Commit Graph

8452 Commits (ac63965e4dd57e631df17e27fdc29269f63228ad)

Author SHA1 Message Date
kernelsmith 32a5a009d6 change loot type to image/jpg
thanks egypt
2013-01-30 11:28:47 -06:00
sinn3r de544dc3d4 Handle multiple IPs 2013-01-30 11:25:43 -06:00
kernelsmith 6659459de5 del Version ref and change platform windows -> win
per sinner's comments, thanks sinner.
2013-01-30 10:56:49 -06:00
jvazquez-r7 cf6aae7bb7 add checks for enabled services 2013-01-30 17:37:41 +01:00
jvazquez-r7 668520d8d9 added module for cve-2013-1391 2013-01-30 17:22:03 +01:00
kernelsmith 80a0f0694d add 'auto' & 'none' VIEW_CMD, fixed looting, ch defaults 2013-01-30 00:49:48 -06:00
sinn3r c5ab059a1a Really fix the :host key 2013-01-29 18:24:11 -06:00
Tod Beardsley b1f8b87f14 Chmod -x the joomla modules. Also fix a title typo
joomla_pages was incorrectly titled as "Joomla Version Scanner," which
of course is actually joomla_version.
2013-01-29 17:02:43 -06:00
sinn3r 8a9dba2ffe Updates host info 2013-01-29 16:35:36 -06:00
m-1-k-3 ea5e993bf3 initial 2013-01-29 22:02:29 +01:00
Tod Beardsley aaf18f0257 EOL whitespace, yo. 2013-01-29 14:22:30 -06:00
sinn3r 77ea5a40f5 Do report_auth_info 2013-01-29 14:19:42 -06:00
lmercer deb9385181 Patch for smb_relay.rb to allow the share written to, to be defined in an option
As described in Redmine Feature #5455
2013-01-29 15:19:35 -05:00
Tod Beardsley 6002e35460 Merge pull request #1397 from wchen-r7/target_uri_fix
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
Jeff Jarmoc 55600ce276 Update modules/exploits/multi/http/rails_xml_yaml_code_exec.rb
Remove unecessary include.  Tested against rails 3.2.10.
2013-01-29 11:46:02 -06:00
Jeff Jarmoc 929814dabf Update modules/exploits/multi/http/rails_json_yaml_code_exec.rb
Removes unnecessary include.  Tested on 3.0.19 and 2.3.15.
2013-01-29 11:04:20 -06:00
Tod Beardsley e618a2a347 Merge pull request #1405 from rapid7/add/upnp-scanner
Adds CVE reporting to the UPnP scanner
2013-01-28 23:10:14 -08:00
Tod Beardsley f5eaa87c80 comment typo 2013-01-29 01:05:18 -06:00
Tod Beardsley 25ae49154a Added author, vprint dressing-up 2013-01-29 00:55:45 -06:00
HD Moore 358f7cc62f Adds CVE reporting to the UPnP scanner 2013-01-29 00:15:39 -06:00
Tod Beardsley 38785015e1 Missing period in description 2013-01-28 23:08:53 -06:00
lmercer da5436e565 Made changes as described in Redmine issue 7605 2013-01-28 23:29:50 -05:00
James Lee 464d048eca Remove debugging print 2013-01-28 22:25:57 -06:00
James Lee dc19968555 Minor cleanups 2013-01-28 22:21:03 -06:00
James Lee c0757ce905 Add support for 2.x 2013-01-28 21:41:15 -06:00
James Lee 92c736a6a9 Move fork stuff out of exploit into payload mixin
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
James Lee ee2579607a Working against 3.0.19 2013-01-28 21:05:14 -06:00
sinn3r ca70041f32 Adds a post module that loots chap-secrets 2013-01-28 16:23:26 -06:00
sinn3r 1ea1ad3166 Fix the forgotten path() 2013-01-28 14:48:22 -06:00
sinn3r 690ef85ac1 Fix trailing slash problem
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.

Related to: [SeeRM: #7727]
2013-01-28 13:19:31 -06:00
James Lee 044fefd02a Initial support for Java target
Still some debugging junk, needs some more love.
2013-01-28 00:02:26 -06:00
sinn3r 49aac302e6 normalize_uri() breaks URI parsing
Please see: http://dev.metasploit.com/redmine/issues/7727
2013-01-26 22:57:01 -06:00
lmercer b4eed328a7 MySQL login scanner unhandled exception 2013-01-26 01:26:18 -05:00
jvazquez-r7 01b7e3554e fix issue found by newpid0 2013-01-25 22:05:09 +01:00
jvazquez-r7 d0ecb617c3 Merge branch 'joomla-scanner' of https://github.com/Newpid0/metasploit-framework into Newpid0-joomla-scanner 2013-01-25 21:47:05 +01:00
jvazquez-r7 d6e9f891ea Proposal for joomla-scanner 2013-01-25 20:44:49 +01:00
sinn3r 0490b4a853 I wanna know where this thing is stored. 2013-01-25 13:18:28 -06:00
sinn3r f5182b4e6b Merge branch 'titanftp_xcrc_traversal' of github.com:zeknox/metasploit-framework into zeknox-titanftp_xcrc_traversal 2013-01-25 13:15:18 -06:00
sinn3r 0a4fadcb09 Comments don't seem to align properly w/ tabs 2013-01-25 13:07:13 -06:00
sinn3r 7d4e7676ce This file has a MSF license, needs the header 2013-01-25 13:04:20 -06:00
sinn3r a14cd71047 Merge branch 'ms12-020_check.rb' of github.com:zeknox/metasploit-framework into zeknox-ms12-020_check.rb 2013-01-25 12:56:02 -06:00
Brandon McCann 4824d11ff3 removed white space 2013-01-25 12:14:41 -06:00
Brandon McCann 3742fd5a17 duplicate include 2013-01-25 11:58:04 -06:00
Brandon McCann 8578e7cf85 renamed file 2013-01-25 11:55:54 -06:00
Brandon McCann fc3d87ed4c added ms12-020 checker 2013-01-25 10:43:43 -06:00
jvazquez-r7 e32bd8d4e0 Comma deleted 2013-01-25 11:44:08 +01:00
Rob Fuller a204f6fd1b variable typo 2013-01-25 02:18:20 -05:00
Rob Fuller 976e59954c update description 2013-01-25 02:14:42 -05:00
Rob Fuller a9821fce29 add action option for domain user enum 2013-01-25 02:08:30 -05:00
f8lerror dd1ce34ecc Made recommended changes removed short timeout added returns and other small changes 2013-01-24 17:04:22 -05:00
Brandon McCann 15253f23bf added RHOSTS funct 2013-01-24 15:29:35 -06:00
jvazquez-r7 fbbac2bd51 make module msftidy compliant 2013-01-24 21:37:04 +01:00
jvazquez-r7 2419e55603 Merge branch 'feature/rm7581-sudo-improved-with-PASSWORD-option' of https://github.com/lmercer-r7/metasploit-framework into lmercer-r7-feature/rm7581-sudo-improved-with-PASSWORD-option 2013-01-24 21:36:40 +01:00
sinn3r af3a1db4c1 Make better use of ruby regex 2013-01-24 14:16:01 -06:00
sinn3r 077c04d13a Merge branch 'feature/rm6822-cold_fusion_version' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm6822-cold_fusion_version 2013-01-24 13:51:27 -06:00
jvazquez-r7 3faf4b3aca adding sinn3r as author 2013-01-24 18:13:30 +01:00
jvazquez-r7 f1f8782a5d Merge branch 'payload_inject.rb' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-payload_inject.rb 2013-01-24 18:13:00 +01:00
jvazquez-r7 1fc747994e cleanup for linksys_wrt54gl_exec 2013-01-24 17:50:14 +01:00
jvazquez-r7 816bc79d9d Merge branch 'wrt54gl-exec' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-wrt54gl-exec 2013-01-24 17:49:54 +01:00
sinn3r 2cedcad810 Check PID 2013-01-24 10:46:23 -06:00
f8lerror 6cdb1a80de Remove app from fingerprint and blank line 2013-01-24 09:47:20 -05:00
f8lerror bf2b01f8ef Delete a file and strip space 2013-01-24 09:30:04 -05:00
jvazquez-r7 1bccc410a3 Merge branch 'module-movabletype_upgrade_exec' of https://github.com/kacpern/metasploit-framework into kacpern-module-movabletype_upgrade_exec 2013-01-24 15:02:48 +01:00
Kacper Nowak ba41ee9c83 - applied all the changes from #1363
- some extra escaping for the sake of it
- removed the timeout in http_send_raw
2013-01-24 13:15:42 +00:00
jvazquez-r7 96d0b13de2 Merge branch 'excellentrankings' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-excellentrankings 2013-01-24 13:00:01 +01:00
sinn3r 3146b7ce77 Change default target
ExcellentRanking requires the module to auto-target. If the payload
is universal, that works too.
2013-01-23 23:40:47 -06:00
sinn3r 0c0f4a3e66 Lower ranking because they cannot auto-target
In order to be qualified as ExcellentRanking, auto-target is a must,
or the module has to default to a payload that's universal for
multiple platforms.  Otherwise you're wasting time in Pro.
2013-01-23 23:35:31 -06:00
HD Moore 8e09247703 Rename to match the OEM vendor 2013-01-23 21:10:25 -06:00
HD Moore 2c12666f4e Update the vendor to match the OEM source 2013-01-23 21:10:05 -06:00
f8lerror 6e94c04a52 Code Corrections and Enhancements 2013-01-23 20:26:23 -05:00
sinn3r 75f3a62ac4 Explain why we need this empty on_new_session 2013-01-23 16:43:36 -06:00
sinn3r 9c3e9f798f Lower the ranking, because it cannot auto-target.
When it's excellent, Pro will fire this first, and that will only
generate more traffic than actually popping a shell.
2013-01-23 16:39:24 -06:00
sinn3r 53599e4c45 It's better to have a version # in the title, easier to find 2013-01-23 16:32:57 -06:00
sinn3r d1736b8880 Merge branch 'sonicwall_upload' of github.com:julianvilas/metasploit-framework into julianvilas-sonicwall_upload 2013-01-23 16:32:06 -06:00
sinn3r 3418457b9a Small changes (extra comma + typo) 2013-01-23 16:29:25 -06:00
sinn3r 25847e7a2d Merge branch 'master' into module/add-swann-dvr 2013-01-23 16:26:18 -06:00
sinn3r ad108900d5 Why yes I know it's a module 2013-01-23 16:23:41 -06:00
sinn3r 22f7619892 Improve Carlos' payload injection module - See #1201
Lots of changes, mainly:
* Description update
* Avoid accessing protected methods
* More careful exception & return value handling
2013-01-23 16:15:14 -06:00
HD Moore cfde24785c Adds a password grabber module for Swann DVRs 2013-01-23 14:23:58 -06:00
lmercer 3b65f31d95 post/multi/manage/sudo improved with the PASSWORD option
as described in Redmine Feature #7581
2013-01-23 15:23:40 -05:00
sinn3r e93b7ffcaf Add Carlos Perez's payload injection module
See #1201
2013-01-23 14:07:48 -06:00
Tod Beardsley d354982345 Fix grammar on description for webcam 2013-01-23 14:00:34 -06:00
sinn3r f50c7ea551 A version number helps deciding which exploit to use 2013-01-23 11:43:39 -06:00
sinn3r a1f8da9ff6 Merge branch 'master' of github.com:rapid7/metasploit-framework 2013-01-23 11:41:35 -06:00
sinn3r ca144b9e84 msftidy fix 2013-01-23 11:40:12 -06:00
jvazquez-r7 dd0fdac73c fix indent 2013-01-23 18:19:14 +01:00
Kacper Nowak c47392f5d1 normalize_uri and path fix 2013-01-23 16:57:30 +00:00
Kacper Nowak ff875d04e0 - RPATH changed to TARGETURI
- both CVE numbers referenced
- sightly changed exception handling
2013-01-23 16:50:35 +00:00
booboule 8bcf4a86ef Update modules/exploits/multi/browser/java_jre17_method_handle.rb
Wrong reference type (URL instead of OSVDB)
2013-01-23 17:14:53 +01:00
jvazquez-r7 06926fbabb Merge branch 'module-cmd_windows_reverse_perl' of https://github.com/kacpern/metasploit-framework into kacpern-module-cmd_windows_reverse_perl 2013-01-23 16:42:45 +01:00
Kacper Nowak a3fa7cc6bc adjusted disclosure date 2013-01-23 12:49:08 +00:00
jvazquez-r7 e78174297e assuring stdapi loads on meterpreter 2013-01-23 12:44:55 +01:00
Kacper Nowak f691652594 attempt to fix cmd/windows/reverse_perl payload 2013-01-23 11:21:44 +00:00
m-1-k-3 3a5e92ba6f hopefully all fixex included 2013-01-23 12:15:34 +01:00
Kacper Nowak 5d6ca30422 removed spaces at EOL 2013-01-23 10:33:55 +00:00
Kacper Nowak 17d1c9f996 - expanded description
- updated references
2013-01-23 10:29:11 +00:00
jvazquez-r7 9c9a0d1664 Added module for cve-2012-0432 2013-01-23 10:51:29 +01:00
sinn3r 5cfabb0443 Apply the changes I suggested before 2013-01-23 00:15:09 -06:00
sinn3r 1e39c31cc2 Merge branch 'feature/rm6822-coldfusion_locale_traversal' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm6822-coldfusion_locale_traversal 2013-01-23 00:06:35 -06:00
sinn3r 933f807745 Msftidy cleanup + handling return values better 2013-01-22 23:53:00 -06:00
sinn3r dab2952d60 Merge branch 'picasa' of github.com:charles-n2netsec/metasploit-framework into charles-n2netsec-picasa 2013-01-22 22:54:45 -06:00
Charles Smith 9671df4488 Picasa 2 credentials are now also saved as loot
This module used to save only Picasa 3 credentials as loot. Picasa
2 creds were displayed, but not saved. I've updated the module to
save Picasa 2 credentials, and I also updated the output code to
use print_good instead of print_status.
2013-01-22 15:46:47 -05:00
sinn3r 8819059499 Merge branch 'zoneminder_packagecontrol_exec' of github.com:bcoles/metasploit-framework into bcoles-zoneminder_packagecontrol_exec 2013-01-22 14:41:40 -06:00
Robin Wood 20b36cdf7a added extra checking for strict databases 2013-01-22 15:42:23 +00:00
jvazquez-r7 807bd6e88a Merge branch 'java_jre17_glassfish_averagerangestatisticimpl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_glassfish_averagerangestatisticimpl 2013-01-22 15:33:39 +01:00
jvazquez-r7 c498930644 Merge branch 'java_jre17_method_handle' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_method_handle 2013-01-22 15:33:07 +01:00
Kacper Nowak 8a59c7b8fb removed extra print_status() calls 2013-01-22 12:31:40 +00:00
bcoles 970591a85f Add ZoneMinder arbitrary command execution exploit 2013-01-22 22:56:50 +10:30
Kacper Nowak 08a5f467b1 added URL for developer site 2013-01-22 12:14:38 +00:00
Kacper Nowak cd29a88c18 added Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution 2013-01-22 11:58:24 +00:00
jvazquez-r7 08062597b9 fix data added to table 2013-01-22 12:07:16 +01:00
jvazquez-r7 dce4e7fc08 Merge branch 'filezilla_server_bugs' of https://github.com/charles-n2netsec/metasploit-framework into charles-n2netsec-filezilla_server_bugs 2013-01-22 12:06:44 +01:00
jvazquez-r7 516eccdf9a Merge branch 'record_mic_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-record_mic_update 2013-01-22 10:45:36 +01:00
Julian Vilas eb92070df8 added module for CVE-2013-1359 2013-01-22 01:54:41 +01:00
m-1-k-3 11c13500be small fix 2013-01-21 13:41:42 +01:00
m-1-k-3 62ff52280a initial linksys OS command injection 2013-01-21 13:19:29 +01:00
jvazquez-r7 b2c7223108 Cleanup for mysql_file_enum.rb 2013-01-21 12:26:35 +01:00
sinn3r 8b70a94b34 Updates the progress function
Because the previous one was wrong.
2013-01-21 00:30:43 -06:00
f8lerror 5cfe58e8d5 General code review and corrections 2013-01-20 22:33:04 -05:00
Robin Wood 4d5a7a3d4d Brute force directory and file names with MySQL 2013-01-20 21:32:02 +00:00
Robin Wood e7604f80b2 added a warning and using optpath 2013-01-20 21:24:00 +00:00
Robin Wood 6da4b72d85 added a warning and using optpath 2013-01-20 21:23:59 +00:00
Robin Wood ebb0635e0a stopped using fixed table name 2013-01-20 21:23:59 +00:00
Robin Wood fce58ad96d Fixed msftidy stuff 2013-01-20 21:23:58 +00:00
Robin Wood 23d1eb7a80 File/dir brute forcer using MySQL 2013-01-20 21:23:58 +00:00
jvazquez-r7 967c04e727 finally it doesn't use FileDropper atm 2013-01-20 19:54:24 +01:00
jvazquez-r7 76edbb9e1c Merge branch 'module-jenkins-script-console' of https://github.com/zeroSteiner/metasploit-framework into zeroSteiner-module-jenkins-script-console 2013-01-20 19:53:44 +01:00
jvazquez-r7 9769efbf01 references and date updated 2013-01-20 17:38:37 +01:00
bcoles dc318c5aed update php_charts_exec metadata 2013-01-21 02:12:42 +10:30
bcoles f975a42571 move and update php_charts_exec metadata 2013-01-21 02:10:48 +10:30
bcoles 6ae72e4d63 Add PHP-Charts v1.0 PHP Code Execution Exploit 2013-01-20 23:51:17 +10:30
jvazquez-r7 aed71f8446 linux stager plus little cleanup 2013-01-20 13:42:02 +01:00
Meatballs1 dcaf2abc53 Better feedback for x86 2013-01-20 00:22:30 +00:00
Meatballs1 567185ec65 Better cleanup and address comments 2013-01-20 00:19:17 +00:00
Spencer McIntyre 6b40011a6f use target_uri and normalize_uri as well as fix a cookie problem 2013-01-19 19:10:56 -05:00
Meatballs1 771baa3181 Added x64 check and options to info 2013-01-19 23:23:45 +00:00
scriptjunkie 52251867d8 Ensure Windows single payloads use payload backend
This means the singles that define their own assembly will use the payload backend to generate it.
2013-01-18 16:34:39 -06:00
Tod Beardsley ef97b20cb7 Merge branch 'wds_unattend' 2013-01-18 14:42:00 -06:00
Spencer McIntyre 9f7aafccdf add module to execute commands via Jenkins Script Console 2013-01-18 14:56:52 -05:00
jvazquez-r7 3465aa00bd title updated 2013-01-18 18:42:27 +01:00
jvazquez-r7 75109114df Merge branch 'post_mod_record_mic' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-post_mod_record_mic 2013-01-18 00:25:01 +01:00
Christian Mehlmauer e613c860a5 Added Name and Emailadress 2013-01-17 23:17:14 +01:00
Charles Smith 892899acd5 Fixed loot formatting so data is under the proper column
The credentials table was defined with the columns "User", "Password", "Host", "Port", and "SSL".  Credentials were not added in that order, however. They were added in the order "host, port, user, password, ssl" in this line:

credentials << [cred['host'], cred['port'], cred['user'], cred['password'], cred['ssl']]

I changed the order the columns were defined to fix this.

The permissions table had a similar issue. The "FileWrite" column was missing, so I added it. I also moved the "Home" column to after the "AutoCreate" column. Now the line:

permissions << [perm['host'], perm['user'], perm['dir'], perm['fileread'], perm['filewrite'], perm['filedelete'], perm['fileappend'],perm['dircreate'], perm['dirdelete'], perm['dirlist'], perm['dirsubdirs'], perm['autocreate']]

works correctly.
2013-01-17 16:52:02 -05:00
jvazquez-r7 ef16a7fd24 cleanup 2013-01-17 21:45:13 +01:00
Tod Beardsley a43b218917 Line full of whitespace 2013-01-17 12:43:06 -08:00
jvazquez-r7 670b4e8e06 cleanup 2013-01-17 21:39:41 +01:00
jvazquez-r7 78279a0397 Added new module for cve-2012-5076 2013-01-17 21:27:47 +01:00
jvazquez-r7 d0b9808fc7 Added module for CVE-2012-5088 2013-01-17 21:14:49 +01:00
Charles Smith 624ef9a329 Fixed a typo in the skype_enum module.
"platfom" instead of "platform" fixed.
2013-01-17 14:04:52 -05:00
sinn3r 419b32b742 Can be used against multiple platforms since it supports java 2013-01-17 12:45:03 -06:00
sinn3r ff11cfe6e5 Avoid saying "webcam", might be misleading. 2013-01-17 12:30:02 -06:00
sinn3r f351db3621 Implements the record_mic feature as a post module
For easier deployment in the web GUI. Works for Windows meterpreter
and Java meterpreter.
2013-01-17 12:19:52 -06:00
jvazquez-r7 ffd8890ba2 Merge branch 'smb_login_option' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-smb_login_option 2013-01-17 18:15:41 +01:00
f8lerror 0b61d28e0e added Joomla scanner and url wordlist 2013-01-17 11:36:59 -05:00
jvazquez-r7 57359304a3 Merge branch 'webcam' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webcam 2013-01-17 16:56:55 +01:00
jvazquez-r7 09b4a09ce1 module razer_synapse cleanup 2013-01-17 16:53:00 +01:00
jvazquez-r7 99296006c1 Merge branch 'razer_synapse.rb' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-razer_synapse.rb 2013-01-17 16:52:26 +01:00
sinn3r 40ba075655 Implements the webcam feature as a post mod
As a post mod, we can deploy the webcam feature more easily against
multiple sessions in the web gui.
2013-01-17 02:41:16 -06:00
lmercer a701b5eb79 fixed an error that occurred when patching. 2013-01-16 18:21:19 -05:00
lmercer ddd2dbc17b Updated coldfusion_local_traversal as described in Redmine Feature #6822 2013-01-16 17:54:15 -05:00
lmercer 481f2eb791 updated cold_fusion_version from Redmine Feature #6822 2013-01-16 17:23:35 -05:00
jvazquez-r7 51ba500b9f msftidy compliant 2013-01-16 12:28:09 +01:00
jvazquez-r7 49b36710c4 Merge branch 'freesshd_authbypass_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-freesshd_authbypass_update 2013-01-16 12:27:42 +01:00
jvazquez-r7 f6d34b52a5 Merge branch 'verb_auth_bypass_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-verb_auth_bypass_update 2013-01-16 12:19:49 +01:00
jvazquez-r7 2348a0b066 final cleanup and testing 2013-01-16 11:55:14 +01:00
jvazquez-r7 b43242d131 Merge branch 'module-nagios3_history_cgi' of https://github.com/jselvi/metasploit-framework into jselvi-module-nagios3_history_cgi 2013-01-16 11:54:51 +01:00
sinn3r 0f24671cf7 Changes how the usernames are loaded.
Allows usernames to be loaded as a file (wordlist), that way the
it's much easier to manage.  It defaults to unix_users.txt,
because these usernames are common in any SSH hosts out there.
If the user only wants to try a specific user (which is better,
because you reduce traffic noise that way), then he/she can set
the USERNAME option, and that should be the only one tried --
similar to how AuthBrute behaves.

I also fixed the regex in check().
2013-01-16 02:14:52 -06:00
Jose Selvi 064ea63a72 Fixes 2013-01-16 05:22:43 +01:00
smilingraccoon 12e7949183 msftidy change 2013-01-15 21:23:49 -05:00
smilingraccoon b2cd65e283 adding razer_synapse.rb 2013-01-15 21:14:49 -05:00
James Lee 26b40666ce Merge branch 'rapid7' into feature/stage_encoding 2013-01-15 15:10:58 -06:00
sinn3r 9dc42e93e7 Reduce unnecessary indent level 2013-01-15 14:36:41 -06:00
sinn3r 5109cc97fe Add more verbs
[SeeRM: #7138] by jabra
2013-01-15 14:11:53 -06:00
sinn3r b3291c0329 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2013-01-15 14:10:47 -06:00
sinn3r b5167e7695 Merge branch 'add_bap_to_itms_overflow' of github.com:jvennix-r7/metasploit-framework into jvennix-r7-add_bap_to_itms_overflow 2013-01-15 12:25:07 -06:00
sinn3r 6508964171 For consistency with other post modules, also do a store_loot 2013-01-15 12:16:32 -06:00
sinn3r c1794e9195 Merge branch 'bulletproof_ftp_creds' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-bulletproof_ftp_creds 2013-01-15 11:41:42 -06:00
sinn3r 6e6e90d733 Cosmetic changes 2013-01-15 11:36:49 -06:00
sinn3r a06d49a8be Return symbols
STOP_ON_SUCCESS is being ignored because the module's login function
doesn't pass a symbol to the mixin.  This addresses that.
2013-01-15 11:25:02 -06:00
sinn3r 54883da8cd Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2013-01-15 10:25:05 -06:00
Jose Selvi 18f81fd6f4 Nagios3 history.cgi exploit 2013-01-15 15:32:32 +01:00
jvazquez-r7 1e64d36320 avoid begin rescue blocks 2013-01-15 02:05:58 +01:00
James Lee fb19ec1005 Merge branch 'rapid7' into feature/stage_encoding 2013-01-14 15:20:23 -06:00
sinn3r 347cc3f879 Merge branch 'bug/rm7680-psexec_command-convert-nil-into-integer' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-bug/rm7680-psexec_command-convert-nil-into-integer 2013-01-14 15:12:43 -06:00
sinn3r 04b35a38ff Update MSB ref 2013-01-14 14:59:32 -06:00
lmercer a89db93891 psexec_command - Unable to execute specified command: can't convert nil into Integer
Patched as described in Redmine bug #7680
2013-01-14 15:54:40 -05:00
jvazquez-r7 c6c59ace46 final cleanup 2013-01-14 20:53:19 +01:00
jvazquez-r7 5ecb0701ea Merge branch 'freesshd_authbypass' of https://github.com/danielemartini/metasploit-framework into danielemartini-freesshd_authbypass 2013-01-14 20:52:45 +01:00
jvazquez-r7 3eaa07afae documenting magic numbers 2013-01-14 19:43:34 +01:00
jvazquez-r7 530df0acf0 delete comments 2013-01-14 19:22:39 +01:00
jvazquez-r7 57be789f2c Fix comments by egypt 2013-01-14 19:22:02 +01:00
jvazquez-r7 702638a6a3 final cleanup 2013-01-14 17:36:24 +01:00
jvazquez-r7 b0a339708d Merge branch 'w3totalcache' of https://github.com/FireFart/metasploit-framework into FireFart-w3totalcache 2013-01-14 17:35:48 +01:00
Christian Mehlmauer b11fd48b05 implemented juans feedback 2013-01-14 17:06:52 +01:00
Christian Mehlmauer 8b85f7d977 fix msftidy 2013-01-14 14:55:53 +01:00
Christian Mehlmauer 0acbcfd964 fix url path 2013-01-14 14:39:50 +01:00
Christian Mehlmauer c17ee70e66 Use target_uri for the wordpress url 2013-01-14 14:34:34 +01:00
jvazquez-r7 40fc861eee Added post module for BulletProof FTP Client 2013-01-14 13:50:10 +01:00
joe 771fc07264 Change :vuln_test to :os_name for checking OS. 2013-01-14 02:17:40 -06:00
joe efcdb1097c Add BAP options to itms_overflow module. 2013-01-14 01:42:58 -06:00
James Lee b3b68c1b90 Make stage encoding possible
* Fixes a bug in shikata where input greater than 0xffff length would
  still use 16-bit counter
* Short circuits finding bad xor keys if there are no bad characters to
  avoid
* Fixes huge performance issue with large inputs to xor-based encoders
  due to the use of String#+ instead of String#<< in a loop. It now
  takes ~3 seconds on modern hardware to encode a 750kB buffer with
  shikata where it used to take more than 10 minutes. The decoding side
  takes a similar amount of time and will increase the wait between
  sending the second stage and opening a usable session by several
  seconds.

I believe this addresses the intent of pull request 905

[See #905]
2013-01-13 21:07:39 -06:00
Christian Mehlmauer 0c95938b1d Added a request to force db caching 2013-01-13 20:12:37 +01:00
Daniele Martini 04fe1dae11 Added module for Freesshd Authentication Bypass (CVE-2012-6066)
This module works against FreeSSHD <= 1.2.6. Tested against
password and public key authentication methods. It will generate
a random key and password.

To use it you need to know a valid username. The module contains
a basic bruteforce methods, so you can specify more than one to try.
2013-01-13 17:08:04 +01:00
Christian Mehlmauer 27f100d37c fix email 2013-01-12 14:24:29 +01:00
Christian Mehlmauer d36c966931 spaces 2013-01-12 14:22:38 +01:00
Christian Mehlmauer 93b5980210 fix 2013-01-12 14:13:54 +01:00
Christian Mehlmauer 0b8094eb5d w3_total_cache 2013-01-12 14:09:59 +01:00
kernelsmith 0b130e49e7 Squashed commit of the following:
commit 1beebe758c32a277e0a77f7d1011a56fda707732
Author: kernelsmith <kernelsmith@kernelsmith>
Date:   Fri Jan 11 17:55:27 2013 -0600

    fixes missing word in descript. of rails exploit

    simple omission fix in description

[Closes #1295]
2013-01-11 19:02:06 -06:00
sinn3r ef6eec949c Move impersonate_ssl
To 'gather', because it grabs stuff, not scans.
2013-01-11 17:22:27 -06:00
sinn3r 4546d147d0 Merge branch 'master' of github.com:stephenfewer/metasploit-framework into stephenfewer-master 2013-01-11 01:43:45 -06:00
sinn3r 4adf429c31 Adds one more ref 2013-01-11 01:33:26 -06:00
sinn3r 23ef8280be Merge branch 'java_0day_refs' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-java_0day_refs
Conflicts:
	modules/exploits/multi/browser/java_jre17_jmxbean.rb
2013-01-11 01:33:11 -06:00
HD Moore 6471a70053 Pass the X-HTTP-Method-Override parameter for compat 2013-01-10 20:27:13 -06:00
sinn3r e709811c5a CVE update 2013-01-10 19:51:04 -06:00
jvazquez-r7 2c05af721c module also updated with refs 2013-01-11 00:57:05 +01:00
jvazquez-r7 6a7f8758e0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-01-11 00:14:22 +01:00
jvazquez-r7 8c5847a13c Make output compatible with an scanner module 2013-01-11 00:10:15 +01:00
HD Moore 9c652d1d55 Add a note about ruby 1.9 requirements 2013-01-10 17:10:03 -06:00
jvazquez-r7 0e950997e6 Merge branch 'wordpress-pingback-access' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-wordpress-pingback-access 2013-01-10 23:57:22 +01:00
James Lee c89b2b2ec6 Once more, with feeling 2013-01-10 15:29:54 -06:00
James Lee 7fd3440c1a Fix hd's attempt to rename ruby payloads 2013-01-10 15:25:50 -06:00
James Lee 4fcb8b6f8d Revert "Rename again to be consistent with payload naming"
This reverts commit 0fa2fcd811.
2013-01-10 15:24:25 -06:00
HD Moore 0fa2fcd811 Rename again to be consistent with payload naming 2013-01-10 14:16:37 -06:00
HD Moore 88b08087bf Renamed and made more robust 2013-01-10 14:05:29 -06:00
Stephen Fewer 8e6e1bc164 open up the bloxor encoder. 2013-01-10 17:39:40 +00:00
smilingraccoon 0c58a118ff Found the issue I believe, fixed two issues. One with 301/302 responses getting a bad URI due to switch from ip to dns in location header and other from res.to_s rather than res.body being passed to regex 2013-01-10 11:32:48 -05:00
smilingraccoon fc5a0e22b2 stupid push, forgot to remove test puts 2013-01-10 10:43:57 -05:00
smilingraccoon ed9d290a85 added status messages, made var blog_posts initalize as nil rather than empty string 2013-01-10 10:41:25 -05:00
Bouke van der Bijl 3b491ab998 Change charlisome in the list of authors to charliesome 2013-01-10 16:12:07 +01:00
smilingraccoon 5bafd6ddcc added status message 2013-01-10 09:43:37 -05:00
HD Moore 42ea64c21b Merge in Rails2 support now that its in master 2013-01-10 02:14:08 -06:00
HD Moore 0b74f98946 Rescue errors and update credits 2013-01-10 01:06:46 -06:00
HD Moore e05f4ba927 Thread wrappers were causing instant session closure 2013-01-10 00:41:58 -06:00
HD Moore 1e94b090e7 The __END__ trick is no longer needed 2013-01-10 00:29:11 -06:00
HD Moore acabc14ec3 This restores functionality across all rails 3.x 2013-01-10 00:28:12 -06:00
HD Moore 0e92de8f61 This works against a wider range of RoR 3.x targets 2013-01-10 00:10:26 -06:00
jvazquez-r7 ea000d6ee0 updated authors 2013-01-10 20:48:54 +01:00
jvazquez-r7 876d889d82 added exploit for j7u10 0day 2013-01-10 20:30:43 +01:00
HD Moore 5e7a4f154e Fix platform/arch 2013-01-09 23:24:37 -06:00
HD Moore e15c731651 Clarify credit 2013-01-09 23:22:40 -06:00
HD Moore 4c1e501ed0 Exploit for CVE-2013-0156 and new ruby-platform modules 2013-01-09 23:10:13 -06:00
jvazquez-r7 ad3ca3a6bb regex to check version fixed 2013-01-09 23:48:55 +01:00
jvazquez-r7 5901058a61 Merge branch 'ms11_081' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms11_081 2013-01-09 23:24:14 +01:00
sinn3r 2776047553 Merge branch 'smb_cap' of github.com:Meatballs1/metasploit-framework into Meatballs1-smb_cap 2013-01-09 16:09:35 -06:00
sinn3r fe8b9c24cf Merge branch 'jvazquez-r7-honeywell_tema_exec' 2013-01-09 16:08:19 -06:00
sinn3r f3b88d34c1 Add MS11-081 2013-01-09 15:52:33 -06:00
jvazquez-r7 5fe2f967da this rescue is done in the mixin 2013-01-09 21:28:06 +01:00
HD Moore 07f8eb6a07 Fix up a typo 2013-01-09 13:05:27 -06:00
HD Moore adb4c89602 Add a scanner module for CVE-2013-0156 2013-01-09 12:50:38 -06:00
jvazquez-r7 52157b9124 extplorer_upload_exec cleanup 2013-01-09 19:45:17 +01:00
jvazquez-r7 8f91352c4a Merge branch 'extplorer_upload_exec' of https://github.com/bcoles/metasploit-framework into bcoles-extplorer_upload_exec 2013-01-09 19:44:43 +01:00
jvazquez-r7 7a1a9985d5 Merge branch 'mysql_login_exceptions' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mysql_login_exceptions 2013-01-09 18:21:03 +01:00
smilingraccoon a0a4ef843b added error msgs to rescue 2013-01-09 11:22:36 -05:00
Meatballs 4cadffc06a msftidy 2013-01-09 10:37:40 +00:00
Meatballs 46139849a9 Move to .empty? over length 2013-01-09 10:36:06 +00:00
Meatballs a8400030f8 Also correct outut of hash when length is 0 2013-01-09 10:26:57 +00:00
Meatballs d36fcd5441 Fix smb capture error 2013-01-09 09:50:21 +00:00
jvazquez-r7 736f8db6c0 Deleting from browser autopwn 2013-01-09 09:58:20 +01:00
jvazquez-r7 377905be7f Avoid FileDropper in this case 2013-01-09 09:15:38 +01:00
sinn3r 4e70f7d888 Merge branch 'bug/rm7139-smtp_enum-false-positive' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-bug/rm7139-smtp_enum-false-positive 2013-01-09 01:13:43 -06:00
Thomas McCarthy f45739933e Update modules/auxiliary/scanner/http/wordpress_pingback_access.rb
Changed name var in initialize
2013-01-08 19:20:02 -05:00
jvazquez-r7 52982c0785 Added BrowserAutopwn info 2013-01-08 19:53:34 +01:00
jvazquez-r7 0e475dfce1 improvements and testing 2013-01-08 19:43:58 +01:00
lmercer 69485ba261 made changes as specified in Redmine Bug #7139 2013-01-08 12:14:57 -05:00
jvazquez-r7 b2575f0526 Added module for OSVDB 76681 2013-01-08 17:46:31 +01:00
Joshua J. Drake 3ceb313752 Fixes format string issue in smb_login - FixRM #7657 2013-01-07 22:17:49 -06:00
Joshua J. Drake c74d258509 Revert "Fixes format string issue in smb_login - FixRM #7657"
Will replay on separate branch.

This reverts commit a12b628ccc.
2013-01-07 22:03:57 -06:00
Joshua J. Drake 60987de854 Merge branch 'master' of github.com:rapid7/metasploit-framework 2013-01-07 21:20:20 -06:00
Joshua J. Drake a12b628ccc Fixes format string issue in smb_login - FixRM #7657 2013-01-07 21:20:09 -06:00
sinn3r 2a1ab2c99a Improve the module 2013-01-07 19:03:58 -06:00
sinn3r 1d3c1ec7fc Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master 2013-01-07 19:03:35 -06:00
Charlie Eriksen 4e0fca6d0f Adding DB error handling
As per sinn3r's suggestion, adding handling for the most common MySQL
errors.

Also adding HostNotPrivileged, which I encountered during my testing.
2013-01-07 23:52:13 +00:00
sinn3r 5bc1066c69 Change how modules use the mysql login functions 2013-01-07 16:12:10 -06:00
sinn3r a59c474e3e Merge branch 'jvazquez-r7-ibm_cognos_tm1admsd_bof' 2013-01-07 13:34:52 -06:00
smilingraccoon 9f69dbbd30 update unless statements, targeturi, and resolve var 2013-01-07 13:17:49 -05:00
Tod Beardsley 36adf86184 Various and sundry fixes for normalize_uri 2013-01-07 12:02:08 -06:00
Tod Beardsley 6a9445966a Caught missing paren 2013-01-07 11:21:55 -06:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Charlie Eriksen a8df3d71ff Changes based on Sinn3r's feedback
A bucket-load of changes!

- Added a fallback for if there is no Set-Cookie header
- Added a check if the cookie we produce is simply empty, meaning we
failed something :(
- Removed use of flatten. Though I may look into making that extraction
better
- Changed cgi requests to use vars_(post|get)
- Clarified a few status prints
- A few EOL space fixes
2013-01-06 12:34:27 +00:00
Charlie Eriksen a5113f0da4 Adding a check function
Because it makes sense. The non-vulnerable versions doesn't have
/libs/pdf.php.

So pretty simple.
2013-01-05 18:37:29 +00:00
Charlie Eriksen ae72022777 Improvement for CVE 2012-4915
Made two tiny improvements based on Meatballs' points

- Added handling for 127.0.0.1 as DB_HOST
- Added a note in the description about it changing the pasword
2013-01-05 18:23:00 +00:00
Charlie Eriksen 25cadf8b87 Adding exploit for CVE 2012-4915
Initial commit.

Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00
jvazquez-r7 883b3446f3 license text 2013-01-05 08:03:25 +01:00
jvazquez-r7 0a13f01f23 Added module for ZDI-12-101 2013-01-05 07:40:32 +01:00
smilingraccoon 0de23a7edb fixed description 2013-01-04 21:16:56 -05:00
smilingraccoon e35afdce5d added wordpress-pingback scanner 2013-01-04 20:59:33 -05:00
smilingraccoon 3936725958 added wordpress-pingback scanner 2013-01-04 20:44:40 -05:00
Christian Mehlmauer 6654faf55e Msftidy fixes 2013-01-04 09:29:34 +01:00
sinn3r b50e040e69 Fix e-mail format, and the extra comma 2013-01-04 01:11:40 -06:00
sinn3r d17a6f99e5 Merge branch 'feature/deprecated-module-mixin' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/deprecated-module-mixin 2013-01-04 00:38:01 -06:00
sinn3r 6d4abe947d Merge branch 'id_revision' of github.com:FireFart/metasploit-framework into FireFart-id_revision 2013-01-04 00:23:03 -06:00
sinn3r 6f50410e5f Merge branch 'patch-1' of github.com:mubix/metasploit-framework into mubix-patch-1 2013-01-03 17:51:54 -06:00
sinn3r 38de5d63d8 Merge branch 'master' of github.com:rapid7/metasploit-framework 2013-01-03 17:49:24 -06:00
Christian Mehlmauer 8f2dd8e2ce msftidy: Remove $Revision$ 2013-01-04 00:48:10 +01:00
sinn3r b061a0f9c1 Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof 2013-01-03 17:45:24 -06:00
Christian Mehlmauer 25aaf7a676 msftidy: Remove $Id$ 2013-01-04 00:41:44 +01:00
jvazquez-r7 a0b4045b4b trying to fix the variable offset length 2013-01-04 00:25:34 +01:00
James Lee 9e912a23ff Merge branch 'rapid7' into FireFart-msftidy_aux_1 2013-01-03 16:54:25 -06:00
James Lee aa9f7dac6a Merge branch 'rapid7' into tkisason-patch-1 2013-01-03 16:13:32 -06:00
sinn3r 724fa62019 Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof 2013-01-03 15:35:29 -06:00
Tonimir Kisasondi 39e81fb07f Update modules/auxiliary/scanner/http/wordpress_login_enum.rb
Simple fix for msfconsole start error.
2013-01-03 21:52:10 +01:00
sinn3r 6fd35482cc This exploit should be in browser auto pwn 2013-01-03 14:45:00 -06:00
James Lee 011ff18c98 Remove $ 2013-01-03 14:06:32 -06:00
James Lee 233378f0fb Remove stupid debugging load() 2013-01-03 14:05:45 -06:00
jvazquez-r7 9cea2d9af9 reference updated 2013-01-03 19:39:18 +01:00
jvazquez-r7 45808a3a44 Added module for ZDI-11-350 2013-01-03 19:17:45 +01:00
sinn3r 06b937ec11 Implements WTFUzz's no-spray technique
Do not try to bend the spoon, that is impossible. Instead, only
try to realize the truth: there is no spoon.
2013-01-03 11:57:47 -06:00
sinn3r fedd9f29a0 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2013-01-03 11:56:56 -06:00
Tod Beardsley 1406f7cb0a Msftidy on sap_router_info_request 2013-01-03 10:55:11 -06:00
Christian Mehlmauer 8cada447b2 msftidy: remove $Id$ 2013-01-03 10:21:10 +01:00
James Lee d9947a1515 Add a mixin for marking deprecated modules
* This mixin standardizes the previously ad-hoc deprecation warnings on
  modules that have been moved.

* Uses the mixin in 3 existing modules that already have (or should have
  had) deprecation warnings.
2013-01-02 19:14:44 -06:00
Christian Mehlmauer e4a6669927 msftidy: remove $Revision$ 2013-01-03 01:05:45 +01:00
Christian Mehlmauer 4d8a2a0885 msftidy: remove $Revision$ 2013-01-03 01:01:18 +01:00
Christian Mehlmauer 95948b9d7c msftidy: remove $Revision$ 2013-01-03 00:58:09 +01:00
Christian Mehlmauer ca890369b1 msftidy: remove $Id$ 2013-01-03 00:54:48 +01:00
sinn3r c86c6f1ba0 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2013-01-02 17:26:42 -06:00
jvazquez-r7 758edd7aed make msftidy happy 2013-01-03 00:02:03 +01:00
Charlie Eriksen 97253d46a1 Multiple change for Juan
Incooperated changes as per Juan's suggestions.

- Removed redundant space option for the payload
- Doing the uri more intelligently
- Detecting allow_url_include being disabled and reporting it
- Moved to unix/webapp
- Removed redundant handler call
- Adding to description that this requires allow_url_include to be
enabled
2013-01-02 21:19:06 +00:00
Charlie Eriksen 78c6d04b31 Fixing from crlf to lf
By accident the line endings changed to crlf.

Mihi pointed out that the last diff was funky because the commit by
accident had crlf rather than the lf from the initial commits.

Also adding an email, as per the HACKING guide and since hdm pointed out
the usefulness of it.
2013-01-02 20:14:09 +00:00
Charlie Eriksen ef3f15e881 Adding a PLUGINSPATH option
Adding a PUGINSPATH option as per FireFart's comment.

Because the path to plugins(and wp-content) can be changed, I've added a
PLUGINSPATH options.
This allows for targeting of sites where either folder has been moved,
by specifying the relative path to where all plugins are stored.
2013-01-02 18:56:49 +00:00
Rob Fuller 88d12da3db hilight positive results in WebDAV scanner
As suggested by Lee Baird
2013-01-02 13:27:25 -05:00
Charlie Eriksen 6fb2130265 Adding a damn space
It suddenly jumped at me that there was a missing space in the module
info. Couldn't unsee.
2013-01-01 23:40:01 +00:00
Charlie Eriksen 4ba5b45ad3 Fixed the check
Turns out the export returns a 500 by default. Fixing.
2013-01-01 23:15:10 +00:00
Charlie Eriksen dd0482cb9d Code style fix!
Now variable names are in-line with the coding guidelines!
2013-01-01 23:01:14 +00:00
Charlie Eriksen 2fe2d5d3dd Adding exploit for OSVDB 87353
Adding an exploit for OSVDB 87353, which allows for a remote file
inclusion in the Advanced Custom Fields plugin for Wordpress. and shell
given that url include is enabled in the php installation.
2013-01-01 22:52:55 +00:00
sinn3r 38157b86a9 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2012-12-31 11:15:44 -06:00
sinn3r f7543e18fe Your def of commit apparently is a little different than mine, git. 2012-12-31 00:35:13 -06:00
sinn3r 2b3f7c4430 Module rename
Sorry, Tod, this must be done.
2012-12-31 00:29:19 -06:00
sinn3r 5703274bc4 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2012-12-30 20:34:57 -06:00
sinn3r 1084334d5e Randomness 2012-12-30 20:34:14 -06:00
sinn3r 7cb42a5eb4 Add BID ref 2012-12-30 18:14:22 -06:00
sinn3r cc52e2c533 Where's Juan's name? 2012-12-30 12:58:16 -06:00
jvazquez-r7 14f21c0a29 using the rop as expected 2012-12-30 16:13:48 +01:00
jvazquez-r7 eed5a74f32 description updated and reference added 2012-12-30 16:08:01 +01:00
bcoles 8e543cf5f5 Add eXtplorer v2.1 auth bypass exploit module 2012-12-30 23:51:41 +10:30
Christian Mehlmauer f7d6594314 re-deleted comma 2012-12-30 13:39:14 +01:00
jvazquez-r7 6be8ed6168 readd fix for #1219 2012-12-30 13:25:42 +01:00
jvazquez-r7 cd58cc73d9 fixed rop chain for w2003 2012-12-30 13:12:55 +01:00
Christian Mehlmauer cab84b5c27 Fix for issue #1219 2012-12-30 13:02:13 +01:00
Christian Mehlmauer dcf018c339 Comma 2012-12-30 12:54:44 +01:00
Christian Mehlmauer 14d197eeb2 Added Windows Server 2003 2012-12-30 11:35:29 +01:00
jvazquez-r7 6cb9106218 Added module for CVE-2012-4792 2012-12-30 01:46:56 +01:00
sinn3r 33ea21e415 Merge branch '403labs-zgrace-wordpress_login_enum' 2012-12-28 17:47:05 -06:00
sinn3r d92b3bd2e1 Apply fixes 2012-12-28 17:46:17 -06:00
Tod Beardsley e5eb8c6301 Fix connected in sap_router_info_request
See #1028 comments
2012-12-28 16:34:59 -06:00
sinn3r 2746a57093 Merge branch 'zgrace-wordpress_login_enum' of git://github.com/403labs/metasploit-framework into 403labs-zgrace-wordpress_login_enum 2012-12-28 15:42:09 -06:00
Tod Beardsley 3daea913b1 Merge branch 'sap_router_info_request' 2012-12-28 15:22:44 -06:00
Tod Beardsley 35604ac1aa Normalizing caps and expanding description a bit
Be nice to have a couple more lines on the description
2012-12-28 15:12:40 -06:00
Tod Beardsley 5d7197d8ba Moved shout outs, organized includes
include Msf::Exploit::Remote::Tcp must precede the include for the
Scanner mixin -- otherwise you end up with some undesired effects, like
having an RHOST and RHOSTS on the datastore.

Also, took out the block of shout outs and gave references and credits
to the people / url's mentioned.
2012-12-28 14:51:23 -06:00
sinn3r eb2037bdba Merge branch 'inotes_dwa85w_bof' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-inotes_dwa85w_bof 2012-12-28 12:16:06 -06:00