Commit Graph

8452 Commits (ac63965e4dd57e631df17e27fdc29269f63228ad)

Author SHA1 Message Date
James Lee 13d1045989 Works for java and native linux targets 2013-02-07 16:56:38 -06:00
jvazquez-r7 e9912496d8 nice check learned from sinn3r 2013-02-07 22:05:39 +01:00
jvazquez-r7 0d3c32b0a4 Added module for CVE-2012-0419 2013-02-07 21:15:49 +01:00
sinn3r 7f746e1caa That's what he said. 2013-02-07 11:13:18 -06:00
sinn3r d554c3a56a Don't really need the bottom comment 2013-02-07 10:46:42 -06:00
sinn3r 98559d4d51 Do a check and make sure this is Simple Web Server 2013-02-07 10:45:53 -06:00
sinn3r b11f052746 Allow arbitrary depth 2013-02-07 10:32:29 -06:00
sinn3r a3264e18e2 There aint no fail_with(), must use print_error 2013-02-07 10:30:17 -06:00
HD Moore 77390a5935 Fix a bug reported by Tom Liston 2013-02-06 23:34:55 -06:00
James Lee b6c6397da3 typo 2013-02-06 19:21:20 -06:00
sinn3r b09f819e4b Add Simple Web Server dir traversal 2013-02-06 17:02:07 -06:00
James Lee 1095fe198b Merge branch 'rapid7' into dmaloney-r7-http/auth_methods 2013-02-06 16:57:50 -06:00
HD Moore f0ca4b2f08 Merge remote-tracking branch 'upstream/master' 2013-02-06 16:31:31 -06:00
Tod Beardsley 5357e23675 Fixups to the Linksys module
Professionalizes the description a little, but more importantly, handles
LANIP better, I think. Instead of faking a 1.1.1.1 address, just detect
if it's set or not in a method and return the right thing accordingly.

Please test this before landing, obviously. I think it's what's
intended.
2013-02-06 12:46:50 -06:00
Tod Beardsley e175e2c9e9 typo in method name 2013-02-06 12:19:57 -06:00
HD Moore 22e3458cea Fix multi-line output due to bad regex flag 2013-02-06 11:27:58 -06:00
Tod Beardsley faeaa74a49 Msftidy whitespace 2013-02-06 11:06:13 -06:00
sinn3r 0186e290d3 Merge branch 'ovftool_format_string_fileformat' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_fileformat 2013-02-05 15:13:51 -06:00
sinn3r ebd49eb534 Merge branch 'master' of github.com:rapid7/metasploit-framework 2013-02-05 15:13:09 -06:00
sinn3r b706af54a0 Merge branch 'ovftool_format_string_browser' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_browser 2013-02-05 15:12:24 -06:00
HD Moore 9af888c03b Merge pull request #1433 from jjarmoc/jjarmoc-rails_xml_scan
rails_xml_yaml_scanner.rb improvements
2013-02-05 12:34:10 -08:00
Matt Andreko 2cdeca5422 Added reference & depth
Added reference to IOActive's release.
Added a depth option to allow user to specify how many folders to traverse.
2013-02-05 14:32:50 -05:00
HD Moore 80a8bab02f Correct the CVE reference 2013-02-05 10:37:24 -06:00
m-1-k-3 43f3bb4fe6 small updates 2013-02-05 13:54:10 +01:00
SphaZ 0f46ed72e1 Using snake_case, fixed using tmp files, changed errorhandling 2013-02-05 12:00:04 +01:00
David Maloney 877fb017b6 remove negotiate requirements
winrm can support basic, and now these modules can too, for free
2013-02-04 16:50:43 -06:00
sinn3r 42912bf286 Merge branch 'jjarmoc-rails_methods' of github.com:jjarmoc/metasploit-framework into jjarmoc-jjarmoc-rails_methods 2013-02-04 16:50:01 -06:00
David Maloney 44d4e298dc Attempting to cleanup winrm auth 2013-02-04 15:48:31 -06:00
Jeff Jarmoc 9b30e354ea Updates HTTP_METHOD option to use OptEnum. 2013-02-04 15:32:36 -06:00
Jeff Jarmoc 39cafd0cde Use OptEnum instead of OptString 2013-02-04 15:08:34 -06:00
sinn3r 45db43d2b3 Merge branch 'msftidy/no-twitter-handles' of github.com:todb-r7/metasploit-framework into todb-r7-msftidy/no-twitter-handles 2013-02-04 14:21:40 -06:00
David Maloney 8d013d1034 Merge branch 'master' into http/auth_methods 2013-02-04 13:11:57 -06:00
David Maloney 4c1e630bf3 BasicAuth datastore cleanup
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
David Maloney 8b1febb4cf add myself to the blame list for the module =P 2013-02-04 12:32:43 -06:00
David Maloney 9497e38ef7 Fix http login scanner
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
David Maloney 2c3de43f4b datastore opts cleanup
cleanuo digestauth datastore options in modules
2013-02-04 12:10:44 -06:00
jvazquez-r7 9ce5f39bc6 added migrate as initial script 2013-02-04 16:42:56 +01:00
jvazquez-r7 e0d4bb5799 Added module for cve-2012-3569, browser version 2013-02-04 16:37:42 +01:00
jvazquez-r7 135718a97b Added module for cve-2012-3569, fileformat version 2013-02-04 16:36:33 +01:00
SphaZ fa1811ac38 changed SOURCE to be OptPath 2013-02-04 15:25:11 +01:00
SphaZ 3b528d7f6d removed data files from docx 2013-02-04 14:00:13 +01:00
SphaZ 145cf618aa msftidy 2013-02-04 13:51:01 +01:00
SphaZ 24de0d2274 Data files moved. Updated to use Rex::zip and Msf::Exploit::FILEFORMAT 2013-02-04 13:37:09 +01:00
m-1-k-3 5ca0e45388 initial commit 2013-02-04 08:44:12 +01:00
HD Moore 4c8811bb8a Add a debug target 2013-02-03 23:24:44 -06:00
HD Moore 191eed88bc Fix liberal matching expression on target 2013-02-03 21:50:03 -06:00
HD Moore 9379c68e51 Fix typo, auto-fingerprint, unconnected sockets 2013-02-03 21:23:05 -06:00
HD Moore 0660347fca Explicit mult-line match 2013-02-03 21:06:57 -06:00
HD Moore 42c8a2d265 Add VU and blog references 2013-02-03 18:17:51 -06:00
HD Moore c24da99104 Update authors, add Richard (thanks!) 2013-02-03 18:13:28 -06:00
HD Moore 9e491f0b1c Add a fingerprint string and more comments 2013-02-03 18:03:32 -06:00
HD Moore 1f227243b8 Make it clear BadChars are ignored 2013-02-03 17:54:25 -06:00
HD Moore 214a60aa01 iFix spacing 2013-02-03 17:52:33 -06:00
HD Moore 94953d0450 Fix idents from copypasta 2013-02-03 17:48:13 -06:00
HD Moore 975230c9e7 Add the first module for unique_service_name() 2013-02-03 17:46:20 -06:00
HD Moore 47f3c09616 Fix typo that snuck in during merge 2013-02-03 17:38:19 -06:00
HD Moore 5be4d41420 This is redundant/less-reliable than reverse_openssl 2013-02-03 17:35:14 -06:00
HD Moore 6146aeb03b Merge pull request #1432 from sempervictus/hdm_add_openssl_payloads
Add SSL payloads and handler
2013-02-03 15:34:06 -08:00
jvazquez-r7 2bf2d4d8a4 Merge branch 'netgear_sph200d_traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-netgear_sph200d_traversal 2013-02-03 23:35:29 +01:00
Jeff Jarmoc 5e0c18af2f adding self to credits 2013-02-03 16:14:42 -06:00
Jeff Jarmoc 57c8e41846 Re-order probes and checks.
This causes module to exit if error conditions are found, before sending unecessary probes.
2013-02-03 16:10:46 -06:00
Jeff Jarmoc 8dff427776 Allow 4xx codes, display codes in verbose output 2013-02-03 16:07:07 -06:00
Jeff Jarmoc 810470de3b Make HTTP_METHOD Configurable 2013-02-03 16:05:45 -06:00
RageLtMan ffb88baf4a initial module import from SV rev_ssl branch 2013-02-03 15:06:24 -05:00
HD Moore c3801ad083 This adds an openssl CMD payload and handler 2013-02-03 04:44:25 -06:00
Tod Beardsley e8def29b4f Dropping all twitter handles
Also adds "pbot" as an accepted lowercase word. This will come up pretty
routinley for functions and stuff.
2013-02-01 16:33:52 -06:00
sinn3r 027ba28e70 Merge branch 'jvazquez-r7-datalife_template' 2013-02-01 16:27:18 -06:00
David Maloney 5814c59620 move httpauth to mixin
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
2013-02-01 15:12:10 -06:00
HD Moore a63cf6977c Fix 1.8 support 2013-02-01 14:39:32 -06:00
HD Moore d5ae005332 Rename with underscores 2013-02-01 14:39:01 -06:00
HD Moore 4e6c93ec7d Various style fixes, fix ruby 1.8 compat 2013-02-01 14:38:20 -06:00
jvazquez-r7 c24c926ffa add aditional check to detect valid device 2013-02-01 20:55:06 +01:00
jvazquez-r7 996ee06b0f fix another print_ call 2013-02-01 20:43:54 +01:00
jvazquez-r7 152f397a1f first module cleanup 2013-02-01 20:38:11 +01:00
m-1-k-3 988761a6de more updates, BID, Exploit-DB 2013-02-01 20:18:53 +01:00
m-1-k-3 fdd5fe77c1 more updates ... 2013-02-01 19:59:19 +01:00
m-1-k-3 0e22ee73b5 updates ... 2013-02-01 19:26:34 +01:00
jvazquez-r7 bf7bb9952e added template stuff improve 2013-02-01 11:53:42 +01:00
SphaZ e71c2c5ece added word_unc_injector auxiliary module 2013-02-01 08:03:41 +01:00
sinn3r de8572d934 Use normalize_uri for URI 2013-01-31 16:57:48 -06:00
jvazquez-r7 70b252dc7b Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2 2013-01-31 22:32:50 +01:00
sinn3r 39cdb89831 Oh don't be so sensitive about it.
Fixnum vs String
2013-01-31 15:04:13 -06:00
sinn3r 1a01d6d033 Fix scrutinizer checks 2013-01-31 14:48:54 -06:00
egypt 5332e80ae9 Fix errant use of .to_s instead of .path 2013-01-31 14:18:42 -06:00
sinn3r 4d7daacfb4 I wanna know where it's stored 2013-01-31 11:55:11 -06:00
sinn3r 13da4181c5 Merge branch 'feature/rm7605-version-for-MSCACHE-v1-and-v2' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm7605-version-for-MSCACHE-v1-and-v2 2013-01-31 11:51:55 -06:00
jvazquez-r7 b2ce9302c6 uri normalization in the old way 2013-01-31 16:59:49 +01:00
jvazquez-r7 365e1b0557 added module for cve-2013-1412 2013-01-31 16:09:14 +01:00
sinn3r 4de5e475c3 Fix check 2013-01-31 02:15:50 -06:00
sinn3r 66ca906bfb This is a string, not a variable 2013-01-31 01:56:05 -06:00
sinn3r c174e6a208 Correctly use normalize_uri()
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
kernelsmith 345c5f32cc keep it from migrating more than once into explorer.exe
thanks for noticing egypt
we should add a migrate_explorer to the post api
2013-01-30 15:40:02 -06:00
jvazquez-r7 1e1cbd7445 Merge branch 'wldap32_railgun' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-wldap32_railgun 2013-01-30 21:01:31 +01:00
sinn3r a68ad8f600 Merge branch 'bug/rm7021-MySQL-login-scanner-exception' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-bug/rm7021-MySQL-login-scanner-exception 2013-01-30 13:22:33 -06:00
sinn3r 368a7a7c64 Merge branch 'dvr_config' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-dvr_config 2013-01-30 12:39:59 -06:00
sinn3r ec0db66fcb Merge branch 'patch-2' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-2 2013-01-30 12:36:53 -06:00
sinn3r 09fd224763 Merge branch 'patch-1' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-1 2013-01-30 12:33:40 -06:00
jvazquez-r7 38a6402bf3 Merge branch 'chap_secrets' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-chap_secrets 2013-01-30 19:20:29 +01:00
kernelsmith e1c037e523 Better error handling 2013-01-30 12:06:57 -06:00
kernelsmith f649cd53ad removed commented out code (again)
thanks egypt
2013-01-30 11:31:10 -06:00
kernelsmith 32a5a009d6 change loot type to image/jpg
thanks egypt
2013-01-30 11:28:47 -06:00
sinn3r de544dc3d4 Handle multiple IPs 2013-01-30 11:25:43 -06:00
kernelsmith 6659459de5 del Version ref and change platform windows -> win
per sinner's comments, thanks sinner.
2013-01-30 10:56:49 -06:00
jvazquez-r7 cf6aae7bb7 add checks for enabled services 2013-01-30 17:37:41 +01:00
jvazquez-r7 668520d8d9 added module for cve-2013-1391 2013-01-30 17:22:03 +01:00
kernelsmith 80a0f0694d add 'auto' & 'none' VIEW_CMD, fixed looting, ch defaults 2013-01-30 00:49:48 -06:00
sinn3r c5ab059a1a Really fix the :host key 2013-01-29 18:24:11 -06:00
Tod Beardsley b1f8b87f14 Chmod -x the joomla modules. Also fix a title typo
joomla_pages was incorrectly titled as "Joomla Version Scanner," which
of course is actually joomla_version.
2013-01-29 17:02:43 -06:00
sinn3r 8a9dba2ffe Updates host info 2013-01-29 16:35:36 -06:00
m-1-k-3 ea5e993bf3 initial 2013-01-29 22:02:29 +01:00
Tod Beardsley aaf18f0257 EOL whitespace, yo. 2013-01-29 14:22:30 -06:00
sinn3r 77ea5a40f5 Do report_auth_info 2013-01-29 14:19:42 -06:00
lmercer deb9385181 Patch for smb_relay.rb to allow the share written to, to be defined in an option
As described in Redmine Feature #5455
2013-01-29 15:19:35 -05:00
Tod Beardsley 6002e35460 Merge pull request #1397 from wchen-r7/target_uri_fix
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
Jeff Jarmoc 55600ce276 Update modules/exploits/multi/http/rails_xml_yaml_code_exec.rb
Remove unecessary include.  Tested against rails 3.2.10.
2013-01-29 11:46:02 -06:00
Jeff Jarmoc 929814dabf Update modules/exploits/multi/http/rails_json_yaml_code_exec.rb
Removes unnecessary include.  Tested on 3.0.19 and 2.3.15.
2013-01-29 11:04:20 -06:00
Tod Beardsley e618a2a347 Merge pull request #1405 from rapid7/add/upnp-scanner
Adds CVE reporting to the UPnP scanner
2013-01-28 23:10:14 -08:00
Tod Beardsley f5eaa87c80 comment typo 2013-01-29 01:05:18 -06:00
Tod Beardsley 25ae49154a Added author, vprint dressing-up 2013-01-29 00:55:45 -06:00
HD Moore 358f7cc62f Adds CVE reporting to the UPnP scanner 2013-01-29 00:15:39 -06:00
Tod Beardsley 38785015e1 Missing period in description 2013-01-28 23:08:53 -06:00
lmercer da5436e565 Made changes as described in Redmine issue 7605 2013-01-28 23:29:50 -05:00
James Lee 464d048eca Remove debugging print 2013-01-28 22:25:57 -06:00
James Lee dc19968555 Minor cleanups 2013-01-28 22:21:03 -06:00
James Lee c0757ce905 Add support for 2.x 2013-01-28 21:41:15 -06:00
James Lee 92c736a6a9 Move fork stuff out of exploit into payload mixin
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
James Lee ee2579607a Working against 3.0.19 2013-01-28 21:05:14 -06:00
sinn3r ca70041f32 Adds a post module that loots chap-secrets 2013-01-28 16:23:26 -06:00
sinn3r 1ea1ad3166 Fix the forgotten path() 2013-01-28 14:48:22 -06:00
sinn3r 690ef85ac1 Fix trailing slash problem
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.

Related to: [SeeRM: #7727]
2013-01-28 13:19:31 -06:00
James Lee 044fefd02a Initial support for Java target
Still some debugging junk, needs some more love.
2013-01-28 00:02:26 -06:00
sinn3r 49aac302e6 normalize_uri() breaks URI parsing
Please see: http://dev.metasploit.com/redmine/issues/7727
2013-01-26 22:57:01 -06:00
lmercer b4eed328a7 MySQL login scanner unhandled exception 2013-01-26 01:26:18 -05:00
jvazquez-r7 01b7e3554e fix issue found by newpid0 2013-01-25 22:05:09 +01:00
jvazquez-r7 d0ecb617c3 Merge branch 'joomla-scanner' of https://github.com/Newpid0/metasploit-framework into Newpid0-joomla-scanner 2013-01-25 21:47:05 +01:00
jvazquez-r7 d6e9f891ea Proposal for joomla-scanner 2013-01-25 20:44:49 +01:00
sinn3r 0490b4a853 I wanna know where this thing is stored. 2013-01-25 13:18:28 -06:00
sinn3r f5182b4e6b Merge branch 'titanftp_xcrc_traversal' of github.com:zeknox/metasploit-framework into zeknox-titanftp_xcrc_traversal 2013-01-25 13:15:18 -06:00
sinn3r 0a4fadcb09 Comments don't seem to align properly w/ tabs 2013-01-25 13:07:13 -06:00
sinn3r 7d4e7676ce This file has a MSF license, needs the header 2013-01-25 13:04:20 -06:00
sinn3r a14cd71047 Merge branch 'ms12-020_check.rb' of github.com:zeknox/metasploit-framework into zeknox-ms12-020_check.rb 2013-01-25 12:56:02 -06:00
Brandon McCann 4824d11ff3 removed white space 2013-01-25 12:14:41 -06:00
Brandon McCann 3742fd5a17 duplicate include 2013-01-25 11:58:04 -06:00
Brandon McCann 8578e7cf85 renamed file 2013-01-25 11:55:54 -06:00
Brandon McCann fc3d87ed4c added ms12-020 checker 2013-01-25 10:43:43 -06:00
jvazquez-r7 e32bd8d4e0 Comma deleted 2013-01-25 11:44:08 +01:00
Rob Fuller a204f6fd1b variable typo 2013-01-25 02:18:20 -05:00
Rob Fuller 976e59954c update description 2013-01-25 02:14:42 -05:00
Rob Fuller a9821fce29 add action option for domain user enum 2013-01-25 02:08:30 -05:00
f8lerror dd1ce34ecc Made recommended changes removed short timeout added returns and other small changes 2013-01-24 17:04:22 -05:00
Brandon McCann 15253f23bf added RHOSTS funct 2013-01-24 15:29:35 -06:00
jvazquez-r7 fbbac2bd51 make module msftidy compliant 2013-01-24 21:37:04 +01:00
jvazquez-r7 2419e55603 Merge branch 'feature/rm7581-sudo-improved-with-PASSWORD-option' of https://github.com/lmercer-r7/metasploit-framework into lmercer-r7-feature/rm7581-sudo-improved-with-PASSWORD-option 2013-01-24 21:36:40 +01:00
sinn3r af3a1db4c1 Make better use of ruby regex 2013-01-24 14:16:01 -06:00
sinn3r 077c04d13a Merge branch 'feature/rm6822-cold_fusion_version' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm6822-cold_fusion_version 2013-01-24 13:51:27 -06:00
jvazquez-r7 3faf4b3aca adding sinn3r as author 2013-01-24 18:13:30 +01:00
jvazquez-r7 f1f8782a5d Merge branch 'payload_inject.rb' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-payload_inject.rb 2013-01-24 18:13:00 +01:00
jvazquez-r7 1fc747994e cleanup for linksys_wrt54gl_exec 2013-01-24 17:50:14 +01:00
jvazquez-r7 816bc79d9d Merge branch 'wrt54gl-exec' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-wrt54gl-exec 2013-01-24 17:49:54 +01:00
sinn3r 2cedcad810 Check PID 2013-01-24 10:46:23 -06:00
f8lerror 6cdb1a80de Remove app from fingerprint and blank line 2013-01-24 09:47:20 -05:00
f8lerror bf2b01f8ef Delete a file and strip space 2013-01-24 09:30:04 -05:00
jvazquez-r7 1bccc410a3 Merge branch 'module-movabletype_upgrade_exec' of https://github.com/kacpern/metasploit-framework into kacpern-module-movabletype_upgrade_exec 2013-01-24 15:02:48 +01:00
Kacper Nowak ba41ee9c83 - applied all the changes from #1363
- some extra escaping for the sake of it
- removed the timeout in http_send_raw
2013-01-24 13:15:42 +00:00
jvazquez-r7 96d0b13de2 Merge branch 'excellentrankings' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-excellentrankings 2013-01-24 13:00:01 +01:00
sinn3r 3146b7ce77 Change default target
ExcellentRanking requires the module to auto-target. If the payload
is universal, that works too.
2013-01-23 23:40:47 -06:00
sinn3r 0c0f4a3e66 Lower ranking because they cannot auto-target
In order to be qualified as ExcellentRanking, auto-target is a must,
or the module has to default to a payload that's universal for
multiple platforms.  Otherwise you're wasting time in Pro.
2013-01-23 23:35:31 -06:00
HD Moore 8e09247703 Rename to match the OEM vendor 2013-01-23 21:10:25 -06:00
HD Moore 2c12666f4e Update the vendor to match the OEM source 2013-01-23 21:10:05 -06:00
f8lerror 6e94c04a52 Code Corrections and Enhancements 2013-01-23 20:26:23 -05:00
sinn3r 75f3a62ac4 Explain why we need this empty on_new_session 2013-01-23 16:43:36 -06:00
sinn3r 9c3e9f798f Lower the ranking, because it cannot auto-target.
When it's excellent, Pro will fire this first, and that will only
generate more traffic than actually popping a shell.
2013-01-23 16:39:24 -06:00
sinn3r 53599e4c45 It's better to have a version # in the title, easier to find 2013-01-23 16:32:57 -06:00
sinn3r d1736b8880 Merge branch 'sonicwall_upload' of github.com:julianvilas/metasploit-framework into julianvilas-sonicwall_upload 2013-01-23 16:32:06 -06:00
sinn3r 3418457b9a Small changes (extra comma + typo) 2013-01-23 16:29:25 -06:00
sinn3r 25847e7a2d Merge branch 'master' into module/add-swann-dvr 2013-01-23 16:26:18 -06:00
sinn3r ad108900d5 Why yes I know it's a module 2013-01-23 16:23:41 -06:00
sinn3r 22f7619892 Improve Carlos' payload injection module - See #1201
Lots of changes, mainly:
* Description update
* Avoid accessing protected methods
* More careful exception & return value handling
2013-01-23 16:15:14 -06:00
HD Moore cfde24785c Adds a password grabber module for Swann DVRs 2013-01-23 14:23:58 -06:00
lmercer 3b65f31d95 post/multi/manage/sudo improved with the PASSWORD option
as described in Redmine Feature #7581
2013-01-23 15:23:40 -05:00
sinn3r e93b7ffcaf Add Carlos Perez's payload injection module
See #1201
2013-01-23 14:07:48 -06:00
Tod Beardsley d354982345 Fix grammar on description for webcam 2013-01-23 14:00:34 -06:00
sinn3r f50c7ea551 A version number helps deciding which exploit to use 2013-01-23 11:43:39 -06:00
sinn3r a1f8da9ff6 Merge branch 'master' of github.com:rapid7/metasploit-framework 2013-01-23 11:41:35 -06:00
sinn3r ca144b9e84 msftidy fix 2013-01-23 11:40:12 -06:00
jvazquez-r7 dd0fdac73c fix indent 2013-01-23 18:19:14 +01:00
Kacper Nowak c47392f5d1 normalize_uri and path fix 2013-01-23 16:57:30 +00:00
Kacper Nowak ff875d04e0 - RPATH changed to TARGETURI
- both CVE numbers referenced
- sightly changed exception handling
2013-01-23 16:50:35 +00:00
booboule 8bcf4a86ef Update modules/exploits/multi/browser/java_jre17_method_handle.rb
Wrong reference type (URL instead of OSVDB)
2013-01-23 17:14:53 +01:00
jvazquez-r7 06926fbabb Merge branch 'module-cmd_windows_reverse_perl' of https://github.com/kacpern/metasploit-framework into kacpern-module-cmd_windows_reverse_perl 2013-01-23 16:42:45 +01:00
Kacper Nowak a3fa7cc6bc adjusted disclosure date 2013-01-23 12:49:08 +00:00
jvazquez-r7 e78174297e assuring stdapi loads on meterpreter 2013-01-23 12:44:55 +01:00
Kacper Nowak f691652594 attempt to fix cmd/windows/reverse_perl payload 2013-01-23 11:21:44 +00:00
m-1-k-3 3a5e92ba6f hopefully all fixex included 2013-01-23 12:15:34 +01:00
Kacper Nowak 5d6ca30422 removed spaces at EOL 2013-01-23 10:33:55 +00:00
Kacper Nowak 17d1c9f996 - expanded description
- updated references
2013-01-23 10:29:11 +00:00
jvazquez-r7 9c9a0d1664 Added module for cve-2012-0432 2013-01-23 10:51:29 +01:00
sinn3r 5cfabb0443 Apply the changes I suggested before 2013-01-23 00:15:09 -06:00
sinn3r 1e39c31cc2 Merge branch 'feature/rm6822-coldfusion_locale_traversal' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm6822-coldfusion_locale_traversal 2013-01-23 00:06:35 -06:00
sinn3r 933f807745 Msftidy cleanup + handling return values better 2013-01-22 23:53:00 -06:00
sinn3r dab2952d60 Merge branch 'picasa' of github.com:charles-n2netsec/metasploit-framework into charles-n2netsec-picasa 2013-01-22 22:54:45 -06:00
Charles Smith 9671df4488 Picasa 2 credentials are now also saved as loot
This module used to save only Picasa 3 credentials as loot. Picasa
2 creds were displayed, but not saved. I've updated the module to
save Picasa 2 credentials, and I also updated the output code to
use print_good instead of print_status.
2013-01-22 15:46:47 -05:00
sinn3r 8819059499 Merge branch 'zoneminder_packagecontrol_exec' of github.com:bcoles/metasploit-framework into bcoles-zoneminder_packagecontrol_exec 2013-01-22 14:41:40 -06:00
Robin Wood 20b36cdf7a added extra checking for strict databases 2013-01-22 15:42:23 +00:00
jvazquez-r7 807bd6e88a Merge branch 'java_jre17_glassfish_averagerangestatisticimpl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_glassfish_averagerangestatisticimpl 2013-01-22 15:33:39 +01:00
jvazquez-r7 c498930644 Merge branch 'java_jre17_method_handle' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_method_handle 2013-01-22 15:33:07 +01:00
Kacper Nowak 8a59c7b8fb removed extra print_status() calls 2013-01-22 12:31:40 +00:00
bcoles 970591a85f Add ZoneMinder arbitrary command execution exploit 2013-01-22 22:56:50 +10:30
Kacper Nowak 08a5f467b1 added URL for developer site 2013-01-22 12:14:38 +00:00
Kacper Nowak cd29a88c18 added Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution 2013-01-22 11:58:24 +00:00
jvazquez-r7 08062597b9 fix data added to table 2013-01-22 12:07:16 +01:00
jvazquez-r7 dce4e7fc08 Merge branch 'filezilla_server_bugs' of https://github.com/charles-n2netsec/metasploit-framework into charles-n2netsec-filezilla_server_bugs 2013-01-22 12:06:44 +01:00
jvazquez-r7 516eccdf9a Merge branch 'record_mic_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-record_mic_update 2013-01-22 10:45:36 +01:00
Julian Vilas eb92070df8 added module for CVE-2013-1359 2013-01-22 01:54:41 +01:00
m-1-k-3 11c13500be small fix 2013-01-21 13:41:42 +01:00
m-1-k-3 62ff52280a initial linksys OS command injection 2013-01-21 13:19:29 +01:00
jvazquez-r7 b2c7223108 Cleanup for mysql_file_enum.rb 2013-01-21 12:26:35 +01:00
sinn3r 8b70a94b34 Updates the progress function
Because the previous one was wrong.
2013-01-21 00:30:43 -06:00
f8lerror 5cfe58e8d5 General code review and corrections 2013-01-20 22:33:04 -05:00
Robin Wood 4d5a7a3d4d Brute force directory and file names with MySQL 2013-01-20 21:32:02 +00:00
Robin Wood e7604f80b2 added a warning and using optpath 2013-01-20 21:24:00 +00:00
Robin Wood 6da4b72d85 added a warning and using optpath 2013-01-20 21:23:59 +00:00
Robin Wood ebb0635e0a stopped using fixed table name 2013-01-20 21:23:59 +00:00
Robin Wood fce58ad96d Fixed msftidy stuff 2013-01-20 21:23:58 +00:00
Robin Wood 23d1eb7a80 File/dir brute forcer using MySQL 2013-01-20 21:23:58 +00:00
jvazquez-r7 967c04e727 finally it doesn't use FileDropper atm 2013-01-20 19:54:24 +01:00
jvazquez-r7 76edbb9e1c Merge branch 'module-jenkins-script-console' of https://github.com/zeroSteiner/metasploit-framework into zeroSteiner-module-jenkins-script-console 2013-01-20 19:53:44 +01:00
jvazquez-r7 9769efbf01 references and date updated 2013-01-20 17:38:37 +01:00
bcoles dc318c5aed update php_charts_exec metadata 2013-01-21 02:12:42 +10:30
bcoles f975a42571 move and update php_charts_exec metadata 2013-01-21 02:10:48 +10:30
bcoles 6ae72e4d63 Add PHP-Charts v1.0 PHP Code Execution Exploit 2013-01-20 23:51:17 +10:30
jvazquez-r7 aed71f8446 linux stager plus little cleanup 2013-01-20 13:42:02 +01:00
Meatballs1 dcaf2abc53 Better feedback for x86 2013-01-20 00:22:30 +00:00
Meatballs1 567185ec65 Better cleanup and address comments 2013-01-20 00:19:17 +00:00
Spencer McIntyre 6b40011a6f use target_uri and normalize_uri as well as fix a cookie problem 2013-01-19 19:10:56 -05:00
Meatballs1 771baa3181 Added x64 check and options to info 2013-01-19 23:23:45 +00:00
scriptjunkie 52251867d8 Ensure Windows single payloads use payload backend
This means the singles that define their own assembly will use the payload backend to generate it.
2013-01-18 16:34:39 -06:00
Tod Beardsley ef97b20cb7 Merge branch 'wds_unattend' 2013-01-18 14:42:00 -06:00
Spencer McIntyre 9f7aafccdf add module to execute commands via Jenkins Script Console 2013-01-18 14:56:52 -05:00
jvazquez-r7 3465aa00bd title updated 2013-01-18 18:42:27 +01:00
jvazquez-r7 75109114df Merge branch 'post_mod_record_mic' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-post_mod_record_mic 2013-01-18 00:25:01 +01:00
Christian Mehlmauer e613c860a5 Added Name and Emailadress 2013-01-17 23:17:14 +01:00
Charles Smith 892899acd5 Fixed loot formatting so data is under the proper column
The credentials table was defined with the columns "User", "Password", "Host", "Port", and "SSL".  Credentials were not added in that order, however. They were added in the order "host, port, user, password, ssl" in this line:

credentials << [cred['host'], cred['port'], cred['user'], cred['password'], cred['ssl']]

I changed the order the columns were defined to fix this.

The permissions table had a similar issue. The "FileWrite" column was missing, so I added it. I also moved the "Home" column to after the "AutoCreate" column. Now the line:

permissions << [perm['host'], perm['user'], perm['dir'], perm['fileread'], perm['filewrite'], perm['filedelete'], perm['fileappend'],perm['dircreate'], perm['dirdelete'], perm['dirlist'], perm['dirsubdirs'], perm['autocreate']]

works correctly.
2013-01-17 16:52:02 -05:00
jvazquez-r7 ef16a7fd24 cleanup 2013-01-17 21:45:13 +01:00
Tod Beardsley a43b218917 Line full of whitespace 2013-01-17 12:43:06 -08:00
jvazquez-r7 670b4e8e06 cleanup 2013-01-17 21:39:41 +01:00
jvazquez-r7 78279a0397 Added new module for cve-2012-5076 2013-01-17 21:27:47 +01:00
jvazquez-r7 d0b9808fc7 Added module for CVE-2012-5088 2013-01-17 21:14:49 +01:00
Charles Smith 624ef9a329 Fixed a typo in the skype_enum module.
"platfom" instead of "platform" fixed.
2013-01-17 14:04:52 -05:00
sinn3r 419b32b742 Can be used against multiple platforms since it supports java 2013-01-17 12:45:03 -06:00