James Lee
13d1045989
Works for java and native linux targets
2013-02-07 16:56:38 -06:00
jvazquez-r7
e9912496d8
nice check learned from sinn3r
2013-02-07 22:05:39 +01:00
jvazquez-r7
0d3c32b0a4
Added module for CVE-2012-0419
2013-02-07 21:15:49 +01:00
sinn3r
7f746e1caa
That's what he said.
2013-02-07 11:13:18 -06:00
sinn3r
d554c3a56a
Don't really need the bottom comment
2013-02-07 10:46:42 -06:00
sinn3r
98559d4d51
Do a check and make sure this is Simple Web Server
2013-02-07 10:45:53 -06:00
sinn3r
b11f052746
Allow arbitrary depth
2013-02-07 10:32:29 -06:00
sinn3r
a3264e18e2
There aint no fail_with(), must use print_error
2013-02-07 10:30:17 -06:00
HD Moore
77390a5935
Fix a bug reported by Tom Liston
2013-02-06 23:34:55 -06:00
James Lee
b6c6397da3
typo
2013-02-06 19:21:20 -06:00
sinn3r
b09f819e4b
Add Simple Web Server dir traversal
2013-02-06 17:02:07 -06:00
James Lee
1095fe198b
Merge branch 'rapid7' into dmaloney-r7-http/auth_methods
2013-02-06 16:57:50 -06:00
HD Moore
f0ca4b2f08
Merge remote-tracking branch 'upstream/master'
2013-02-06 16:31:31 -06:00
Tod Beardsley
5357e23675
Fixups to the Linksys module
...
Professionalizes the description a little, but more importantly, handles
LANIP better, I think. Instead of faking a 1.1.1.1 address, just detect
if it's set or not in a method and return the right thing accordingly.
Please test this before landing, obviously. I think it's what's
intended.
2013-02-06 12:46:50 -06:00
Tod Beardsley
e175e2c9e9
typo in method name
2013-02-06 12:19:57 -06:00
HD Moore
22e3458cea
Fix multi-line output due to bad regex flag
2013-02-06 11:27:58 -06:00
Tod Beardsley
faeaa74a49
Msftidy whitespace
2013-02-06 11:06:13 -06:00
sinn3r
0186e290d3
Merge branch 'ovftool_format_string_fileformat' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_fileformat
2013-02-05 15:13:51 -06:00
sinn3r
ebd49eb534
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-02-05 15:13:09 -06:00
sinn3r
b706af54a0
Merge branch 'ovftool_format_string_browser' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_browser
2013-02-05 15:12:24 -06:00
HD Moore
9af888c03b
Merge pull request #1433 from jjarmoc/jjarmoc-rails_xml_scan
...
rails_xml_yaml_scanner.rb improvements
2013-02-05 12:34:10 -08:00
Matt Andreko
2cdeca5422
Added reference & depth
...
Added reference to IOActive's release.
Added a depth option to allow user to specify how many folders to traverse.
2013-02-05 14:32:50 -05:00
HD Moore
80a8bab02f
Correct the CVE reference
2013-02-05 10:37:24 -06:00
m-1-k-3
43f3bb4fe6
small updates
2013-02-05 13:54:10 +01:00
SphaZ
0f46ed72e1
Using snake_case, fixed using tmp files, changed errorhandling
2013-02-05 12:00:04 +01:00
David Maloney
877fb017b6
remove negotiate requirements
...
winrm can support basic, and now these modules can too, for free
2013-02-04 16:50:43 -06:00
sinn3r
42912bf286
Merge branch 'jjarmoc-rails_methods' of github.com:jjarmoc/metasploit-framework into jjarmoc-jjarmoc-rails_methods
2013-02-04 16:50:01 -06:00
David Maloney
44d4e298dc
Attempting to cleanup winrm auth
2013-02-04 15:48:31 -06:00
Jeff Jarmoc
9b30e354ea
Updates HTTP_METHOD option to use OptEnum.
2013-02-04 15:32:36 -06:00
Jeff Jarmoc
39cafd0cde
Use OptEnum instead of OptString
2013-02-04 15:08:34 -06:00
sinn3r
45db43d2b3
Merge branch 'msftidy/no-twitter-handles' of github.com:todb-r7/metasploit-framework into todb-r7-msftidy/no-twitter-handles
2013-02-04 14:21:40 -06:00
David Maloney
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
David Maloney
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
David Maloney
8b1febb4cf
add myself to the blame list for the module =P
2013-02-04 12:32:43 -06:00
David Maloney
9497e38ef7
Fix http login scanner
...
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
David Maloney
2c3de43f4b
datastore opts cleanup
...
cleanuo digestauth datastore options in modules
2013-02-04 12:10:44 -06:00
jvazquez-r7
9ce5f39bc6
added migrate as initial script
2013-02-04 16:42:56 +01:00
jvazquez-r7
e0d4bb5799
Added module for cve-2012-3569, browser version
2013-02-04 16:37:42 +01:00
jvazquez-r7
135718a97b
Added module for cve-2012-3569, fileformat version
2013-02-04 16:36:33 +01:00
SphaZ
fa1811ac38
changed SOURCE to be OptPath
2013-02-04 15:25:11 +01:00
SphaZ
3b528d7f6d
removed data files from docx
2013-02-04 14:00:13 +01:00
SphaZ
145cf618aa
msftidy
2013-02-04 13:51:01 +01:00
SphaZ
24de0d2274
Data files moved. Updated to use Rex::zip and Msf::Exploit::FILEFORMAT
2013-02-04 13:37:09 +01:00
m-1-k-3
5ca0e45388
initial commit
2013-02-04 08:44:12 +01:00
HD Moore
4c8811bb8a
Add a debug target
2013-02-03 23:24:44 -06:00
HD Moore
191eed88bc
Fix liberal matching expression on target
2013-02-03 21:50:03 -06:00
HD Moore
9379c68e51
Fix typo, auto-fingerprint, unconnected sockets
2013-02-03 21:23:05 -06:00
HD Moore
0660347fca
Explicit mult-line match
2013-02-03 21:06:57 -06:00
HD Moore
42c8a2d265
Add VU and blog references
2013-02-03 18:17:51 -06:00
HD Moore
c24da99104
Update authors, add Richard (thanks!)
2013-02-03 18:13:28 -06:00
HD Moore
9e491f0b1c
Add a fingerprint string and more comments
2013-02-03 18:03:32 -06:00
HD Moore
1f227243b8
Make it clear BadChars are ignored
2013-02-03 17:54:25 -06:00
HD Moore
214a60aa01
iFix spacing
2013-02-03 17:52:33 -06:00
HD Moore
94953d0450
Fix idents from copypasta
2013-02-03 17:48:13 -06:00
HD Moore
975230c9e7
Add the first module for unique_service_name()
2013-02-03 17:46:20 -06:00
HD Moore
47f3c09616
Fix typo that snuck in during merge
2013-02-03 17:38:19 -06:00
HD Moore
5be4d41420
This is redundant/less-reliable than reverse_openssl
2013-02-03 17:35:14 -06:00
HD Moore
6146aeb03b
Merge pull request #1432 from sempervictus/hdm_add_openssl_payloads
...
Add SSL payloads and handler
2013-02-03 15:34:06 -08:00
jvazquez-r7
2bf2d4d8a4
Merge branch 'netgear_sph200d_traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-netgear_sph200d_traversal
2013-02-03 23:35:29 +01:00
Jeff Jarmoc
5e0c18af2f
adding self to credits
2013-02-03 16:14:42 -06:00
Jeff Jarmoc
57c8e41846
Re-order probes and checks.
...
This causes module to exit if error conditions are found, before sending unecessary probes.
2013-02-03 16:10:46 -06:00
Jeff Jarmoc
8dff427776
Allow 4xx codes, display codes in verbose output
2013-02-03 16:07:07 -06:00
Jeff Jarmoc
810470de3b
Make HTTP_METHOD Configurable
2013-02-03 16:05:45 -06:00
RageLtMan
ffb88baf4a
initial module import from SV rev_ssl branch
2013-02-03 15:06:24 -05:00
HD Moore
c3801ad083
This adds an openssl CMD payload and handler
2013-02-03 04:44:25 -06:00
Tod Beardsley
e8def29b4f
Dropping all twitter handles
...
Also adds "pbot" as an accepted lowercase word. This will come up pretty
routinley for functions and stuff.
2013-02-01 16:33:52 -06:00
sinn3r
027ba28e70
Merge branch 'jvazquez-r7-datalife_template'
2013-02-01 16:27:18 -06:00
David Maloney
5814c59620
move httpauth to mixin
...
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
2013-02-01 15:12:10 -06:00
HD Moore
a63cf6977c
Fix 1.8 support
2013-02-01 14:39:32 -06:00
HD Moore
d5ae005332
Rename with underscores
2013-02-01 14:39:01 -06:00
HD Moore
4e6c93ec7d
Various style fixes, fix ruby 1.8 compat
2013-02-01 14:38:20 -06:00
jvazquez-r7
c24c926ffa
add aditional check to detect valid device
2013-02-01 20:55:06 +01:00
jvazquez-r7
996ee06b0f
fix another print_ call
2013-02-01 20:43:54 +01:00
jvazquez-r7
152f397a1f
first module cleanup
2013-02-01 20:38:11 +01:00
m-1-k-3
988761a6de
more updates, BID, Exploit-DB
2013-02-01 20:18:53 +01:00
m-1-k-3
fdd5fe77c1
more updates ...
2013-02-01 19:59:19 +01:00
m-1-k-3
0e22ee73b5
updates ...
2013-02-01 19:26:34 +01:00
jvazquez-r7
bf7bb9952e
added template stuff improve
2013-02-01 11:53:42 +01:00
SphaZ
e71c2c5ece
added word_unc_injector auxiliary module
2013-02-01 08:03:41 +01:00
sinn3r
de8572d934
Use normalize_uri for URI
2013-01-31 16:57:48 -06:00
jvazquez-r7
70b252dc7b
Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2
2013-01-31 22:32:50 +01:00
sinn3r
39cdb89831
Oh don't be so sensitive about it.
...
Fixnum vs String
2013-01-31 15:04:13 -06:00
sinn3r
1a01d6d033
Fix scrutinizer checks
2013-01-31 14:48:54 -06:00
egypt
5332e80ae9
Fix errant use of .to_s instead of .path
2013-01-31 14:18:42 -06:00
sinn3r
4d7daacfb4
I wanna know where it's stored
2013-01-31 11:55:11 -06:00
sinn3r
13da4181c5
Merge branch 'feature/rm7605-version-for-MSCACHE-v1-and-v2' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm7605-version-for-MSCACHE-v1-and-v2
2013-01-31 11:51:55 -06:00
jvazquez-r7
b2ce9302c6
uri normalization in the old way
2013-01-31 16:59:49 +01:00
jvazquez-r7
365e1b0557
added module for cve-2013-1412
2013-01-31 16:09:14 +01:00
sinn3r
4de5e475c3
Fix check
2013-01-31 02:15:50 -06:00
sinn3r
66ca906bfb
This is a string, not a variable
2013-01-31 01:56:05 -06:00
sinn3r
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
kernelsmith
345c5f32cc
keep it from migrating more than once into explorer.exe
...
thanks for noticing egypt
we should add a migrate_explorer to the post api
2013-01-30 15:40:02 -06:00
jvazquez-r7
1e1cbd7445
Merge branch 'wldap32_railgun' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-wldap32_railgun
2013-01-30 21:01:31 +01:00
sinn3r
a68ad8f600
Merge branch 'bug/rm7021-MySQL-login-scanner-exception' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-bug/rm7021-MySQL-login-scanner-exception
2013-01-30 13:22:33 -06:00
sinn3r
368a7a7c64
Merge branch 'dvr_config' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-dvr_config
2013-01-30 12:39:59 -06:00
sinn3r
ec0db66fcb
Merge branch 'patch-2' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-2
2013-01-30 12:36:53 -06:00
sinn3r
09fd224763
Merge branch 'patch-1' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-1
2013-01-30 12:33:40 -06:00
jvazquez-r7
38a6402bf3
Merge branch 'chap_secrets' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-chap_secrets
2013-01-30 19:20:29 +01:00
kernelsmith
e1c037e523
Better error handling
2013-01-30 12:06:57 -06:00
kernelsmith
f649cd53ad
removed commented out code (again)
...
thanks egypt
2013-01-30 11:31:10 -06:00
kernelsmith
32a5a009d6
change loot type to image/jpg
...
thanks egypt
2013-01-30 11:28:47 -06:00
sinn3r
de544dc3d4
Handle multiple IPs
2013-01-30 11:25:43 -06:00
kernelsmith
6659459de5
del Version ref and change platform windows -> win
...
per sinner's comments, thanks sinner.
2013-01-30 10:56:49 -06:00
jvazquez-r7
cf6aae7bb7
add checks for enabled services
2013-01-30 17:37:41 +01:00
jvazquez-r7
668520d8d9
added module for cve-2013-1391
2013-01-30 17:22:03 +01:00
kernelsmith
80a0f0694d
add 'auto' & 'none' VIEW_CMD, fixed looting, ch defaults
2013-01-30 00:49:48 -06:00
sinn3r
c5ab059a1a
Really fix the :host key
2013-01-29 18:24:11 -06:00
Tod Beardsley
b1f8b87f14
Chmod -x the joomla modules. Also fix a title typo
...
joomla_pages was incorrectly titled as "Joomla Version Scanner," which
of course is actually joomla_version.
2013-01-29 17:02:43 -06:00
sinn3r
8a9dba2ffe
Updates host info
2013-01-29 16:35:36 -06:00
m-1-k-3
ea5e993bf3
initial
2013-01-29 22:02:29 +01:00
Tod Beardsley
aaf18f0257
EOL whitespace, yo.
2013-01-29 14:22:30 -06:00
sinn3r
77ea5a40f5
Do report_auth_info
2013-01-29 14:19:42 -06:00
lmercer
deb9385181
Patch for smb_relay.rb to allow the share written to, to be defined in an option
...
As described in Redmine Feature #5455
2013-01-29 15:19:35 -05:00
Tod Beardsley
6002e35460
Merge pull request #1397 from wchen-r7/target_uri_fix
...
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
Jeff Jarmoc
55600ce276
Update modules/exploits/multi/http/rails_xml_yaml_code_exec.rb
...
Remove unecessary include. Tested against rails 3.2.10.
2013-01-29 11:46:02 -06:00
Jeff Jarmoc
929814dabf
Update modules/exploits/multi/http/rails_json_yaml_code_exec.rb
...
Removes unnecessary include. Tested on 3.0.19 and 2.3.15.
2013-01-29 11:04:20 -06:00
Tod Beardsley
e618a2a347
Merge pull request #1405 from rapid7/add/upnp-scanner
...
Adds CVE reporting to the UPnP scanner
2013-01-28 23:10:14 -08:00
Tod Beardsley
f5eaa87c80
comment typo
2013-01-29 01:05:18 -06:00
Tod Beardsley
25ae49154a
Added author, vprint dressing-up
2013-01-29 00:55:45 -06:00
HD Moore
358f7cc62f
Adds CVE reporting to the UPnP scanner
2013-01-29 00:15:39 -06:00
Tod Beardsley
38785015e1
Missing period in description
2013-01-28 23:08:53 -06:00
lmercer
da5436e565
Made changes as described in Redmine issue 7605
2013-01-28 23:29:50 -05:00
James Lee
464d048eca
Remove debugging print
2013-01-28 22:25:57 -06:00
James Lee
dc19968555
Minor cleanups
2013-01-28 22:21:03 -06:00
James Lee
c0757ce905
Add support for 2.x
2013-01-28 21:41:15 -06:00
James Lee
92c736a6a9
Move fork stuff out of exploit into payload mixin
...
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
James Lee
ee2579607a
Working against 3.0.19
2013-01-28 21:05:14 -06:00
sinn3r
ca70041f32
Adds a post module that loots chap-secrets
2013-01-28 16:23:26 -06:00
sinn3r
1ea1ad3166
Fix the forgotten path()
2013-01-28 14:48:22 -06:00
sinn3r
690ef85ac1
Fix trailing slash problem
...
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.
Related to: [SeeRM: #7727 ]
2013-01-28 13:19:31 -06:00
James Lee
044fefd02a
Initial support for Java target
...
Still some debugging junk, needs some more love.
2013-01-28 00:02:26 -06:00
sinn3r
49aac302e6
normalize_uri() breaks URI parsing
...
Please see: http://dev.metasploit.com/redmine/issues/7727
2013-01-26 22:57:01 -06:00
lmercer
b4eed328a7
MySQL login scanner unhandled exception
2013-01-26 01:26:18 -05:00
jvazquez-r7
01b7e3554e
fix issue found by newpid0
2013-01-25 22:05:09 +01:00
jvazquez-r7
d0ecb617c3
Merge branch 'joomla-scanner' of https://github.com/Newpid0/metasploit-framework into Newpid0-joomla-scanner
2013-01-25 21:47:05 +01:00
jvazquez-r7
d6e9f891ea
Proposal for joomla-scanner
2013-01-25 20:44:49 +01:00
sinn3r
0490b4a853
I wanna know where this thing is stored.
2013-01-25 13:18:28 -06:00
sinn3r
f5182b4e6b
Merge branch 'titanftp_xcrc_traversal' of github.com:zeknox/metasploit-framework into zeknox-titanftp_xcrc_traversal
2013-01-25 13:15:18 -06:00
sinn3r
0a4fadcb09
Comments don't seem to align properly w/ tabs
2013-01-25 13:07:13 -06:00
sinn3r
7d4e7676ce
This file has a MSF license, needs the header
2013-01-25 13:04:20 -06:00
sinn3r
a14cd71047
Merge branch 'ms12-020_check.rb' of github.com:zeknox/metasploit-framework into zeknox-ms12-020_check.rb
2013-01-25 12:56:02 -06:00
Brandon McCann
4824d11ff3
removed white space
2013-01-25 12:14:41 -06:00
Brandon McCann
3742fd5a17
duplicate include
2013-01-25 11:58:04 -06:00
Brandon McCann
8578e7cf85
renamed file
2013-01-25 11:55:54 -06:00
Brandon McCann
fc3d87ed4c
added ms12-020 checker
2013-01-25 10:43:43 -06:00
jvazquez-r7
e32bd8d4e0
Comma deleted
2013-01-25 11:44:08 +01:00
Rob Fuller
a204f6fd1b
variable typo
2013-01-25 02:18:20 -05:00
Rob Fuller
976e59954c
update description
2013-01-25 02:14:42 -05:00
Rob Fuller
a9821fce29
add action option for domain user enum
2013-01-25 02:08:30 -05:00
f8lerror
dd1ce34ecc
Made recommended changes removed short timeout added returns and other small changes
2013-01-24 17:04:22 -05:00
Brandon McCann
15253f23bf
added RHOSTS funct
2013-01-24 15:29:35 -06:00
jvazquez-r7
fbbac2bd51
make module msftidy compliant
2013-01-24 21:37:04 +01:00
jvazquez-r7
2419e55603
Merge branch 'feature/rm7581-sudo-improved-with-PASSWORD-option' of https://github.com/lmercer-r7/metasploit-framework into lmercer-r7-feature/rm7581-sudo-improved-with-PASSWORD-option
2013-01-24 21:36:40 +01:00
sinn3r
af3a1db4c1
Make better use of ruby regex
2013-01-24 14:16:01 -06:00
sinn3r
077c04d13a
Merge branch 'feature/rm6822-cold_fusion_version' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm6822-cold_fusion_version
2013-01-24 13:51:27 -06:00
jvazquez-r7
3faf4b3aca
adding sinn3r as author
2013-01-24 18:13:30 +01:00
jvazquez-r7
f1f8782a5d
Merge branch 'payload_inject.rb' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-payload_inject.rb
2013-01-24 18:13:00 +01:00
jvazquez-r7
1fc747994e
cleanup for linksys_wrt54gl_exec
2013-01-24 17:50:14 +01:00
jvazquez-r7
816bc79d9d
Merge branch 'wrt54gl-exec' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-wrt54gl-exec
2013-01-24 17:49:54 +01:00
sinn3r
2cedcad810
Check PID
2013-01-24 10:46:23 -06:00
f8lerror
6cdb1a80de
Remove app from fingerprint and blank line
2013-01-24 09:47:20 -05:00
f8lerror
bf2b01f8ef
Delete a file and strip space
2013-01-24 09:30:04 -05:00
jvazquez-r7
1bccc410a3
Merge branch 'module-movabletype_upgrade_exec' of https://github.com/kacpern/metasploit-framework into kacpern-module-movabletype_upgrade_exec
2013-01-24 15:02:48 +01:00
Kacper Nowak
ba41ee9c83
- applied all the changes from #1363
...
- some extra escaping for the sake of it
- removed the timeout in http_send_raw
2013-01-24 13:15:42 +00:00
jvazquez-r7
96d0b13de2
Merge branch 'excellentrankings' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-excellentrankings
2013-01-24 13:00:01 +01:00
sinn3r
3146b7ce77
Change default target
...
ExcellentRanking requires the module to auto-target. If the payload
is universal, that works too.
2013-01-23 23:40:47 -06:00
sinn3r
0c0f4a3e66
Lower ranking because they cannot auto-target
...
In order to be qualified as ExcellentRanking, auto-target is a must,
or the module has to default to a payload that's universal for
multiple platforms. Otherwise you're wasting time in Pro.
2013-01-23 23:35:31 -06:00
HD Moore
8e09247703
Rename to match the OEM vendor
2013-01-23 21:10:25 -06:00
HD Moore
2c12666f4e
Update the vendor to match the OEM source
2013-01-23 21:10:05 -06:00
f8lerror
6e94c04a52
Code Corrections and Enhancements
2013-01-23 20:26:23 -05:00
sinn3r
75f3a62ac4
Explain why we need this empty on_new_session
2013-01-23 16:43:36 -06:00
sinn3r
9c3e9f798f
Lower the ranking, because it cannot auto-target.
...
When it's excellent, Pro will fire this first, and that will only
generate more traffic than actually popping a shell.
2013-01-23 16:39:24 -06:00
sinn3r
53599e4c45
It's better to have a version # in the title, easier to find
2013-01-23 16:32:57 -06:00
sinn3r
d1736b8880
Merge branch 'sonicwall_upload' of github.com:julianvilas/metasploit-framework into julianvilas-sonicwall_upload
2013-01-23 16:32:06 -06:00
sinn3r
3418457b9a
Small changes (extra comma + typo)
2013-01-23 16:29:25 -06:00
sinn3r
25847e7a2d
Merge branch 'master' into module/add-swann-dvr
2013-01-23 16:26:18 -06:00
sinn3r
ad108900d5
Why yes I know it's a module
2013-01-23 16:23:41 -06:00
sinn3r
22f7619892
Improve Carlos' payload injection module - See #1201
...
Lots of changes, mainly:
* Description update
* Avoid accessing protected methods
* More careful exception & return value handling
2013-01-23 16:15:14 -06:00
HD Moore
cfde24785c
Adds a password grabber module for Swann DVRs
2013-01-23 14:23:58 -06:00
lmercer
3b65f31d95
post/multi/manage/sudo improved with the PASSWORD option
...
as described in Redmine Feature #7581
2013-01-23 15:23:40 -05:00
sinn3r
e93b7ffcaf
Add Carlos Perez's payload injection module
...
See #1201
2013-01-23 14:07:48 -06:00
Tod Beardsley
d354982345
Fix grammar on description for webcam
2013-01-23 14:00:34 -06:00
sinn3r
f50c7ea551
A version number helps deciding which exploit to use
2013-01-23 11:43:39 -06:00
sinn3r
a1f8da9ff6
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-01-23 11:41:35 -06:00
sinn3r
ca144b9e84
msftidy fix
2013-01-23 11:40:12 -06:00
jvazquez-r7
dd0fdac73c
fix indent
2013-01-23 18:19:14 +01:00
Kacper Nowak
c47392f5d1
normalize_uri and path fix
2013-01-23 16:57:30 +00:00
Kacper Nowak
ff875d04e0
- RPATH changed to TARGETURI
...
- both CVE numbers referenced
- sightly changed exception handling
2013-01-23 16:50:35 +00:00
booboule
8bcf4a86ef
Update modules/exploits/multi/browser/java_jre17_method_handle.rb
...
Wrong reference type (URL instead of OSVDB)
2013-01-23 17:14:53 +01:00
jvazquez-r7
06926fbabb
Merge branch 'module-cmd_windows_reverse_perl' of https://github.com/kacpern/metasploit-framework into kacpern-module-cmd_windows_reverse_perl
2013-01-23 16:42:45 +01:00
Kacper Nowak
a3fa7cc6bc
adjusted disclosure date
2013-01-23 12:49:08 +00:00
jvazquez-r7
e78174297e
assuring stdapi loads on meterpreter
2013-01-23 12:44:55 +01:00
Kacper Nowak
f691652594
attempt to fix cmd/windows/reverse_perl payload
2013-01-23 11:21:44 +00:00
m-1-k-3
3a5e92ba6f
hopefully all fixex included
2013-01-23 12:15:34 +01:00
Kacper Nowak
5d6ca30422
removed spaces at EOL
2013-01-23 10:33:55 +00:00
Kacper Nowak
17d1c9f996
- expanded description
...
- updated references
2013-01-23 10:29:11 +00:00
jvazquez-r7
9c9a0d1664
Added module for cve-2012-0432
2013-01-23 10:51:29 +01:00
sinn3r
5cfabb0443
Apply the changes I suggested before
2013-01-23 00:15:09 -06:00
sinn3r
1e39c31cc2
Merge branch 'feature/rm6822-coldfusion_locale_traversal' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm6822-coldfusion_locale_traversal
2013-01-23 00:06:35 -06:00
sinn3r
933f807745
Msftidy cleanup + handling return values better
2013-01-22 23:53:00 -06:00
sinn3r
dab2952d60
Merge branch 'picasa' of github.com:charles-n2netsec/metasploit-framework into charles-n2netsec-picasa
2013-01-22 22:54:45 -06:00
Charles Smith
9671df4488
Picasa 2 credentials are now also saved as loot
...
This module used to save only Picasa 3 credentials as loot. Picasa
2 creds were displayed, but not saved. I've updated the module to
save Picasa 2 credentials, and I also updated the output code to
use print_good instead of print_status.
2013-01-22 15:46:47 -05:00
sinn3r
8819059499
Merge branch 'zoneminder_packagecontrol_exec' of github.com:bcoles/metasploit-framework into bcoles-zoneminder_packagecontrol_exec
2013-01-22 14:41:40 -06:00
Robin Wood
20b36cdf7a
added extra checking for strict databases
2013-01-22 15:42:23 +00:00
jvazquez-r7
807bd6e88a
Merge branch 'java_jre17_glassfish_averagerangestatisticimpl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_glassfish_averagerangestatisticimpl
2013-01-22 15:33:39 +01:00
jvazquez-r7
c498930644
Merge branch 'java_jre17_method_handle' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_method_handle
2013-01-22 15:33:07 +01:00
Kacper Nowak
8a59c7b8fb
removed extra print_status() calls
2013-01-22 12:31:40 +00:00
bcoles
970591a85f
Add ZoneMinder arbitrary command execution exploit
2013-01-22 22:56:50 +10:30
Kacper Nowak
08a5f467b1
added URL for developer site
2013-01-22 12:14:38 +00:00
Kacper Nowak
cd29a88c18
added Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
2013-01-22 11:58:24 +00:00
jvazquez-r7
08062597b9
fix data added to table
2013-01-22 12:07:16 +01:00
jvazquez-r7
dce4e7fc08
Merge branch 'filezilla_server_bugs' of https://github.com/charles-n2netsec/metasploit-framework into charles-n2netsec-filezilla_server_bugs
2013-01-22 12:06:44 +01:00
jvazquez-r7
516eccdf9a
Merge branch 'record_mic_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-record_mic_update
2013-01-22 10:45:36 +01:00
Julian Vilas
eb92070df8
added module for CVE-2013-1359
2013-01-22 01:54:41 +01:00
m-1-k-3
11c13500be
small fix
2013-01-21 13:41:42 +01:00
m-1-k-3
62ff52280a
initial linksys OS command injection
2013-01-21 13:19:29 +01:00
jvazquez-r7
b2c7223108
Cleanup for mysql_file_enum.rb
2013-01-21 12:26:35 +01:00
sinn3r
8b70a94b34
Updates the progress function
...
Because the previous one was wrong.
2013-01-21 00:30:43 -06:00
f8lerror
5cfe58e8d5
General code review and corrections
2013-01-20 22:33:04 -05:00
Robin Wood
4d5a7a3d4d
Brute force directory and file names with MySQL
2013-01-20 21:32:02 +00:00
Robin Wood
e7604f80b2
added a warning and using optpath
2013-01-20 21:24:00 +00:00
Robin Wood
6da4b72d85
added a warning and using optpath
2013-01-20 21:23:59 +00:00
Robin Wood
ebb0635e0a
stopped using fixed table name
2013-01-20 21:23:59 +00:00
Robin Wood
fce58ad96d
Fixed msftidy stuff
2013-01-20 21:23:58 +00:00
Robin Wood
23d1eb7a80
File/dir brute forcer using MySQL
2013-01-20 21:23:58 +00:00
jvazquez-r7
967c04e727
finally it doesn't use FileDropper atm
2013-01-20 19:54:24 +01:00
jvazquez-r7
76edbb9e1c
Merge branch 'module-jenkins-script-console' of https://github.com/zeroSteiner/metasploit-framework into zeroSteiner-module-jenkins-script-console
2013-01-20 19:53:44 +01:00
jvazquez-r7
9769efbf01
references and date updated
2013-01-20 17:38:37 +01:00
bcoles
dc318c5aed
update php_charts_exec metadata
2013-01-21 02:12:42 +10:30
bcoles
f975a42571
move and update php_charts_exec metadata
2013-01-21 02:10:48 +10:30
bcoles
6ae72e4d63
Add PHP-Charts v1.0 PHP Code Execution Exploit
2013-01-20 23:51:17 +10:30
jvazquez-r7
aed71f8446
linux stager plus little cleanup
2013-01-20 13:42:02 +01:00
Meatballs1
dcaf2abc53
Better feedback for x86
2013-01-20 00:22:30 +00:00
Meatballs1
567185ec65
Better cleanup and address comments
2013-01-20 00:19:17 +00:00
Spencer McIntyre
6b40011a6f
use target_uri and normalize_uri as well as fix a cookie problem
2013-01-19 19:10:56 -05:00
Meatballs1
771baa3181
Added x64 check and options to info
2013-01-19 23:23:45 +00:00
scriptjunkie
52251867d8
Ensure Windows single payloads use payload backend
...
This means the singles that define their own assembly will use the payload backend to generate it.
2013-01-18 16:34:39 -06:00
Tod Beardsley
ef97b20cb7
Merge branch 'wds_unattend'
2013-01-18 14:42:00 -06:00
Spencer McIntyre
9f7aafccdf
add module to execute commands via Jenkins Script Console
2013-01-18 14:56:52 -05:00
jvazquez-r7
3465aa00bd
title updated
2013-01-18 18:42:27 +01:00
jvazquez-r7
75109114df
Merge branch 'post_mod_record_mic' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-post_mod_record_mic
2013-01-18 00:25:01 +01:00
Christian Mehlmauer
e613c860a5
Added Name and Emailadress
2013-01-17 23:17:14 +01:00
Charles Smith
892899acd5
Fixed loot formatting so data is under the proper column
...
The credentials table was defined with the columns "User", "Password", "Host", "Port", and "SSL". Credentials were not added in that order, however. They were added in the order "host, port, user, password, ssl" in this line:
credentials << [cred['host'], cred['port'], cred['user'], cred['password'], cred['ssl']]
I changed the order the columns were defined to fix this.
The permissions table had a similar issue. The "FileWrite" column was missing, so I added it. I also moved the "Home" column to after the "AutoCreate" column. Now the line:
permissions << [perm['host'], perm['user'], perm['dir'], perm['fileread'], perm['filewrite'], perm['filedelete'], perm['fileappend'],perm['dircreate'], perm['dirdelete'], perm['dirlist'], perm['dirsubdirs'], perm['autocreate']]
works correctly.
2013-01-17 16:52:02 -05:00
jvazquez-r7
ef16a7fd24
cleanup
2013-01-17 21:45:13 +01:00
Tod Beardsley
a43b218917
Line full of whitespace
2013-01-17 12:43:06 -08:00
jvazquez-r7
670b4e8e06
cleanup
2013-01-17 21:39:41 +01:00
jvazquez-r7
78279a0397
Added new module for cve-2012-5076
2013-01-17 21:27:47 +01:00
jvazquez-r7
d0b9808fc7
Added module for CVE-2012-5088
2013-01-17 21:14:49 +01:00
Charles Smith
624ef9a329
Fixed a typo in the skype_enum module.
...
"platfom" instead of "platform" fixed.
2013-01-17 14:04:52 -05:00
sinn3r
419b32b742
Can be used against multiple platforms since it supports java
2013-01-17 12:45:03 -06:00