dab2952d60
Merge branch 'picasa' of github.com:charles-n2netsec/metasploit-framework into charles-n2netsec-picasa
2013-01-22 22:54:45 -06:00
9671df4488
Picasa 2 credentials are now also saved as loot
...
This module used to save only Picasa 3 credentials as loot. Picasa
2 creds were displayed, but not saved. I've updated the module to
save Picasa 2 credentials, and I also updated the output code to
use print_good instead of print_status.
2013-01-22 15:46:47 -05:00
8819059499
Merge branch 'zoneminder_packagecontrol_exec' of github.com:bcoles/metasploit-framework into bcoles-zoneminder_packagecontrol_exec
2013-01-22 14:41:40 -06:00
20b36cdf7a
added extra checking for strict databases
2013-01-22 15:42:23 +00:00
807bd6e88a
Merge branch 'java_jre17_glassfish_averagerangestatisticimpl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_glassfish_averagerangestatisticimpl
2013-01-22 15:33:39 +01:00
c498930644
Merge branch 'java_jre17_method_handle' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_method_handle
2013-01-22 15:33:07 +01:00
8a59c7b8fb
removed extra print_status() calls
2013-01-22 12:31:40 +00:00
970591a85f
Add ZoneMinder arbitrary command execution exploit
2013-01-22 22:56:50 +10:30
08a5f467b1
added URL for developer site
2013-01-22 12:14:38 +00:00
cd29a88c18
added Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
2013-01-22 11:58:24 +00:00
08062597b9
fix data added to table
2013-01-22 12:07:16 +01:00
dce4e7fc08
Merge branch 'filezilla_server_bugs' of https://github.com/charles-n2netsec/metasploit-framework into charles-n2netsec-filezilla_server_bugs
2013-01-22 12:06:44 +01:00
516eccdf9a
Merge branch 'record_mic_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-record_mic_update
2013-01-22 10:45:36 +01:00
eb92070df8
added module for CVE-2013-1359
2013-01-22 01:54:41 +01:00
11c13500be
small fix
2013-01-21 13:41:42 +01:00
62ff52280a
initial linksys OS command injection
2013-01-21 13:19:29 +01:00
b2c7223108
Cleanup for mysql_file_enum.rb
2013-01-21 12:26:35 +01:00
8b70a94b34
Updates the progress function
...
Because the previous one was wrong.
2013-01-21 00:30:43 -06:00
5cfe58e8d5
General code review and corrections
2013-01-20 22:33:04 -05:00
4d5a7a3d4d
Brute force directory and file names with MySQL
2013-01-20 21:32:02 +00:00
e7604f80b2
added a warning and using optpath
2013-01-20 21:24:00 +00:00
6da4b72d85
added a warning and using optpath
2013-01-20 21:23:59 +00:00
ebb0635e0a
stopped using fixed table name
2013-01-20 21:23:59 +00:00
fce58ad96d
Fixed msftidy stuff
2013-01-20 21:23:58 +00:00
23d1eb7a80
File/dir brute forcer using MySQL
2013-01-20 21:23:58 +00:00
967c04e727
finally it doesn't use FileDropper atm
2013-01-20 19:54:24 +01:00
76edbb9e1c
Merge branch 'module-jenkins-script-console' of https://github.com/zeroSteiner/metasploit-framework into zeroSteiner-module-jenkins-script-console
2013-01-20 19:53:44 +01:00
9769efbf01
references and date updated
2013-01-20 17:38:37 +01:00
dc318c5aed
update php_charts_exec metadata
2013-01-21 02:12:42 +10:30
f975a42571
move and update php_charts_exec metadata
2013-01-21 02:10:48 +10:30
6ae72e4d63
Add PHP-Charts v1.0 PHP Code Execution Exploit
2013-01-20 23:51:17 +10:30
aed71f8446
linux stager plus little cleanup
2013-01-20 13:42:02 +01:00
dcaf2abc53
Better feedback for x86
2013-01-20 00:22:30 +00:00
567185ec65
Better cleanup and address comments
2013-01-20 00:19:17 +00:00
6b40011a6f
use target_uri and normalize_uri as well as fix a cookie problem
2013-01-19 19:10:56 -05:00
771baa3181
Added x64 check and options to info
2013-01-19 23:23:45 +00:00
52251867d8
Ensure Windows single payloads use payload backend
...
This means the singles that define their own assembly will use the payload backend to generate it.
2013-01-18 16:34:39 -06:00
ef97b20cb7
Merge branch 'wds_unattend'
2013-01-18 14:42:00 -06:00
9f7aafccdf
add module to execute commands via Jenkins Script Console
2013-01-18 14:56:52 -05:00
3465aa00bd
title updated
2013-01-18 18:42:27 +01:00
75109114df
Merge branch 'post_mod_record_mic' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-post_mod_record_mic
2013-01-18 00:25:01 +01:00
e613c860a5
Added Name and Emailadress
2013-01-17 23:17:14 +01:00
892899acd5
Fixed loot formatting so data is under the proper column
...
The credentials table was defined with the columns "User", "Password", "Host", "Port", and "SSL". Credentials were not added in that order, however. They were added in the order "host, port, user, password, ssl" in this line:
credentials << [cred['host'], cred['port'], cred['user'], cred['password'], cred['ssl']]
I changed the order the columns were defined to fix this.
The permissions table had a similar issue. The "FileWrite" column was missing, so I added it. I also moved the "Home" column to after the "AutoCreate" column. Now the line:
permissions << [perm['host'], perm['user'], perm['dir'], perm['fileread'], perm['filewrite'], perm['filedelete'], perm['fileappend'],perm['dircreate'], perm['dirdelete'], perm['dirlist'], perm['dirsubdirs'], perm['autocreate']]
works correctly.
2013-01-17 16:52:02 -05:00
ef16a7fd24
cleanup
2013-01-17 21:45:13 +01:00
a43b218917
Line full of whitespace
2013-01-17 12:43:06 -08:00
670b4e8e06
cleanup
2013-01-17 21:39:41 +01:00
78279a0397
Added new module for cve-2012-5076
2013-01-17 21:27:47 +01:00
d0b9808fc7
Added module for CVE-2012-5088
2013-01-17 21:14:49 +01:00
624ef9a329
Fixed a typo in the skype_enum module.
...
"platfom" instead of "platform" fixed.
2013-01-17 14:04:52 -05:00
419b32b742
Can be used against multiple platforms since it supports java
2013-01-17 12:45:03 -06:00
ff11cfe6e5
Avoid saying "webcam", might be misleading.
2013-01-17 12:30:02 -06:00
f351db3621
Implements the record_mic feature as a post module
...
For easier deployment in the web GUI. Works for Windows meterpreter
and Java meterpreter.
2013-01-17 12:19:52 -06:00
ffd8890ba2
Merge branch 'smb_login_option' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-smb_login_option
2013-01-17 18:15:41 +01:00
0b61d28e0e
added Joomla scanner and url wordlist
2013-01-17 11:36:59 -05:00
57359304a3
Merge branch 'webcam' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webcam
2013-01-17 16:56:55 +01:00
09b4a09ce1
module razer_synapse cleanup
2013-01-17 16:53:00 +01:00
99296006c1
Merge branch 'razer_synapse.rb' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-razer_synapse.rb
2013-01-17 16:52:26 +01:00
40ba075655
Implements the webcam feature as a post mod
...
As a post mod, we can deploy the webcam feature more easily against
multiple sessions in the web gui.
2013-01-17 02:41:16 -06:00
a701b5eb79
fixed an error that occurred when patching.
2013-01-16 18:21:19 -05:00
ddd2dbc17b
Updated coldfusion_local_traversal as described in Redmine Feature #6822
2013-01-16 17:54:15 -05:00
481f2eb791
updated cold_fusion_version from Redmine Feature #6822
2013-01-16 17:23:35 -05:00
51ba500b9f
msftidy compliant
2013-01-16 12:28:09 +01:00
49b36710c4
Merge branch 'freesshd_authbypass_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-freesshd_authbypass_update
2013-01-16 12:27:42 +01:00
f6d34b52a5
Merge branch 'verb_auth_bypass_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-verb_auth_bypass_update
2013-01-16 12:19:49 +01:00
2348a0b066
final cleanup and testing
2013-01-16 11:55:14 +01:00
b43242d131
Merge branch 'module-nagios3_history_cgi' of https://github.com/jselvi/metasploit-framework into jselvi-module-nagios3_history_cgi
2013-01-16 11:54:51 +01:00
0f24671cf7
Changes how the usernames are loaded.
...
Allows usernames to be loaded as a file (wordlist), that way the
it's much easier to manage. It defaults to unix_users.txt,
because these usernames are common in any SSH hosts out there.
If the user only wants to try a specific user (which is better,
because you reduce traffic noise that way), then he/she can set
the USERNAME option, and that should be the only one tried --
similar to how AuthBrute behaves.
I also fixed the regex in check().
2013-01-16 02:14:52 -06:00
064ea63a72
Fixes
2013-01-16 05:22:43 +01:00
12e7949183
msftidy change
2013-01-15 21:23:49 -05:00
b2cd65e283
adding razer_synapse.rb
2013-01-15 21:14:49 -05:00
26b40666ce
Merge branch 'rapid7' into feature/stage_encoding
2013-01-15 15:10:58 -06:00
9dc42e93e7
Reduce unnecessary indent level
2013-01-15 14:36:41 -06:00
5109cc97fe
Add more verbs
...
[SeeRM: #7138 ] by jabra
2013-01-15 14:11:53 -06:00
b3291c0329
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2013-01-15 14:10:47 -06:00
b5167e7695
Merge branch 'add_bap_to_itms_overflow' of github.com:jvennix-r7/metasploit-framework into jvennix-r7-add_bap_to_itms_overflow
2013-01-15 12:25:07 -06:00
6508964171
For consistency with other post modules, also do a store_loot
2013-01-15 12:16:32 -06:00
c1794e9195
Merge branch 'bulletproof_ftp_creds' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-bulletproof_ftp_creds
2013-01-15 11:41:42 -06:00
6e6e90d733
Cosmetic changes
2013-01-15 11:36:49 -06:00
a06d49a8be
Return symbols
...
STOP_ON_SUCCESS is being ignored because the module's login function
doesn't pass a symbol to the mixin. This addresses that.
2013-01-15 11:25:02 -06:00
54883da8cd
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2013-01-15 10:25:05 -06:00
18f81fd6f4
Nagios3 history.cgi exploit
2013-01-15 15:32:32 +01:00
1e64d36320
avoid begin rescue blocks
2013-01-15 02:05:58 +01:00
fb19ec1005
Merge branch 'rapid7' into feature/stage_encoding
2013-01-14 15:20:23 -06:00
347cc3f879
Merge branch 'bug/rm7680-psexec_command-convert-nil-into-integer' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-bug/rm7680-psexec_command-convert-nil-into-integer
2013-01-14 15:12:43 -06:00
04b35a38ff
Update MSB ref
2013-01-14 14:59:32 -06:00
a89db93891
psexec_command - Unable to execute specified command: can't convert nil into Integer
...
Patched as described in Redmine bug #7680
2013-01-14 15:54:40 -05:00
c6c59ace46
final cleanup
2013-01-14 20:53:19 +01:00
5ecb0701ea
Merge branch 'freesshd_authbypass' of https://github.com/danielemartini/metasploit-framework into danielemartini-freesshd_authbypass
2013-01-14 20:52:45 +01:00
3eaa07afae
documenting magic numbers
2013-01-14 19:43:34 +01:00
530df0acf0
delete comments
2013-01-14 19:22:39 +01:00
57be789f2c
Fix comments by egypt
2013-01-14 19:22:02 +01:00
702638a6a3
final cleanup
2013-01-14 17:36:24 +01:00
b0a339708d
Merge branch 'w3totalcache' of https://github.com/FireFart/metasploit-framework into FireFart-w3totalcache
2013-01-14 17:35:48 +01:00
b11fd48b05
implemented juans feedback
2013-01-14 17:06:52 +01:00
8b85f7d977
fix msftidy
2013-01-14 14:55:53 +01:00
0acbcfd964
fix url path
2013-01-14 14:39:50 +01:00
c17ee70e66
Use target_uri for the wordpress url
2013-01-14 14:34:34 +01:00
40fc861eee
Added post module for BulletProof FTP Client
2013-01-14 13:50:10 +01:00
771fc07264
Change :vuln_test to :os_name for checking OS.
2013-01-14 02:17:40 -06:00
efcdb1097c
Add BAP options to itms_overflow module.
2013-01-14 01:42:58 -06:00
b3b68c1b90
Make stage encoding possible
...
* Fixes a bug in shikata where input greater than 0xffff length would
still use 16-bit counter
* Short circuits finding bad xor keys if there are no bad characters to
avoid
* Fixes huge performance issue with large inputs to xor-based encoders
due to the use of String#+ instead of String#<< in a loop. It now
takes ~3 seconds on modern hardware to encode a 750kB buffer with
shikata where it used to take more than 10 minutes. The decoding side
takes a similar amount of time and will increase the wait between
sending the second stage and opening a usable session by several
seconds.
I believe this addresses the intent of pull request 905
[See #905 ]
2013-01-13 21:07:39 -06:00
0c95938b1d
Added a request to force db caching
2013-01-13 20:12:37 +01:00
04fe1dae11
Added module for Freesshd Authentication Bypass (CVE-2012-6066)
...
This module works against FreeSSHD <= 1.2.6. Tested against
password and public key authentication methods. It will generate
a random key and password.
To use it you need to know a valid username. The module contains
a basic bruteforce methods, so you can specify more than one to try.
2013-01-13 17:08:04 +01:00
27f100d37c
fix email
2013-01-12 14:24:29 +01:00
d36c966931
spaces
2013-01-12 14:22:38 +01:00
93b5980210
fix
2013-01-12 14:13:54 +01:00
0b8094eb5d
w3_total_cache
2013-01-12 14:09:59 +01:00
0b130e49e7
Squashed commit of the following:
...
commit 1beebe758c32a277e0a77f7d1011a56fda707732
Author: kernelsmith <kernelsmith@kernelsmith>
Date: Fri Jan 11 17:55:27 2013 -0600
fixes missing word in descript. of rails exploit
simple omission fix in description
[Closes #1295 ]
2013-01-11 19:02:06 -06:00
ef6eec949c
Move impersonate_ssl
...
To 'gather', because it grabs stuff, not scans.
2013-01-11 17:22:27 -06:00
4546d147d0
Merge branch 'master' of github.com:stephenfewer/metasploit-framework into stephenfewer-master
2013-01-11 01:43:45 -06:00
4adf429c31
Adds one more ref
2013-01-11 01:33:26 -06:00
23ef8280be
Merge branch 'java_0day_refs' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-java_0day_refs
...
Conflicts:
modules/exploits/multi/browser/java_jre17_jmxbean.rb
2013-01-11 01:33:11 -06:00
6471a70053
Pass the X-HTTP-Method-Override parameter for compat
2013-01-10 20:27:13 -06:00
e709811c5a
CVE update
2013-01-10 19:51:04 -06:00
2c05af721c
module also updated with refs
2013-01-11 00:57:05 +01:00
6a7f8758e0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-01-11 00:14:22 +01:00
8c5847a13c
Make output compatible with an scanner module
2013-01-11 00:10:15 +01:00
9c652d1d55
Add a note about ruby 1.9 requirements
2013-01-10 17:10:03 -06:00
0e950997e6
Merge branch 'wordpress-pingback-access' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-wordpress-pingback-access
2013-01-10 23:57:22 +01:00
c89b2b2ec6
Once more, with feeling
2013-01-10 15:29:54 -06:00
7fd3440c1a
Fix hd's attempt to rename ruby payloads
2013-01-10 15:25:50 -06:00
4fcb8b6f8d
Revert "Rename again to be consistent with payload naming"
...
This reverts commit 0fa2fcd811
2013-01-10 15:24:25 -06:00
0fa2fcd811
Rename again to be consistent with payload naming
2013-01-10 14:16:37 -06:00
88b08087bf
Renamed and made more robust
2013-01-10 14:05:29 -06:00
8e6e1bc164
open up the bloxor encoder.
2013-01-10 17:39:40 +00:00
0c58a118ff
Found the issue I believe, fixed two issues. One with 301/302 responses getting a bad URI due to switch from ip to dns in location header and other from res.to_s rather than res.body being passed to regex
2013-01-10 11:32:48 -05:00
fc5a0e22b2
stupid push, forgot to remove test puts
2013-01-10 10:43:57 -05:00
ed9d290a85
added status messages, made var blog_posts initalize as nil rather than empty string
2013-01-10 10:41:25 -05:00
3b491ab998
Change charlisome in the list of authors to charliesome
2013-01-10 16:12:07 +01:00
5bafd6ddcc
added status message
2013-01-10 09:43:37 -05:00
42ea64c21b
Merge in Rails2 support now that its in master
2013-01-10 02:14:08 -06:00
0b74f98946
Rescue errors and update credits
2013-01-10 01:06:46 -06:00
e05f4ba927
Thread wrappers were causing instant session closure
2013-01-10 00:41:58 -06:00
1e94b090e7
The __END__ trick is no longer needed
2013-01-10 00:29:11 -06:00
acabc14ec3
This restores functionality across all rails 3.x
2013-01-10 00:28:12 -06:00
0e92de8f61
This works against a wider range of RoR 3.x targets
2013-01-10 00:10:26 -06:00
ea000d6ee0
updated authors
2013-01-10 20:48:54 +01:00
876d889d82
added exploit for j7u10 0day
2013-01-10 20:30:43 +01:00
5e7a4f154e
Fix platform/arch
2013-01-09 23:24:37 -06:00
e15c731651
Clarify credit
2013-01-09 23:22:40 -06:00
4c1e501ed0
Exploit for CVE-2013-0156 and new ruby-platform modules
2013-01-09 23:10:13 -06:00
ad3ca3a6bb
regex to check version fixed
2013-01-09 23:48:55 +01:00
5901058a61
Merge branch 'ms11_081' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms11_081
2013-01-09 23:24:14 +01:00
2776047553
Merge branch 'smb_cap' of github.com:Meatballs1/metasploit-framework into Meatballs1-smb_cap
2013-01-09 16:09:35 -06:00
fe8b9c24cf
Merge branch 'jvazquez-r7-honeywell_tema_exec'
2013-01-09 16:08:19 -06:00
f3b88d34c1
Add MS11-081
2013-01-09 15:52:33 -06:00
5fe2f967da
this rescue is done in the mixin
2013-01-09 21:28:06 +01:00
07f8eb6a07
Fix up a typo
2013-01-09 13:05:27 -06:00
adb4c89602
Add a scanner module for CVE-2013-0156
2013-01-09 12:50:38 -06:00
52157b9124
extplorer_upload_exec cleanup
2013-01-09 19:45:17 +01:00
8f91352c4a
Merge branch 'extplorer_upload_exec' of https://github.com/bcoles/metasploit-framework into bcoles-extplorer_upload_exec
2013-01-09 19:44:43 +01:00
7a1a9985d5
Merge branch 'mysql_login_exceptions' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mysql_login_exceptions
2013-01-09 18:21:03 +01:00
a0a4ef843b
added error msgs to rescue
2013-01-09 11:22:36 -05:00
4cadffc06a
msftidy
2013-01-09 10:37:40 +00:00
46139849a9
Move to .empty? over length
2013-01-09 10:36:06 +00:00
a8400030f8
Also correct outut of hash when length is 0
2013-01-09 10:26:57 +00:00
d36fcd5441
Fix smb capture error
2013-01-09 09:50:21 +00:00
736f8db6c0
Deleting from browser autopwn
2013-01-09 09:58:20 +01:00
377905be7f
Avoid FileDropper in this case
2013-01-09 09:15:38 +01:00
4e70f7d888
Merge branch 'bug/rm7139-smtp_enum-false-positive' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-bug/rm7139-smtp_enum-false-positive
2013-01-09 01:13:43 -06:00
f45739933e
Update modules/auxiliary/scanner/http/wordpress_pingback_access.rb
...
Changed name var in initialize
2013-01-08 19:20:02 -05:00
52982c0785
Added BrowserAutopwn info
2013-01-08 19:53:34 +01:00
0e475dfce1
improvements and testing
2013-01-08 19:43:58 +01:00
69485ba261
made changes as specified in Redmine Bug #7139
2013-01-08 12:14:57 -05:00
b2575f0526
Added module for OSVDB 76681
2013-01-08 17:46:31 +01:00
3ceb313752
Fixes format string issue in smb_login - FixRM #7657
2013-01-07 22:17:49 -06:00
c74d258509
Revert "Fixes format string issue in smb_login - FixRM #7657"
...
Will replay on separate branch.
This reverts commit a12b628ccc
2013-01-07 22:03:57 -06:00
60987de854
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-01-07 21:20:20 -06:00
a12b628ccc
Fixes format string issue in smb_login - FixRM #7657
2013-01-07 21:20:09 -06:00
2a1ab2c99a
Improve the module
2013-01-07 19:03:58 -06:00
1d3c1ec7fc
Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master
2013-01-07 19:03:35 -06:00
4e0fca6d0f
Adding DB error handling
...
As per sinn3r's suggestion, adding handling for the most common MySQL
errors.
Also adding HostNotPrivileged, which I encountered during my testing.
2013-01-07 23:52:13 +00:00
5bc1066c69
Change how modules use the mysql login functions
2013-01-07 16:12:10 -06:00
a59c474e3e
Merge branch 'jvazquez-r7-ibm_cognos_tm1admsd_bof'
2013-01-07 13:34:52 -06:00
9f69dbbd30
update unless statements, targeturi, and resolve var
2013-01-07 13:17:49 -05:00
36adf86184
Various and sundry fixes for normalize_uri
2013-01-07 12:02:08 -06:00
6a9445966a
Caught missing paren
2013-01-07 11:21:55 -06:00
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
a8df3d71ff
Changes based on Sinn3r's feedback
...
A bucket-load of changes!
- Added a fallback for if there is no Set-Cookie header
- Added a check if the cookie we produce is simply empty, meaning we
failed something :(
- Removed use of flatten. Though I may look into making that extraction
better
- Changed cgi requests to use vars_(post|get)
- Clarified a few status prints
- A few EOL space fixes
2013-01-06 12:34:27 +00:00
a5113f0da4
Adding a check function
...
Because it makes sense. The non-vulnerable versions doesn't have
/libs/pdf.php.
So pretty simple.
2013-01-05 18:37:29 +00:00
ae72022777
Improvement for CVE 2012-4915
...
Made two tiny improvements based on Meatballs' points
- Added handling for 127.0.0.1 as DB_HOST
- Added a note in the description about it changing the pasword
2013-01-05 18:23:00 +00:00
25cadf8b87
Adding exploit for CVE 2012-4915
...
Initial commit.
Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00
883b3446f3
license text
2013-01-05 08:03:25 +01:00
0a13f01f23
Added module for ZDI-12-101
2013-01-05 07:40:32 +01:00
0de23a7edb
fixed description
2013-01-04 21:16:56 -05:00
e35afdce5d
added wordpress-pingback scanner
2013-01-04 20:59:33 -05:00
3936725958
added wordpress-pingback scanner
2013-01-04 20:44:40 -05:00
6654faf55e
Msftidy fixes
2013-01-04 09:29:34 +01:00
b50e040e69
Fix e-mail format, and the extra comma
2013-01-04 01:11:40 -06:00
d17a6f99e5
Merge branch 'feature/deprecated-module-mixin' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/deprecated-module-mixin
2013-01-04 00:38:01 -06:00
6d4abe947d
Merge branch 'id_revision' of github.com:FireFart/metasploit-framework into FireFart-id_revision
2013-01-04 00:23:03 -06:00
6f50410e5f
Merge branch 'patch-1' of github.com:mubix/metasploit-framework into mubix-patch-1
2013-01-03 17:51:54 -06:00
38de5d63d8
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-01-03 17:49:24 -06:00
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
b061a0f9c1
Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof
2013-01-03 17:45:24 -06:00
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
a0b4045b4b
trying to fix the variable offset length
2013-01-04 00:25:34 +01:00
9e912a23ff
Merge branch 'rapid7' into FireFart-msftidy_aux_1
2013-01-03 16:54:25 -06:00
aa9f7dac6a
Merge branch 'rapid7' into tkisason-patch-1
2013-01-03 16:13:32 -06:00
724fa62019
Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof
2013-01-03 15:35:29 -06:00
39e81fb07f
Update modules/auxiliary/scanner/http/wordpress_login_enum.rb
...
Simple fix for msfconsole start error.
2013-01-03 21:52:10 +01:00
6fd35482cc
This exploit should be in browser auto pwn
2013-01-03 14:45:00 -06:00
011ff18c98
Remove $
2013-01-03 14:06:32 -06:00
233378f0fb
Remove stupid debugging load()
2013-01-03 14:05:45 -06:00
9cea2d9af9
reference updated
2013-01-03 19:39:18 +01:00
45808a3a44
Added module for ZDI-11-350
2013-01-03 19:17:45 +01:00
06b937ec11
Implements WTFUzz's no-spray technique
...
Do not try to bend the spoon, that is impossible. Instead, only
try to realize the truth: there is no spoon.
2013-01-03 11:57:47 -06:00
fedd9f29a0
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2013-01-03 11:56:56 -06:00
1406f7cb0a
Msftidy on sap_router_info_request
2013-01-03 10:55:11 -06:00
8cada447b2
msftidy: remove $Id$
2013-01-03 10:21:10 +01:00
d9947a1515
Add a mixin for marking deprecated modules
...
* This mixin standardizes the previously ad-hoc deprecation warnings on
modules that have been moved.
* Uses the mixin in 3 existing modules that already have (or should have
had) deprecation warnings.
2013-01-02 19:14:44 -06:00
e4a6669927
msftidy: remove $Revision$
2013-01-03 01:05:45 +01:00
4d8a2a0885
msftidy: remove $Revision$
2013-01-03 01:01:18 +01:00
95948b9d7c
msftidy: remove $Revision$
2013-01-03 00:58:09 +01:00
ca890369b1
msftidy: remove $Id$
2013-01-03 00:54:48 +01:00
c86c6f1ba0
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2013-01-02 17:26:42 -06:00
758edd7aed
make msftidy happy
2013-01-03 00:02:03 +01:00
97253d46a1
Multiple change for Juan
...
Incooperated changes as per Juan's suggestions.
- Removed redundant space option for the payload
- Doing the uri more intelligently
- Detecting allow_url_include being disabled and reporting it
- Moved to unix/webapp
- Removed redundant handler call
- Adding to description that this requires allow_url_include to be
enabled
2013-01-02 21:19:06 +00:00
78c6d04b31
Fixing from crlf to lf
...
By accident the line endings changed to crlf.
Mihi pointed out that the last diff was funky because the commit by
accident had crlf rather than the lf from the initial commits.
Also adding an email, as per the HACKING guide and since hdm pointed out
the usefulness of it.
2013-01-02 20:14:09 +00:00
ef3f15e881
Adding a PLUGINSPATH option
...
Adding a PUGINSPATH option as per FireFart's comment.
Because the path to plugins(and wp-content) can be changed, I've added a
PLUGINSPATH options.
This allows for targeting of sites where either folder has been moved,
by specifying the relative path to where all plugins are stored.
2013-01-02 18:56:49 +00:00
88d12da3db
hilight positive results in WebDAV scanner
...
As suggested by Lee Baird
2013-01-02 13:27:25 -05:00
6fb2130265
Adding a damn space
...
It suddenly jumped at me that there was a missing space in the module
info. Couldn't unsee.
2013-01-01 23:40:01 +00:00
4ba5b45ad3
Fixed the check
...
Turns out the export returns a 500 by default. Fixing.
2013-01-01 23:15:10 +00:00
dd0482cb9d
Code style fix!
...
Now variable names are in-line with the coding guidelines!
2013-01-01 23:01:14 +00:00
2fe2d5d3dd
Adding exploit for OSVDB 87353
...
Adding an exploit for OSVDB 87353, which allows for a remote file
inclusion in the Advanced Custom Fields plugin for Wordpress. and shell
given that url include is enabled in the php installation.
2013-01-01 22:52:55 +00:00
38157b86a9
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-31 11:15:44 -06:00
f7543e18fe
Your def of commit apparently is a little different than mine, git.
2012-12-31 00:35:13 -06:00
2b3f7c4430
Module rename
...
Sorry, Tod, this must be done.
2012-12-31 00:29:19 -06:00
5703274bc4
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-30 20:34:57 -06:00
1084334d5e
Randomness
2012-12-30 20:34:14 -06:00
7cb42a5eb4
Add BID ref
2012-12-30 18:14:22 -06:00
cc52e2c533
Where's Juan's name?
2012-12-30 12:58:16 -06:00
14f21c0a29
using the rop as expected
2012-12-30 16:13:48 +01:00
eed5a74f32
description updated and reference added
2012-12-30 16:08:01 +01:00
8e543cf5f5
Add eXtplorer v2.1 auth bypass exploit module
2012-12-30 23:51:41 +10:30
f7d6594314
re-deleted comma
2012-12-30 13:39:14 +01:00
6be8ed6168
readd fix for #1219
2012-12-30 13:25:42 +01:00
cd58cc73d9
fixed rop chain for w2003
2012-12-30 13:12:55 +01:00
cab84b5c27
Fix for issue #1219
2012-12-30 13:02:13 +01:00
dcf018c339
Comma
2012-12-30 12:54:44 +01:00
14d197eeb2
Added Windows Server 2003
2012-12-30 11:35:29 +01:00
6cb9106218
Added module for CVE-2012-4792
2012-12-30 01:46:56 +01:00
33ea21e415
Merge branch '403labs-zgrace-wordpress_login_enum'
2012-12-28 17:47:05 -06:00
d92b3bd2e1
Apply fixes
2012-12-28 17:46:17 -06:00
e5eb8c6301
Fix connected in sap_router_info_request
...
See #1028 comments
2012-12-28 16:34:59 -06:00
2746a57093
Merge branch 'zgrace-wordpress_login_enum' of git://github.com/403labs/metasploit-framework into 403labs-zgrace-wordpress_login_enum
2012-12-28 15:42:09 -06:00
3daea913b1
Merge branch 'sap_router_info_request'
2012-12-28 15:22:44 -06:00
35604ac1aa
Normalizing caps and expanding description a bit
...
Be nice to have a couple more lines on the description
2012-12-28 15:12:40 -06:00
5d7197d8ba
Moved shout outs, organized includes
...
include Msf::Exploit::Remote::Tcp must precede the include for the
Scanner mixin -- otherwise you end up with some undesired effects, like
having an RHOST and RHOSTS on the datastore.
Also, took out the block of shout outs and gave references and credits
to the people / url's mentioned.
2012-12-28 14:51:23 -06:00
eb2037bdba
Merge branch 'inotes_dwa85w_bof' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-inotes_dwa85w_bof
2012-12-28 12:16:06 -06:00
e778730a6a
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-28 10:32:31 -06:00
9ffb0dcf79
switch to some random data
2012-12-28 12:48:36 +01:00
8f62cd5561
swith to some random data
2012-12-28 12:47:20 +01:00
af61438b0b
added module for zdi-12-132
2012-12-28 11:45:32 +01:00
8ea5c993a2
added module for zdi-12-134
2012-12-28 11:44:30 +01:00
707784f2ae
Last fix
2012-12-28 03:46:59 -06:00
fc4da53be4
More fixes
2012-12-28 03:27:04 -06:00
ddd4b7ef60
Applying fixes
2012-12-28 02:26:40 -06:00
5369f88c5d
Merge branch 'local_admin_search_enum.rb' of git://github.com/zeknox/metasploit-framework into zeknox-local_admin_search_enum.rb
...
Conflicts:
modules/post/windows/gather/local_admin_search_enum.rb
2012-12-28 02:25:39 -06:00
c2586d0907
Instead of raising, offer advice on BPF filtering
...
Many people don't know how to disable ICMP echo responses off the top of
their head. However, the problem is solvable with a decent BPF filter.
2012-12-27 15:18:18 -06:00
c6533621a0
Oops removing debug prints
2012-12-27 14:58:52 -06:00
c695f429d5
Mirror upstream PacketFu fix on ICMP size
2012-12-27 14:56:49 -06:00
121353b360
Fixing EOLs to unix
...
In vim:
:set fileformat=unix
:wq
ta-da
2012-12-27 13:54:50 -06:00
9fa6c9f4c4
Merge remote branch 'ChrisJohnRiley/icmp_exfil' into icmp_exfil
2012-12-27 13:52:19 -06:00
30c1286795
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-27 10:45:19 -06:00
0f6b72dad5
Final touchup
2012-12-26 21:16:04 -06:00
919d6daa41
Even if there's password, we should prolly keep the username
2012-12-26 21:14:26 -06:00
4ce1df2214
Change module title for consistency
2012-12-26 21:13:02 -06:00
da49f67079
Only show the password when exists
2012-12-26 21:10:52 -06:00
d3d595da95
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 21:08:03 -06:00
6e520e7a2a
converted split into a scan
2012-12-26 21:06:48 -06:00
eb424195ca
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 20:42:24 -06:00
e3c1d5a5c0
fixed config.close bug
2012-12-26 20:40:11 -06:00
17b41adfec
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 20:35:46 -06:00
b71729bf5f
fixed multi stored creds issue
2012-12-26 20:32:41 -06:00
6ecaabc9cc
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 20:08:34 -06:00
d70d2c4a19
typo
2012-12-26 19:54:35 -06:00
bcc651a1b2
modified password parsing, and utf encoding
2012-12-26 19:49:25 -06:00
c75f48b404
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 18:58:34 -06:00
073565c001
modified port and sname in db logging
2012-12-26 18:33:10 -06:00
b483e76065
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 18:03:24 -06:00
7147e7a09b
added spark_im post exploit module
2012-12-26 17:28:23 -06:00
771460fa4c
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-26 11:35:52 -06:00
d2dc7ebc2d
Merge branch 'feature/windows-postgres-payload-dll' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/windows-postgres-payload-dll
2012-12-26 11:18:21 -06:00
8223df375d
Avoid making the title sound too generic.
2012-12-26 11:15:37 -06:00
0b2ea3e55e
Fix weird tabs vs spaces prob
2012-12-26 11:14:48 -06:00
e895ccb6b1
added random string functions
2012-12-25 18:13:02 +01:00
fec989026f
Added module for CVE-2012-5691
2012-12-25 18:05:10 +01:00
2682908ff2
Small corrections here and there
2012-12-24 18:20:46 -06:00
6a3bf6a2a6
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-24 17:57:02 -06:00
38f0886058
James has more modules that need to be updated.
...
e-mail update.
2012-12-24 17:51:58 -06:00
5b8492fc0d
module cleanup by juan
2012-12-24 23:26:40 +01:00
ac6f34dc09
module name renamed
2012-12-24 23:26:06 +01:00
bf036c97ad
added initial submission from james fitts
2012-12-24 23:25:25 +01:00
d4bdf1b6b4
Added user name enumeration based on author id enumeration
2012-12-24 16:09:03 -06:00
7173c9b598
update james email address
2012-12-24 22:46:47 +01:00
d69e506221
Final changes
2012-12-24 15:08:52 -06:00
3d27397429
This error will still show even if we get a shell
2012-12-24 15:06:15 -06:00
0950240d9a
module cleanup by juan
2012-12-24 18:59:45 +01:00
9020c96373
module renamed
2012-12-24 18:59:25 +01:00
09568f255e
Submission by James Fitts
2012-12-24 18:58:53 +01:00
076c8aa995
Merge branch 'nullbind-mssql_linkcrawler'
2012-12-24 11:14:28 -06:00
677b9718da
Finalizing module
2012-12-24 11:13:51 -06:00
0822e8eae2
Merge branch 'kost-mipsle-shell_reverse_tcp'
2012-12-24 10:52:19 -06:00
4c897c5181
added module for ZDI-12-154
2012-12-24 16:23:19 +01:00
d2e3e5defb
Merge branch 'jlee-r7-cleanup/post-windows-services'
2012-12-22 13:29:48 -06:00
ae4f434691
Handle RequestError
...
Some registry-retrieving functions will return nil when a
RequestError exception is raised, and that's the exception we
should be handling.
2012-12-22 13:10:44 -06:00
e423351de3
Merge branch 'darkoperator_checkvm_more_checks' of git://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator_checkvm_more_checks
2012-12-22 12:40:33 -06:00
e15cf9f288
Merge branch 'netwin_surgeftp_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-netwin_surgeftp_exec
2012-12-22 15:50:07 +01:00
1ca85e2fff
fix indentation and EOL spaces
2012-12-22 10:42:43 -04:00
ddb9871577
refactor for use of registry mixin and will now create a note for the hypervisor
2012-12-22 10:27:54 -04:00
d97a63a94c
Make changes based on juan and egypt's feedback
2012-12-22 02:35:22 -06:00
20cc2fa38d
Make Windows postgres_payload more generic
...
* Adds Exploit::EXE to windows/postgres/postgres_payload. This gives us
the ability to use generate_payload_dll() which generates a generic dll
that spawns rundll32 and runs the shellcode in that process. This is
basically what the linux version accomplishes by compiling the .so on
the fly. On major advantage of this is that the resulting DLL will
work on pretty much any version of postgres
* Adds Exploit::FileDropper to windows version as well. This gives us
the ability to delete the dll via the resulting session, which works
because the template dll contains code to shove the shellcode into a
new rundll32 process and exit, thus leaving the file closed after
Postgres calls FreeLibrary.
* Adds pre-auth fingerprints for 9.1.5 and 9.1.6 on Ubuntu and 9.2.1 on
Windows
* Adds a check method to both Windows and Linux versions that simply
makes sure that the given credentials work against the target service.
* Replaces the version-specific lo_create method with a generic
technique that works on both 9.x and 8.x
* Fixes a bug when targeting 9.x; "language C" in the UDF creation query
gets downcased and subsequently causes postgres to error out before
opening the DLL
* Cleans up lots of rdoc in Exploit::Postgres
2012-12-22 00:30:09 -06:00
9b768a2c62
Merge branch 'cleanup/post-windows-services' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-cleanup/post-windows-services
2012-12-21 23:42:17 -06:00
49248c79d6
Oops, didn't mean to keep these lines
2012-12-21 22:22:58 -06:00
924f5283ae
Improvements to checkvm
...
- Added additional checks for Hyper-V
- Added additional checks for VMware
- Removed $Id$ and $Revision$ (Confirmed with Todb on it)
2012-12-21 22:11:57 -04:00
9af8c9b457
Small corrections
2012-12-21 18:52:40 -06:00
ca72132fc0
Add a check
2012-12-21 16:23:31 -06:00
1323081bce
msftidy cleanup
2012-12-21 16:11:16 -06:00
529a3c9a63
Add Netwin SurgeFTP module
2012-12-21 16:10:27 -06:00
d5f08a2405
Added module for CVE-2012-6329 for foswiki
2012-12-21 22:08:08 +01:00
02782258eb
fix eol for ms12_004_midi
2012-12-21 21:01:39 +01:00
ff4b959c04
Merge branch 'ms12_004_leaky_icky' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms12_004_leaky_icky
2012-12-21 21:01:05 +01:00
e9c00488fa
Return value does not need to be checked, says zeknox
2012-12-21 13:00:08 -06:00
115ad9ae33
Small corrections
2012-12-21 12:56:44 -06:00
6ac5f2b6a2
Merge branch 'twiki_maketext' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-twiki_maketext
2012-12-21 11:15:49 -06:00
2c4d517e75
Merge branch 'useragent_cleanup' of git://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-useragent_cleanup
2012-12-21 11:14:06 -06:00
3c398d0e62
Final cleanup
2012-12-21 10:46:36 -06:00
4c58991c89
Cleanup ROP a little
2012-12-21 10:35:28 -06:00
e95f0267c6
Update for some leaky icky
2012-12-21 10:03:38 -06:00
413b75cd8b
Fixed crash issues with unescape
...
Added better formatting to avoid pages of output
2012-12-21 12:07:14 +01:00
76cad3dd4c
Added module for CVE-2012-6329
2012-12-21 11:30:04 +01:00
e237512bd7
Cleaned up the SAP modules as they are all sending double user-agent strings (also added OptEnum where appropriate)
2012-12-21 10:47:45 +01:00
b3c0c6175d
FixRM #3398 by removing double user-agent headers
2012-12-20 14:45:18 -06:00
e8cf26390a
Msftidy
2012-12-20 16:34:10 +00:00
761d83ac0c
Tidyup and user options
2012-12-20 16:29:21 +00:00
26f561795d
fix cmd windows ruby payloads
2012-12-20 00:50:02 +01:00
4595a96ece
updated CVE and OSVDB wikka_spam_exec references
2012-12-19 16:42:47 -05:00
37524c7965
Make sure return vals are handled correctly.
2012-12-19 09:45:01 -06:00
d91e566d54
Further refactoring
2012-12-19 09:06:58 +00:00
cfcd1ead54
Merge branch 'netlm_downgrade.rb' of git://github.com/zeknox/metasploit-framework into zeknox-netlm_downgrade.rb
2012-12-19 02:22:00 -06:00
2818e53cbf
Merge branch 'indusoft_issymbol_internationalseparator' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-indusoft_issymbol_internationalseparator
2012-12-18 18:16:31 -06:00
592de9b39e
Something tells me charles wanna try 5 times, not 6 times.
2012-12-18 18:10:15 -06:00
ba242e1809
Merge branch 'master' of git://github.com/charles-n2netsec/metasploit-framework into charles-n2netsec-master
2012-12-18 18:01:28 -06:00
f820ffb32d
update authors
2012-12-18 23:57:29 +01:00
8a07d2e53d
Added module for ZDI-12-168
2012-12-18 23:48:53 +01:00
7145078e63
Merge branch 'mipsle-shell_reverse_tcp' of git://github.com/kost/metasploit-framework into kost-mipsle-shell_reverse_tcp
2012-12-18 11:50:41 -06:00
cad8abef48
msftidy cleanup
2012-12-18 11:46:27 -06:00
860ebbcfb1
Merge branch 'master' into averagesecurityguy-master
2012-12-18 11:45:41 -06:00
0344c568fd
Merge branch 'smb_fixes' of git://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-smb_fixes
2012-12-18 11:38:14 -06:00
9825b07df8
Merge branch 'sap_soap_rfc_dbmcli_sxpg_command_exec' of git://github.com/nmonkee/metasploit-framework into nmonkee-sap_soap_rfc_dbmcli_sxpg_command_exec
2012-12-18 01:12:50 -06:00
fa42d0c7fe
Fixed minor spelling errors
2012-12-17 15:18:08 -07:00
88f02e0016
Merge branch 'jvazquez-r7-crystal_reports_printcontrol'
2012-12-17 13:52:11 -06:00
9198e0dc05
Merge branch 'crystal_reports_printcontrol' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-crystal_reports_printcontrol
2012-12-17 13:40:41 -06:00
37f7122006
NameError undefined local variable or method output - fixed
2012-12-17 19:34:36 +00:00
10511e8281
Merge remote branch 'origin/bug/fix-double-slashes'
...
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
3ed36bd66a
trying to fix stability issues on w7
2012-12-17 19:17:36 +01:00
378038afab
Merge remote-tracking branch 'upstream/master' into wldap32_railgun
2012-12-17 17:23:43 +00:00
6a92bd609a
Tidying and refactoring
2012-12-17 15:29:04 +00:00
b5fd3463d7
Initial working AD_LDAP lookup
2012-12-17 14:07:35 +00:00
37ce92afb1
Merge branch 'crystal_reports_printcontrol' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-crystal_reports_printcontrol
2012-12-16 16:15:24 -06:00
bce7d48931
comment updated
2012-12-14 23:55:12 +01:00
0a0b26dc2c
after study the crash after the overflow...
2012-12-14 23:54:44 +01:00
53a2fda608
Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler
2012-12-14 15:23:25 -06:00
12472756aa
Merge branch 'master' into bug/safari-metadata-version
2012-12-14 12:52:18 -06:00
3e3f35419b
Added module for CVE-2010-2590
2012-12-14 12:50:29 +01:00
eb972eaf0a
Add a maxver for the safari_metadata_archive exploit.
...
* Apple Security Update 2006-001 (http://support.apple.com/kb/TA23971 )
* Update applied to 10.4.5, where safari 2.0.3 is default browser.
* Because update did not bump Safari version, not all 2.0.3 browsers will be affected.
2012-12-14 02:17:25 -06:00
d2885d9045
Correct US Cert references
2012-12-13 14:19:53 -06:00
3127808f76
Revert/remove unnecessary files
2012-12-13 11:02:54 +00:00
6dd6174221
Migrate enum_unattend to unattend parser lib
2012-12-13 10:58:05 +00:00
7a1ca528f2
Revert always_install_elevated file to upstream
2012-12-13 10:53:29 +00:00
e60d10bd3d
Repackage as single module pull
2012-12-13 09:40:36 +00:00
a23ebaee9f
Merge remote-tracking branch 'upstream/master'
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
2012-12-13 08:31:04 +00:00
67829756f8
fixed errors
2012-12-12 17:45:02 -06:00
e762ca0d9b
Merge remote branch 'jlee-r7/midnitesnake-postgres_payload'
2012-12-12 15:30:56 -06:00
d6e2c3970d
Merge branch 'dmaloney-r7-feature/winrm_compat_mode'
2012-12-12 14:39:49 -06:00
a69a4fbbce
Extra spaces, be gone.
2012-12-12 14:38:00 -06:00
3a481c8e42
Merge branch 'feature/winrm_compat_mode' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/winrm_compat_mode
2012-12-12 14:31:04 -06:00
5856874cea
Login check fixes for exploit
2012-12-12 14:18:41 -06:00
482846942a
Fix: download_exec appends an extra / to request
...
The download_exec module parses the provided URL and appends an
unnecessary, nay--damaging I say!!!! '/' to the parsed URI. This
renders the module unusable for those who want a payload to
download and execute a file.
Before and after access.log snippets are in the redmine ticket
http://dev.metasploit.com/redmine/issues/7592
2012-12-12 14:01:31 -06:00
b465d20d61
Merge branch 'feature/winrm_compat_mode' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/winrm_compat_mode
2012-12-12 11:59:23 -06:00
5e8b9a20a4
Fix boneheaded mistake
2012-12-12 09:18:03 -06:00
3e81fb2002
last cleanup for steam.rb
2012-12-12 11:48:46 +01:00
87f6b8bc89
Merge branch 'master' of https://github.com/nikolai-r/metasploit-framework into nikolai-r-master
2012-12-12 11:48:26 +01:00
f642aa67f9
CLeanup redundant code.
2012-12-12 00:00:27 -05:00
f7cf75063d
Cleanup and use Post::File api. Use store_loot for data collection
2012-12-11 23:41:50 -05:00
8f388eb226
fixing if typo
2012-12-11 23:28:21 +01:00
b5b5667539
Merge branch 'symantec_brightmail' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-symantec_brightmail
2012-12-11 23:27:56 +01:00
0ca1dbd14e
Account for the timeout condition
2012-12-11 16:24:42 -06:00
3f4efea879
No twitter name, please.
2012-12-11 14:52:39 -06:00
20ea56e4b9
fixed type @wchen-r7 found
...
hopefully didn't miss any others
2012-12-11 15:29:53 -05:00
717799cffd
fix typos
...
negotiate spelled wrong in a couple spots
and only 3 g's in loggging
2012-12-11 15:00:21 -05:00
343a785420
Add OSVDB references
2012-12-11 12:47:08 -06:00
ceb6f81165
Merge branch 'ektron_xslt_exec_nicob' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ektron_xslt_exec_nicob
2012-12-11 12:40:45 -06:00
461f057c95
Merge branch 'loggedin_users' of https://github.com/R3dy/metasploit-framework into R3dy-loggedin_users
2012-12-11 17:33:31 +01:00
2eb4de815d
added c# code by Nicolas Gregoire
2012-12-11 16:33:41 +01:00
44633c4f5b
deleted incorrect cve ref
2012-12-11 12:16:47 +01:00
fdb457d82b
Merge branch 'refs_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-refs_update
2012-12-11 12:16:06 +01:00
6512eb4783
Merge branch 'naming_corrections' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-naming_corrections
2012-12-11 11:55:51 +01:00
283d37f2e3
Correct naming style
...
In order to match naming style consistency
2012-12-11 01:12:29 -06:00
b315a4eee4
Grammar
2012-12-11 00:19:15 -06:00
e3a126aa75
Added module for ZDI-10-174
2012-12-11 01:37:44 +01:00
25d888bebb
Add CVE-2012-4347 Symantec Messaging Gateway Log File Download
2012-12-10 18:09:29 -06:00
31e2a164a9
MySQL file priv gets a ref from OSVDB
2012-12-10 12:15:44 -06:00
f5193b595c
Update references
2012-12-10 11:42:21 -06:00
e448431c8a
Add 32bit comapt mode for 64 bit targets on wirnm
...
When a 32 bit payload is selected for an x64 target using the powershell
2.0 method,
it will try to invoke the 32bit version of pwoershell to sue instead
allowing us to still get a session even with the wrong payload arch
2012-12-10 11:39:24 -06:00
7ea188e02d
Merge pull request #1147 from wchen-r7/cve_text_consistency
...
Change CVE text format
2012-12-09 14:48:08 -08:00
23d0ffa3ab
Dang it, grammar fail.
2012-12-09 01:39:24 -06:00
64a8b59ff9
Change CVE forma
...
Although the original text should work perfectly, for better
consistency, it's best to remove the "CVE" part. This may not
be a big deal in framework, but stands out a lot in Pro.
2012-12-09 01:09:21 -06:00
462766a654
Added Steam client session collector post module
2012-12-08 19:11:57 -05:00
811bc49bfd
Merge branch 'bug/rm7593-flash-otf' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/rm7593-flash-otf
2012-12-08 17:16:14 -06:00
d921c6f6e9
bid reference added
2012-12-08 15:09:32 +01:00
080e45045b
Merge branch 'nagios_graph_explorer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-nagios_graph_explorer
2012-12-08 15:08:57 +01:00
60feba164d
Add OSVDB
2012-12-07 23:18:02 -06:00
15661b82bc
Add Nagios Network Monitor Graph Explorer module
2012-12-07 23:16:25 -06:00
e989142d9d
Merge branch 'freefloat' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-freefloat
2012-12-07 14:48:01 -06:00
78b4233b56
Final changes
2012-12-07 14:44:41 -06:00
bae5442ca6
working...
2012-12-07 21:38:17 +01:00
901ef5060c
Merge branch 'maxthon' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-maxthon
2012-12-07 13:52:23 -06:00
3f1cfcc184
More changes
2012-12-07 13:47:07 -06:00
1aaecbcf0c
cleanup and user agent check
2012-12-07 20:38:08 +01:00
a1336c7b5a
Some more changes
2012-12-07 13:32:44 -06:00
403ac1dc37
I would do anything for a cake.
2012-12-07 13:15:27 -06:00
9838a2c75f
This never works for us. Gonna ditch it.
2012-12-07 13:02:26 -06:00
69177105ab
Handle a null reply properly, small bug fix
2012-12-07 10:54:08 -08:00
b0be8dc4df
history exploit cleanup
2012-12-07 19:23:00 +01:00
38f2348c33
First changes
2012-12-07 11:27:09 -06:00
a872362a65
Merge branch 'maxthon3' of git://github.com/malerisch/metasploit-framework into maxthon
2012-12-07 11:17:15 -06:00
2260e4b471
Switch to manual payload selection, because we don't auto-detect
2012-12-07 11:07:11 -06:00
8812285678
Move print of my_target.name to after nil check
...
Avoids
"Exception handling request: undefined method `name' for nil:NilClass"
when we don't have a target for the connecting browser.
[FixRM #7593 ]
2012-12-07 11:00:24 -06:00
c08ee695a9
Merge branch 'splunk_upload_app_exec_cleanup' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-splunk_upload_app_exec_cleanup
2012-12-07 10:46:28 -06:00
fafdcbaae1
Vuln discovered by Rich.
...
See: https://twitter.com/webstersprodigy/status/277087755073380353
2012-12-07 10:42:45 -06:00
e5cc950fe1
fix identation
2012-12-07 11:57:11 +01:00
133ad04452
Cleanup of #1062
2012-12-07 11:55:48 +01:00
cddda9eab7
Merge branch 'master' into nullbind-mssql_linkcrawler
2012-12-06 23:51:06 -06:00
f56ef52ffc
Fixed path error when BASE_PATH is nil.
2012-12-06 23:55:34 -05:00
761e735a55
Store wc.db file in loot. Add BASE_PATH option.
2012-12-06 23:38:03 -05:00
88c97cd2b5
Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler
2012-12-06 18:08:13 -06:00
97c9dd0caf
Extra file got added by mistake, removed it
2012-12-06 16:31:28 -06:00
600121c36a
Fixed issue involing static path to Windows directory
2012-12-06 16:28:59 -06:00
8a149b3ea3
Removed Version.
2012-12-06 17:24:16 -05:00
4ce51fe889
Made changes requested by sinn3r.
2012-12-06 17:18:50 -05:00
4837ea38f5
Merge https://github.com/rapid7/metasploit-framework
2012-12-06 16:15:55 -06:00
c66777d028
Merge branch 'command' of git://github.com/R3dy/metasploit-framework into R3dy-command
2012-12-06 16:08:04 -06:00
205276c38f
Update modules/auxiliary/admin/smb/psexec_command.rb
...
Fixed static path to Windows directory. This causes problems with directory is 'WINNT' for example.
2012-12-06 16:03:44 -06:00
d938959e97
Module to find SVN wc.db files.
2012-12-06 16:30:23 -05:00
bf47eaaa41
Remove code that's commented out. Clearly not needed anymore.
2012-12-06 12:57:41 -06:00
0ea5c781c1
Tabs and spaces don't mix
2012-12-06 12:53:22 -06:00
37f9cff25a
Merge branch 'ibm_director_cim_dllinject' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ibm_director_cim_dllinject
2012-12-06 12:36:48 -06:00
fd20998f40
using the primer callback as pointed by egypt
2012-12-06 18:59:46 +01:00
sinn3r
Charles Smith
Robin Wood
jvazquez-r7
Kacper Nowak
bcoles
Julian Vilas
m-1-k-3
f8lerror
Meatballs1
Spencer McIntyre
scriptjunkie
Tod Beardsley
Christian Mehlmauer
lmercer
Jose Selvi
smilingraccoon
James Lee
joe
Daniele Martini
kernelsmith
HD Moore
Stephen Fewer
Bouke van der Bijl
Joshua J. Drake
Charlie Eriksen
Tonimir Kisasondi
Rob Fuller
Brandon McCann
Zach Grace
Carlos Perez
Chris John Riley
sput-nick
Garret Picchioni
nmonkee
nullbind
David Maloney
Raphael Mudge
Nikolai Rusakov
Tod Beardsley
Stephen Haywood
Royce Davis
Royce Davis