jvazquez-r7
3daa1ed4c5
Avoid changing modules indentation in this pull request
2014-10-07 10:41:25 -05:00
jvazquez-r7
341d8b01cc
Favor echo encoder for back compatibility
2014-10-07 10:24:32 -05:00
jvazquez-r7
0089810026
Merge to update
2014-10-06 19:09:31 -05:00
jvazquez-r7
212762e1d6
Delete RequiredCmd for unix cmd encoders, favor EncoderType
2014-10-06 18:42:21 -05:00
0a2940
f2b9aeed74
typo
2014-10-03 11:02:56 +01:00
0a2940
f60f6d9c92
add exploit for CVE-2011-1485
2014-10-03 10:54:43 +01:00
Brandon Perry
2c9446e6a8
Update f5_icontrol_exec.rb
2014-10-02 17:56:24 -05:00
Tod Beardsley
4fbab43f27
Release fixes, all titles and descs
2014-10-01 14:26:09 -05:00
William Vu
039e544ffa
Land #3925 , rm indeces_enum
...
Deprecated.
2014-09-30 17:45:38 -05:00
Brandon Perry
161a145ec2
Create f5_icontrol_exec.rb
2014-09-27 10:40:13 -05:00
jvazquez-r7
f2cfbebbfb
Add module for ZDI-14-305
2014-09-24 00:22:16 -05:00
Jon Hart
495e1c14a1
Land #3721 , @brandonprry's module for Railo CVE-2014-5468
2014-09-09 19:10:46 -07:00
Jon Hart
26d8432a22
Minor style and usability changes to @brandonprry's #3721
2014-09-09 19:09:45 -07:00
Brandon Perry
db6052ec6a
Update check method
2014-09-09 18:51:42 -05:00
Jakob Lell
3e57ac838c
Converted LD_PRELOAD library from precompiled binary to metasm code.
2014-09-04 21:49:55 +02:00
Brandon Perry
ee3e5c9159
Add check method
2014-09-02 21:35:47 -05:00
Brandon Perry
438f0e6365
typos
2014-08-30 09:22:58 -05:00
Brandon Perry
f72cce9ff2
Update railo_cfml_rfi.rb
2014-08-29 17:33:15 -05:00
Brandon Perry
f4965ec5cf
Create railo_cfml_rfi.rb
2014-08-28 08:42:07 -05:00
Jakob Lell
052327b9c6
Removed redundant string "linux_" from exploit name
2014-08-27 23:33:15 +02:00
Jakob Lell
b967336b3b
Small bugfix (incorrect filename in data directory)
2014-08-25 00:39:00 +02:00
Jakob Lell
fc6f50058b
Add desktop_linux_privilege_escalation module
2014-08-25 00:05:20 +02:00
jvazquez-r7
f6f8d7b993
Delete debug print_status
2014-07-22 15:00:03 -05:00
jvazquez-r7
b086462ed6
More cleanups of modules which REALLY need the 'old' generic encoder
2014-07-22 14:57:53 -05:00
jvazquez-r7
3d7ed10ea0
Second review of modules which shouldn't be affected by changes
2014-07-22 14:33:57 -05:00
jvazquez-r7
5e8da09b2d
Allow some modules to use the old encoder
2014-07-22 14:28:11 -05:00
jvazquez-r7
b0f8d8eaf1
Delete debug print_status
2014-07-22 13:29:00 -05:00
jvazquez-r7
f546eae464
Modify encoders to allow back compatibility
2014-07-22 13:27:12 -05:00
William Vu
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
Tod Beardsley
6c595f28d7
Set up a proper peer method
2014-07-14 13:29:07 -05:00
Michael Messner
1b7008dafa
typo in name
2014-07-13 13:24:54 +02:00
jvazquez-r7
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
jvazquez-r7
eb9d2f130c
Change title
2014-07-11 12:03:09 -05:00
jvazquez-r7
a356a0e818
Code cleanup
2014-07-11 12:00:31 -05:00
jvazquez-r7
6fd1ff6870
Merge master
2014-07-11 11:40:39 -05:00
jvazquez-r7
d637171ac0
Change module filename
2014-07-11 11:39:32 -05:00
jvazquez-r7
c55117d455
Some cleanup
2014-07-11 11:39:01 -05:00
jvazquez-r7
a7a700c70d
Land #3502 , @m-1-k-3's DLink devices HNAP Buffer Overflow CVE-2014-3936
2014-07-11 11:25:03 -05:00
jvazquez-r7
b9cda5110c
Add target info to message
2014-07-11 11:24:33 -05:00
jvazquez-r7
dea68c66f4
Update title and description
2014-07-11 10:38:53 -05:00
jvazquez-r7
f238c2a93f
change module filename
2014-07-11 10:30:50 -05:00
jvazquez-r7
f7d60bebdc
Do clean up
2014-07-11 10:28:31 -05:00
jvazquez-r7
8f3197c192
Land #3496 , @m-1-k-3's switch to CmdStager on dlink_upnp_exec_noauth
2014-07-11 09:50:57 -05:00
jvazquez-r7
4ea2daa96a
Minor cleanup
2014-07-11 09:50:22 -05:00
jvazquez-r7
51cfa168b1
Fix deprecation information
2014-07-11 09:47:30 -05:00
jvazquez-r7
611b8a1b6d
Modify title and ranking
2014-07-11 09:35:21 -05:00
jvazquez-r7
a9b92ee581
Change module filename
2014-07-11 09:17:56 -05:00
jvazquez-r7
36c6e74221
Do minor fixes
2014-07-11 09:17:34 -05:00
Michael Messner
109201a5da
little auto detect fix
2014-07-10 20:45:49 +02:00
Michael Messner
781149f13f
little auto detect fix
2014-07-10 20:40:39 +02:00
Michael Messner
f068006f05
auto target
2014-07-09 21:53:11 +02:00
Michael Messner
6a765ae3b0
small cleanup
2014-07-09 21:16:29 +02:00
Michael Messner
0674314c74
auto target included
2014-07-09 20:56:04 +02:00
Michael Messner
b4812c1b7d
auto target included
2014-07-09 20:53:24 +02:00
Michael Messner
f89f47c4d0
dlink_dspw215_info_cgi_rop
2014-07-08 22:29:57 +02:00
Michael Messner
6fbd6bb4a0
stager
2014-07-08 22:17:02 +02:00
Michael Messner
ac727dae89
dlink_dsp_w215_hnap_exploit
2014-07-08 22:13:13 +02:00
Michael Messner
579ce0a858
cleanup
2014-07-08 21:58:15 +02:00
Michael Messner
51001f9cb3
Merge branch 'master' of git://github.com/rapid7/metasploit-framework into dlink_upnp_msearch_command_injection
2014-07-08 21:39:53 +02:00
Michael Messner
84d6d56e15
cleanup, deprecated
2014-07-08 21:36:07 +02:00
Michael Messner
10bcef0c33
cleanup, deprecated
2014-07-08 21:34:28 +02:00
Michael Messner
e7ade9f84d
migrate from wget to echo mechanism
2014-07-06 21:45:53 +02:00
jvazquez-r7
98a82bd145
Land #3486 , @brandonprry's exploit for CVE-2014-4511 gitlist RCE
2014-07-04 16:41:04 -05:00
jvazquez-r7
59881323b9
Clean code
2014-07-04 16:40:16 -05:00
Brandon Perry
a33a6dc79d
add bash to requiredcmd
2014-07-03 16:52:52 -05:00
Brandon Perry
806f26424c
&& not and
2014-07-03 16:50:21 -05:00
Brandon Perry
6fb2fc85a0
address @jvasquez-r7 review points
2014-07-03 16:43:01 -05:00
Brandon Perry
86a31b1896
Update gitlist_exec.rb
2014-07-03 12:40:37 -05:00
Michael Messner
8f55af5f9d
UPnP check included
2014-07-02 21:28:39 +02:00
Michael Messner
ac2e84bfd6
check included
2014-07-02 21:24:50 +02:00
Brandon Perry
db6524106e
one more typo, last one I swear
2014-06-30 22:33:19 -05:00
Brandon Perry
d7dfa67e94
typo
2014-06-30 20:15:25 -05:00
Brandon Perry
acedf5e847
Update gitlist_exec.rb
...
Fix EDB ref and no twitter handles.
2014-06-30 20:12:08 -05:00
Brandon Perry
ecc1b08994
Create gitlist_exec.rb
...
This adds a metasploit module for CVE-2014-4511
2014-06-30 20:10:24 -05:00
HD Moore
6e8415143c
Fix msftidy and tweak a few modules missing timeouts
2014-06-30 00:46:28 -05:00
Spencer McIntyre
748589f56a
Make cmdstager flavor explicit or from info
...
Every module that uses cmdstager either passes the flavor
as an option to the execute_cmdstager function or relies
on the module / target info now.
2014-06-28 17:40:49 -04:00
HD Moore
5e900a9f49
Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse
2014-06-28 16:06:46 -05:00
HD Moore
3868348045
Fix incorrect use of sock.get that leads to indefinite hang
2014-06-28 15:48:58 -05:00
Spencer McIntyre
bd49d3b17b
Explicitly use the echo stager and deregister options
...
Certain modules will only work with the echo cmd stager so
specify that one as a parameter to execute_cmdstager and
remove the datastore options to change it.
2014-06-28 16:21:08 -04:00
Spencer McIntyre
42ac3a32fe
Multi-fy two new linux/http/dlink exploits
2014-06-27 08:40:27 -04:00
Spencer McIntyre
41d721a861
Update two modules to use the new unified cmdstager
2014-06-27 08:34:57 -04:00
jvazquez-r7
870fa96bd4
Allow quotes in CmdStagerFlavor metadata
2014-06-27 08:34:56 -04:00
jvazquez-r7
91e2e63f42
Add CmdStagerFlavor to metadata
2014-06-27 08:34:55 -04:00
jvazquez-r7
d47994e009
Update modules to use the new generic CMDstager mixin
2014-06-27 08:34:55 -04:00
jvazquez-r7
7ced5927d8
Use One CMDStagermixin
2014-06-27 08:34:55 -04:00
Spencer McIntyre
ae25c300e5
Initial attempt to unify the command stagers.
2014-06-27 08:34:55 -04:00
Tod Beardsley
0219c4974a
Release fixups, word choice, refs, etc.
2014-06-23 11:17:00 -05:00
jvazquez-r7
e8b914a62f
Download rankings for reliable exploit, but depending on a specific version without autodetection
2014-06-20 14:33:02 -05:00
jvazquez-r7
f0d04fe77e
Do some randomizations
2014-06-20 11:38:10 -05:00
jvazquez-r7
f26f8ae5db
Change module filename
2014-06-20 11:27:49 -05:00
jvazquez-r7
33eaf643aa
Fix usage of :concat_operator operator
2014-06-20 11:27:23 -05:00
jvazquez-r7
5542f846d6
Merge to solve conflicts
2014-06-20 11:24:08 -05:00
jvazquez-r7
4203e75777
Land #3408 , @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950
2014-06-20 10:27:32 -05:00
jvazquez-r7
f74594c324
Order metadata
2014-06-20 10:26:50 -05:00
Joshua Smith
45dc197827
Lands 3454, exploits/linux/ids/alienvault_centerd_soap_exec
2014-06-19 15:58:33 -05:00
jvazquez-r7
d28ced5b7b
change module filename
2014-06-19 15:56:55 -05:00
jvazquez-r7
a0386f0797
Fix cmd_concat_operator
2014-06-19 15:52:55 -05:00
Michael Messner
86f523f00c
concator handling
2014-06-18 18:15:58 +02:00
jvazquez-r7
45ea59050c
Fix the if cleanup
2014-06-17 23:40:00 -05:00
Joshua Smith
288430d813
wraps some long lines
2014-06-17 22:30:28 -05:00
Christian Mehlmauer
8e1949f3c8
Added newline at EOF
2014-06-17 21:03:18 +02:00
Michael Messner
508998263b
removed wrong module file
2014-06-17 08:57:46 +02:00
Michael Messner
6f45eb13c7
moved module file
2014-06-17 08:56:07 +02:00
Michael Messner
a5eed71d50
renamed and other module removed
2014-06-17 08:50:09 +02:00
Michael Messner
e908b7bc25
renamed and other module removed
2014-06-17 08:49:46 +02:00
Michael Messner
f464c5ee97
dlink msearch commmand injection
2014-06-16 22:12:15 +02:00
jvazquez-r7
f7b892e55b
Add module for AlienVault's ZDI-14-202
2014-06-16 12:10:30 -05:00
Michael Messner
12ec785bdb
clean up, echo stager, concator handling
2014-06-14 17:37:09 +02:00
Michael Messner
8eb21ded97
clean up
2014-06-14 17:02:55 +02:00
Michael Messner
a3ae177347
echo stager, arch_cmd, echo module
2014-06-13 11:42:47 +02:00
Michael Messner
894af92b22
echo stager, arch_cmd
2014-06-13 11:40:50 +02:00
Michael Messner
76ed9bcf86
hedwig.cgi - cookie bof - return to system
2014-05-30 17:49:37 +02:00
Michael Messner
1ddc2d4e87
hedwig.cgi - cookie bof - return to system
2014-05-30 17:32:49 +02:00
Christian Mehlmauer
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
Michael Messner
b85c0b7543
rop to system with telnetd
2014-05-23 20:51:25 +02:00
Christian Mehlmauer
df4b832019
Resolved some more Set-Cookie warnings
2014-05-13 22:56:12 +02:00
jvazquez-r7
1483f02f83
Land #3306 , @xistence's alienvault's exploit
2014-05-01 09:25:07 -05:00
jvazquez-r7
1b39712b73
Redo response check
2014-05-01 09:10:16 -05:00
jvazquez-r7
78cefae607
Use WfsDelay
2014-05-01 09:07:26 -05:00
xistence
5db24b8351
Fixes/Stability AlienVault module
2014-05-01 14:53:55 +07:00
xistence
c12d72b58c
Changes to alienvault module
2014-05-01 10:39:11 +07:00
xistence
9bcf5eadb7
Changes to alienvault module
2014-05-01 10:10:15 +07:00
jvazquez-r7
9a1b216fdb
Move module to new location
2014-04-28 11:55:26 -05:00
William Vu
7d801e3acc
Land #3200 , goodbye LORCON modules :(
2014-04-18 12:32:22 -05:00
sinn3r
b69662fa42
Land #3233 - eScan Password Command Injection
2014-04-11 11:05:48 -05:00
jvazquez-r7
0c8f5e9b7d
Add @Firefart's feedback
2014-04-11 10:21:33 -05:00
jvazquez-r7
fe066ae944
Land #3207 , @7a69 MIPS BE support for Fritz Box's exploit
2014-04-09 23:20:45 -05:00
jvazquez-r7
fdda69d434
Align things
2014-04-09 23:19:41 -05:00
jvazquez-r7
386e2e3d29
Do final / minor cleanup
2014-04-09 23:19:12 -05:00
jvazquez-r7
b0b979ce62
Meterpreter sessions won't get root in this way
2014-04-09 16:59:12 -05:00
jvazquez-r7
a2ce2bfa56
Fix disclosure date
2014-04-09 16:41:49 -05:00
jvazquez-r7
ff232167a6
Add module for eScan command injection
2014-04-09 16:39:06 -05:00
sinn3r
eb9d3520be
Land #3208 - Sophos Web Protection Appliance Interface Authenticated Exec
2014-04-09 11:30:59 -05:00
Brandon Perry
8428b37e59
move file to .rb ext
2014-04-09 05:17:14 -07:00
Brandon Perry
82c9b539ac
Fix disclosure date, earlier than I thought
2014-04-08 21:43:49 -05:00
Brandon Perry
3013704c75
Create sophos_wpa_iface_exec
...
This module exploits both bugs in http://www.zerodayinitiative.com/advisories/ZDI-14-069/
2014-04-08 21:21:43 -05:00
Fabian Bräunlein
8dce80fd30
Added Big Endianess, improved check()-Function
...
Some Fritz!Box devices also run in Big Endianess mode. However, since
"uname -a" always returns "mips" and the "file"-command is not
available, autodetection is not an easy task.
The check()-function now checks, whether the device is really
vulnerable.
Furthemore, it's possible to send 92 bytes.
2014-04-08 21:32:36 +02:00
Jeff Jarmoc
21b220321f
Fix typo.
...
This isn't a Linksys exploit. Left over wording from a previous exploit?
2014-04-07 18:06:59 -05:00
Tod Beardsley
17ddbccc34
Remove the broken lorcon module set
...
None of the lorcon / lorcon2 modules have been functional for a long
time, due to the lack of a "Lorcon" gem. It's unclear where it went.
I'm happy to include it and get these working again, but until someone
comes up with some functional code (hint: 'gem install' doesn't work) I
don't see any reason to keep shipping these.
Is there some trick people are doing to make these work? As far as I can
see, they are broken by default.
````
msf auxiliary(wifun) > show options
Module options (auxiliary/dos/wifi/wifun):
Name Current Setting Required Description
---- --------------- -------- -----------
CHANNEL 11 yes The initial channel
DRIVER autodetect yes The name of the wireless driver
for lorcon
INTERFACE wlan0 yes The name of the wireless
interface
msf auxiliary(wifun) > run
[*] The Lorcon2 module is not available: cannot load such file --
Lorcon2
[-] Auxiliary failed: RuntimeError Lorcon2 not available
[-] Call stack:
[-]
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/lorcon2.rb:67:in
`open_wifi'
[-]
/home/todb/git/rapid7/metasploit-framework/modules/auxiliary/dos/wifi/wifun.rb:29:in
`run'
[*] Auxiliary module execution completed
````
2014-04-07 16:37:10 -05:00
jvazquez-r7
fb1318b91c
Land #3193 , @m-1-k-3's exploit for the Fritzbox RCE vuln
2014-04-07 16:13:31 -05:00
jvazquez-r7
ceaa99e64e
Minor final cleanup
2014-04-07 16:12:54 -05:00
Michael Messner
b1a6b28af9
fixed disclosure date
2014-04-07 19:29:37 +02:00
Michael Messner
003310f18a
feedback included
2014-04-07 19:25:26 +02:00
Tod Beardsley
7572d6612e
Spelling and grammar on new release modules
2014-04-07 12:18:13 -05:00
Michael Messner
85de6ed0c9
feedback included
2014-04-07 18:20:15 +02:00
Michael Messner
11bbb7f429
fritzbox echo exploit
2014-04-07 09:12:22 +02:00
jvazquez-r7
6d72860d58
Land #3004 , @m-1-k-3's linksys moon exploit
2014-04-04 14:04:48 -05:00
jvazquez-r7
0ae75860ea
Code clean up
2014-04-04 14:02:12 -05:00
Tod Beardsley
ffdca3bf42
Fixup on some modules for release
...
There may be more coming, but if not, this should cover
this week's minor style changes.
2014-03-31 12:42:19 -05:00
Michael Messner
4319885420
we do not need pieces ...
2014-03-26 20:45:30 +01:00