Commit Graph

3651 Commits (b71729bf5f75ba8e1f31a5015f71a1338cc8b7e6)

Author SHA1 Message Date
Meatballs1 833999b2c3 Changed blacklist to 404 all files that are not our share and executable - this allows windows/exec payload to work 2012-08-04 17:59:45 +01:00
Daniel Miller 31510167e6 Make setuid_nmap more robust
Squashed commit of the following:

commit e1a1f84f9b1ce6466e82c72e39070c34607d6769
Author: James Lee <egypt@metasploit.com>
Date:   Fri Aug 3 14:13:33 2012 -0600

    Fix 1.8 compat

commit 26533219896b6e874b2f2113e7cbc6d5d7d1ac79
Author: Daniel Miller <bonsaiviking@gmail.com>
Date:   Thu Aug 2 09:50:38 2012 -0500

    Handle early Nmap versions that don't take absolute paths

commit 00db80131deba1f4a3bcc289b394feb5057fbbe9
Author: Daniel Miller <bonsaiviking@gmail.com>
Date:   Fri Jul 27 11:58:36 2012 -0500

    Add compatibility args to setuid_nmap command

    Nmap before 4.75 would not run a script without a port scan being
    performed. Example: 4.53 installed on Metasploitable would not work.
    Added "-p80 localhost" to the command to ensure it works with these
    older versions.

[Closes #649]
2012-08-03 14:15:09 -06:00
h0ng10 8872ea693c real support for cve-2010-0738/verb bypass 2012-08-03 14:22:40 -04:00
h0ng10 52b1919315 Additional cleanups, verb tampering 2012-08-02 17:33:17 -04:00
James Lee 227d0dbc47 Add jabra to authors. I'm a jerk 2012-08-02 11:13:53 -06:00
James Lee 1a2a1e70f7 Replace load with require, *facepalm* 2012-08-01 22:51:36 -06:00
sinn3r 2f1022a5a3 Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay 2012-08-01 16:24:23 -05:00
sinn3r f6a2ba094d Merge branch 'sonicwall_scrutinizer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sonicwall_scrutinizer 2012-08-01 15:14:34 -05:00
sinn3r 74a6c724a6 Merge branch 'cisco_playerpt_setsource_surl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cisco_playerpt_setsource_surl 2012-08-01 15:13:15 -05:00
sinn3r 6ae863cdff Forgot two extra spaces, how dare me! 2012-08-01 15:11:33 -05:00
sinn3r 227c3afed3 Merge branch 'bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec' 2012-08-01 15:08:51 -05:00
sinn3r 7af9979687 Merge branch 'zenoss_3.2.1_showdaemonxmlconfig_exec' of https://github.com/bcoles/metasploit-framework into bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec 2012-08-01 15:06:42 -05:00
sinn3r 48533dc392 Merge branch 'current-user-psexec' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-current-user-psexec 2012-08-01 15:02:10 -05:00
sinn3r 92d1d26288 Add CVE-2012-2962 : Dell SonicWall Scrutinizer exploit 2012-08-01 15:00:24 -05:00
jvazquez-r7 4c28b2a310 modified autopwn_info to add ie9 2012-08-01 19:36:20 +02:00
jvazquez-r7 d3c10d5d39 Added module for CVE-2012-0284 2012-08-01 19:34:37 +02:00
bcoles 2bf0899d09 minor improvements to Zenoss showdaemonxmlconfig exploit 2012-08-01 20:15:45 +09:30
James Lee 0707730fe0 Remove superfluous method
Obsoleted by session.session_host, which does the same thing
2012-08-01 01:07:21 -06:00
James Lee 47eb387886 Add current_user_psexec module
Tested against a 2k8 domain controller.
2012-08-01 01:05:10 -06:00
sinn3r 8a40ef397d Merge branch 'webpagetest' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webpagetest 2012-07-31 17:29:42 -05:00
sinn3r d66678e7ee Forgot to randomize element ID 2012-07-31 17:25:50 -05:00
jvazquez-r7 7a0b5a6169 Added module for CVE-2012-1876 2012-07-31 23:14:29 +02:00
Meatballs1 75a9283fbf Removed auto migrate as exploit loads in a seperate process to browser anyway 2012-07-31 20:44:14 +01:00
Meatballs1 6f697ce519 Working with WebDAV 2012-07-31 20:26:47 +01:00
sinn3r 9815faec37 Add OSVDB-83822 2012-07-31 13:31:06 -05:00
sinn3r 20489864fc Merge branch 'zenoss_3.2.1_showdaemonxmlconfig_exec' of https://github.com/bcoles/metasploit-framework into bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec 2012-07-31 08:42:34 -05:00
sinn3r e7db0ebcef Blah, removed the wrong ref. 2012-07-30 12:47:32 -05:00
sinn3r edfe43e7e0 When I say to remove BID ref, I mean it... 2012-07-30 12:46:27 -05:00
sinn3r e84214d1e1 Remove some references to avoid confusion.
rgod's poc and Mikado aren't actually the same thing, despite the
fact they both use the same method. To avoid confusion, refs to
Secunia and CVE are removed, but OSVDB/EDB are kept unless OSVDB
decides rgod's and Mikado's are separate issues.
2012-07-30 12:42:27 -05:00
Meatballs1 f298dbbd04 Fixed to work with browser_autopwn 2012-07-30 16:43:21 +01:00
Meatballs1 066020e572 Msftidy 2012-07-30 15:51:56 +01:00
Meatballs1 404909cb95 Check as IE crashes if length > 693 2012-07-30 15:41:58 +01:00
Meatballs1 690c381abd Initial commit 2012-07-30 14:49:34 +01:00
bcoles bdf8f1a543 Clean up Zenoss exploit + minor improvements
Changed send_request_raw() to send_request_cgi()
 - Removed redundant request headers 'Content-Length'

Added rescue error message for connection failures

Changed username to the default 'admin' account
2012-07-30 18:04:14 +09:30
jvazquez-r7 2fa88366be Added module for MS10-104 2012-07-30 09:01:38 +02:00
bcoles 8d3700cc3c Add Zenoss <= 3.2.1 exploit and Python payload
- modules/exploits/linux/http/zenoss_3.2.1_showdaemonxmlconfig_exec.rb
 - modules/payloads/singles/cmd/unix/reverse_python.rb
2012-07-30 01:24:27 +09:30
Matt Andreko 2f7b5f35af Added Sysax 5.64 Create Folder exploit 2012-07-29 10:40:02 -04:00
h0ng10 36be7cd9c4 removed unnecessary cleanup 2012-07-27 16:32:08 -04:00
sinn3r d67234bd03 Better regex and email format correction 2012-07-27 01:14:32 -05:00
sinn3r 2939e3918e Rename file 2012-07-27 01:06:57 -05:00
bcoles cec15aa204 Added CuteFlow v2.11.2 Arbitrary File Upload
- modules/exploits/multi/http/cuteflow_2.11.2_upload_exec.rb
2012-07-27 12:30:20 +09:30
sinn3r 80e0688c68 Merge branch 'symantec_pbcontrol' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-symantec_pbcontrol 2012-07-26 15:16:23 -05:00
sinn3r e483af64e4 Random text 2012-07-26 15:14:02 -05:00
sinn3r 6c3b05f1c4 Add CVE-2012-2953 Symantec Web Gateway proxy_file() cmd exec bug 2012-07-26 13:11:05 -05:00
jvazquez-r7 0bbcac96ea cleanup: delete revision metadata plus fix disc date 2012-07-26 15:04:15 +02:00
jvazquez-r7 e885b84347 Added module for CVE-2012-0284 2012-07-26 13:08:24 +02:00
sinn3r 3cb60fb42a Fix 1.8-specific regexp syntax bug
The bug was:
line 343: warning: regexp has invalid interval
line 343: warning: regexp has '}' without escape
2012-07-26 02:19:13 -05:00
jvazquez-r7 d2e1f4b448 Added module for OSVDB 83745 2012-07-25 19:24:09 +02:00
sinn3r b527356e00 This check can be handy 2012-07-22 03:34:16 -05:00
sinn3r 5fd58eda71 Merge branch 'sws_connection_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sws_connection_bof 2012-07-22 03:29:33 -05:00
jvazquez-r7 2f66aa7c4f Added module for OSVDB 83891 2012-07-21 12:14:29 +02:00
jvazquez-r7 beb1fbb55d Added module for Simple Web Server Connection header bof 2012-07-21 12:07:36 +02:00
jvazquez-r7 f4e4675dc5 Avoid unpack with native endian types 2012-07-20 22:07:12 +02:00
sinn3r b662881613 Enforce a check before firing the exploit 2012-07-19 16:43:52 -05:00
jvazquez-r7 37f14f76b7 Descriptions updated 2012-07-19 17:38:01 +02:00
sinn3r 2bb36f5ef9 Remove repeating words 2012-07-19 10:17:05 -05:00
sinn3r 898530dd54 Fix description 2012-07-19 10:15:26 -05:00
sinn3r 2c648b1c5b Merge branch 'zenworks_preboot_op6c_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6c_bof 2012-07-19 10:14:10 -05:00
sinn3r 8f867b5b0d 100 columns or each line in the description 2012-07-19 10:12:22 -05:00
jvazquez-r7 d51209a3cf Beautify 2012-07-19 15:53:47 +02:00
jvazquez-r7 d69a46a9f0 Beautify 2012-07-19 15:53:09 +02:00
jvazquez-r7 83b7b90c61 Added module for CVE-2011-3175 2012-07-19 15:30:51 +02:00
jvazquez-r7 48f8145d97 Added module for CVE-2011-3176 2012-07-19 15:29:10 +02:00
James Lee d238debb2f Add disclo date, discoverers, and better description 2012-07-18 16:14:32 -06:00
James Lee ebe48ecf16 Add Rank for schelevator, update sock_sendpage's 2012-07-18 11:16:29 -06:00
sinn3r f4547527a8 Merge branch 'omg-post-exploits' of https://github.com/jlee-r7/metasploit-framework 2012-07-17 17:43:40 -05:00
sinn3r b3e11f2e6b Merge branch 'zenworks_preboot_op6_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6_bof 2012-07-17 17:42:58 -05:00
jvazquez-r7 80bfd48535 Added module for ZDI-010-090 Opcode 0x6 2012-07-17 23:25:55 +02:00
jvazquez-r7 0514756e92 Added module for ZDI-010-090 Opcode 0x21 2012-07-17 23:25:04 +02:00
James Lee efe478f847 Merge branch 'master' into omg-post-exploits 2012-07-16 09:20:23 -06:00
HD Moore a57e712630 Be less verbose 2012-07-15 22:19:12 -05:00
HD Moore b133428bc1 Better error handling in two web app modules 2012-07-15 21:56:00 -05:00
HD Moore 7f3aeca501 Put lipstick on this pig for the time being 2012-07-15 21:35:29 -05:00
James Lee 7091d1c65b Add an exploit for sock_sendpage
Unfortunately, adds a dep on bionic for runtime compilation.

Gets ring0, sets the (res)uid to 0 and jumps to the payload.  Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into.  Single payloads work fine, though.

Also cleans up and improves local exploits' ability to compile C.

[SEERM #3038]
2012-07-15 20:29:48 -06:00
HD Moore 44e56c87f1 Make super sure that blank creds are not reported 2012-07-15 20:56:31 -05:00
jvazquez-r7 8cf08c6ca3 Target W7 updated 2012-07-15 17:45:58 +02:00
sinn3r e1ff6b0cef Nicer cleanup 2012-07-14 17:57:32 -05:00
jvazquez-r7 bdf009d7a8 Review of pull request #606 2012-07-15 00:20:12 +02:00
jvazquez-r7 6c8ee443c8 datastore cleanup according to sinn3r 2012-07-12 09:31:22 +02:00
jvazquez-r7 65d15df9f9 Merge branch 'jboss-revision' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-revision 2012-07-12 09:25:37 +02:00
h0ng10 87f5002516 added datastore cleanup 2012-07-11 12:56:23 -04:00
h0ng10 0d38a7e45f switched to Rex::Text.encode_base64() 2012-07-11 12:52:09 -04:00
LittleLightLittleFire 32fa8bdfcf Fixed typo in Stefan's last name 2012-07-11 14:53:26 +10:00
h0ng10 61ec07a10c additional targets, meterpreter, bugfixes 2012-07-10 13:33:28 -04:00
sinn3r 06974cbc43 This bug is now patched 2012-07-10 12:28:46 -05:00
jvazquez-r7 4af75ff7ed Added module for CVE-2011-4542 2012-07-10 18:40:18 +02:00
sinn3r 6f97b330e7 Merge branch 'LittleLightLittleFire-module-cve-2012-1723' 2012-07-10 00:50:31 -05:00
sinn3r 5b7d1f17c0 Correct juan's name and comments 2012-07-10 00:43:46 -05:00
sinn3r 54576a9bbd Last touch-up
The contents of this pull request are very similar to what the msf
dev had in private, so everybody is credited for the effort.
2012-07-10 00:37:07 -05:00
HD Moore c532d4307a Use the right failure reason 2012-07-10 00:26:14 -05:00
LittleLightLittleFire e9ac90f7b0 added CVE-2012-1723 2012-07-10 12:20:37 +10:00
jvazquez-r7 73fcf73419 Added module for CVE-2011-2657 2012-07-09 18:03:16 +02:00
James Lee 6d6b4bfa92 Merge remote branch 'rapid7/master' into omg-post-exploits 2012-07-08 17:32:39 -06:00
Steve Tornio 44290c2c89 add osvdb ref 2012-07-07 08:40:25 -05:00
sinn3r 70c718a5ed Fix indent level 2012-07-06 12:44:03 -05:00
sinn3r 24c57b61a8 Add juan as an author too for improving the module a lot 2012-07-06 10:41:06 -05:00
jvazquez-r7 9fecc80459 User of TARGETURI plus improve of description 2012-07-06 15:47:25 +02:00
jvazquez-r7 7751c54a52 references updates 2012-07-06 11:56:03 +02:00
jvazquez-r7 f8ca5b4234 Revision of pull request #562 2012-07-06 11:52:43 +02:00
sinn3r 1e6c4301b6 We worked on it, so we got credit 2012-07-06 02:12:10 -05:00
sinn3r f8123ef316 Add a "#" in the end after the payload 2012-07-06 02:09:31 -05:00
sinn3r 187731f2cb Add a check function to detect the vuln 2012-07-06 01:58:01 -05:00
sinn3r dcddc712d2 Missing a "&" 2012-07-06 01:50:18 -05:00
sinn3r 3c8a836091 Add lcashdol's module from #568
Initial version being worked on by sinn3r & juan
2012-07-06 01:41:34 -05:00
sinn3r 260cea934d Add more reference 2012-07-05 16:48:43 -05:00
sinn3r 850242e733 Remove the extra comma and a tab char 2012-07-05 14:05:23 -05:00
jvazquez-r7 aee7d1a966 Added module for CVE-2012-0911 2012-07-05 20:58:27 +02:00
jvazquez-r7 ff4a0bc3aa poisonivy_bof description updated 2012-07-05 00:18:13 +02:00
jvazquez-r7 8bdf3b56f5 tries updated 2012-07-04 15:48:32 +02:00
jvazquez-r7 d8a5af7084 last changes done by gal, added RANDHEADER to single_exploit 2012-07-04 15:25:12 +02:00
jvazquez-r7 644d5029d5 add bruteforce target as optional 2012-07-04 13:02:47 +02:00
jvazquez-r7 7214a6c969 check function updated 2012-07-04 12:16:30 +02:00
jvazquez-r7 c531bd264b brute force version of the exploit 2012-07-04 11:37:36 +02:00
jvazquez-r7 da2105787d no rop versio of the exploit, metadata used, check and description fixed 2012-07-04 10:54:35 +02:00
jvazquez-r7 8bcc0ba440 Review of pull request #559 2012-07-03 23:49:47 +02:00
jvazquez-r7 600ca5b1dd Added module for CVE-2012-0708 2012-07-03 19:03:58 +02:00
sinn3r 77d6fe16f0 Merge branch 'Winlog-CVE-resource' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-Winlog-CVE-resource 2012-07-02 16:04:02 -05:00
sinn3r e2a2789f78 Support Ruby 1.8 syntax. Thanks M M. 2012-07-02 14:15:14 -05:00
m-1-k-3 e06ca8e654 Winlog-CVE-resource 2012-07-02 20:33:15 +02:00
jvazquez-r7 9d49052c52 hp_dataprotector_new_folder: added support for hpdp 6 2012-07-02 18:32:19 +02:00
HD Moore 3bb7405b09 Only report auth if the username is not blank 2012-07-02 04:11:29 -05:00
sinn3r a3d74f5b10 Correct dead milw0rm references 2012-06-30 16:50:04 -05:00
sinn3r 2874768539 Also add juan as author. And links to the vulnerable setup. 2012-06-30 13:12:13 -05:00
jvazquez-r7 5dbfb7b9aa last cleanup 2012-06-30 14:18:25 +02:00
jvazquez-r7 19d476122b versions affected corrected 2012-06-29 20:23:17 +02:00
jvazquez-r7 533111c6da irfanview_jpeg2000_bof: review of pull req #543 2012-06-29 20:13:02 +02:00
sinn3r 196e1b7f70 Update title & description to match what ZDI has.
ZDI publishes a new advisory that's closer to what we actually
see in a debugger. So we update the reference, as well as the
description + title to better match up theirs.
2012-06-29 11:10:28 -05:00
sinn3r 19b6ebbfbf Merge branch 'apple_quicktime_texml_zdi' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-apple_quicktime_texml_zdi 2012-06-29 10:59:11 -05:00
sinn3r 0e87238e58 Space space 2012-06-29 10:56:12 -05:00
jvazquez-r7 c79312547a Added module for CVE-2012-0124 2012-06-29 17:50:21 +02:00
jvazquez-r7 5efb459616 updated zdi reference 2012-06-29 16:36:11 +02:00
sinn3r e5dd6fc672 Update milw0rm references.
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links.  Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
sinn3r 7c9a8ba699 Add OSVDB reference 2012-06-28 02:09:12 -05:00
sinn3r cf9a6d58cc Update missing OSVDB ref 2012-06-28 00:44:01 -05:00
sinn3r f63a3959e0 Update web app module references 2012-06-28 00:37:37 -05:00
sinn3r 869aec5e3e Update CVE/OSVDB/Milw0rm references for browser modules 2012-06-28 00:26:20 -05:00
sinn3r 7dcdd205bb Update CVEs for fileformat exploits 2012-06-28 00:21:03 -05:00
sinn3r b83c02d8e3 Update CVE reference 2012-06-28 00:06:41 -05:00
sinn3r d85ce8db5c Update CVEs for HTTP exploits 2012-06-28 00:00:53 -05:00
sinn3r e8102284ff Add missing CVEs for misc exploit modules 2012-06-27 22:17:34 -05:00
sinn3r f5faccfa07 Add missing CVEs for SCADA modules 2012-06-27 22:10:24 -05:00
sinn3r e605a35433 Make sure the check func is always returning the same data type 2012-06-27 17:07:55 -05:00
sinn3r cb1af5ab79 Final cleanup 2012-06-27 16:57:04 -05:00
jvazquez-r7 73360dfae3 minor fixes 2012-06-27 23:38:52 +02:00
jvazquez-r7 245205c6c9 changes on openfire_auth_bypass 2012-06-27 23:15:40 +02:00
jvazquez-r7 6ec990ed85 Merge branch 'Openfire-auth-bypass' of https://github.com/h0ng10/metasploit-framework into h0ng10-Openfire-auth-bypass 2012-06-27 23:09:26 +02:00
sinn3r 2f733ff8b9 Add CVE-2012-0663 Apple QuickTime TeXML Exploit 2012-06-27 14:41:45 -05:00
Tod Beardsley 94e28933c8 Whitespace fixes. msftidy.rb yall 2012-06-27 10:06:15 -05:00
sinn3r 9ea6d84a7a Make it clear the exploit doesn't like certain PDF formats
If the exploit cannot fetch certain xref fields, we warn the user
we don't like their PDF, and recommend them to try a different
one.
2012-06-26 16:32:10 -05:00
h0ng10 6cc8390da9 Module rewrite, included Java support, direct upload, plugin deletion 2012-06-26 11:56:44 -04:00
sinn3r b966dda980 Update missing CVE reference 2012-06-26 01:26:09 -05:00
sinn3r 8f355554c8 Update missing CVE reference 2012-06-26 01:21:24 -05:00
sinn3r 0d7b6d4053 Update missing CVE reference 2012-06-26 01:20:28 -05:00
sinn3r c7935e0e99 Update OSVDB reference 2012-06-26 01:18:25 -05:00
sinn3r 9980c8f416 Add rh0's analysis 2012-06-25 21:32:45 -05:00
sinn3r 7698b2994d Correct OSVDB typo 2012-06-25 18:32:35 -05:00
sinn3r 8927c8ae57 Make it more verbose, and do some exception handling for cleanup 2012-06-25 17:27:33 -05:00
jvazquez-r7 7b0f3383d2 delete default credentials 2012-06-25 23:53:56 +02:00
jvazquez-r7 7dc1a572e5 trying to fix serialization issues 2012-06-25 23:25:38 +02:00
jvazquez-r7 4c453f9b87 Added module for CVE-2012-0694 2012-06-25 17:21:03 +02:00
HD Moore 807f7729f0 Merge branch 'master' into feature/vuln-info 2012-06-25 10:10:20 -05:00
Steve Tornio 5d2655b0ce add osvdb ref 2012-06-25 09:00:03 -05:00
HD Moore 348a0b8f6e Merge branch 'master' into feature/vuln-info 2012-06-24 23:00:13 -05:00
HD Moore c28d47dc70 Take into account an integer-normalized datastore 2012-06-24 23:00:02 -05:00
HD Moore e31a09203d Take into account an integer-normalized datastore 2012-06-24 22:59:14 -05:00
h0ng10 65197e79e2 added Exploit for CVE-2008-6508 (Openfire Auth bypass) 2012-06-24 07:35:38 -04:00
sinn3r e805675c1f Add Apple iTunes 10 Extended M3U Stack Buffer Overflow
New exploit against Apple iTunes. Note that this appears to be
different than liquidworm's CVE-2012-0677, because this one is
a stack-based buffer overflow, while CVE-2012-0677 is heap-based,
and a different crash/backtrace. However, according to Rh0, this
bug is patched anyway in the same update... possibly a silent
patch.

As of now, there seems to be no CVE or OSVDB addressing this
particular bug.
2012-06-24 02:01:34 -05:00
James Lee 6913440d67 More progress on syscall wrappers
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
2012-06-22 17:45:49 -06:00
Tod Beardsley d708f2526c Adding ref for APSB12-09 to new Flash sploit 2012-06-22 17:30:52 -05:00
jvazquez-r7 72ef8c91f0 module for CVE-2012-0779 added 2012-06-23 00:21:18 +02:00
m-1-k-3 315a1707e7 also new version v2.07.16 is vulnerable 2012-06-22 13:18:45 +02:00
James Lee fd8b1636b9 Add the first bits of a sock_sendpage exploit
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.

Baby steps.
2012-06-22 00:03:29 -06:00
James Lee 815d80a2cc Merge branch 'rapid7' into omg-post-exploits 2012-06-21 17:02:55 -06:00
sinn3r 9d52ecfbb6 Fix a few mistakes (typos & reference) 2012-06-21 02:32:04 -05:00
jvazquez-r7 6be7ba98aa ezserver_http: added bid reference 2012-06-20 22:08:58 +02:00
HD Moore f7ecc98923 Merge branch 'master' into feature/vuln-info 2012-06-20 13:34:53 -05:00
sinn3r beb8e33fc4 Fix a typo 2012-06-20 09:53:09 -05:00
sinn3r efaf5cf193 Oops, I found a typo. 2012-06-19 22:57:45 -05:00
sinn3r 9a9dd53e86 Use get_resource() instead of the hard-coded path 2012-06-19 22:56:25 -05:00
sinn3r 79fc053a2e Merge branch 'module-CVE-2011-2110' of https://github.com/mrmee/metasploit-framework into mrmee-module-CVE-2011-2110 2012-06-19 22:05:07 -05:00
Steven Seeley fcf42d3e7b added adobe flashplayer array indexing exploit (CVE-2011-2110) 2012-06-20 12:52:37 +10:00
HD Moore d40e39b71b Additional exploit fail_with() changes to remove raise calls 2012-06-19 19:43:41 -05:00
HD Moore 664458ec45 No more crap :/ 2012-06-19 19:43:29 -05:00
jvazquez-r7 a93eeca68d msxml_get_definition_code_exec: added support for ie9 2012-06-20 00:17:50 +02:00
Tod Beardsley 3b1c434252 Remove trailing space 2012-06-19 16:44:07 -05:00
HD Moore fb7f6b49f0 This mega-diff adds better error classification to existing modules 2012-06-19 12:59:15 -05:00
HD Moore f7a85f3f9d Make it clear that this works on Vista SP2 2012-06-18 20:13:37 -05:00
HD Moore 4739affd54 Fix the comment as well 2012-06-18 19:57:56 -05:00
HD Moore bd0fd8195d Add compatibility for Vista SP2 from troulouliou 2012-06-18 19:55:52 -05:00
sinn3r 4987acc703 Correct e-mail format, description, and some commas. 2012-06-18 18:52:26 -05:00
sinn3r af8cb03d1b Merge branch 'distcc-add-check' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-distcc-add-check 2012-06-18 18:33:21 -05:00
HD Moore 29887272a9 Correct the description to mention IE8 on Windows 7 2012-06-18 18:14:59 -05:00
jvazquez-r7 2df237b066 minor fixes 2012-06-18 22:44:17 +02:00
Juan Vazquez 10bd72f3a1 Merge pull request #500 from modpr0be/module-ezserver
added ezserver <=6.4.017 bof for winxp sp3
2012-06-18 13:42:35 -07:00
James Lee 96c16a498a Add a check for distcc_exec
Just executes the exploit with an "echo <random>" payload to see if it
works.
2012-06-18 14:34:02 -06:00
modpr0be d706199a83 fix all changes suggested by jvazquez-r7 2012-06-19 02:05:25 +07:00
sinn3r 256290c206 Additional changes 2012-06-18 10:49:16 -05:00
sinn3r 50269c910a Add IE 8 targets 2012-06-18 10:44:52 -05:00
sinn3r 931f24b380 Merge branch 'php_apache_request_headers_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-php_apache_request_headers_bof 2012-06-16 14:56:45 -05:00
jvazquez-r7 a8a4594cd4 Documenting esi alignment plus using target_uri.to_s 2012-06-16 09:26:22 +02:00
James Lee 7eebc671ba Put the curly braces back and drop a comma
The curly braces make extra commas at the end ok in 1.8. So fe39642e
broke this module for 1.8. Having braces doesn't hurt anything and
protects against syntax errors if a module author is not dilligent with
their commas, especially after copy-pasting another module.
2012-06-16 01:17:33 -06:00
sinn3r 424948a358 Fix title 2012-06-16 01:48:00 -05:00
sinn3r 38926fb97c Description and name change 2012-06-15 20:11:34 -05:00
jvazquez-r7 c676708564 BrowserAutopwn info completed 2012-06-16 02:26:33 +02:00
jvazquez-r7 ce241b7e80 BrowserAutopwn info completed 2012-06-16 02:18:01 +02:00
jvazquez-r7 495ed2e434 BrowserAutopwn info added 2012-06-16 02:14:24 +02:00
jvazquez-r7 8a89968a1d Added module for CVE-2012-1889 2012-06-16 01:50:25 +02:00
Tod Beardsley fe39642e27 Dropping extra curly braces on f5 module
Also dropping extra whitespace.
2012-06-15 12:23:34 -05:00
Steve Tornio 80a0b4767a add osvdb ref 2012-06-15 09:02:31 -05:00
jvazquez-r7 1d121071f3 Prepend nops to raw payload in encoder if needed 2012-06-15 09:59:10 +02:00
sinn3r 80d46580ec One last minor change for metadata format 2012-06-14 21:48:24 -05:00
sinn3r 82799f2601 Some final touchup
This commit includes the following changes:
* Description change
* Additional references
* More testing
* Format change
* Other minor stuff
2012-06-14 21:46:38 -05:00
sinn3r 75a67d7160 Merge branch 'module-tfm_mmplayer' of https://github.com/bcoles/metasploit-framework into bcoles-module-tfm_mmplayer 2012-06-14 21:14:29 -05:00
jvazquez-r7 091b3bbbd9 Added module plus encoder for CVE-2012-2329 2012-06-15 00:29:52 +02:00
sinn3r fb67fe9161 Merge branch 'mrmee-cmdsnd_ftp_exploit' 2012-06-14 14:19:56 -05:00
sinn3r cde3c48765 Change title 2012-06-14 14:18:30 -05:00
sinn3r b107025860 Correct typo. Also make use of random junks. 2012-06-14 14:17:57 -05:00
sinn3r 8e06babbba Make msftidy happy 2012-06-14 14:16:07 -05:00
sinn3r 66e92d0200 Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit 2012-06-14 12:17:29 -05:00
sinn3r c1685c44c3 Fix disclosure date 2012-06-14 10:03:49 -05:00
sinn3r 1cdf964719 A little change to the description 2012-06-14 10:03:15 -05:00
sinn3r 48ee81de29 Add CVE-2012-2915 2012-06-14 09:56:01 -05:00
bcoles 940f904dee Changed date format to new DisclosureDate format. Removed two redundant spaces. Now passes msftidy. 2012-06-14 12:10:03 +09:30
Steven Seeley a5fca47f56 updated windows XP SP3 pivot offset, please retest this 2012-06-14 10:31:17 +10:00
sinn3r 45eb531c23 Add Jun as an author for the initial discovery 2012-06-13 15:50:45 -05:00
sinn3r 7dc19bba16 Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit 2012-06-13 14:55:44 -05:00
Tod Beardsley 15b674dab3 Language on MS12-005 2012-06-13 14:22:20 -05:00
Tod Beardsley 99b9261294 Caps in title 2012-06-13 14:19:04 -05:00
Tod Beardsley ae59f03ac9 Fixing print message in snort module 2012-06-13 14:04:05 -05:00
Tod Beardsley 559683f2a1 Fixing CRLFs on winlog_runtime_2 2012-06-13 13:59:39 -05:00
Tod Beardsley 3cf4f7ab44 Fixing indents on msadc module 2012-06-13 13:59:38 -05:00
sinn3r 42ee2b5c02 Add alienvault.com reference 2012-06-13 12:19:51 -05:00
jvazquez-r7 6abb7bb987 Added module for CVE-2012-1875 as exploited in the wild 2012-06-13 18:33:26 +02:00
Steven Seeley 209d6d20d1 comsnd ftp remote format string overflow exploit 2012-06-14 02:22:31 +10:00
James Lee 1138290a64 Return nil when an error occurred
Avoids anti-pattern of testing for a specific class.
2012-06-13 09:41:20 -06:00
HD Moore a2aaca5e85 Correct a fp with this exploit module (would always print success) 2012-06-13 10:38:05 -05:00
James Lee c39a42da3d No need to alter time out 2012-06-12 23:58:20 -06:00
James Lee 1fbe5742bd Axe some copy-pasta 2012-06-12 23:58:20 -06:00
James Lee 9f78a9e18e Port ms10-092 to the new Exploit::Local format 2012-06-12 23:58:20 -06:00
James Lee 0e8fb0fe98 Add a post-exploitation exploit for suid nmap
Tested on Ubuntu with nmap 6.00 and nmap 5.00
2012-06-12 23:58:20 -06:00
sinn3r cde508af03 Merge branch 'jjarmoc-php_cgi_arg_injection' 2012-06-13 00:44:41 -05:00
sinn3r a631e1fef1 Change the default state to make it work on Metasploitable by default 2012-06-13 00:43:59 -05:00
sinn3r 597726d433 Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection 2012-06-13 00:40:02 -05:00
bcoles 9756f87517 Added TFM MMPlayer (m3u/ppl File) Buffer Overflow module 2012-06-13 13:50:12 +09:30
Jeff Jarmoc bbfe0f8f49 " is 0x22, duh. 2012-06-12 20:00:28 -05:00
HD Moore 00aa8c0452 Add missing ExploitRank 2012-06-12 15:35:53 -05:00
HD Moore 4ea5712140 Add a timeout for wonky systems that hang during negotiation 2012-06-12 15:24:13 -05:00
Jeff Jarmoc 12a28bd519 Fixed ruby 1.9 String Indexing issue, using Rex::Text.uri_encode 2012-06-12 14:59:06 -05:00
Steve Tornio 5775fa9e67 add osvdb ref 2012-06-12 14:53:55 -05:00
HD Moore cc0f3632a8 Merge pull request #477 from jlee-r7/f5-priv
CVE-2012-1493 F5 known private key exploit module
2012-06-12 12:20:48 -07:00
James Lee a91085d6cd Add a disclosure date and more detailed desc 2012-06-12 13:07:53 -06:00
James Lee 11df90c98e Call update_info
Not sure why all modules don't do this. Or none of them.
2012-06-12 13:01:36 -06:00
James Lee c564e9dcc4 Fix 1.8 compat error
Net::SSH expects +key_data+ to be an array of strings. Giving it just a
string works in 1.9 but not 1.8, presumably due to some errant use of
+each+.
2012-06-12 12:50:46 -06:00
James Lee 539deabef5 Clean up title, options 2012-06-12 12:08:58 -06:00
James Lee 85e1555e13 Payload compat to work with unix/interact 2012-06-12 11:46:21 -06:00
James Lee 3d5417e574 Initial commit of F5 exploit 2012-06-12 11:37:22 -06:00
jvazquez-r7 4ae786590a php_wordpress_foxypress from patrick updated. Related to Pull Request #475 2012-06-12 17:39:05 +02:00
sinn3r c3c9051014 Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection 2012-06-11 11:15:15 -05:00
jvazquez-r7 02a5dff51f struts_code_exec_exception_delegator_on_new_session: on_new_session modified 2012-06-11 12:07:38 +02:00
Juan Vazquez a43cf76591 Merge pull request #463 from schierlm/struts_arch_java
Add ARCH_JAVA support to struts_code_exec_exception_delegator
2012-06-11 03:05:37 -07:00
jvazquez-r7 b908ccff0f Added module for CVE-2012-0297 2012-06-10 22:38:58 +02:00
sinn3r 74c6eb6f78 Change the title and add a Microsoft reference.
This is a MS bug, therefore it's important to point out which
bulletin it belongs to.
2012-06-10 14:45:15 -05:00
sinn3r efcb206cdf Correct a typo 2012-06-10 14:38:14 -05:00
sinn3r 498f3323f3 Merge branch 'ms12_005' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms12_005 2012-06-10 01:53:46 -05:00
sinn3r 8f6457661d Change description 2012-06-10 01:52:26 -05:00
sinn3r 4743c9fb33 Add MS12-005 (CVE-2012-0013) exploit 2012-06-10 01:08:28 -05:00
jvazquez-r7 f0082ba38f Added module for CVE-2012-0299 2012-06-09 22:27:27 +02:00
Michael Schierl b4d33fb85a Add ARCH_JAVA support to struts_code_exec_exception_delegator 2012-06-09 21:53:43 +02:00
jvazquez-r7 a9ee2b3480 Use of make_nops 2012-06-08 19:20:58 +02:00
jvazquez-r7 91f5f304cb Added module for CVE-2011-2217 2012-06-08 18:10:20 +02:00
sinn3r 3726ddddac Software name correction thanks to modpr0be 2012-06-08 07:07:19 -05:00
sinn3r 41d49ed553 Another badchar analysis. Allow shorter delay (5sec to 1) 2012-06-08 01:59:09 -05:00
sinn3r e5b451c000 Too many tabs for the beginning of the description 2012-06-07 23:08:11 -05:00
sinn3r 520c0ca660 Make msftidy happy 2012-06-07 23:07:39 -05:00
sinn3r 61f5eddf47 Move winlog file 2012-06-07 23:03:30 -05:00
sinn3r 9adec7e7e7 Merge branch 'winlog-2.07.14' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-winlog-2.07.14 2012-06-07 23:02:23 -05:00
sinn3r a709fe1fe3 Fix regex escaping thanks to w3bd3vil 2012-06-07 16:00:59 -05:00
sinn3r 1eb73dec38 Merge branch 'aushack-master' 2012-06-07 12:17:49 -05:00
sinn3r 42795fec00 Get rid of some whitespace 2012-06-07 12:17:25 -05:00
jvazquez-r7 bd714017bb samsung_neti_wiewer: add Space property for Payload 2012-06-07 16:00:36 +02:00
Patrick Webster 0e20d324b8 Added ms02_065_msadc exploit module. 2012-06-07 21:02:13 +10:00
jvazquez-r7 2f3b1effb9 Added module for OSVDB 81453 2012-06-07 12:47:09 +02:00
sinn3r 28fe4c0be5 What's this break stuff?
"break" should be "return"
2012-06-06 11:21:35 -05:00
sinn3r a54b14b192 Remove whitespace 2012-06-06 11:21:34 -05:00
Patrick Webster c36ab97d41 Updated msadc exploit with fixes. 2012-06-06 11:21:34 -05:00
Patrick Webster f25b828d31 Added exploit module msadc.rb 2012-06-06 11:21:34 -05:00
m-1-k-3 f4f023cbfb add BID 2012-06-06 09:44:16 +02:00
sinn3r 462a91b005 Massive whitespace destruction
Remove tabs at the end of the line
2012-06-06 00:44:38 -05:00
sinn3r 3f0431cf51 Massive whitespace destruction
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
sinn3r f438e6c121 Remove the 'Rop' key because we don't really use it 2012-06-05 16:07:23 -05:00
sinn3r f9651be88e Merge branch 'ms11_093_ole32' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ms11_093_ole32 2012-06-05 15:44:13 -05:00
sinn3r a3048c7ae8 Clear whitespace 2012-06-05 11:28:47 -05:00
jvazquez-r7 a30f104ee6 Fix space on Authors 2012-06-05 18:23:57 +02:00
jvazquez-r7 93741770e2 Added module for CVE-2011-3400 2012-06-05 18:21:55 +02:00
m-1-k-3 95d949e860 sleep and at 2012-06-05 18:08:46 +02:00
0a2940 dc6b2f4205 merged unstable-modules/exploits/incomplete/linux/ids/snortdcerpc.rb with exploits/windows/ids/snort_dce_rpc.rb 2012-06-05 04:14:40 -07:00
sinn3r d9c39d3798 Fix the rest of nil res from get_once 2012-06-04 17:26:15 -05:00
sinn3r a071d2805e Fix the rest of possible nil res bugs I've found 2012-06-04 14:56:27 -05:00
m-1-k-3 0acbd99e71 targets 2012-06-04 20:08:58 +02:00
m-1-k-3 08ff6c72b1 winlog_lite_2.07.14 initial commit 2012-06-04 17:24:01 +02:00
jvazquez-r7 b53a1396fc Use of TARGETURI 2012-06-03 22:36:23 +02:00
jvazquez-r7 659b030269 Verbose messages cleanup 2012-06-03 22:29:31 +02:00
jvazquez-r7 34f42bab17 Fix typo in the URI param 2012-06-03 22:14:13 +02:00
jvazquez-r7 efe4136e5b Added module for CVE-2012-0391 2012-06-03 22:08:31 +02:00
sinn3r 1817942aae Merge branch 'logcms_writeinfo' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-logcms_writeinfo 2012-06-02 17:43:51 -05:00
sinn3r 7bb36bfbde Fix typo thanks to juan 2012-06-02 16:57:53 -05:00
sinn3r 7e318e9787 Merge branch 'logcms_writeinfo' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-logcms_writeinfo 2012-06-02 14:14:56 -05:00
Christian Mehlmauer 3752c10ccf Adding FireFart's RPORT(80) cleanup
This was tested by creating a resource script to load every changed
module and displaying the options, like so:

````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````

...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.

Thanks FireFart!

Squashed commit of the following:

commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Fri May 25 22:09:42 2012 +0200

    Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
2012-06-02 09:53:19 -05:00
sinn3r 59468846e3 Change filename 2012-06-02 01:51:20 -05:00
sinn3r 522991f351 Correct name 2012-06-02 01:49:43 -05:00
sinn3r 7fd3644b8b Add CVE-2011-4825 module 2012-06-01 18:45:44 -05:00
Tod Beardsley ced5b9916e Whitespace fix for script-fu module
This is really just to check the GitHub IRC bot thinger.
2012-06-01 12:24:52 -05:00
sinn3r 353d49d05b Modify the description 2012-06-01 12:04:46 -05:00
jvazquez-r7 abbd8c8cd5 Added module for CVE-2012-2763 2012-06-01 18:53:25 +02:00
James Lee 4681ed1c1e Whitespace, thanks msftidy.rb! 2012-05-31 18:18:27 -06:00
Tod Beardsley c463bd7c6d Fixing description for citrix module 2012-05-31 16:37:35 -05:00
Tod Beardsley 17e41b2e39 Fixing description for citrix module 2012-05-31 16:36:21 -05:00
Juan Vazquez a0b491355c Merge pull request #436 from jvazquez-r7/citrix_streamprocess_get_footer
Added module for Citrix Provisioning Services 5.6 SP1
2012-05-31 14:35:22 -07:00
Tod Beardsley 02a41afb2b Fixing description for juan's Citrix module 2012-05-31 16:34:13 -05:00
Juan Vazquez 00bb216927 Merge pull request #435 from jvazquez-r7/citrix_streamprocess_get_boot_record_request
Added module for Citrix Streamprocess Opcode 0x40020004 Buffer Overflow
2012-05-31 14:33:20 -07:00
jvazquez-r7 47c5745673 Fixed name module 2012-05-31 23:23:11 +02:00
jvazquez-r7 e324ed5251 Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020002 Buffer Overflow 2012-05-31 23:21:43 +02:00
jvazquez-r7 1c11b1b1b7 Added module for Citrix Streamprocess Opcode 0x40020002 Buffer Overflow 2012-05-31 23:17:38 +02:00
jvazquez-r7 b5f5804d94 description updated 2012-05-31 23:14:25 +02:00
jvazquez-r7 198070361b Added module for ZDI-12-010 2012-05-31 22:45:55 +02:00
Steve Tornio 5105c1a4df add osvdb ref 2012-05-31 08:49:58 -05:00
Tod Beardsley 7e6c2f340e Minor updates; added BID, fixed grammar
Modules should not refer to themselves in the first person unless they
are looking for Sarah Connor.
2012-05-30 16:16:41 -05:00
sinn3r 54e14014c3 Merge pull request #428 from wchen-r7/php_volunteer
Add PHP Volunteer Management System exploit
2012-05-30 09:33:32 -07:00
sinn3r 59ea8c9ab9 Print IP/Port for each message 2012-05-30 11:30:55 -05:00
sinn3r 43dffbe996 If we don't get a new file, we assume the upload failed. This is
possible when we actually don't have WRITE permission to the
'uploads/' directory.
2012-05-30 11:26:06 -05:00
sinn3r efdcda55ef Don't really care about the return value for the last send_request_raw 2012-05-30 11:00:31 -05:00
sinn3r 13ba51db34 Allow the login() function to be a little more verbose for debugging purposes 2012-05-30 10:56:59 -05:00
sinn3r b81315790d Add PHP Volunteer Management System exploit 2012-05-30 10:38:45 -05:00
David Maloney 54fb6d2f7a Fixes unreal ircd race condition
Handler would exit before finishing staging
2012-05-29 17:16:07 -05:00
jvazquez-r7 065d3187d3 Added module for OSVDB 74604 2012-05-29 21:10:51 +02:00
Steve Tornio fe86ab9914 =Add osvdb ref 2012-05-29 13:31:20 -05:00
jvazquez-r7 db5b3c8259 Added module for OSVDB 82000 2012-05-28 08:51:36 +02:00
sinn3r d615e3bcb8 Print target IP/Port when restoring currencies.php 2012-05-28 01:33:45 -05:00
sinn3r 712a21717a Totally forgot about disclosure date, damn it 2012-05-28 01:31:13 -05:00
sinn3r 7c1442c4b4 Merge pull request #421 from wchen-r7/symantec_web_gateway
Add CVE-2012-0297 Symantec Web Gateway
2012-05-27 23:28:59 -07:00
sinn3r 34c93d8e44 Fix check 2012-05-28 00:51:46 -05:00
sinn3r 96d70e5fb6 Add CVE-2012-0297 Symantec Web Gateway 2012-05-27 22:47:39 -05:00
sinn3r 18c8314d79 Change unknown authors to "Unknown".
Since "Anonymous" has become a well known organization, the meaning of the
term also may cause confusion.  In order to clarify, we correct unknown
authors to simply "Unknown".
2012-05-26 15:23:09 -05:00
sinn3r 8f537653b4 Merge pull request #420 from wchen-r7/quickshare
Add OSVDB-70776 - QuickShare File Share
2012-05-26 01:04:21 -07:00
sinn3r 0b86ceb528 Add OSVDB-70776 2012-05-26 03:00:32 -05:00
jvazquez-r7 e774df5c32 target info plus relocation 2012-05-25 20:16:13 +02:00
jvazquez-r7 c4fad0dea5 module added for OSVDB-73609 2012-05-25 17:18:09 +02:00
sinn3r 7b0fbaed23 Merge pull request #417 from wchen-r7/rabidhamster
Add OSVDB-79007 - RabidHamster R4 Log Entry BoF
2012-05-25 01:11:17 -07:00
sinn3r d595f908fc Add OSVDB-79007 2012-05-25 03:06:28 -05:00
jvazquez-r7 f7224ab306 flexnet_lmgrd_bof rand_text fix 2012-05-24 18:02:25 +02:00
Tod Beardsley 5004515187 Resolved conflicts merging back from release
Merge branch 'release'

Conflicts:
	lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb
	modules/exploits/windows/license/flexnet_lmgrd_bof.rb
2012-05-24 00:27:41 -05:00
sinn3r ac0d22453a Merge pull request #414 from wchen-r7/apprain
Add CVE-2012-1153
2012-05-23 16:34:30 -07:00
sinn3r 8d837f5d20 Module description update. TARGETURI description update. 2012-05-23 18:33:32 -05:00
sinn3r fab3bfcea1 Add CVE-2012-1153 2012-05-23 17:50:13 -05:00
sinn3r 0b7b71e240 Correct run-on sentence 2012-05-23 10:27:23 -05:00
sinn3r 94f114b69a Fix typos 2012-05-23 10:22:52 -05:00
sinn3r 7a4f1a111b Merge branch 'cve-2008-0320_openoffice_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cve-2008-0320_openoffice_bof 2012-05-23 10:20:16 -05:00
jvazquez-r7 287d68f304 added module for CVE-2008-0320 2012-05-23 17:14:11 +02:00
Tod Beardsley a37e98f159 Updating release from master. 2012-05-22 14:12:08 -05:00
Jeff Jarmoc c4b64a51f7 Added reference to vendor advisory 2012-05-22 13:22:26 -05:00
Tod Beardsley 87ce3fe2f7 Adding extra ref from jjarmoc 2012-05-22 11:17:57 -05:00
jvazquez-r7 c823e8099e randomization when possible for flexnet_lmgrd_bof 2012-05-22 08:32:10 +02:00
sinn3r cafe803217 Fix typos 2012-05-21 16:32:33 -05:00
jvazquez-r7 72b1f113ce Added module for ZDI-12-052 2012-05-21 16:32:33 -05:00
Tod Beardsley 675dfe4e14 Don't keep the weblogi return codes secret 2012-05-21 11:27:24 -05:00
Tod Beardsley 1104dccde8 Noting rhost/rport, cli.peerhost where appropriate
There's no msftidy check for this, and it's irritating to have to
remember to do this all the time.
2012-05-21 11:19:02 -05:00
Tod Beardsley 7cc905832e Consistent caps on SVG in batik_svg_java exploit
Also, modules should not refer to themselves as "I" or "me." It's
creepy.
2012-05-21 11:14:03 -05:00
Tod Beardsley 5dd866ed4a Fixed print_status to include rhost:rport
Also don't let the failed user:pass be a mystery to the user.
2012-05-21 11:11:34 -05:00
Tod Beardsley 1fc7597a56 Msftidy fixes.
Fixed up activecollab_chat, batik_svg_java, and foxit_reader_launch

All whitespace fixes.
2012-05-21 10:59:52 -05:00
sinn3r 822e109b1f Merge pull request #398 from wchen-r7/foxit_reader_launch
CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action BoF
2012-05-20 07:58:29 -07:00
Steve Tornio ba2787df8a add osvdb ref 2012-05-20 07:13:56 -05:00
Steve Tornio c95a06e247 add osvdb ref 2012-05-20 07:13:31 -05:00
sinn3r 628233d15c Merge pull request #399 from wchen-r7/hp_storageworks
Add HP StorageWorks VSA command execution vulnerability
2012-05-19 14:14:49 -07:00
sinn3r d8c3edd316 Add HP StorageWorks VSA command execution vulnerability 2012-05-19 14:53:45 -05:00
sinn3r f9bcb95952 Correct EDB references 2012-05-19 02:24:29 -05:00
sinn3r 964a6af423 Add Active Collab chat module PHP injection exploit, by mr_me 2012-05-19 02:06:30 -05:00
sinn3r e4f80a1fab Francisco is the the one who found it according to advisory 2012-05-18 17:12:52 -05:00
sinn3r 41aac751e9 Add CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action Buffer Overflow
This was added last year, but yanked due to some reliability issues.
bannedit gave me the updated version recently, and the issue he was having
appears to be resolved.
There is no good P/P/R to use in XP SP3, so that system isn't supported.
2012-05-18 13:25:51 -05:00
jvazquez-r7 bedf010676 description modified 2012-05-18 01:23:09 +02:00
jvazquez-r7 e7f5bf132c trying to improve bea weblogic connector bof 2012-05-18 01:13:56 +02:00
sinn3r c0d17734ed Improve run-on sentences. 2012-05-17 15:00:00 -05:00
sinn3r 32a0596a03 Merge branch 'oracle_bea_post_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_bea_post_bof 2012-05-17 14:52:10 -05:00
jvazquez-r7 c4ab521d7b better tab indentation 2012-05-17 21:41:31 +02:00
sinn3r 0b35ab6a75 If the target isn't support, make sure we warn the user 2012-05-17 12:34:17 -05:00
jvazquez-r7 a21e832336 fingerprinting bea connector with Transfer-Encoding 2012-05-17 19:21:16 +02:00
sinn3r 952ada1742 Fix broken target (variable naming) 2012-05-17 11:37:49 -05:00
sinn3r 2fccf4674f Be explicit on what version we've tested 2012-05-17 11:04:40 -05:00
jvazquez-r7 0fd3f96720 errata fixed 2012-05-17 17:23:16 +02:00
jvazquez-r7 14d8ba00af Added batik svg java module 2012-05-17 16:48:38 +02:00
jvazquez-r7 9a5e4d6500 Added target BEA Weblogic 8.1 SP4 2012-05-17 11:07:22 +02:00
jvazquez-r7 445bd90afb Added module for CVE-2008-3257 2012-05-17 10:28:18 +02:00
jlee-r7 fe7928c18d Merge pull request #390 from jlee-r7/consolidate-250-254-375
Consolidate #250, #254, #375
2012-05-16 17:07:33 -07:00
sinn3r 0b2a8e0b70 Correct e-mail format 2012-05-16 02:40:39 -05:00
sinn3r b89e77c842 Add Spanish dir path. Thanks Miguel 2012-05-15 19:27:48 -05:00
James Lee 42719ab34b Squashed commit of the following:
commit 6a3ad1d887df9d277e4878de94f8700ed8e404f9
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 16:22:49 2012 -0600

    Add register_command calls for md5 and sha1

commit dbd52c5a1edfe1818a580d4d46aac0a9ca038e9c
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 16:22:09 2012 -0600

    Read the file instead of downloading it

commit 55b84ad8e2a8532b3f8520ccb1162169b8e9c056
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 15:27:11 2012 -0600

    Re-compile linux meterp to support the loadlib api

commit d112e84e490aa30aa9533fb0bdb33a9713ce01a5
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:50:25 2012 -0600

    Re-compile java meterp to support the loadlib api

commit c137187b346b708487245a849b95343223e4e7b0
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:44:10 2012 -0600

    Don't try to get interfaces if this session doesn't implement it

commit 88bba1e6c360c5725c4174623f56bcb6d8b54228
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:38:17 2012 -0600

    Remove debugging load

commit 02954cbf93e2a13da967780cb703103b3f83ecf4
Merge: d9ef256 88b35a3
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 12:06:53 2012 -0600

    Merge branch 'rapid7' into feature/4905

    Conflicts:
    	data/meterpreter/ext_server_stdapi.php
    	modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb

commit d9ef2569b88ae8bce67f13316f6eff76311fd846
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 2 18:06:06 2012 -0600

    PHP doesn't support rev2self

commit bf13ea0ff25541da07b8c099218e5ad7ea6ae8ba
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 18:21:59 2012 -0600

    Add php support for returning new extension commands

commit 7e35f2d671d3797fc3fab12e54015387f44b0b33
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 16:03:26 2012 -0600

    Reset CVE-2012-0507 back to master

    Purges commits unrelated to this branch.

commit 86a77b3cd017e1e3a3f23d9fba3b9ed173761f80
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 15:59:35 2012 -0600

    Revert "Make building the jar for cve-2012-0507 a bit easier"

    This reverts commit 27ef76522ad10436ec785728445ed2cc0657f85f.

    Conflicts:

    	external/source/exploits/CVE-2012-0507/Makefile
    	external/source/exploits/CVE-2012-0507/src/msf/x/PayloadX.java

commit 8c259fb779f736be16fe972215ddff1dd32fd0f3
Merge: fe2c273 1c03c2b
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 15:35:44 2012 -0600

    Merge branch 'rapid7' into feature/4905

    Conflicts:
    	data/meterpreter/ext_server_stdapi.jar
    	data/meterpreter/meterpreter.jar
    	external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/Meterpreter.java
    	modules/auxiliary/server/browser_autopwn.rb

commit fe2c273a6d840c67040d6c9e337f908204337e18
Merge: 8caff47 4e955e5
Author: James Lee <egypt@metasploit.com>
Date:   Fri Apr 6 10:19:53 2012 -0600

    Merge branch 'rapid7' into feature/4905

commit 8caff47d97469f1a5459c04461fd1098487ea514
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 17:51:18 2012 -0600

    Fix requires to find the test library

commit 51c33574cee3c47f0b2900c388d3d1213dd0a90d
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 17:48:35 2012 -0600

    Fix a load order problem with solaris post mods

commit 81b658362e5e6bdd215d18b53d14429d163aff72
Merge: adad2cf 6ef4257
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 15:43:19 2012 -0600

    Merge branch 'master' into feature/4905

commit 6ef42579471c6fde4bba71d0d4ce2c6c3e836180
Merge: 70ab8c0 5852455
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 15:16:56 2012 -0600

    Merge branch 'rapid7'

    Conflicts:
    	lib/rex/exploitation/javascriptosdetect.rb

commit adad2cf04c501c2a787e5475b62abd31871c06a0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 20:20:21 2012 -0600

    Deal with null data/jar

    Not sure why "" turns into null sometimes, but it was breaking shells;
    this fixes it.

commit 4f8a437b490e2b2774f9efd23b4891eaf007cf16
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:10:59 2012 -0600

    Prev commit moved these to src/a

commit 27ef76522ad10436ec785728445ed2cc0657f85f
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:08:32 2012 -0600

    Make building the jar for cve-2012-0507 a bit easier

    Mostly stolen from cve-2008-5353

commit db3dbad0a5ff20b05758be073c3502138ff095c2
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 14:52:23 2012 -0600

    Fix incorrect option name

commit 776976af31795bdf1b405e208a2d4b78a6b6c2cf
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:36:20 2012 -0600

    Add bap support to java_rhino

commit a611ab16e06bd324d6616d0bd69f2c09d671bca0
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:35:16 2012 -0600

    Put next_exploit on the window object so it's always in scope

    Solves some issues with Chrome not running more than one exploit

commit 5114d35de7c2f234ac7fe4288b344d4f2bb9731f
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 14:31:53 2012 -0600

    Pull common stuff up out of the body

commit 748309465a029593e2fe2fd445149745367513f4
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:04:03 2012 -0600

    Fix indentation level

commit 954d485e3b8ffea9a7451bd495c1956a098e0eda
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:02:42 2012 -0600

    Abstract out copy-pasted methods

    Need to do the same thing for OSX, but it's a different implementation.

commit cba8d7c911fb184f6358948022fd4a0e010878d0
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 18:04:50 2012 -0600

    Linux doesn't implement (drop|steal)_token

commit 1cfda3a7b045c08ecfae1ad688e0124e76bd0c8f
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 17:57:37 2012 -0600

    Add availability checks for net, sys, ui, and webcam

commit 4bdf39a8bf4b5aab293fc47cb8282d0346db0811
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 16:45:59 2012 -0600

    add requirement checking for fs and core commands

commit 42e35971c9f7348b57293b2b94a42dd0260ac7e4
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 21 17:20:59 2012 -0600

    Add a to_octal method that converts e.g. "A" to \0101

commit c3b9415a0a9e2b55b1effbaf2396e11f88301aaa
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 21 17:20:07 2012 -0600

    Don't use "echo -n"

    It's not portable

commit b0f3ceccfaedbeaf67fbbe76f1a0a9aec7b44548
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 20 17:01:10 2012 -0600

    Return a list of new commands after core_loadlib, java version

    Thanks mihi for the patch and the awesome responsiveness!

commit d65303e1b6458bd4b95138dc0d61e5354c4e8d3a
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 20 13:21:06 2012 -0600

    Make sure we have a response before doing stuff with it

commit 721001ead474a17d1a16de543f78b548879f5e7e
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 21:25:31 2012 -0600

    Add missing rmdir and mkdir protocol commands to PHP

    Now passes all the stdapi tests that it can
    	[*] Session type is meterpreter and platform is php/php
    	[+] should return a user id
    	[+] should return a sysinfo Hash
    	[-] FAILED: should return network interfaces
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1
    	[-] FAILED: should have an interface that matches session_host
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1
    	[-] FAILED: should return network routes
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_routes: Operation failed: 1
    	[+] should return the proper directory separator
    	[+] should return the current working directory
    	[+] should list files in the current directory
    	[+] should stat a directory
    	[+] should create and remove a dir
    	[+] should change directories
    	[+] should create and remove files
    	[+] should upload a file
    	[-] Passed: 10; Failed: 3

commit 024e99167a025f4678a707e1ee809a1524007d4d
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:26:00 2012 -0600

    Use a proper TLV type instead of a generic one

commit 1836d915cbe0bfd2f536a667e74d8d6a6ccee72a
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:24:25 2012 -0600

    Fix a counting error that caused segfaults (Linux)

commit 1e419d3fc392e435ae0af703561ce10bd5a45eb0
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:06:02 2012 -0600

    Return a list of new commands after core_loadlib

    Gets Windows back in sync with Linux

commit 3d3959f720de68e2f36ebfabe8196e01f98fe904
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 14:50:55 2012 -0600

    Refactor extensionList -> extension_commands

    It's not the same as extension_list.

commit a7acb638af803732fc5f3975e0c0632f427e0deb
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sun Mar 18 00:07:27 2012 -0500

    Massive whitespace cleanup

commit ef8b9fd5cea7db43860a5b88d7397ba84393ecd5
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 16:00:20 2012 -0500

    Add back enum_protections with some new changes

commit d778eec36953bb9bf4985e967ad2c119a1acd79b
Author: ohdae <bindshell@live.com>
Date:   Sat Mar 17 13:28:31 2012 -0400

    Added fix for enum_protections

commit 64611819d43bf13ab2d68f4353513c39e5a64fe0
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 03:14:26 2012 -0500

    A bunch of fixes

commit bb1a0205d73e75a61a8fbf5ff6440dd09f9780f9
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:28:05 2012 -0500

    The comments in get_chatlogs need an update

commit 666477e42a734f3120dcc4282b01b5ab5819384a
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:25:41 2012 -0500

    Correct license format

commit 3c8eecbcd7b952abaca0b1ce14dca41e1d4cabb7
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:22:03 2012 -0500

    Add enum_adium.rb post module

commit d290cf4fef1309df9a1af748e7c6c259a6788576
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 16:54:36 2012 -0300

    Changed store_note to store_loot. Fixed local/remote file retrieval

commit ccb830b594ea0f0a8ce7c29b24f2f137ecfd5c4c
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 11:29:07 2012 -0600

    Fall back to MIB method if we can't get netmasks

    Misses IPv6 addresses, but at least doesn't break everything.

    [Fixes #6525]

commit a9a30232dd5fcc0854c10b4d58df8511a23f3091
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Fri Mar 16 11:49:31 2012 -0500

    This module is not ready, yanked.

commit 6bb34f7fd0785d31902f1edc938a6b05b91a1495
Author: Gregory Man <man.gregory@gmail.com>
Date:   Fri Mar 16 18:09:08 2012 +0200

    sockso_traversal 1.8 compatibility fix

commit e76965ce565a8ae634dc0d3c743542f1a6d977d7
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 09:17:35 2012 -0400

    fix

commit 61ce7b587de54363f7071bc19df5a29eb29e9aa7
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 09:14:48 2012 -0400

    saves each config to loot instead of notes

commit f4713974fa82d8b13017cb0817b5fd36696194d9
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 03:46:10 2012 -0600

    Check for a 0 prefix length

    If the OnLinkPrefixLength is 0, something is wrong, try the value in the
    prefix linked list.  Appears to fix v4 addresses on XP but not 2k3.

    [See #6525]

commit cde7fcc012e04880f2faa28226a1fc5834a2e3d5
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 01:46:41 2012 -0600

    Return network prefixes when available

    Solves #6525 on Vista+.  Win2k still works using the old MIB method
    (which doesn't support ipv6).  Win2k3 and XP are still busted for
    unknown reasons.

commit 98bd9a7bd09149f524ebbe1501ec916bf99b078d
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 22:59:42 2012 -0400

    Enumerate important and interesting configuration files

commit 9336df2ac28ee2df10a0e66e7006df3d23493492
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Thu Mar 15 19:06:48 2012 -0500

    More Virtualisation SSL fixes

commit f24c378281ee6c85f687d4823f09ef5848812daf
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Thu Mar 15 18:15:29 2012 -0500

    Default SSL to true for esx_fingerprint module

commit d6e14c42120df0fd16b79709ac5723d0e2818810
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 15:56:24 2012 -0500

    Fix typo

commit b24dcfe43e625740ec8a1465f33be02f7ec40162
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 15:55:54 2012 -0500

    Add sockso dir traversal

commit 033052c1e075fcf43e9c17e5ee4a5006247cb375
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 15 14:31:25 2012 -0600

    Fix syntax error in 1.8, thanks Jun Koi for the patch

commit 4529efaeaa22e52c9c7c1528c68efb60af8af729
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 14:27:40 2012 -0500

    enum_protections is now find_apps

commit 49e823802bd8f2cb1940545e74db04f3788352d1
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 14:22:23 2012 -0500

    File rename, as well as design and cosmetic changes

commit ccf6b011145cf9db444f7e2d3fb3ec61738e88cb
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 15:29:52 2012 -0300

    added report_note, removed store_loot function, cleaned up info/author

commit 27d571932e51afbac0c0fcd95c52f038786a9a28
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 12:18:29 2012 -0300

    fixed output newline issue

commit 5a828e35d1629dc68825fe7d9322d1316888f8d7
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:05:35 2012 -0300

    fixed save line

commit 805c2ee9871c076a8c0ac62b028a7942af70b6a5
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:02:07 2012 -0300

    removed unneeded comments

commit 5861e1512f2949c0d7848d9ebed8241277462085
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:00:55 2012 -0300

    fixed output issue

commit 593a3648111f1db1f56a410250539261c2a7cd9f
Author: ohdae <bindshell@live.com>
Date:   Wed Mar 14 18:26:53 2012 -0300

    removed unneeded dependency

commit 05053e6e74b0ac99bbd4005c40ecc3b1196fd13f
Author: ohdae <bindshell@live.com>
Date:   Wed Mar 14 13:30:16 2012 -0400

    locates installed 3rd part av, fws, etc

commit 5bf512d0e9d2b412c4107228db178a7078111443
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Wed Mar 14 16:50:54 2012 -0500

    Add OSVDB-79863 NetDecision Directory Traversal

commit 18715d0367f4ef01b5998d732043cbe224e1787e
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 23:03:01 2012 -0600

    Store the retrieved commands on the session

commit b752cb8b31fd8dcd221fb6caa483f6202bf5a4fd
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 22:45:16 2012 -0600

    Retrieve the list of new commands

    The client side doesn't do anything with them yet

commit 69ce8ef42d4089a0b26644bd4d6bebf57c4cfd50
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 22:41:16 2012 -0600

    Return a list of the new commands in response to core_loadlib

    Linux

commit 354c754aa4cce63ffebb4567f3bbfd621ffef46c
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 15:13:45 2012 -0600

    Whitespace at EOL

commit 4afcb4cb9da1921ede29b03b149433cc65d680da
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 14:30:09 2012 -0600

    Create instance methods that return extensions

    Before this change, meterpreter sessions would not #respond_to? their
    extensions despite having a pseudo-accessor for them:
    ```
    >> client.respond_to? :sys
    => false
    >> client.sys
    => #<Rex::Post::Meterpreter::ObjectAliases:0x0000000e263488 @aliases={"config"=>#<Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Config:0x0000000e268dc8 @client=#<Session:meterpreter 192.168.99.1:55882 (192.168.99.1) "uid=1000, gid=1000, euid=1000, egid=1000, suid=1000, sgid=1000 @ wpad">>, "process"=>#<Class:0x0000000e268d20>, "registry"=>#<Class:0x0000000e266da0>, "eventlog"=>#<Class:0x0000000e2654e8>, "power"=>#<Class:0x0000000e263c30>}>

    ```

    After:
    ```
    >> client.respond_to? :sys
    => true
    ```

commit 70ab8c018f67d15929b6f41322540837ab7b37c5
Merge: a8a3938 5f2bace
Author: James Lee <egypt@metasploit.com>
Date:   Tue Apr 3 11:46:25 2012 -0600

    Merge branch 'master' into bap-refactor

    Conflicts:
    	external/source/exploits/CVE-2012-0507/Help.java
    	external/source/exploits/CVE-2012-0507/Makefile
    	external/source/exploits/CVE-2012-0507/msf/x/Help.java
    	external/source/exploits/CVE-2012-0507/src/a/Exploit.java
    	external/source/exploits/CVE-2012-0507/src/a/Help.java

commit a8a393891588a8b5c18e3c2173f1cd9c2480b2d0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 20:20:21 2012 -0600

    Deal with null data/jar

    Not sure why "" turns into null sometimes, but it was breaking shells;
    this fixes it.

commit 5e5eb39d3ccb62a9fc006be8241cfb97723caa06
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:10:59 2012 -0600

    Prev commit moved these to src/a

commit 5074eadbea426fc4f83d6d165a01e640ef42b4de
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:08:32 2012 -0600

    Make building the jar for cve-2012-0507 a bit easier

    Mostly stolen from cve-2008-5353

commit bdb3fbe7fd19aa76b4069edca5a78c53fec668c0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 14:52:23 2012 -0600

    Fix incorrect option name

commit 78824ef60084510d3befe0ded6eed314d55eeb12
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 13:24:33 2012 -0600

    Add the detected browser version to the DOM

    Doing it this way lets modules grab the info a bit more easily.

commit 9813ccb8d6b14e0e728b8a13bacf59dd31b9c4b9
Merge: 0faa3f6 b5fc8e4
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 13:19:05 2012 -0600

    Merge branch 'master' into bap-refactor

commit 0faa3f65240c3a2b3ab0e72f4aeb2e9f50ed54ee
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:36:20 2012 -0600

    Add bap support to java_rhino

commit 66ca27f994e3b11c9c8adae85642820768158860
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:35:16 2012 -0600

    Put next_exploit on the window object so it's always in scope

    Solves some issues with Chrome not running more than one exploit

commit 7fc2ca1a0690c7a973307772aed42ab3514e1761
Merge: 325d306 e48c47e
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:10:54 2012 -0600

    Merge branch 'master' into bap-refactor

commit 325d3060599bc79674e93dd5f55a4e60061e9bdb
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 14:31:53 2012 -0600

    Pull common stuff up out of the body

commit 4f2b3260bf7f14f4d763625792adb0c3cfd1ed7c
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:04:03 2012 -0600

    Fix indentation level

commit 9b905c53b4d46beb86da8168a1c2c5b2da340f6d
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:02:42 2012 -0600

    Abstract out copy-pasted methods

    Need to do the same thing for OSX, but it's a different implementation.
2012-05-15 17:00:02 -06:00
Tod Beardsley f5698f4bdc Msftidy on mozilla_attribchildremoved.rb
was executable, had bad spacing.
2012-05-15 15:45:07 -05:00
Tod Beardsley 82885cc6e5 Fixing author tags
Ensuring a space between name and email.
2012-05-15 15:45:07 -05:00
Tod Beardsley 898398fd54 Fixing author tags
Ensuring a space between name and email.
2012-05-15 15:43:53 -05:00
Tod Beardsley 9b3f602910 Msftidy on mozilla_attribchildremoved.rb
was executable, had bad spacing.
2012-05-15 15:39:30 -05:00
sinn3r d54a228f65 Correct version number 2012-05-15 01:16:41 -05:00