalized datastore
2012-06-24 23:00:02 -05:00
e31a09203d
Take into account an integer-normalized datastore
2012-06-24 22:59:14 -05:00
65197e79e2
added Exploit for CVE-2008-6508 (Openfire Auth bypass)
2012-06-24 07:35:38 -04:00
e805675c1f
Add Apple iTunes 10 Extended M3U Stack Buffer Overflow
...
New exploit against Apple iTunes. Note that this appears to be
different than liquidworm's CVE-2012-0677, because this one is
a stack-based buffer overflow, while CVE-2012-0677 is heap-based,
and a different crash/backtrace. However, according to Rh0, this
bug is patched anyway in the same update... possibly a silent
patch.
As of now, there seems to be no CVE or OSVDB addressing this
particular bug.
2012-06-24 02:01:34 -05:00
6913440d67
More progress on syscall wrappers
...
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
2012-06-22 17:45:49 -06:00
d708f2526c
Adding ref for APSB12-09 to new Flash sploit
2012-06-22 17:30:52 -05:00
72ef8c91f0
module for CVE-2012-0779 added
2012-06-23 00:21:18 +02:00
315a1707e7
also new version v2.07.16 is vulnerable
2012-06-22 13:18:45 +02:00
fd8b1636b9
Add the first bits of a sock_sendpage exploit
...
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.
Baby steps.
2012-06-22 00:03:29 -06:00
815d80a2cc
Merge branch 'rapid7' into omg-post-exploits
2012-06-21 17:02:55 -06:00
9d52ecfbb6
Fix a few mistakes (typos & reference)
2012-06-21 02:32:04 -05:00
6be7ba98aa
ezserver_http: added bid reference
2012-06-20 22:08:58 +02:00
f7ecc98923
Merge branch 'master' into feature/vuln-info
2012-06-20 13:34:53 -05:00
sinn3r
Meatballs1
bcoles
jvazquez-r7
Matt Andreko
h0ng10
James Lee
HD Moore
LittleLightLittleFire
Steve Tornio
m-1-k-3
Tod Beardsley