infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,831 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

6248 Commits (b12f13f837c28c1ccf24a471840f30b03af86d7c)

Author SHA1 Message Date
sinn3r 6c80fd9b42 Merge branch 'atlassian_crowd' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-atlassian_crowd 2012-06-27 17:09:25 -05:00
sinn3r e605a35433 Make sure the check func is always returning the same data type 2012-06-27 17:07:55 -05:00
sinn3r cb1af5ab79 Final cleanup 2012-06-27 16:57:04 -05:00
jvazquez-r7 d3bc78c53b applied changes proposed by sinn3r 2012-06-27 23:55:51 +02:00
jvazquez-r7 73360dfae3 minor fixes 2012-06-27 23:38:52 +02:00
jvazquez-r7 245205c6c9 changes on openfire_auth_bypass 2012-06-27 23:15:40 +02:00
jvazquez-r7 6ec990ed85 Merge branch 'Openfire-auth-bypass' of https://github.com/h0ng10/metasploit-framework into h0ng10-Openfire-auth-bypass 2012-06-27 23:09:26 +02:00
sinn3r dc30a2dddb Merge branch 'atlassian_crowd' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-atlassian_crowd 2012-06-27 15:37:15 -05:00
sinn3r 2f733ff8b9 Add CVE-2012-0663 Apple QuickTime TeXML Exploit 2012-06-27 14:41:45 -05:00
Tod Beardsley 97974d9241 Shorten title for display 2012-06-27 10:19:46 -05:00
Tod Beardsley 94e28933c8 Whitespace fixes. msftidy.rb yall 2012-06-27 10:06:15 -05:00
jvazquez-r7 2c5cc697c9 Added auxiliary module for CVE-2012-2926 2012-06-27 10:21:18 +02:00
HD Moore 2dd51690c2 Add a missing require 2012-06-27 00:47:32 -05:00
sinn3r be2692a623 Merge branch 'pdf_parser_fix' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-pdf_parser_fix 2012-06-26 16:55:26 -05:00
James Lee 891400fdbb Array#select! is only in 1.9 2012-06-26 15:32:39 -06:00
sinn3r 9ea6d84a7a Make it clear the exploit doesn't like certain PDF formats 
If the exploit cannot fetch certain xref fields, we warn the user
we don't like their PDF, and recommend them to try a different
one.
 2012-06-26 16:32:10 -05:00
h0ng10 6cc8390da9 Module rewrite, included Java support, direct upload, plugin deletion 2012-06-26 11:56:44 -04:00
jvazquez-r7 cc90a60a1b Correct the use of the platform argument 
The platform argument is meant to be a PlatformList object, not as an array:
http://dev.metasploit.com/redmine/issues/6826
This commit undoes the last change to init_platform() in alpha_mixed and modifies msfvenom to use it as intended.
 2012-06-26 17:32:55 +02:00
sinn3r b966dda980 Update missing CVE reference 2012-06-26 01:26:09 -05:00
sinn3r 8f355554c8 Update missing CVE reference 2012-06-26 01:21:24 -05:00
sinn3r 0d7b6d4053 Update missing CVE reference 2012-06-26 01:20:28 -05:00
sinn3r c7935e0e99 Update OSVDB reference 2012-06-26 01:18:25 -05:00
sinn3r 9980c8f416 Add rh0's analysis 2012-06-25 21:32:45 -05:00
sinn3r 7698b2994d Correct OSVDB typo 2012-06-25 18:32:35 -05:00
sinn3r 8927c8ae57 Make it more verbose, and do some exception handling for cleanup 2012-06-25 17:27:33 -05:00
sinn3r fef77bfd7f Merge branch 'sugarcrm_unserialize_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sugarcrm_unserialize_exec 2012-06-25 16:55:45 -05:00
jvazquez-r7 7b0f3383d2 delete default credentials 2012-06-25 23:53:56 +02:00
sinn3r 7f5687ef10 Merge branch 'sugarcrm_unserialize_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sugarcrm_unserialize_exec 2012-06-25 16:28:55 -05:00
jvazquez-r7 7dc1a572e5 trying to fix serialization issues 2012-06-25 23:25:38 +02:00
sinn3r 063a2119a3 Merge branch 'iis_auth_bypass' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-iis_auth_bypass 2012-06-25 15:51:33 -05:00
sinn3r f93658b37a Minor name change 2012-06-25 15:51:02 -05:00
sinn3r 637edc21ce Add CVE-2010-2731 2012-06-25 15:48:36 -05:00
jvazquez-r7 59bb9ac23b quoting ip to avoid php complaining 2012-06-25 18:52:26 +02:00
jvazquez-r7 4c453f9b87 Added module for CVE-2012-0694 2012-06-25 17:21:03 +02:00
HD Moore 807f7729f0 Merge branch 'master' into feature/vuln-info 2012-06-25 10:10:20 -05:00
Steve Tornio 5d2655b0ce add osvdb ref 2012-06-25 09:00:03 -05:00
HD Moore f7dca272b6 IE 10/Win8 detection support 2012-06-25 00:36:49 -05:00
HD Moore 1989f0ab46 IE 10/Win8 detection support 2012-06-25 00:36:04 -05:00
HD Moore 348a0b8f6e Merge branch 'master' into feature/vuln-info 2012-06-24 23:00:13 -05:00
HD Moore c28d47dc70 Take into account an integer-normalized datastore 2012-06-24 23:00:02 -05:00
HD Moore e31a09203d Take into account an integer-normalized datastore 2012-06-24 22:59:14 -05:00
sinn3r 05eaac9085 Fix possible param duplicates 2012-06-24 19:05:42 -05:00
dmaloney-r7 46dd286cc8 Merge pull request #519 from rapid7/gpp-passwords 
Gpp passwords
 2012-06-24 16:18:34 -07:00
David Maloney 6e19dddf2a Alleviate duplicated work in gpp module 2012-06-24 16:21:35 -05:00
David Maloney aa09cd7f82 More collaboration stuff on gpp module 2012-06-24 13:08:19 -05:00
h0ng10 65197e79e2 added Exploit for CVE-2008-6508 (Openfire Auth bypass) 2012-06-24 07:35:38 -04:00
sinn3r e805675c1f Add Apple iTunes 10 Extended M3U Stack Buffer Overflow 
New exploit against Apple iTunes. Note that this appears to be
different than liquidworm's CVE-2012-0677, because this one is
a stack-based buffer overflow, while CVE-2012-0677 is heap-based,
and a different crash/backtrace. However, according to Rh0, this
bug is patched anyway in the same update... possibly a silent
patch.

As of now, there seems to be no CVE or OSVDB addressing this
particular bug.
 2012-06-24 02:01:34 -05:00
David Maloney eefea8d9d3 Add newname attr in gpp module 2012-06-23 17:51:58 -05:00
David Maloney 7bcb9d1a45 Reintegrated extra options into gpp module 
reintegrated meatballs control options into the gpp module
 2012-06-23 17:38:07 -05:00
David Maloney b320679d1f Exception message fix for gpp 2012-06-23 12:56:12 -05:00
David Maloney 5497d091fc fix gpp attribution and description 2012-06-23 12:45:56 -05:00
David Maloney 534008b010 Major rework of the gpp module 
Took the combination work Meatballs did
on pulling togetehr the three seperate gpp modules.
Cleaned it up and cut it down to a smaller, smoother form.
 2012-06-23 12:42:33 -05:00
James Lee 3e974415d9 Give some verbose feedback if connection failed 2012-06-23 00:58:27 -06:00
Tod Beardsley d708f2526c Adding ref for APSB12-09 to new Flash sploit 2012-06-22 17:30:52 -05:00
jvazquez-r7 72ef8c91f0 module for CVE-2012-0779 added 2012-06-23 00:21:18 +02:00
m-1-k-3 315a1707e7 also new version v2.07.16 is vulnerable 2012-06-22 13:18:45 +02:00
Tod Beardsley 2729f33ff2 Merge Justin's TortoiseSVN module 
This adds Justin's TortoiseSVN module with minor edits.

[Closes #508]
 2012-06-21 11:56:08 -05:00
Tod Beardsley 504d3d477e Resolve http_proxy_host before reporting, too. 2012-06-21 11:55:13 -05:00
Tod Beardsley c795c2e438 Resolve hosts for tortoisesvn module reporting 
report_host() does not expect a DNS name, but an IPv4 or IPv6 address.
In many cases, an SVN password is going to be associated with only a
hostname.

This may be a bug in report_host -- it's certainly inconveninent.
However, we don't usually wnat report_host to be making tons of DNS
lookups when importing hosts, so this forced step is likely intended.

Also, begin/rescue/end blocks that don't hint at what errors are
intended to be caught are rarely a good idea, so this at least informs
the user which exception was raised.
 2012-06-21 11:47:37 -05:00
sinn3r 4004b544c0 The condition for "else" doesn't really do anything for us 2012-06-21 02:53:44 -05:00
sinn3r 9d52ecfbb6 Fix a few mistakes (typos & reference) 2012-06-21 02:32:04 -05:00
sinn3r d957c021cb Handle another possible condition 
If the path actually doesn't exist on the victim, we may run into
a RequestError. Need to handle that... should be pretty common.
 2012-06-21 01:38:51 -05:00
sinn3r 6a386b7a88 Rename the file for naming style consistency 2012-06-21 01:25:55 -05:00
sinn3r 367e75bb06 Multiple changes to file_collector.rb 
This module received the following changes:
* Make msftidy happy
* Remove the GETDRIVES option, and make the SEARCH_FROM option
  smarter.
* MSF license
* Other minor changes
 2012-06-21 01:21:53 -05:00
sinn3r 327e86e08c Merge branch 'file_collector' of https://github.com/3vi1john/metasploit-framework into 3vi1john-file_collector 2012-06-20 23:46:04 -05:00
Juan Vazquez 4a8e94463a Merge pull request #512 from jvazquez-r7/ezserver_add_reference 
ezserver_http: added bid reference
 2012-06-20 13:11:55 -07:00
jvazquez-r7 6be7ba98aa ezserver_http: added bid reference 2012-06-20 22:08:58 +02:00
Tod Beardsley 302ab963d1 Adding ref for intersil module 2012-06-20 15:05:56 -05:00
HD Moore f7ecc98923 Merge branch 'master' into feature/vuln-info 2012-06-20 13:34:53 -05:00
sinn3r 61cad28a8c Merge branch 'gather-ssh-cleanup' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-gather-ssh-cleanup 2012-06-20 11:23:51 -05:00
sinn3r beb8e33fc4 Fix a typo 2012-06-20 09:53:09 -05:00
sinn3r efaf5cf193 Oops, I found a typo. 2012-06-19 22:57:45 -05:00
sinn3r 9a9dd53e86 Use get_resource() instead of the hard-coded path 2012-06-19 22:56:25 -05:00
sinn3r 79fc053a2e Merge branch 'module-CVE-2011-2110' of https://github.com/mrmee/metasploit-framework into mrmee-module-CVE-2011-2110 2012-06-19 22:05:07 -05:00
Steven Seeley fcf42d3e7b added adobe flashplayer array indexing exploit (CVE-2011-2110) 2012-06-20 12:52:37 +10:00
HD Moore d40e39b71b Additional exploit fail_with() changes to remove raise calls 2012-06-19 19:43:41 -05:00
HD Moore 664458ec45 No more crap :/ 2012-06-19 19:43:29 -05:00
jvazquez-r7 a93eeca68d msxml_get_definition_code_exec: added support for ie9 2012-06-20 00:17:50 +02:00
Tod Beardsley 3b1c434252 Remove trailing space 2012-06-19 16:44:07 -05:00
James Lee 967026a501 Make ssh_creds store keys as creds 
Also cuts some redundant code by using existing Post API methods.
 2012-06-19 14:24:32 -06:00
HD Moore fb7f6b49f0 This mega-diff adds better error classification to existing modules 2012-06-19 12:59:15 -05:00
HD Moore a4c98f9627 Fix title to be consistent 2012-06-19 12:58:42 -05:00
justincmsf b9a2c88733 New Post Module: TortoiseSVN Saved Password Extraction 2012-06-19 09:57:22 -04:00
James Lee 7c417fa977 Add a select command for the various SQL modules 2012-06-18 23:59:57 -06:00
HD Moore 073205a875 Merge branch 'master' into feature/vuln-info 2012-06-18 20:21:36 -05:00
HD Moore f7a85f3f9d Make it clear that this works on Vista SP2 2012-06-18 20:13:37 -05:00
HD Moore 4739affd54 Fix the comment as well 2012-06-18 19:57:56 -05:00
HD Moore bd0fd8195d Add compatibility for Vista SP2 from troulouliou 2012-06-18 19:55:52 -05:00
sinn3r 4987acc703 Correct e-mail format, description, and some commas. 2012-06-18 18:52:26 -05:00
sinn3r 4a537675b5 Merge branch 'sempervictus-dns_enum_over_tcp' 2012-06-18 18:38:21 -05:00
sinn3r c0bf362084 Fix the fix for enum_dns 2012-06-18 18:37:56 -05:00
sinn3r af8cb03d1b Merge branch 'distcc-add-check' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-distcc-add-check 2012-06-18 18:33:21 -05:00
HD Moore e7688e1dba Merge branch 'master' into feature/vuln-info 2012-06-18 18:15:20 -05:00
HD Moore 29887272a9 Correct the description to mention IE8 on Windows 7 2012-06-18 18:14:59 -05:00
jvazquez-r7 2df237b066 minor fixes 2012-06-18 22:44:17 +02:00
Juan Vazquez 10bd72f3a1 Merge pull request #500 from modpr0be/module-ezserver 
added ezserver <=6.4.017 bof for winxp sp3
 2012-06-18 13:42:35 -07:00
James Lee 96c16a498a Add a check for distcc_exec 
Just executes the exploit with an "echo <random>" payload to see if it
works.
 2012-06-18 14:34:02 -06:00
modpr0be d706199a83 fix all changes suggested by jvazquez-r7 2012-06-19 02:05:25 +07:00
Rob Fuller 77022d10da Added a bit of verbosity to SMB capture module to enhance logging and post exploitation 2012-06-18 15:55:40 -03:00
sinn3r 10b733edf9 Merge branch 'dns_enum_over_tcp' of https://github.com/sempervictus/metasploit-framework into sempervictus-dns_enum_over_tcp 2012-06-18 12:14:04 -05:00
sinn3r 256290c206 Additional changes 2012-06-18 10:49:16 -05:00
sinn3r 50269c910a Add IE 8 targets 2012-06-18 10:44:52 -05:00
RageLtMan c68476cce2 Add DNS/TCP to enum_dns 2012-06-18 10:47:03 -04:00
RageLtMan 909614569a Revert "Banner encoding fix when running against dd-wrt on ruby 1.9.3" 
This reverts commit 89d5af7ab2fe1ce31cd70561893d94bb73f3762c.

Telnet banner parsing restored
 2012-06-18 10:44:06 -04:00
HD Moore dd476f8c5d Merge branch 'master' into feature/vuln-info 2012-06-18 01:32:49 -05:00
HD Moore c388cba421 Fix up modules calling report_vuln() to use new syntax 2012-06-17 23:39:20 -05:00
sinn3r 5e3cf86794 Merge branch 'intersil_dos' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-intersil_dos 2012-06-17 18:22:22 -05:00
Thomas Grainger 78876b74dd Maintain scanner module standard 2012-06-17 20:09:01 +02:00
Thomas Grainger 74cbca5809 Print out successful mysql connection URI 2012-06-17 13:19:53 +02:00
sinn3r e72303a922 Add Intersil HTTP Basic auth pass reset (originally #453) 
The modified version of pull request #453. This addresses a couple
of things including:
* Change the description to better explain what the vulnerability is.
  The advisory focuses the problem as an auth bypass, not DoS,
  although it can end up dosing the server.
* The title and filename are changed as a result of matching that
  advisory's description.
* Use 'TARGETURI' option instead of 'URI'.
* The reset attempt needs to check if the directory actually has
  401 in place, otherwise this may result a false-positive.
* The last HTTP request needs to check a possible nil return value.
* More verbose outputs.
 2012-06-16 21:14:57 -05:00
sinn3r 931f24b380 Merge branch 'php_apache_request_headers_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-php_apache_request_headers_bof 2012-06-16 14:56:45 -05:00
sinn3r d0e490feaa Merge branch 'module-ms-outlook-post-update' of https://github.com/justincmsf/metasploit-framework into justincmsf-module-ms-outlook-post-update 2012-06-16 14:56:14 -05:00
3vi1john cb1144c4ec Added Revised windows file collector and loot module 2012-06-16 11:14:08 -04:00
jvazquez-r7 a8a4594cd4 Documenting esi alignment plus using target_uri.to_s 2012-06-16 09:26:22 +02:00
James Lee 7eebc671ba Put the curly braces back and drop a comma 
The curly braces make extra commas at the end ok in 1.8. So fe39642e
broke this module for 1.8. Having braces doesn't hurt anything and
protects against syntax errors if a module author is not dilligent with
their commas, especially after copy-pasting another module.
 2012-06-16 01:17:33 -06:00
sinn3r 424948a358 Fix title 2012-06-16 01:48:00 -05:00
sinn3r 38926fb97c Description and name change 2012-06-15 20:11:34 -05:00
jvazquez-r7 c676708564 BrowserAutopwn info completed 2012-06-16 02:26:33 +02:00
jvazquez-r7 ce241b7e80 BrowserAutopwn info completed 2012-06-16 02:18:01 +02:00
jvazquez-r7 495ed2e434 BrowserAutopwn info added 2012-06-16 02:14:24 +02:00
jvazquez-r7 8a89968a1d Added module for CVE-2012-1889 2012-06-16 01:50:25 +02:00
Tod Beardsley 7bb3679fef Errors are different from mere failures (enum_dns) 
This makes a clear distinction between errors and failures when
performing zone transfers, and logs accordingly.

[See #483]
 2012-06-15 18:11:25 -05:00
justincmsf 5e19918020 Updated MS Outlook post module 2012-06-15 15:06:18 -04:00
Tod Beardsley fe39642e27 Dropping extra curly braces on f5 module 
Also dropping extra whitespace.
 2012-06-15 12:23:34 -05:00
HD Moore 5006db7550 The cert module now defaults SSL to true (didnt make sense) 2012-06-15 10:55:53 -05:00
Tod Beardsley 5a49ac50f1 Shorten option description on enum_dns 2012-06-15 10:33:49 -05:00
Steve Tornio 80a0b4767a add osvdb ref 2012-06-15 09:02:31 -05:00
jvazquez-r7 1d121071f3 Prepend nops to raw payload in encoder if needed 2012-06-15 09:59:10 +02:00
sinn3r 80d46580ec One last minor change for metadata format 2012-06-14 21:48:24 -05:00
sinn3r 82799f2601 Some final touchup 
This commit includes the following changes:
* Description change
* Additional references
* More testing
* Format change
* Other minor stuff
 2012-06-14 21:46:38 -05:00
sinn3r 75a67d7160 Merge branch 'module-tfm_mmplayer' of https://github.com/bcoles/metasploit-framework into bcoles-module-tfm_mmplayer 2012-06-14 21:14:29 -05:00
jvazquez-r7 091b3bbbd9 Added module plus encoder for CVE-2012-2329 2012-06-15 00:29:52 +02:00
sinn3r fb67fe9161 Merge branch 'mrmee-cmdsnd_ftp_exploit' 2012-06-14 14:19:56 -05:00
sinn3r cde3c48765 Change title 2012-06-14 14:18:30 -05:00
sinn3r b107025860 Correct typo. Also make use of random junks. 2012-06-14 14:17:57 -05:00
sinn3r 8e06babbba Make msftidy happy 2012-06-14 14:16:07 -05:00
sinn3r 66e92d0200 Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit 2012-06-14 12:17:29 -05:00
sinn3r c1685c44c3 Fix disclosure date 2012-06-14 10:03:49 -05:00
sinn3r 1cdf964719 A little change to the description 2012-06-14 10:03:15 -05:00
sinn3r 48ee81de29 Add CVE-2012-2915 2012-06-14 09:56:01 -05:00
bcoles 940f904dee Changed date format to new DisclosureDate format. Removed two redundant spaces. Now passes msftidy. 2012-06-14 12:10:03 +09:30
Steven Seeley a5fca47f56 updated windows XP SP3 pivot offset, please retest this 2012-06-14 10:31:17 +10:00
sinn3r 5269776f3d Merge branch 'redmine/6983' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-redmine/6983 2012-06-13 17:26:54 -05:00
James Lee ef84ce68e4 Fixes a module that used Wmap stuff without including it 
[FIXRM #6983]
 2012-06-13 15:58:54 -06:00
sinn3r 45eb531c23 Add Jun as an author for the initial discovery 2012-06-13 15:50:45 -05:00
sinn3r 7dc19bba16 Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit 2012-06-13 14:55:44 -05:00
Tod Beardsley e06ee6c0e9 Language on Skype enum module 2012-06-13 14:33:54 -05:00
Tod Beardsley 15b674dab3 Language on MS12-005 2012-06-13 14:22:20 -05:00
Tod Beardsley 99b9261294 Caps in title 2012-06-13 14:19:04 -05:00
Tod Beardsley ae59f03ac9 Fixing print message in snort module 2012-06-13 14:04:05 -05:00