Commit Graph

2867 Commits (ab44e3e64335e5d3b2aef36e72be9a802411ca5c)

Author SHA1 Message Date
sinn3r 9054fafb15 Not sure why paths were repeated, but no more. 2012-11-13 18:32:32 -06:00
Chris John Riley f88ec5cbc8 Add normalize_uri to modules that may have
been missed by PULL 1045.

Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)

ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
jvazquez-r7 21693831ae Added module for ZDI-11-018 2012-11-08 17:32:42 +01:00
HD Moore 36066f8c78 Catch a few stragglers for double slash 2012-11-08 07:21:37 -06:00
HD Moore 4d2147f392 Adds normalize_uri() and fixes double-slash typos 2012-11-08 07:16:51 -06:00
David Maloney 208e706307 Module title fixes 2012-11-07 10:33:14 -06:00
James Lee 34bc92584b Refactor WindowsServices
* Pulls common code up from several methods into #open_sc_manager
* Deprecates the name Windows::WindowsServices in favor of
  Windows::Services. The platform is already clear from the namespace.
* Makes the post/test/services test module actually work

[See #1007]
[See #1012]
2012-11-06 17:30:04 -06:00
jvazquez-r7 9166d12179 Merge branch 'WinRM_piecemeal' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal 2012-11-05 23:08:59 +01:00
Tod Beardsley 70d53b4e2d Merge remote branch 'jvazquez-r7/emc_networker_format_string' 2012-11-05 16:03:56 -06:00
jvazquez-r7 77b1e9e648 added comment about ropdb 2012-11-05 23:02:23 +01:00
Tod Beardsley e385aad9e5 Merge remote branch 'jvazquez-r7/emc_networker_format_string' 2012-11-05 16:02:18 -06:00
David Maloney 9d5ab5a66f Stupid typing error 2012-11-05 15:41:47 -06:00
David Maloney 314026ed0e Some error checking and fixups 2012-11-05 13:29:57 -06:00
nullbind 0246e921c5 style, ref, desc, and author updates 2012-11-05 12:45:54 -06:00
David Maloney 7c141e11c4 Hopefully final touches
Some smftidy cleanup, and added a method to check that the payload is
the correct arch when using the powershell method
2012-11-05 10:06:57 -06:00
jvazquez-r7 04668c7d61 fix response codes check to avoid second tries to fail 2012-11-05 09:26:26 +01:00
David Maloney 25a6e983a1 Remove the older modules 2012-11-04 14:48:34 -06:00
David Maloney fca8208171 Some minor code cleanup 2012-11-04 14:45:15 -06:00
David Maloney f69ccc779f Unified smarter module 2012-11-04 13:14:02 -06:00
David Maloney c30ada5eac Adds temp vbs mod and tweaked decoder stub 2012-11-04 12:49:15 -06:00
jvazquez-r7 88c99161b4 added universal target 2012-11-03 18:52:07 +01:00
jvazquez-r7 b8eea1007f Added module for CVE-2012-2288 EMC Networker Format String 2012-11-03 18:17:12 +01:00
sinn3r d4fc99e40c Merge branch 'ms10_104_100_continue_support' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ms10_104_100_continue_support 2012-11-02 15:16:35 -05:00
David Maloney ffca972075 Opps mispalced line 2012-11-02 09:34:32 -05:00
David Maloney 355bdbfa39 Add check for propper powershell version 2012-11-02 09:33:28 -05:00
nullbind 9158497fb4 msftidy updates 2012-11-01 20:59:37 -05:00
nullbind 8bb95e9f17 msftidy updates 2012-11-01 20:56:52 -05:00
David Maloney f843740fcb more fixes 2012-11-01 11:59:18 -05:00
jvazquez-r7 22fbfb3601 cleanup 2012-11-01 17:38:04 +01:00
jvazquez-r7 e720769747 Added module for ZDI-12-171 2012-11-01 17:17:45 +01:00
David Maloney aeb837838f typo 2012-11-01 11:03:50 -05:00
David Maloney 84c8660c96 Fix targets to be more specific 2012-11-01 11:00:45 -05:00
David Maloney 0eccfaf1bb Add a disclosure date 2012-11-01 10:24:28 -05:00
David Maloney 59f5d9bc5d Man i'm rusty at writing for framework
Fixes up all sinn3r's findings so far
2012-11-01 08:37:21 -05:00
David Maloney 00b9fb3c90 Switc smart mgirate to post mod as it should be 2012-10-31 17:03:49 -05:00
David Maloney dd7ab11e38 Minor cleanup 2012-10-31 16:14:34 -05:00
David Maloney 86f6d59d2e Adding the winrm powershell exploit
also adds the smart_migrate meterp script for autorun purposes
2012-10-31 15:46:11 -05:00
jvazquez-r7 ef0f415c51 related to #980 adds support for HttpClient 2012-10-31 17:46:57 +01:00
jvazquez-r7 91e6b7cd28 added ie8 target 2012-10-31 11:57:38 +01:00
jvazquez-r7 a3358a471f Merge branch 'aladdin_bof' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-aladdin_bof 2012-10-31 11:57:20 +01:00
sinn3r ec8a2955e1 Add OSVDB-86723 Aladdin Knowledge System ChooseFilePath Bof 2012-10-31 03:32:43 -05:00
sagishahar 53c7479d70 Add Windows 8 support
Verified with Windows 8 Enterprise Evaluation
2012-10-29 20:12:47 +02:00
jvazquez-r7 0e3bc7d060 hp operations agent mods: fix use of pattern_create, use ropdb 2012-10-29 15:45:40 +01:00
sinn3r e9b9c96221 Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler 2012-10-28 18:10:17 -05:00
nullbind 5ce6526125 first official release 2012-10-28 13:49:32 -05:00
jvazquez-r7 19920b3275 update module titles for hp operation agent vulns 2012-10-28 02:38:39 +01:00
sinn3r 320a23286a Merge branch 'warnings' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-warnings 2012-10-27 18:52:34 -05:00
sinn3r 7db7f1bfdf Merge branch 'turboftp_update' of git://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-turboftp_update 2012-10-27 18:51:41 -05:00
sinn3r c015372ce0 Merge branch 'hp_operations_agent_coda_8c' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_operations_agent_coda_8c 2012-10-27 18:45:36 -05:00
jvazquez-r7 73deeacd7e deleted unnecessary http headers according to my tests 2012-10-28 00:52:52 +02:00
jvazquez-r7 b4b1b77a77 deleted unnecessary http headers according to my tests 2012-10-28 00:51:18 +02:00
jvazquez-r7 51bc806014 Added module for CVE-2012-2019 2012-10-27 22:45:37 +02:00
jvazquez-r7 bcb80431d6 Added module for CVE-2012-2020 2012-10-27 22:43:16 +02:00
corelanc0d3r b48e355a6d fixed typo and defined badchars 2012-10-24 20:04:54 +02:00
sinn3r ede5d0f46b This is meant to be a warning, so we use print_warning 2012-10-24 00:55:54 -05:00
sinn3r 799c22554e Warn user if a file/permission is being modified during new session 2012-10-24 00:54:17 -05:00
sinn3r f1423bf0b4 If a message is clearly a warning, then use print_warning 2012-10-24 00:44:53 -05:00
Tod Beardsley be9a954405 Merge remote branch 'jlee-r7/cleanup/post-requires' 2012-10-23 15:08:25 -05:00
Michael Schierl 910644400d References EDB cleanup
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
Michael Schierl 21f6127e29 Platform windows cleanup
Change all Platform 'windows' to 'win', as it internally is an alias
anyway and only causes unnecessary confusion to have two platform names
that mean the same.
2012-10-23 20:33:01 +02:00
James Lee 9c95c7992b Require's for all the include's 2012-10-23 13:24:05 -05:00
sinn3r 33ce74fe8c Merge branch 'msftidy-1' of git://github.com/schierlm/metasploit-framework into schierlm-msftidy-1 2012-10-23 02:10:56 -05:00
James Lee b2db3e133d Rescue when the service is crashed
Failed exploit attempts leave the service in a state where the port is
still open but login attmempts reset the connection. Rescue that and
give the user an indication of what's going on.
2012-10-22 17:57:30 -05:00
Rob Fuller 7437d9844b standardizing author info 2012-10-22 17:01:58 -04:00
Michael Schierl 5b18a34ad4 References cleanup
Uppercase MSB, spaces in URLs.
2012-10-22 22:37:01 +02:00
Michael Schierl f9ac55c221 Infohash key cleanups
Replace obvious typos in infohash keys. Note that this *does*
affect the behaviour as those keys have been ignored before.
2012-10-22 21:24:36 +02:00
Michael Schierl e9f7873afc Version cleanup
Remove all values that are neither 0 nor $Revision$.
2012-10-22 20:57:02 +02:00
Michael Schierl 657d527f8d DisclosureDate cleanup: Try parsing all dates
Fix all dates unparsable by `Date.strptime(value, '%b %d %Y')`
2012-10-22 20:04:21 +02:00
Michael Schierl 70ac7c8345 Author cleanup: fix unmatched angle brackets 2012-10-22 19:45:27 +02:00
sinn3r ad9946689e Update description 2012-10-21 16:40:01 -05:00
sinn3r 1821c11369 Code cleanup 2012-10-21 16:40:01 -05:00
sinn3r c404b72d08 Doesn't make a lot of sense setting DefaultTarget to an older one 2012-10-21 16:40:01 -05:00
lincoln@corelan.be c7d12d94b7 turboftp exploit 2012-10-21 16:40:00 -05:00
sput-nick 60dc83748c Update modules/exploits/windows/browser/mozilla_mchannel.rb 2012-10-17 12:25:44 -03:00
Tod Beardsley 9192a01803 All exploits need a disclosure date. 2012-10-15 16:29:12 -05:00
sinn3r 529f88c66d Some msftidy fixes 2012-10-14 19:16:54 -05:00
sinn3r 97ac7fa184 Merge branch 'module-wle-service-permissions' of git://github.com/zeroSteiner/metasploit-framework 2012-10-14 18:27:32 -05:00
Spencer McIntyre 3ab24cdbb9 added exploits/windows/local/service_permissions 2012-10-11 22:42:36 -04:00
sinn3r 55c0cda86c Merge branch 'fix_vprint_reduceright' of git://github.com/kernelsmith/metasploit-framework into kernelsmith-fix_vprint_reduceright 2012-10-11 16:55:52 -05:00
kernelsmith c911eeece2 change vprint_error to print_error
exploits/windows/browser/mozilla_reduceright does not tell you when an
incompatible browser connects like most other browser exploits do
(unless verbose is true).  This change just changes the vprint to print
to be more consistent w/other browser exploits
2012-10-11 16:51:17 -05:00
sinn3r 1ea73b7bd2 Small description change and favor the use of print_error 2012-10-10 13:37:23 -05:00
jvazquez-r7 f32ce87071 delete comment added by error 2012-10-10 19:32:25 +02:00
jvazquez-r7 13e914d65e added on_new_session handler to warn users about cleanup 2012-10-10 19:31:38 +02:00
jvazquez-r7 37dc19951b Added module for ZDI-12-169 2012-10-10 19:14:54 +02:00
sinn3r abb4bdd408 metadata formatting, and a little res gotcha 2012-10-08 15:00:51 -05:00
jvazquez-r7 ef9d627e13 Added module for ZDI-12-106 2012-10-08 20:04:01 +02:00
sinn3r e9b70a3a4f Merge branch 'avaya_winpmd_unihostrouter' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-avaya_winpmd_unihostrouter 2012-10-07 15:35:30 -05:00
jvazquez-r7 0acd9e4eec Merge branch 'ms10_002_ropdb_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms10_002_ropdb_update 2012-10-07 17:49:45 +02:00
jvazquez-r7 40983460bf added module for avaya winpmd bof, osvdb 73269 2012-10-07 12:05:13 +02:00
sinn3r bdb9b75e1e Use RopDb, and print what target the module has selected. 2012-10-07 01:42:29 -05:00
sinn3r 5b656087b5 Use RopDb in adobe_flash_otf_font, also cleaner code & output 2012-10-06 21:03:41 -05:00
jvazquez-r7 874fe64343 Merge branch 'ms11_050_ropdb_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms11_050_ropdb_update 2012-10-06 14:10:36 +02:00
sinn3r e02adc1f35 Merge branch 'mubix-bypassuac_uac_check' 2012-10-06 02:09:16 -05:00
sinn3r 33429c37fd Change print_error to print_debug as a warning 2012-10-06 02:08:19 -05:00
sinn3r 94d5eb7a8c Use RopDb in MS11-050, and correct autopwninfo 2012-10-06 01:45:40 -05:00
Rob Fuller 55474dd8bf add simple UAC checks to bypassuac 2012-10-06 00:59:54 -04:00
Rob Fuller b984d33996 add RunAs ask module 2012-10-06 00:51:44 -04:00
sinn3r 769fa3743e Explain why the user cannot modify the URIPATH 2012-10-05 17:24:06 -05:00
sinn3r 2aa59623d1 Merge branch 'ropdb_for_browsers' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ropdb_for_browsers 2012-10-05 15:43:18 -05:00
sinn3r 21ea77ff8b Fix spaces 2012-10-05 15:40:37 -05:00
sinn3r 6342c270f4 Merge branch 'bypassuac_localport' of https://github.com/mubix/metasploit-framework into mubix-bypassuac_localport 2012-10-05 14:16:16 -05:00
sinn3r 33db3d9610 RopDb for ntr_activex_check_bof.rb 2012-10-05 14:09:59 -05:00
sinn3r f92843c96e RopDb for ie_execcommand_uaf.rb 2012-10-05 13:49:17 -05:00
sinn3r 9a53a49625 RopDb for vlc_amv.rb 2012-10-05 12:54:16 -05:00
sinn3r d9278d82f8 Adopt RopDb for msxml_get_definition_code_exec.rb 2012-10-05 12:20:41 -05:00
sinn3r 6fc8790dd7 Adopt RopDb for ms12_037_same_id.rb 2012-10-05 12:17:19 -05:00
sinn3r 1268614d54 Adopt RopDb for adobe_flash_mp4_cprt.rb 2012-10-05 11:15:53 -05:00
sinn3r 98931e339a Adopt RopDb for adobe_flash_rtmp.rb 2012-10-05 11:05:19 -05:00
sinn3r 631a06f3bb Adopt RopDb for adobe_flashplayer_flash10o.rb 2012-10-05 10:55:55 -05:00
Rob Fuller 0ae7756d26 fixed missing > on author 2012-10-05 11:13:40 -04:00
sinn3r bcc56cb7cc Merge branch 'bypassuac_localport' of https://github.com/mubix/metasploit-framework into mubix-bypassuac_localport 2012-10-05 01:05:30 -05:00
sinn3r 77438d2fc7 Make URI modification more obvious, and let the user know why 2012-10-04 17:52:04 -05:00
Rob Fuller 8520cbf218 fixes spotted by @jlee-r7 2012-10-04 17:34:35 -04:00
Tod Beardsley 4400cb94b5 Removing trailing spaces 2012-10-04 14:58:53 -05:00
kernelsmith 6ef87d1695 update info to reflect use of webdav
ms10_042_helpctr_xss_cmd_exec.rb doesn't tell you that it's going to
use webdav, and it's options dont' have the (Don't change) warning for
SRVPORT and URIPATH.  This update fixes all that
2012-10-04 14:09:53 -05:00
Rob Fuller 3f2fe8d5b4 port bypassuac from post module to local exploit 2012-10-04 14:31:23 -04:00
sinn3r fbc3709774 Change the title and regex a bit 2012-10-03 12:16:25 -05:00
jvazquez-r7 30846f4190 fix typo in comment 2012-10-03 16:06:00 +02:00
jvazquez-r7 24037ac79a Added module for CVE-2011-4051 2012-10-03 16:03:36 +02:00
sinn3r e36507fc05 Code cleanup and make msftidy happy 2012-10-02 12:00:23 -05:00
Spencer McIntyre 21e832ac1c add call to memory protect to fix DEP environments 2012-10-01 18:49:18 -04:00
Spencer McIntyre c93692b06d add a check to verify session is not already system for MS11-080 2012-09-27 08:36:13 -04:00
Spencer McIntyre 8648953747 added MS11-080 AFD JoinLeaf Windows Local Exploit 2012-09-26 11:01:30 -04:00
sinn3r 2db2c780d6 Additional changes
Updated get_target function, comment for original author, possible
bug in handling page redirection.
2012-09-24 17:38:19 -05:00
jvazquez-r7 2784a5ea2d added js obfuscation for heap spray 2012-09-24 21:28:34 +02:00
sinn3r 57b3aae9c0 Only JRE ROP is used 2012-09-24 10:21:02 -05:00
jvazquez-r7 d476ab75cc fix comment 2012-09-24 10:03:31 +02:00
jvazquez-r7 f3a64432e9 Added module for ZDI-12-170 2012-09-24 10:00:38 +02:00
sinn3r d3611c3f99 Correct the tab 2012-09-21 12:29:24 -05:00
sinn3r 25f4e3ee1f Update patch information for MS12-063 2012-09-21 12:28:41 -05:00
sinn3r 54b98b4175 Merge branch 'ntr_activex_check_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_check_bof 2012-09-20 16:43:20 -05:00
sinn3r 4ead0643a0 Correct target parameters 2012-09-20 16:41:54 -05:00
sinn3r 41449d8379 Merge branch 'ntr_activex_stopmodule' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_stopmodule 2012-09-20 16:33:12 -05:00
Tod Beardsley a5ffe7297f Touching up Kernelsmith's wording.
It is merely the ROP chain, not the vuln, that requires Java.
2012-09-20 14:52:52 -05:00
Tod Beardsley 883dc26d73 Merge remote branch 'kernelsmith/ie_execcommand_uaf_info' 2012-09-20 14:48:36 -05:00
jvazquez-r7 e98e3a1a28 added module for cve-2012-0266 2012-09-20 19:03:46 +02:00
jvazquez-r7 b61c8b85b8 Added module for CVE-2012-02672 2012-09-20 19:02:20 +02:00
David Maloney f75ff8987c updated all my authour refs to use an alias 2012-09-19 21:46:14 -05:00
kernelsmith f1a39c76ed update to ie_execcommand_uaf's info to add ROP info
This module requires the following dependencies on the target for the
ROP chain to function.  For WinXP SP3 with IE8, msvcrt must be present
(which it is on default installs).  For Vista/Win7 with IE8 or Win7
with IE9, ire 1.6.x or below must be installed.
2012-09-19 14:10:02 -05:00
Ramon de C Valle 11f82de098 Update author information 2012-09-19 14:00:51 -03:00
sinn3r cc8102434a CVE assigned for the IE '0day' 2012-09-18 16:13:27 -05:00
Tod Beardsley 25475ffc93 Msftidy fixes.
Whitespace on ie_execcommand_uaf, and skipping a known-weird caps check
on a particular software name.
2012-09-18 11:25:00 -05:00
sinn3r 5fbc4b836a Add Microsoft advisory 2012-09-17 22:13:57 -05:00
Tod Beardsley 75bbd1c48d Being slightly more clear on Browser Not Supported
With this and the rest of sinn3r's fixes, it looks like we can close the
Redmine bug.

[FixRM #7242]
2012-09-17 11:16:19 -05:00
sinn3r d77ab9d8bd Fix URIPATH and nil target
Allow random and '/' as URIPATh, also refuse serving the exploit
when the browser is unknown.
2012-09-17 10:54:12 -05:00
Tod Beardsley 48a46f3b94 Pack / Unpack should be V not L
Packing or unpacking to/from L, I, or S as pack types will cause
problems on big-endian builds of Metasloit, and are best avoided.
2012-09-17 09:52:43 -05:00
Tod Beardsley d77efd587a Merge remote branch 'wchen-r7/ie_0day_execcommand' 2012-09-17 08:48:22 -05:00
sinn3r 5eaefcf4c7 This is the right one, I promise 2012-09-17 08:41:25 -05:00
sinn3r 8f50a167bd This is the right module 2012-09-17 08:36:04 -05:00
sinn3r e43cae70a7 Add IE 0day exploiting the execcommand uaf 2012-09-17 08:28:33 -05:00
jvazquez-r7 9a83c7c338 changes according to egypt review 2012-09-14 18:47:50 +02:00
jvazquez-r7 eae571592c Added rgod email 2012-09-14 17:45:16 +02:00
jvazquez-r7 a2649dc8d1 fix typo 2012-09-14 17:10:41 +02:00
jvazquez-r7 e27d5e2eb7 Description improved 2012-09-14 17:08:59 +02:00
jvazquez-r7 9c77c15cf5 Added module for osvdb 85087 2012-09-14 16:54:28 +02:00
Tod Beardsley 39f2cbfc3c Older targets confirmed for CoolType SING 2012-09-12 16:51:51 -05:00
jvazquez-r7 61bf15114a deregistering FILENAME option 2012-09-10 23:14:14 +02:00
jvazquez-r7 199fbaf33d use a static filename 2012-09-10 23:08:21 +02:00
jvazquez-r7 cb975ce0a2 cleanup plus documentation for the maki template 2012-09-10 22:48:04 +02:00
jvazquez-r7 607c0f023a added edb references 2012-09-10 17:30:31 +02:00
jvazquez-r7 b813e4e650 Added module for CVE-2009-1831 2012-09-10 16:46:16 +02:00
jvazquez-r7 caae54a7ca added osvdb reference 2012-09-07 16:56:37 +02:00
jvazquez-r7 c572c20831 Description updated to explain conditions 2012-09-07 11:18:54 +02:00
sinn3r 86036737ca Apparently this app has two different names
People may either call the app "ActiveFax", or "ActFax". Include
both names in there to allow the module to be more searchable.
2012-09-06 18:38:03 -05:00
jvazquez-r7 4985cb0982 Added module for ActFac SYSTEM Local bof 2012-09-07 00:45:08 +02:00
jvazquez-r7 b4113a2a38 hp_site_scope_uploadfileshandler is now multiplatform 2012-09-06 12:54:51 +02:00
jvazquez-r7 2f87af1c3a add some checks while parsing the java serialization config file 2012-09-05 20:58:55 +02:00
jvazquez-r7 b2116e2394 cleanup, test, add on_new_session handler and osvdb references 2012-09-05 20:54:25 +02:00
jvazquez-r7 406202fc81 Added module for ZDI-12-174 2012-09-05 12:56:09 +02:00
sinn3r 783ffb13c2 Add Adobe security bulletin references 2012-09-04 00:07:53 -05:00
sinn3r 9d97dc8327 Add Metasploit blogs as references, because they're useful. 2012-09-03 15:57:27 -05:00
sinn3r 9ab62de637 Fix a spelling error 2012-09-03 01:44:02 -05:00
jvazquez-r7 943121dd61 Added module for CVE-2012-2611 2012-09-03 00:15:56 +02:00
sinn3r d106a1150e Be more clear that we dislike certain PDF templates 2012-08-31 14:07:58 -05:00
jvazquez-r7 f439f256b5 Debug line deleted on 2012-08-30 00:18:07 +02:00
sinn3r c3159e369a A lot gotcha
When res is nil, that condition can fall into the 'else' clause.
If that happens, we can trigger a bug when we try to read res.code.
2012-08-29 14:46:35 -05:00
jvazquez-r7 6a24e042f9 fixing indentation 2012-08-29 16:17:56 +02:00
jvazquez-r7 2ed712949e Added check function 2012-08-29 16:12:11 +02:00
jvazquez-r7 72cb39925a Added exploit for OSVDB 84821 2012-08-29 12:17:44 +02:00
sinn3r 8e56d4f2eb This reference is too damn useful, must add 2012-08-25 16:05:58 -05:00
sinn3r d51f8cad25 Change title and description 2012-08-24 15:39:56 -05:00
jvazquez-r7 e461d542ac added Windows 2003 SP1 Spanish targets 2012-08-24 12:50:30 +02:00
jvazquez-r7 54ce7268ad modules/exploits/windows/smb/ms08_067_netapi.rb 2012-08-24 11:30:23 +02:00
jvazquez-r7 1a60abc7a7 Added W2003 SP2 Spanish targets 2012-08-24 11:16:08 +02:00
jvazquez-r7 57c6385279 heap spray from flash works pretty well on ie9 too 2012-08-22 20:47:11 +02:00
jvazquez-r7 730c0e9368 added windows vista and w7 targets 2012-08-22 20:13:10 +02:00
sinn3r 22051c9c2c Merge branch 'flash_exploit_r2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-flash_exploit_r2 2012-08-22 10:00:34 -05:00
sinn3r 1b6fe22359 Give proper credit to Craig plus additional references
Craig first found the buffer overflow. But Matt found a more
reliable way to exploit the flaw.
2012-08-21 22:48:15 -05:00
sinn3r f715527423 Improve CVE-2012-1535 2012-08-21 19:58:21 -05:00
jvazquez-r7 3da8a59cf0 a little cleanup plus complete metadata 2012-08-20 22:42:54 +02:00
Matt Andreko d226135986 Code Review Feedback
Removed trailing spaces and fixed indenting.
2012-08-20 10:41:42 -04:00
Matt Andreko d82493a658 Code Review Feedback
Added 'Space' payload option, which in turn also required 'DisableNops'
Added/Corrected documentation for return addresses
2012-08-19 22:09:08 -04:00
Matt Andreko bd249d1f28 Fixed exploit and made code review changes
The exploit was not working due to the user's root path causing
the EIP offset to change. To correct this, I was able to get
the server to disclose the root path in an error message (fixed in
5.67). I also radically refactored the exploit due to the feedback
I received from Juan Vazquez.
2012-08-19 10:01:03 -04:00
Matt Andreko 6dfe706860 Merge remote-tracking branch 'upstream/master' into sysax_create_folder 2012-08-19 09:58:04 -04:00
sinn3r d1370c0f33 Alexander Gavrun gets a cookie 2012-08-17 12:23:49 -05:00
sinn3r 53a835dc85 Imply that we only garantee 11.3 2012-08-17 12:18:45 -05:00
sinn3r 13df1480c8 Add exploit for CVE-2012-1535 2012-08-17 12:16:54 -05:00
sinn3r ac2e3dd44e Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-08-15 14:47:22 -05:00
sinn3r 54146b8e99 Add another ref about the technique 2012-08-15 14:46:51 -05:00
Tod Beardsley f325d47659 Fix up description a little 2012-08-15 13:57:24 -05:00
Tod Beardsley 586d937161 Msftidy fix and adding OSVDB 2012-08-15 13:43:50 -05:00
Tod Beardsley d56ac81a57 Recapitalizing GlobalSCAPE
According to

http://kb.globalscape.com/Search.aspx?Keywords=globalscape

this seems to be the preferred capitalization.
2012-08-15 13:25:35 -05:00
sinn3r dc5f8b874d Found a bug with retrying. 2012-08-14 17:04:17 -05:00
sinn3r bfe2ed0737 Minor title update 2012-08-14 12:14:13 -05:00
jvazquez-r7 1ec7f03352 Changes proposed by todb: description, author email, zip data random 2012-08-14 18:45:05 +02:00
jvazquez-r7 3c79509780 Added module for BID 46375 2012-08-14 18:15:29 +02:00
sinn3r 3e0e5a1a75 No manual stuff, probably prones to failure anyway. 2012-08-14 10:58:57 -05:00
sinn3r 612848df6f Add priv escalation mod for exploiting trusted service path 2012-08-14 01:55:03 -05:00
Tod Beardsley bd408fc27e Updating msft links to psexec
Thanks for the spot @shuckins-r7 !
2012-08-13 15:28:04 -05:00
sinn3r 6059bb5710 Merge branch 'cyclope' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-cyclope 2012-08-13 11:40:46 -05:00
sinn3r dfa00ac499 Merge branch 'zenworks_assetmgmt_uploadservlet' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_assetmgmt_uploadservlet 2012-08-13 11:39:15 -05:00
sinn3r f9b5f321cb ADD OSVDB-84517 2012-08-12 17:56:18 -05:00
RageLtMan 3711297719 dd Opt::Proxies and opthash[:proxies] to exploits 2012-08-12 16:29:39 -04:00
jvazquez-r7 bf04e2dded Added module for CVE-2011-2653 2012-08-12 18:27:56 +02:00
James Lee 67cdea1788 Fix load order issues (again)
This is getting annoying.  Some day we'll have autoload and never have
to deal with this.
2012-08-10 13:52:54 -06:00
sinn3r b4b860f356 Correct MC's name 2012-08-08 14:16:02 -05:00
jvazquez-r7 8587ff535a Added exploit module for CVE-2009-1730 2012-08-08 16:28:03 +02:00
sinn3r b46fb260a6 Comply with msftidy
*Knock, knock!*  Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
sinn3r 7221420267 When it hangs, it's actually the correct behavior, not a failure. 2012-08-07 15:00:08 -05:00
sinn3r 57c32c9c7b Slip Plixer's name in there, because it's their product. 2012-08-07 12:20:44 -05:00
sinn3r 0f37c1704d Add vendor's name in there fore better searching 2012-08-07 12:17:41 -05:00
sinn3r 5f4297a68a I tested it 9.5.2 too 2012-08-07 11:01:08 -05:00
sinn3r 3ba73c4f7f Fix check() function 2012-08-07 11:00:12 -05:00
sinn3r 6b4ae94dce Add CVE-2012-3951 Scrutinizer NetFlow and sFlow Analyzer exploit
This uses a default MySQL admin credential to write a php file to
the web directory, extracts our malicious executable, and then
finally execute it. We get SYSTEM.
2012-08-07 03:19:44 -05:00
jvazquez-r7 44dd8b0cc5 Merge branch 'update_juan_author' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-update_juan_author 2012-08-06 19:04:26 +02:00
jvazquez-r7 c2cc4b3b15 juan author name updated 2012-08-06 18:59:16 +02:00
sinn3r 349c841f6b Blah, OSVDB ref shouldn't be a link 2012-08-06 11:57:59 -05:00
sinn3r 647b587f75 Merge branch 'Meatballs1-uplay' 2012-08-06 11:54:51 -05:00
sinn3r 69ff9e7c1c Lots of changes before commit. 2012-08-06 11:54:08 -05:00
sinn3r 25b2b2de68 Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay 2012-08-06 11:33:27 -05:00
sinn3r 13aca3fe4c Merge branch 'oracle_autovue_setmarkupmode' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_autovue_setmarkupmode 2012-08-06 03:13:27 -05:00
Steve Tornio 79e04bb793 add osvdb ref 2012-08-05 09:02:11 -05:00
Steve Tornio eb963ae52a add osvdb ref 2012-08-05 09:01:46 -05:00
jvazquez-r7 4e8a6f6508 Added module for CVE-2012-0549 2012-08-05 12:13:23 +02:00
Tod Beardsley d5b165abbb Msftidy.rb cleanup on recent modules.
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
Meatballs1 1aacea951d Serve files as hidden 2012-08-04 18:03:12 +01:00
Meatballs1 833999b2c3 Changed blacklist to 404 all files that are not our share and executable - this allows windows/exec payload to work 2012-08-04 17:59:45 +01:00
James Lee 227d0dbc47 Add jabra to authors. I'm a jerk 2012-08-02 11:13:53 -06:00
James Lee 1a2a1e70f7 Replace load with require, *facepalm* 2012-08-01 22:51:36 -06:00
sinn3r 2f1022a5a3 Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay 2012-08-01 16:24:23 -05:00
sinn3r f6a2ba094d Merge branch 'sonicwall_scrutinizer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sonicwall_scrutinizer 2012-08-01 15:14:34 -05:00
sinn3r 74a6c724a6 Merge branch 'cisco_playerpt_setsource_surl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cisco_playerpt_setsource_surl 2012-08-01 15:13:15 -05:00
sinn3r 6ae863cdff Forgot two extra spaces, how dare me! 2012-08-01 15:11:33 -05:00
sinn3r 48533dc392 Merge branch 'current-user-psexec' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-current-user-psexec 2012-08-01 15:02:10 -05:00
sinn3r 92d1d26288 Add CVE-2012-2962 : Dell SonicWall Scrutinizer exploit 2012-08-01 15:00:24 -05:00
jvazquez-r7 4c28b2a310 modified autopwn_info to add ie9 2012-08-01 19:36:20 +02:00
jvazquez-r7 d3c10d5d39 Added module for CVE-2012-0284 2012-08-01 19:34:37 +02:00
James Lee 0707730fe0 Remove superfluous method
Obsoleted by session.session_host, which does the same thing
2012-08-01 01:07:21 -06:00
James Lee 47eb387886 Add current_user_psexec module
Tested against a 2k8 domain controller.
2012-08-01 01:05:10 -06:00
sinn3r d66678e7ee Forgot to randomize element ID 2012-07-31 17:25:50 -05:00
jvazquez-r7 7a0b5a6169 Added module for CVE-2012-1876 2012-07-31 23:14:29 +02:00
Meatballs1 75a9283fbf Removed auto migrate as exploit loads in a seperate process to browser anyway 2012-07-31 20:44:14 +01:00
Meatballs1 6f697ce519 Working with WebDAV 2012-07-31 20:26:47 +01:00
sinn3r e7db0ebcef Blah, removed the wrong ref. 2012-07-30 12:47:32 -05:00
sinn3r edfe43e7e0 When I say to remove BID ref, I mean it... 2012-07-30 12:46:27 -05:00
sinn3r e84214d1e1 Remove some references to avoid confusion.
rgod's poc and Mikado aren't actually the same thing, despite the
fact they both use the same method. To avoid confusion, refs to
Secunia and CVE are removed, but OSVDB/EDB are kept unless OSVDB
decides rgod's and Mikado's are separate issues.
2012-07-30 12:42:27 -05:00
Meatballs1 f298dbbd04 Fixed to work with browser_autopwn 2012-07-30 16:43:21 +01:00
Meatballs1 066020e572 Msftidy 2012-07-30 15:51:56 +01:00
Meatballs1 404909cb95 Check as IE crashes if length > 693 2012-07-30 15:41:58 +01:00
Meatballs1 690c381abd Initial commit 2012-07-30 14:49:34 +01:00
jvazquez-r7 2fa88366be Added module for MS10-104 2012-07-30 09:01:38 +02:00
Matt Andreko 2f7b5f35af Added Sysax 5.64 Create Folder exploit 2012-07-29 10:40:02 -04:00
jvazquez-r7 0bbcac96ea cleanup: delete revision metadata plus fix disc date 2012-07-26 15:04:15 +02:00
jvazquez-r7 e885b84347 Added module for CVE-2012-0284 2012-07-26 13:08:24 +02:00
jvazquez-r7 d2e1f4b448 Added module for OSVDB 83745 2012-07-25 19:24:09 +02:00
sinn3r b527356e00 This check can be handy 2012-07-22 03:34:16 -05:00
jvazquez-r7 beb1fbb55d Added module for Simple Web Server Connection header bof 2012-07-21 12:07:36 +02:00
jvazquez-r7 f4e4675dc5 Avoid unpack with native endian types 2012-07-20 22:07:12 +02:00
jvazquez-r7 37f14f76b7 Descriptions updated 2012-07-19 17:38:01 +02:00
sinn3r 2bb36f5ef9 Remove repeating words 2012-07-19 10:17:05 -05:00
sinn3r 898530dd54 Fix description 2012-07-19 10:15:26 -05:00
sinn3r 2c648b1c5b Merge branch 'zenworks_preboot_op6c_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6c_bof 2012-07-19 10:14:10 -05:00
sinn3r 8f867b5b0d 100 columns or each line in the description 2012-07-19 10:12:22 -05:00
jvazquez-r7 d51209a3cf Beautify 2012-07-19 15:53:47 +02:00
jvazquez-r7 d69a46a9f0 Beautify 2012-07-19 15:53:09 +02:00
jvazquez-r7 83b7b90c61 Added module for CVE-2011-3175 2012-07-19 15:30:51 +02:00
jvazquez-r7 48f8145d97 Added module for CVE-2011-3176 2012-07-19 15:29:10 +02:00
James Lee ebe48ecf16 Add Rank for schelevator, update sock_sendpage's 2012-07-18 11:16:29 -06:00
sinn3r f4547527a8 Merge branch 'omg-post-exploits' of https://github.com/jlee-r7/metasploit-framework 2012-07-17 17:43:40 -05:00
sinn3r b3e11f2e6b Merge branch 'zenworks_preboot_op6_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6_bof 2012-07-17 17:42:58 -05:00
jvazquez-r7 80bfd48535 Added module for ZDI-010-090 Opcode 0x6 2012-07-17 23:25:55 +02:00
jvazquez-r7 0514756e92 Added module for ZDI-010-090 Opcode 0x21 2012-07-17 23:25:04 +02:00
James Lee efe478f847 Merge branch 'master' into omg-post-exploits 2012-07-16 09:20:23 -06:00
HD Moore 7f3aeca501 Put lipstick on this pig for the time being 2012-07-15 21:35:29 -05:00
HD Moore 44e56c87f1 Make super sure that blank creds are not reported 2012-07-15 20:56:31 -05:00
jvazquez-r7 8cf08c6ca3 Target W7 updated 2012-07-15 17:45:58 +02:00
sinn3r e1ff6b0cef Nicer cleanup 2012-07-14 17:57:32 -05:00
jvazquez-r7 bdf009d7a8 Review of pull request #606 2012-07-15 00:20:12 +02:00
sinn3r 06974cbc43 This bug is now patched 2012-07-10 12:28:46 -05:00
HD Moore c532d4307a Use the right failure reason 2012-07-10 00:26:14 -05:00
jvazquez-r7 73fcf73419 Added module for CVE-2011-2657 2012-07-09 18:03:16 +02:00
James Lee 6d6b4bfa92 Merge remote branch 'rapid7/master' into omg-post-exploits 2012-07-08 17:32:39 -06:00
sinn3r 70c718a5ed Fix indent level 2012-07-06 12:44:03 -05:00
sinn3r 24c57b61a8 Add juan as an author too for improving the module a lot 2012-07-06 10:41:06 -05:00
jvazquez-r7 9fecc80459 User of TARGETURI plus improve of description 2012-07-06 15:47:25 +02:00
jvazquez-r7 7751c54a52 references updates 2012-07-06 11:56:03 +02:00
jvazquez-r7 f8ca5b4234 Revision of pull request #562 2012-07-06 11:52:43 +02:00
sinn3r 260cea934d Add more reference 2012-07-05 16:48:43 -05:00
jvazquez-r7 ff4a0bc3aa poisonivy_bof description updated 2012-07-05 00:18:13 +02:00
jvazquez-r7 8bdf3b56f5 tries updated 2012-07-04 15:48:32 +02:00