Tom Sellers
8f47edb899
JBoss_Maindeployer: improve feedback against CVE-2010-0738
...
The exploit against CVE-2010-0738 won't work when using GET or POST. In the existing code the request would fail and the function would return a nil. This would be passed to detect_platform without being checked and cause the module to crash ungracefully with the error:
Exploit failed: NoMethodError undefined method `body' for nil:NilClass
The first changes detect a 401 authentication message and provide useful feedback. Given that if, in any case, 'res' is not a valid or useful response the second change just terminates processing.
I've stayed with the module's coding style for consistency.
2014-04-24 12:37:14 -05:00
Tod Beardsley
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
Tod Beardsley
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
Tab Assassin
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
HD Moore
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
David Maloney
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
David Maloney
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
James Lee
9d4a3ca729
Fix a typo that broke this module against x64
...
[SeeRM #7747 ]
2013-02-19 19:22:42 -06:00
Tod Beardsley
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
David Maloney
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
sinn3r
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
Tod Beardsley
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Christian Mehlmauer
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
Christian Mehlmauer
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
Garret Picchioni
fa42d0c7fe
Fixed minor spelling errors
2012-12-17 15:18:08 -07:00
Chris John Riley
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
sinn3r
f1423bf0b4
If a message is clearly a warning, then use print_warning
2012-10-24 00:44:53 -05:00
h0ng10
6965431389
Added support for CVE-2010-0738, msftidy
2012-08-15 15:47:14 -04:00
h0ng10
8872ea693c
real support for cve-2010-0738/verb bypass
2012-08-03 14:22:40 -04:00
h0ng10
52b1919315
Additional cleanups, verb tampering
2012-08-02 17:33:17 -04:00
h0ng10
61ec07a10c
additional targets, meterpreter, bugfixes
2012-07-10 13:33:28 -04:00
HD Moore
e31a09203d
Take into account an integer-normalized datastore
2012-06-24 22:59:14 -05:00
HD Moore
fb7f6b49f0
This mega-diff adds better error classification to existing modules
2012-06-19 12:59:15 -05:00
HD Moore
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
Wei Chen
2da07d4963
Fix bug #5834 (uri being nil in print_good)
...
git-svn-id: file:///home/svn/framework3/trunk@14057 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 00:40:03 +00:00
Wei Chen
14d7db1641
Add disclosure dates to all the exploit modules that didn't have one
...
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 21:09:17 +00:00
Wei Chen
d13654740a
Update some jboss modules' metadata associated with CVE-2010-0738
...
git-svn-id: file:///home/svn/framework3/trunk@13204 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 05:18:25 +00:00
David Rude
a8b6c43636
reverting the disclosure dates for now need to clean up the patch
...
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 20:43:19 +00:00
David Rude
3b7ea08f6a
Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy
...
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:17:31 +00:00
Joshua Drake
f0673cb1ac
Tweak to work with FreeBSD, thx for the patch!
...
git-svn-id: file:///home/svn/framework3/trunk@12224 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-03 17:40:45 +00:00
Joshua Drake
771ea5862c
fix typo
...
git-svn-id: file:///home/svn/framework3/trunk@10754 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-19 22:24:33 +00:00
Joshua Drake
1935f2007f
fix exe generation for auto-targetting
...
git-svn-id: file:///home/svn/framework3/trunk@10753 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-19 22:21:19 +00:00
Joshua Drake
279c604015
missed a couple exe generater includes
...
git-svn-id: file:///home/svn/framework3/trunk@10504 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-28 16:19:50 +00:00
Joshua Drake
bd1eeb3722
rework to_jsp_war a bit, fix uses, default msfencode -t war to x86/win32
...
git-svn-id: file:///home/svn/framework3/trunk@10397 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 15:59:46 +00:00
Joshua Drake
2f384cde82
add alias for calling Msf::Exploit regenerate_payload explicitly -- fixes #2312
...
git-svn-id: file:///home/svn/framework3/trunk@9950 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-03 15:14:34 +00:00
Joshua Drake
16ff17c9d1
add more http fingerprints -- thx mc
...
git-svn-id: file:///home/svn/framework3/trunk@9797 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-12 23:25:31 +00:00
Joshua Drake
0882838491
ensure binary mode when opening files, whitespace fixes
...
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 23:33:07 +00:00
Joshua Drake
48994d234a
oops, remove java from platform list
...
git-svn-id: file:///home/svn/framework3/trunk@9609 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-24 16:38:24 +00:00
Joshua Drake
099b90b0d6
another update for jboss stuff, thanks Patrick!
...
git-svn-id: file:///home/svn/framework3/trunk@9596 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-23 22:25:03 +00:00
Joshua Drake
58cbf5d6ad
oops, fixed app_base mistake
...
git-svn-id: file:///home/svn/framework3/trunk@9586 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-22 23:10:30 +00:00
Joshua Drake
4ceb936533
some jboss updates, much thanks to Patrick Hof
...
git-svn-id: file:///home/svn/framework3/trunk@9568 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-21 16:26:14 +00:00
Joshua Drake
711e08b5e9
make sure to use correct verbs, thanks mc!
...
git-svn-id: file:///home/svn/framework3/trunk@9285 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-11 16:20:46 +00:00
Joshua Drake
7f758d5a02
add VERB option to enable exploiting cve-2010-0738
...
git-svn-id: file:///home/svn/framework3/trunk@9282 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-11 09:14:36 +00:00
Joshua Drake
22529ae81b
add USERNAME/PASSWORD options
...
git-svn-id: file:///home/svn/framework3/trunk@9177 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-30 06:30:59 +00:00
Joshua Drake
e80df81350
correct the CVE reference
...
git-svn-id: file:///home/svn/framework3/trunk@8678 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 19:47:13 +00:00
Joshua Drake
865969e059
whitespace adjustments - finally closes #773
...
git-svn-id: file:///home/svn/framework3/trunk@8575 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-21 01:44:34 +00:00
Joshua Drake
32bf50c627
add exploit module to get code exec from jboss.system:MainDeployer access
...
git-svn-id: file:///home/svn/framework3/trunk@8574 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-21 01:41:24 +00:00