Tod Beardsley
586d937161
Msftidy fix and adding OSVDB
2012-08-15 13:43:50 -05:00
Tod Beardsley
d56ac81a57
Recapitalizing GlobalSCAPE
...
According to
http://kb.globalscape.com/Search.aspx?Keywords=globalscape
this seems to be the preferred capitalization.
2012-08-15 13:25:35 -05:00
sinn3r
dc5f8b874d
Found a bug with retrying.
2012-08-14 17:04:17 -05:00
sinn3r
6a0271fb11
Correct OSX naming. See ticket #7182
2012-08-14 15:29:21 -05:00
Tod Beardsley
0e4e7dc903
Indentation fix
2012-08-14 12:27:27 -05:00
Tod Beardsley
6597d25726
Shortening an over-200 long line for readability
...
It's a contrived fix, but scrolling over is a hassle. This comes up a
lot in long regexes, not sure the best way to address these.
2012-08-14 12:27:27 -05:00
sinn3r
bfe2ed0737
Minor title update
2012-08-14 12:14:13 -05:00
jvazquez-r7
1ec7f03352
Changes proposed by todb: description, author email, zip data random
2012-08-14 18:45:05 +02:00
jvazquez-r7
3c79509780
Added module for BID 46375
2012-08-14 18:15:29 +02:00
sinn3r
3e0e5a1a75
No manual stuff, probably prones to failure anyway.
2012-08-14 10:58:57 -05:00
sinn3r
612848df6f
Add priv escalation mod for exploiting trusted service path
2012-08-14 01:55:03 -05:00
Tod Beardsley
bd408fc27e
Updating msft links to psexec
...
Thanks for the spot @shuckins-r7 !
2012-08-13 15:28:04 -05:00
jvazquez-r7
d6b28dc44d
ranking changed plus on_new_session handler added
2012-08-13 19:29:13 +02:00
jvazquez-r7
468030786f
small fixes, mainly check res agains nil, res.code and use send_request_cgi
2012-08-13 18:57:59 +02:00
jvazquez-r7
29c48be2ed
Merge branch 'testlink_upload_exec' of https://github.com/bcoles/metasploit-framework into bcoles-testlink_upload_exec
2012-08-13 18:54:33 +02:00
sinn3r
6059bb5710
Merge branch 'cyclope' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-cyclope
2012-08-13 11:40:46 -05:00
sinn3r
dfa00ac499
Merge branch 'zenworks_assetmgmt_uploadservlet' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_assetmgmt_uploadservlet
2012-08-13 11:39:15 -05:00
bcoles
8bb3181f68
Add TestLink v1.9.3 arbitrary file upload module
2012-08-13 16:30:10 +09:30
HD Moore
f72f334124
Fix an odd issue with search due to use of the builtin Proxies option
2012-08-12 23:22:38 -05:00
sinn3r
f9b5f321cb
ADD OSVDB-84517
2012-08-12 17:56:18 -05:00
RageLtMan
3711297719
dd Opt::Proxies and opthash[:proxies] to exploits
2012-08-12 16:29:39 -04:00
jvazquez-r7
bf04e2dded
Added module for CVE-2011-2653
2012-08-12 18:27:56 +02:00
James Lee
67cdea1788
Fix load order issues (again)
...
This is getting annoying. Some day we'll have autoload and never have
to deal with this.
2012-08-10 13:52:54 -06:00
sinn3r
b4b860f356
Correct MC's name
2012-08-08 14:16:02 -05:00
jvazquez-r7
8587ff535a
Added exploit module for CVE-2009-1730
2012-08-08 16:28:03 +02:00
sinn3r
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
sinn3r
7221420267
When it hangs, it's actually the correct behavior, not a failure.
2012-08-07 15:00:08 -05:00
Tod Beardsley
955a5af8cf
Adding OSVDB ref
2012-08-07 12:56:29 -05:00
sinn3r
ddcee6fee0
And the war between spaces and tabs goes on....
2012-08-07 12:36:53 -05:00
sinn3r
540f6253ef
Merge branch 'pbot_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-pbot_exec
2012-08-07 12:26:07 -05:00
sinn3r
57c32c9c7b
Slip Plixer's name in there, because it's their product.
2012-08-07 12:20:44 -05:00
jvazquez-r7
fb452d75a3
Added module for pbot RCE
2012-08-07 19:20:32 +02:00
sinn3r
0f37c1704d
Add vendor's name in there fore better searching
2012-08-07 12:17:41 -05:00
sinn3r
5f4297a68a
I tested it 9.5.2 too
2012-08-07 11:01:08 -05:00
sinn3r
3ba73c4f7f
Fix check() function
2012-08-07 11:00:12 -05:00
sinn3r
6b4ae94dce
Add CVE-2012-3951 Scrutinizer NetFlow and sFlow Analyzer exploit
...
This uses a default MySQL admin credential to write a php file to
the web directory, extracts our malicious executable, and then
finally execute it. We get SYSTEM.
2012-08-07 03:19:44 -05:00
jvazquez-r7
44dd8b0cc5
Merge branch 'update_juan_author' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-update_juan_author
2012-08-06 19:04:26 +02:00
jvazquez-r7
c2cc4b3b15
juan author name updated
2012-08-06 18:59:16 +02:00
sinn3r
349c841f6b
Blah, OSVDB ref shouldn't be a link
2012-08-06 11:57:59 -05:00
sinn3r
647b587f75
Merge branch 'Meatballs1-uplay'
2012-08-06 11:54:51 -05:00
sinn3r
69ff9e7c1c
Lots of changes before commit.
2012-08-06 11:54:08 -05:00
sinn3r
25b2b2de68
Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay
2012-08-06 11:33:27 -05:00
sinn3r
13aca3fe4c
Merge branch 'oracle_autovue_setmarkupmode' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_autovue_setmarkupmode
2012-08-06 03:13:27 -05:00
Steve Tornio
54ed27c1b3
add osvdb ref
2012-08-05 09:02:54 -05:00
Steve Tornio
b646dcc87f
add osvdb ref
2012-08-05 09:02:32 -05:00
Steve Tornio
79e04bb793
add osvdb ref
2012-08-05 09:02:11 -05:00
Steve Tornio
eb963ae52a
add osvdb ref
2012-08-05 09:01:46 -05:00
jvazquez-r7
4e8a6f6508
Added module for CVE-2012-0549
2012-08-05 12:13:23 +02:00
Tod Beardsley
d5b165abbb
Msftidy.rb cleanup on recent modules.
...
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
Meatballs1
1aacea951d
Serve files as hidden
2012-08-04 18:03:12 +01:00
Meatballs1
833999b2c3
Changed blacklist to 404 all files that are not our share and executable - this allows windows/exec payload to work
2012-08-04 17:59:45 +01:00
Daniel Miller
31510167e6
Make setuid_nmap more robust
...
Squashed commit of the following:
commit e1a1f84f9b1ce6466e82c72e39070c34607d6769
Author: James Lee <egypt@metasploit.com>
Date: Fri Aug 3 14:13:33 2012 -0600
Fix 1.8 compat
commit 26533219896b6e874b2f2113e7cbc6d5d7d1ac79
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Thu Aug 2 09:50:38 2012 -0500
Handle early Nmap versions that don't take absolute paths
commit 00db80131deba1f4a3bcc289b394feb5057fbbe9
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Fri Jul 27 11:58:36 2012 -0500
Add compatibility args to setuid_nmap command
Nmap before 4.75 would not run a script without a port scan being
performed. Example: 4.53 installed on Metasploitable would not work.
Added "-p80 localhost" to the command to ensure it works with these
older versions.
[Closes #649 ]
2012-08-03 14:15:09 -06:00
h0ng10
8872ea693c
real support for cve-2010-0738/verb bypass
2012-08-03 14:22:40 -04:00
h0ng10
52b1919315
Additional cleanups, verb tampering
2012-08-02 17:33:17 -04:00
James Lee
227d0dbc47
Add jabra to authors. I'm a jerk
2012-08-02 11:13:53 -06:00
James Lee
1a2a1e70f7
Replace load with require, *facepalm*
2012-08-01 22:51:36 -06:00
sinn3r
2f1022a5a3
Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay
2012-08-01 16:24:23 -05:00
sinn3r
f6a2ba094d
Merge branch 'sonicwall_scrutinizer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sonicwall_scrutinizer
2012-08-01 15:14:34 -05:00
sinn3r
74a6c724a6
Merge branch 'cisco_playerpt_setsource_surl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cisco_playerpt_setsource_surl
2012-08-01 15:13:15 -05:00
sinn3r
6ae863cdff
Forgot two extra spaces, how dare me!
2012-08-01 15:11:33 -05:00
sinn3r
227c3afed3
Merge branch 'bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec'
2012-08-01 15:08:51 -05:00
sinn3r
7af9979687
Merge branch 'zenoss_3.2.1_showdaemonxmlconfig_exec' of https://github.com/bcoles/metasploit-framework into bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec
2012-08-01 15:06:42 -05:00
sinn3r
48533dc392
Merge branch 'current-user-psexec' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-current-user-psexec
2012-08-01 15:02:10 -05:00
sinn3r
92d1d26288
Add CVE-2012-2962 : Dell SonicWall Scrutinizer exploit
2012-08-01 15:00:24 -05:00
jvazquez-r7
4c28b2a310
modified autopwn_info to add ie9
2012-08-01 19:36:20 +02:00
jvazquez-r7
d3c10d5d39
Added module for CVE-2012-0284
2012-08-01 19:34:37 +02:00
bcoles
2bf0899d09
minor improvements to Zenoss showdaemonxmlconfig exploit
2012-08-01 20:15:45 +09:30
James Lee
0707730fe0
Remove superfluous method
...
Obsoleted by session.session_host, which does the same thing
2012-08-01 01:07:21 -06:00
James Lee
47eb387886
Add current_user_psexec module
...
Tested against a 2k8 domain controller.
2012-08-01 01:05:10 -06:00
sinn3r
8a40ef397d
Merge branch 'webpagetest' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webpagetest
2012-07-31 17:29:42 -05:00
sinn3r
d66678e7ee
Forgot to randomize element ID
2012-07-31 17:25:50 -05:00
jvazquez-r7
7a0b5a6169
Added module for CVE-2012-1876
2012-07-31 23:14:29 +02:00
Meatballs1
75a9283fbf
Removed auto migrate as exploit loads in a seperate process to browser anyway
2012-07-31 20:44:14 +01:00
Meatballs1
6f697ce519
Working with WebDAV
2012-07-31 20:26:47 +01:00
sinn3r
9815faec37
Add OSVDB-83822
2012-07-31 13:31:06 -05:00
sinn3r
20489864fc
Merge branch 'zenoss_3.2.1_showdaemonxmlconfig_exec' of https://github.com/bcoles/metasploit-framework into bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec
2012-07-31 08:42:34 -05:00
sinn3r
e7db0ebcef
Blah, removed the wrong ref.
2012-07-30 12:47:32 -05:00
sinn3r
edfe43e7e0
When I say to remove BID ref, I mean it...
2012-07-30 12:46:27 -05:00
sinn3r
e84214d1e1
Remove some references to avoid confusion.
...
rgod's poc and Mikado aren't actually the same thing, despite the
fact they both use the same method. To avoid confusion, refs to
Secunia and CVE are removed, but OSVDB/EDB are kept unless OSVDB
decides rgod's and Mikado's are separate issues.
2012-07-30 12:42:27 -05:00
Meatballs1
f298dbbd04
Fixed to work with browser_autopwn
2012-07-30 16:43:21 +01:00
Meatballs1
066020e572
Msftidy
2012-07-30 15:51:56 +01:00
Meatballs1
404909cb95
Check as IE crashes if length > 693
2012-07-30 15:41:58 +01:00
Meatballs1
690c381abd
Initial commit
2012-07-30 14:49:34 +01:00
bcoles
bdf8f1a543
Clean up Zenoss exploit + minor improvements
...
Changed send_request_raw() to send_request_cgi()
- Removed redundant request headers 'Content-Length'
Added rescue error message for connection failures
Changed username to the default 'admin' account
2012-07-30 18:04:14 +09:30
jvazquez-r7
2fa88366be
Added module for MS10-104
2012-07-30 09:01:38 +02:00
bcoles
8d3700cc3c
Add Zenoss <= 3.2.1 exploit and Python payload
...
- modules/exploits/linux/http/zenoss_3.2.1_showdaemonxmlconfig_exec.rb
- modules/payloads/singles/cmd/unix/reverse_python.rb
2012-07-30 01:24:27 +09:30
Matt Andreko
2f7b5f35af
Added Sysax 5.64 Create Folder exploit
2012-07-29 10:40:02 -04:00
h0ng10
36be7cd9c4
removed unnecessary cleanup
2012-07-27 16:32:08 -04:00
sinn3r
d67234bd03
Better regex and email format correction
2012-07-27 01:14:32 -05:00
sinn3r
2939e3918e
Rename file
2012-07-27 01:06:57 -05:00
bcoles
cec15aa204
Added CuteFlow v2.11.2 Arbitrary File Upload
...
- modules/exploits/multi/http/cuteflow_2.11.2_upload_exec.rb
2012-07-27 12:30:20 +09:30
sinn3r
80e0688c68
Merge branch 'symantec_pbcontrol' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-symantec_pbcontrol
2012-07-26 15:16:23 -05:00
sinn3r
e483af64e4
Random text
2012-07-26 15:14:02 -05:00
sinn3r
6c3b05f1c4
Add CVE-2012-2953 Symantec Web Gateway proxy_file() cmd exec bug
2012-07-26 13:11:05 -05:00
jvazquez-r7
0bbcac96ea
cleanup: delete revision metadata plus fix disc date
2012-07-26 15:04:15 +02:00
jvazquez-r7
e885b84347
Added module for CVE-2012-0284
2012-07-26 13:08:24 +02:00
sinn3r
3cb60fb42a
Fix 1.8-specific regexp syntax bug
...
The bug was:
line 343: warning: regexp has invalid interval
line 343: warning: regexp has '}' without escape
2012-07-26 02:19:13 -05:00
jvazquez-r7
d2e1f4b448
Added module for OSVDB 83745
2012-07-25 19:24:09 +02:00
sinn3r
b527356e00
This check can be handy
2012-07-22 03:34:16 -05:00
sinn3r
5fd58eda71
Merge branch 'sws_connection_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sws_connection_bof
2012-07-22 03:29:33 -05:00
jvazquez-r7
2f66aa7c4f
Added module for OSVDB 83891
2012-07-21 12:14:29 +02:00
jvazquez-r7
beb1fbb55d
Added module for Simple Web Server Connection header bof
2012-07-21 12:07:36 +02:00
jvazquez-r7
f4e4675dc5
Avoid unpack with native endian types
2012-07-20 22:07:12 +02:00
sinn3r
b662881613
Enforce a check before firing the exploit
2012-07-19 16:43:52 -05:00
jvazquez-r7
37f14f76b7
Descriptions updated
2012-07-19 17:38:01 +02:00
sinn3r
2bb36f5ef9
Remove repeating words
2012-07-19 10:17:05 -05:00
sinn3r
898530dd54
Fix description
2012-07-19 10:15:26 -05:00
sinn3r
2c648b1c5b
Merge branch 'zenworks_preboot_op6c_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6c_bof
2012-07-19 10:14:10 -05:00
sinn3r
8f867b5b0d
100 columns or each line in the description
2012-07-19 10:12:22 -05:00
jvazquez-r7
d51209a3cf
Beautify
2012-07-19 15:53:47 +02:00
jvazquez-r7
d69a46a9f0
Beautify
2012-07-19 15:53:09 +02:00
jvazquez-r7
83b7b90c61
Added module for CVE-2011-3175
2012-07-19 15:30:51 +02:00
jvazquez-r7
48f8145d97
Added module for CVE-2011-3176
2012-07-19 15:29:10 +02:00
James Lee
d238debb2f
Add disclo date, discoverers, and better description
2012-07-18 16:14:32 -06:00
James Lee
ebe48ecf16
Add Rank for schelevator, update sock_sendpage's
2012-07-18 11:16:29 -06:00
sinn3r
f4547527a8
Merge branch 'omg-post-exploits' of https://github.com/jlee-r7/metasploit-framework
2012-07-17 17:43:40 -05:00
sinn3r
b3e11f2e6b
Merge branch 'zenworks_preboot_op6_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6_bof
2012-07-17 17:42:58 -05:00
jvazquez-r7
80bfd48535
Added module for ZDI-010-090 Opcode 0x6
2012-07-17 23:25:55 +02:00
jvazquez-r7
0514756e92
Added module for ZDI-010-090 Opcode 0x21
2012-07-17 23:25:04 +02:00
James Lee
efe478f847
Merge branch 'master' into omg-post-exploits
2012-07-16 09:20:23 -06:00
HD Moore
a57e712630
Be less verbose
2012-07-15 22:19:12 -05:00
HD Moore
b133428bc1
Better error handling in two web app modules
2012-07-15 21:56:00 -05:00
HD Moore
7f3aeca501
Put lipstick on this pig for the time being
2012-07-15 21:35:29 -05:00
James Lee
7091d1c65b
Add an exploit for sock_sendpage
...
Unfortunately, adds a dep on bionic for runtime compilation.
Gets ring0, sets the (res)uid to 0 and jumps to the payload. Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into. Single payloads work fine, though.
Also cleans up and improves local exploits' ability to compile C.
[SEERM #3038 ]
2012-07-15 20:29:48 -06:00
HD Moore
44e56c87f1
Make super sure that blank creds are not reported
2012-07-15 20:56:31 -05:00
jvazquez-r7
8cf08c6ca3
Target W7 updated
2012-07-15 17:45:58 +02:00
sinn3r
e1ff6b0cef
Nicer cleanup
2012-07-14 17:57:32 -05:00
jvazquez-r7
bdf009d7a8
Review of pull request #606
2012-07-15 00:20:12 +02:00
jvazquez-r7
6c8ee443c8
datastore cleanup according to sinn3r
2012-07-12 09:31:22 +02:00
jvazquez-r7
65d15df9f9
Merge branch 'jboss-revision' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-revision
2012-07-12 09:25:37 +02:00
h0ng10
87f5002516
added datastore cleanup
2012-07-11 12:56:23 -04:00
h0ng10
0d38a7e45f
switched to Rex::Text.encode_base64()
2012-07-11 12:52:09 -04:00
LittleLightLittleFire
32fa8bdfcf
Fixed typo in Stefan's last name
2012-07-11 14:53:26 +10:00
h0ng10
61ec07a10c
additional targets, meterpreter, bugfixes
2012-07-10 13:33:28 -04:00
sinn3r
06974cbc43
This bug is now patched
2012-07-10 12:28:46 -05:00
jvazquez-r7
4af75ff7ed
Added module for CVE-2011-4542
2012-07-10 18:40:18 +02:00
sinn3r
6f97b330e7
Merge branch 'LittleLightLittleFire-module-cve-2012-1723'
2012-07-10 00:50:31 -05:00
sinn3r
5b7d1f17c0
Correct juan's name and comments
2012-07-10 00:43:46 -05:00
sinn3r
54576a9bbd
Last touch-up
...
The contents of this pull request are very similar to what the msf
dev had in private, so everybody is credited for the effort.
2012-07-10 00:37:07 -05:00
HD Moore
c532d4307a
Use the right failure reason
2012-07-10 00:26:14 -05:00
LittleLightLittleFire
e9ac90f7b0
added CVE-2012-1723
2012-07-10 12:20:37 +10:00
jvazquez-r7
73fcf73419
Added module for CVE-2011-2657
2012-07-09 18:03:16 +02:00
James Lee
6d6b4bfa92
Merge remote branch 'rapid7/master' into omg-post-exploits
2012-07-08 17:32:39 -06:00
Steve Tornio
44290c2c89
add osvdb ref
2012-07-07 08:40:25 -05:00
sinn3r
70c718a5ed
Fix indent level
2012-07-06 12:44:03 -05:00
sinn3r
24c57b61a8
Add juan as an author too for improving the module a lot
2012-07-06 10:41:06 -05:00
jvazquez-r7
9fecc80459
User of TARGETURI plus improve of description
2012-07-06 15:47:25 +02:00
jvazquez-r7
7751c54a52
references updates
2012-07-06 11:56:03 +02:00
jvazquez-r7
f8ca5b4234
Revision of pull request #562
2012-07-06 11:52:43 +02:00
sinn3r
1e6c4301b6
We worked on it, so we got credit
2012-07-06 02:12:10 -05:00
sinn3r
f8123ef316
Add a "#" in the end after the payload
2012-07-06 02:09:31 -05:00
sinn3r
187731f2cb
Add a check function to detect the vuln
2012-07-06 01:58:01 -05:00
sinn3r
dcddc712d2
Missing a "&"
2012-07-06 01:50:18 -05:00
sinn3r
3c8a836091
Add lcashdol's module from #568
...
Initial version being worked on by sinn3r & juan
2012-07-06 01:41:34 -05:00
sinn3r
260cea934d
Add more reference
2012-07-05 16:48:43 -05:00
sinn3r
850242e733
Remove the extra comma and a tab char
2012-07-05 14:05:23 -05:00
jvazquez-r7
aee7d1a966
Added module for CVE-2012-0911
2012-07-05 20:58:27 +02:00
jvazquez-r7
ff4a0bc3aa
poisonivy_bof description updated
2012-07-05 00:18:13 +02:00
jvazquez-r7
8bdf3b56f5
tries updated
2012-07-04 15:48:32 +02:00
jvazquez-r7
d8a5af7084
last changes done by gal, added RANDHEADER to single_exploit
2012-07-04 15:25:12 +02:00
jvazquez-r7
644d5029d5
add bruteforce target as optional
2012-07-04 13:02:47 +02:00
jvazquez-r7
7214a6c969
check function updated
2012-07-04 12:16:30 +02:00
jvazquez-r7
c531bd264b
brute force version of the exploit
2012-07-04 11:37:36 +02:00
jvazquez-r7
da2105787d
no rop versio of the exploit, metadata used, check and description fixed
2012-07-04 10:54:35 +02:00
jvazquez-r7
8bcc0ba440
Review of pull request #559
2012-07-03 23:49:47 +02:00
jvazquez-r7
600ca5b1dd
Added module for CVE-2012-0708
2012-07-03 19:03:58 +02:00
sinn3r
77d6fe16f0
Merge branch 'Winlog-CVE-resource' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-Winlog-CVE-resource
2012-07-02 16:04:02 -05:00
sinn3r
e2a2789f78
Support Ruby 1.8 syntax. Thanks M M.
2012-07-02 14:15:14 -05:00
m-1-k-3
e06ca8e654
Winlog-CVE-resource
2012-07-02 20:33:15 +02:00
jvazquez-r7
9d49052c52
hp_dataprotector_new_folder: added support for hpdp 6
2012-07-02 18:32:19 +02:00
HD Moore
3bb7405b09
Only report auth if the username is not blank
2012-07-02 04:11:29 -05:00
sinn3r
a3d74f5b10
Correct dead milw0rm references
2012-06-30 16:50:04 -05:00
sinn3r
2874768539
Also add juan as author. And links to the vulnerable setup.
2012-06-30 13:12:13 -05:00
jvazquez-r7
5dbfb7b9aa
last cleanup
2012-06-30 14:18:25 +02:00
jvazquez-r7
19d476122b
versions affected corrected
2012-06-29 20:23:17 +02:00
jvazquez-r7
533111c6da
irfanview_jpeg2000_bof: review of pull req #543
2012-06-29 20:13:02 +02:00
sinn3r
196e1b7f70
Update title & description to match what ZDI has.
...
ZDI publishes a new advisory that's closer to what we actually
see in a debugger. So we update the reference, as well as the
description + title to better match up theirs.
2012-06-29 11:10:28 -05:00
sinn3r
19b6ebbfbf
Merge branch 'apple_quicktime_texml_zdi' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-apple_quicktime_texml_zdi
2012-06-29 10:59:11 -05:00
sinn3r
0e87238e58
Space space
2012-06-29 10:56:12 -05:00
jvazquez-r7
c79312547a
Added module for CVE-2012-0124
2012-06-29 17:50:21 +02:00
jvazquez-r7
5efb459616
updated zdi reference
2012-06-29 16:36:11 +02:00
sinn3r
e5dd6fc672
Update milw0rm references.
...
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links. Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
sinn3r
7c9a8ba699
Add OSVDB reference
2012-06-28 02:09:12 -05:00
sinn3r
cf9a6d58cc
Update missing OSVDB ref
2012-06-28 00:44:01 -05:00
sinn3r
f63a3959e0
Update web app module references
2012-06-28 00:37:37 -05:00
sinn3r
869aec5e3e
Update CVE/OSVDB/Milw0rm references for browser modules
2012-06-28 00:26:20 -05:00
sinn3r
7dcdd205bb
Update CVEs for fileformat exploits
2012-06-28 00:21:03 -05:00
sinn3r
b83c02d8e3
Update CVE reference
2012-06-28 00:06:41 -05:00
sinn3r
d85ce8db5c
Update CVEs for HTTP exploits
2012-06-28 00:00:53 -05:00
sinn3r
e8102284ff
Add missing CVEs for misc exploit modules
2012-06-27 22:17:34 -05:00
sinn3r
f5faccfa07
Add missing CVEs for SCADA modules
2012-06-27 22:10:24 -05:00
sinn3r
e605a35433
Make sure the check func is always returning the same data type
2012-06-27 17:07:55 -05:00
sinn3r
cb1af5ab79
Final cleanup
2012-06-27 16:57:04 -05:00
jvazquez-r7
73360dfae3
minor fixes
2012-06-27 23:38:52 +02:00
jvazquez-r7
245205c6c9
changes on openfire_auth_bypass
2012-06-27 23:15:40 +02:00
jvazquez-r7
6ec990ed85
Merge branch 'Openfire-auth-bypass' of https://github.com/h0ng10/metasploit-framework into h0ng10-Openfire-auth-bypass
2012-06-27 23:09:26 +02:00
sinn3r
2f733ff8b9
Add CVE-2012-0663 Apple QuickTime TeXML Exploit
2012-06-27 14:41:45 -05:00
Tod Beardsley
94e28933c8
Whitespace fixes. msftidy.rb yall
2012-06-27 10:06:15 -05:00
sinn3r
9ea6d84a7a
Make it clear the exploit doesn't like certain PDF formats
...
If the exploit cannot fetch certain xref fields, we warn the user
we don't like their PDF, and recommend them to try a different
one.
2012-06-26 16:32:10 -05:00
h0ng10
6cc8390da9
Module rewrite, included Java support, direct upload, plugin deletion
2012-06-26 11:56:44 -04:00
sinn3r
b966dda980
Update missing CVE reference
2012-06-26 01:26:09 -05:00
sinn3r
8f355554c8
Update missing CVE reference
2012-06-26 01:21:24 -05:00
sinn3r
0d7b6d4053
Update missing CVE reference
2012-06-26 01:20:28 -05:00
sinn3r
c7935e0e99
Update OSVDB reference
2012-06-26 01:18:25 -05:00
sinn3r
9980c8f416
Add rh0's analysis
2012-06-25 21:32:45 -05:00
sinn3r
7698b2994d
Correct OSVDB typo
2012-06-25 18:32:35 -05:00
sinn3r
8927c8ae57
Make it more verbose, and do some exception handling for cleanup
2012-06-25 17:27:33 -05:00
jvazquez-r7
7b0f3383d2
delete default credentials
2012-06-25 23:53:56 +02:00
jvazquez-r7
7dc1a572e5
trying to fix serialization issues
2012-06-25 23:25:38 +02:00
jvazquez-r7
4c453f9b87
Added module for CVE-2012-0694
2012-06-25 17:21:03 +02:00
HD Moore
807f7729f0
Merge branch 'master' into feature/vuln-info
2012-06-25 10:10:20 -05:00
Steve Tornio
5d2655b0ce
add osvdb ref
2012-06-25 09:00:03 -05:00
HD Moore
348a0b8f6e
Merge branch 'master' into feature/vuln-info
2012-06-24 23:00:13 -05:00
HD Moore
c28d47dc70
Take into account an integer-normalized datastore
2012-06-24 23:00:02 -05:00
HD Moore
e31a09203d
Take into account an integer-normalized datastore
2012-06-24 22:59:14 -05:00
h0ng10
65197e79e2
added Exploit for CVE-2008-6508 (Openfire Auth bypass)
2012-06-24 07:35:38 -04:00
sinn3r
e805675c1f
Add Apple iTunes 10 Extended M3U Stack Buffer Overflow
...
New exploit against Apple iTunes. Note that this appears to be
different than liquidworm's CVE-2012-0677, because this one is
a stack-based buffer overflow, while CVE-2012-0677 is heap-based,
and a different crash/backtrace. However, according to Rh0, this
bug is patched anyway in the same update... possibly a silent
patch.
As of now, there seems to be no CVE or OSVDB addressing this
particular bug.
2012-06-24 02:01:34 -05:00
James Lee
6913440d67
More progress on syscall wrappers
...
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
2012-06-22 17:45:49 -06:00
Tod Beardsley
d708f2526c
Adding ref for APSB12-09 to new Flash sploit
2012-06-22 17:30:52 -05:00
jvazquez-r7
72ef8c91f0
module for CVE-2012-0779 added
2012-06-23 00:21:18 +02:00
m-1-k-3
315a1707e7
also new version v2.07.16 is vulnerable
2012-06-22 13:18:45 +02:00
James Lee
fd8b1636b9
Add the first bits of a sock_sendpage exploit
...
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.
Baby steps.
2012-06-22 00:03:29 -06:00
James Lee
815d80a2cc
Merge branch 'rapid7' into omg-post-exploits
2012-06-21 17:02:55 -06:00
sinn3r
9d52ecfbb6
Fix a few mistakes (typos & reference)
2012-06-21 02:32:04 -05:00
jvazquez-r7
6be7ba98aa
ezserver_http: added bid reference
2012-06-20 22:08:58 +02:00
HD Moore
f7ecc98923
Merge branch 'master' into feature/vuln-info
2012-06-20 13:34:53 -05:00
sinn3r
beb8e33fc4
Fix a typo
2012-06-20 09:53:09 -05:00
sinn3r
efaf5cf193
Oops, I found a typo.
2012-06-19 22:57:45 -05:00
sinn3r
9a9dd53e86
Use get_resource() instead of the hard-coded path
2012-06-19 22:56:25 -05:00
sinn3r
79fc053a2e
Merge branch 'module-CVE-2011-2110' of https://github.com/mrmee/metasploit-framework into mrmee-module-CVE-2011-2110
2012-06-19 22:05:07 -05:00
Steven Seeley
fcf42d3e7b
added adobe flashplayer array indexing exploit (CVE-2011-2110)
2012-06-20 12:52:37 +10:00
HD Moore
d40e39b71b
Additional exploit fail_with() changes to remove raise calls
2012-06-19 19:43:41 -05:00
HD Moore
664458ec45
No more crap :/
2012-06-19 19:43:29 -05:00
jvazquez-r7
a93eeca68d
msxml_get_definition_code_exec: added support for ie9
2012-06-20 00:17:50 +02:00
Tod Beardsley
3b1c434252
Remove trailing space
2012-06-19 16:44:07 -05:00
HD Moore
fb7f6b49f0
This mega-diff adds better error classification to existing modules
2012-06-19 12:59:15 -05:00
HD Moore
f7a85f3f9d
Make it clear that this works on Vista SP2
2012-06-18 20:13:37 -05:00
HD Moore
4739affd54
Fix the comment as well
2012-06-18 19:57:56 -05:00
HD Moore
bd0fd8195d
Add compatibility for Vista SP2 from troulouliou
2012-06-18 19:55:52 -05:00
sinn3r
4987acc703
Correct e-mail format, description, and some commas.
2012-06-18 18:52:26 -05:00
sinn3r
af8cb03d1b
Merge branch 'distcc-add-check' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-distcc-add-check
2012-06-18 18:33:21 -05:00
HD Moore
29887272a9
Correct the description to mention IE8 on Windows 7
2012-06-18 18:14:59 -05:00
jvazquez-r7
2df237b066
minor fixes
2012-06-18 22:44:17 +02:00
Juan Vazquez
10bd72f3a1
Merge pull request #500 from modpr0be/module-ezserver
...
added ezserver <=6.4.017 bof for winxp sp3
2012-06-18 13:42:35 -07:00
James Lee
96c16a498a
Add a check for distcc_exec
...
Just executes the exploit with an "echo <random>" payload to see if it
works.
2012-06-18 14:34:02 -06:00
modpr0be
d706199a83
fix all changes suggested by jvazquez-r7
2012-06-19 02:05:25 +07:00
sinn3r
256290c206
Additional changes
2012-06-18 10:49:16 -05:00
sinn3r
50269c910a
Add IE 8 targets
2012-06-18 10:44:52 -05:00
sinn3r
931f24b380
Merge branch 'php_apache_request_headers_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-php_apache_request_headers_bof
2012-06-16 14:56:45 -05:00
jvazquez-r7
a8a4594cd4
Documenting esi alignment plus using target_uri.to_s
2012-06-16 09:26:22 +02:00
James Lee
7eebc671ba
Put the curly braces back and drop a comma
...
The curly braces make extra commas at the end ok in 1.8. So fe39642e
broke this module for 1.8. Having braces doesn't hurt anything and
protects against syntax errors if a module author is not dilligent with
their commas, especially after copy-pasting another module.
2012-06-16 01:17:33 -06:00
sinn3r
424948a358
Fix title
2012-06-16 01:48:00 -05:00
sinn3r
38926fb97c
Description and name change
2012-06-15 20:11:34 -05:00
jvazquez-r7
c676708564
BrowserAutopwn info completed
2012-06-16 02:26:33 +02:00
jvazquez-r7
ce241b7e80
BrowserAutopwn info completed
2012-06-16 02:18:01 +02:00
jvazquez-r7
495ed2e434
BrowserAutopwn info added
2012-06-16 02:14:24 +02:00
jvazquez-r7
8a89968a1d
Added module for CVE-2012-1889
2012-06-16 01:50:25 +02:00
Tod Beardsley
fe39642e27
Dropping extra curly braces on f5 module
...
Also dropping extra whitespace.
2012-06-15 12:23:34 -05:00
Steve Tornio
80a0b4767a
add osvdb ref
2012-06-15 09:02:31 -05:00
jvazquez-r7
1d121071f3
Prepend nops to raw payload in encoder if needed
2012-06-15 09:59:10 +02:00
sinn3r
80d46580ec
One last minor change for metadata format
2012-06-14 21:48:24 -05:00
sinn3r
82799f2601
Some final touchup
...
This commit includes the following changes:
* Description change
* Additional references
* More testing
* Format change
* Other minor stuff
2012-06-14 21:46:38 -05:00
sinn3r
75a67d7160
Merge branch 'module-tfm_mmplayer' of https://github.com/bcoles/metasploit-framework into bcoles-module-tfm_mmplayer
2012-06-14 21:14:29 -05:00
jvazquez-r7
091b3bbbd9
Added module plus encoder for CVE-2012-2329
2012-06-15 00:29:52 +02:00
sinn3r
fb67fe9161
Merge branch 'mrmee-cmdsnd_ftp_exploit'
2012-06-14 14:19:56 -05:00
sinn3r
cde3c48765
Change title
2012-06-14 14:18:30 -05:00
sinn3r
b107025860
Correct typo. Also make use of random junks.
2012-06-14 14:17:57 -05:00
sinn3r
8e06babbba
Make msftidy happy
2012-06-14 14:16:07 -05:00
sinn3r
66e92d0200
Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit
2012-06-14 12:17:29 -05:00
sinn3r
c1685c44c3
Fix disclosure date
2012-06-14 10:03:49 -05:00
sinn3r
1cdf964719
A little change to the description
2012-06-14 10:03:15 -05:00
sinn3r
48ee81de29
Add CVE-2012-2915
2012-06-14 09:56:01 -05:00
bcoles
940f904dee
Changed date format to new DisclosureDate format. Removed two redundant spaces. Now passes msftidy.
2012-06-14 12:10:03 +09:30
Steven Seeley
a5fca47f56
updated windows XP SP3 pivot offset, please retest this
2012-06-14 10:31:17 +10:00
sinn3r
45eb531c23
Add Jun as an author for the initial discovery
2012-06-13 15:50:45 -05:00
sinn3r
7dc19bba16
Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit
2012-06-13 14:55:44 -05:00
Tod Beardsley
15b674dab3
Language on MS12-005
2012-06-13 14:22:20 -05:00
Tod Beardsley
99b9261294
Caps in title
2012-06-13 14:19:04 -05:00
Tod Beardsley
ae59f03ac9
Fixing print message in snort module
2012-06-13 14:04:05 -05:00
Tod Beardsley
559683f2a1
Fixing CRLFs on winlog_runtime_2
2012-06-13 13:59:39 -05:00
Tod Beardsley
3cf4f7ab44
Fixing indents on msadc module
2012-06-13 13:59:38 -05:00
sinn3r
42ee2b5c02
Add alienvault.com reference
2012-06-13 12:19:51 -05:00
jvazquez-r7
6abb7bb987
Added module for CVE-2012-1875 as exploited in the wild
2012-06-13 18:33:26 +02:00
Steven Seeley
209d6d20d1
comsnd ftp remote format string overflow exploit
2012-06-14 02:22:31 +10:00
James Lee
1138290a64
Return nil when an error occurred
...
Avoids anti-pattern of testing for a specific class.
2012-06-13 09:41:20 -06:00
HD Moore
a2aaca5e85
Correct a fp with this exploit module (would always print success)
2012-06-13 10:38:05 -05:00
James Lee
c39a42da3d
No need to alter time out
2012-06-12 23:58:20 -06:00
James Lee
1fbe5742bd
Axe some copy-pasta
2012-06-12 23:58:20 -06:00
James Lee
9f78a9e18e
Port ms10-092 to the new Exploit::Local format
2012-06-12 23:58:20 -06:00
James Lee
0e8fb0fe98
Add a post-exploitation exploit for suid nmap
...
Tested on Ubuntu with nmap 6.00 and nmap 5.00
2012-06-12 23:58:20 -06:00
sinn3r
cde508af03
Merge branch 'jjarmoc-php_cgi_arg_injection'
2012-06-13 00:44:41 -05:00
sinn3r
a631e1fef1
Change the default state to make it work on Metasploitable by default
2012-06-13 00:43:59 -05:00
sinn3r
597726d433
Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection
2012-06-13 00:40:02 -05:00
bcoles
9756f87517
Added TFM MMPlayer (m3u/ppl File) Buffer Overflow module
2012-06-13 13:50:12 +09:30
Jeff Jarmoc
bbfe0f8f49
" is 0x22, duh.
2012-06-12 20:00:28 -05:00
HD Moore
00aa8c0452
Add missing ExploitRank
2012-06-12 15:35:53 -05:00
HD Moore
4ea5712140
Add a timeout for wonky systems that hang during negotiation
2012-06-12 15:24:13 -05:00
Jeff Jarmoc
12a28bd519
Fixed ruby 1.9 String Indexing issue, using Rex::Text.uri_encode
2012-06-12 14:59:06 -05:00
Steve Tornio
5775fa9e67
add osvdb ref
2012-06-12 14:53:55 -05:00
HD Moore
cc0f3632a8
Merge pull request #477 from jlee-r7/f5-priv
...
CVE-2012-1493 F5 known private key exploit module
2012-06-12 12:20:48 -07:00
James Lee
a91085d6cd
Add a disclosure date and more detailed desc
2012-06-12 13:07:53 -06:00
James Lee
11df90c98e
Call update_info
...
Not sure why all modules don't do this. Or none of them.
2012-06-12 13:01:36 -06:00
James Lee
c564e9dcc4
Fix 1.8 compat error
...
Net::SSH expects +key_data+ to be an array of strings. Giving it just a
string works in 1.9 but not 1.8, presumably due to some errant use of
+each+.
2012-06-12 12:50:46 -06:00
James Lee
539deabef5
Clean up title, options
2012-06-12 12:08:58 -06:00
James Lee
85e1555e13
Payload compat to work with unix/interact
2012-06-12 11:46:21 -06:00
James Lee
3d5417e574
Initial commit of F5 exploit
2012-06-12 11:37:22 -06:00
jvazquez-r7
4ae786590a
php_wordpress_foxypress from patrick updated. Related to Pull Request #475
2012-06-12 17:39:05 +02:00
sinn3r
c3c9051014
Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection
2012-06-11 11:15:15 -05:00
jvazquez-r7
02a5dff51f
struts_code_exec_exception_delegator_on_new_session: on_new_session modified
2012-06-11 12:07:38 +02:00
Juan Vazquez
a43cf76591
Merge pull request #463 from schierlm/struts_arch_java
...
Add ARCH_JAVA support to struts_code_exec_exception_delegator
2012-06-11 03:05:37 -07:00
jvazquez-r7
b908ccff0f
Added module for CVE-2012-0297
2012-06-10 22:38:58 +02:00
sinn3r
74c6eb6f78
Change the title and add a Microsoft reference.
...
This is a MS bug, therefore it's important to point out which
bulletin it belongs to.
2012-06-10 14:45:15 -05:00
sinn3r
efcb206cdf
Correct a typo
2012-06-10 14:38:14 -05:00
sinn3r
498f3323f3
Merge branch 'ms12_005' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms12_005
2012-06-10 01:53:46 -05:00
sinn3r
8f6457661d
Change description
2012-06-10 01:52:26 -05:00
sinn3r
4743c9fb33
Add MS12-005 (CVE-2012-0013) exploit
2012-06-10 01:08:28 -05:00
jvazquez-r7
f0082ba38f
Added module for CVE-2012-0299
2012-06-09 22:27:27 +02:00
Michael Schierl
b4d33fb85a
Add ARCH_JAVA support to struts_code_exec_exception_delegator
2012-06-09 21:53:43 +02:00
jvazquez-r7
a9ee2b3480
Use of make_nops
2012-06-08 19:20:58 +02:00
jvazquez-r7
91f5f304cb
Added module for CVE-2011-2217
2012-06-08 18:10:20 +02:00
sinn3r
3726ddddac
Software name correction thanks to modpr0be
2012-06-08 07:07:19 -05:00
sinn3r
41d49ed553
Another badchar analysis. Allow shorter delay (5sec to 1)
2012-06-08 01:59:09 -05:00
sinn3r
e5b451c000
Too many tabs for the beginning of the description
2012-06-07 23:08:11 -05:00
sinn3r
520c0ca660
Make msftidy happy
2012-06-07 23:07:39 -05:00
sinn3r
61f5eddf47
Move winlog file
2012-06-07 23:03:30 -05:00
sinn3r
9adec7e7e7
Merge branch 'winlog-2.07.14' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-winlog-2.07.14
2012-06-07 23:02:23 -05:00
sinn3r
a709fe1fe3
Fix regex escaping thanks to w3bd3vil
2012-06-07 16:00:59 -05:00
sinn3r
1eb73dec38
Merge branch 'aushack-master'
2012-06-07 12:17:49 -05:00
sinn3r
42795fec00
Get rid of some whitespace
2012-06-07 12:17:25 -05:00
jvazquez-r7
bd714017bb
samsung_neti_wiewer: add Space property for Payload
2012-06-07 16:00:36 +02:00
Patrick Webster
0e20d324b8
Added ms02_065_msadc exploit module.
2012-06-07 21:02:13 +10:00
jvazquez-r7
2f3b1effb9
Added module for OSVDB 81453
2012-06-07 12:47:09 +02:00
sinn3r
28fe4c0be5
What's this break stuff?
...
"break" should be "return"
2012-06-06 11:21:35 -05:00
sinn3r
a54b14b192
Remove whitespace
2012-06-06 11:21:34 -05:00
Patrick Webster
c36ab97d41
Updated msadc exploit with fixes.
2012-06-06 11:21:34 -05:00
Patrick Webster
f25b828d31
Added exploit module msadc.rb
2012-06-06 11:21:34 -05:00
m-1-k-3
f4f023cbfb
add BID
2012-06-06 09:44:16 +02:00
sinn3r
462a91b005
Massive whitespace destruction
...
Remove tabs at the end of the line
2012-06-06 00:44:38 -05:00
sinn3r
3f0431cf51
Massive whitespace destruction
...
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
sinn3r
f438e6c121
Remove the 'Rop' key because we don't really use it
2012-06-05 16:07:23 -05:00
sinn3r
f9651be88e
Merge branch 'ms11_093_ole32' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ms11_093_ole32
2012-06-05 15:44:13 -05:00
sinn3r
a3048c7ae8
Clear whitespace
2012-06-05 11:28:47 -05:00
jvazquez-r7
a30f104ee6
Fix space on Authors
2012-06-05 18:23:57 +02:00
jvazquez-r7
93741770e2
Added module for CVE-2011-3400
2012-06-05 18:21:55 +02:00
m-1-k-3
95d949e860
sleep and at
2012-06-05 18:08:46 +02:00
0a2940
dc6b2f4205
merged unstable-modules/exploits/incomplete/linux/ids/snortdcerpc.rb with exploits/windows/ids/snort_dce_rpc.rb
2012-06-05 04:14:40 -07:00
sinn3r
d9c39d3798
Fix the rest of nil res from get_once
2012-06-04 17:26:15 -05:00
sinn3r
a071d2805e
Fix the rest of possible nil res bugs I've found
2012-06-04 14:56:27 -05:00
m-1-k-3
0acbd99e71
targets
2012-06-04 20:08:58 +02:00
m-1-k-3
08ff6c72b1
winlog_lite_2.07.14 initial commit
2012-06-04 17:24:01 +02:00