infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,359 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

230 Commits (b813e4e650a9c989e2702e3cf2ab28faf4f3548d)

Author SHA1 Message Date
sinn3r 64b8696e3c Extra condition that's not actually needed 
Don't actually need to check nil res, because no code will
actually try to access res when it's nil anyway. And the 'return'
at the of the function will catch it when the response times out.
 2012-09-09 04:06:48 -05:00
bcoles cb95a7b520 Add openfiler_networkcard_exec exploit 2012-09-09 17:28:09 +09:30
bcoles f02659184a Add WANem v2.3 command execution 2012-09-08 16:01:45 +09:30
sinn3r bbab206eac Add CVE-2012-3579 - Symantec Messaging Gateway 9 Default SSH Pass 
This module exploits a default misconfig flaw on Symantec Messaging
Gateway 9.5 (or older).  The "support" user has a known default
password, which can be used to login to the SSH service, and then
gain privileged access from remote.
 2012-09-05 13:21:10 -05:00
sinn3r 9d97dc8327 Add Metasploit blogs as references, because they're useful. 2012-09-03 15:57:27 -05:00
sinn3r ea7d7b847a Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-08-24 11:17:14 -05:00
jvazquez-r7 8f748d833a Added BID reference 2012-08-24 17:30:52 +02:00
jvazquez-r7 261a17d28a Added module for CVE-2009-4498 2012-08-23 18:29:39 +02:00
jvazquez-r7 3106f87687 badchars fixed 2012-08-21 13:30:15 +02:00
jvazquez-r7 e21ea6999c added module for ESVA Command Injection Vulnerability 2012-08-21 13:25:03 +02:00
sinn3r a228e42630 Add new target thanks for cabetux 2012-08-15 16:06:09 -05:00
HD Moore f72f334124 Fix an odd issue with search due to use of the builtin Proxies option 2012-08-12 23:22:38 -05:00
RageLtMan 3711297719 dd Opt::Proxies and opthash[:proxies] to exploits 2012-08-12 16:29:39 -04:00
Tod Beardsley 955a5af8cf Adding OSVDB ref 2012-08-07 12:56:29 -05:00
Steve Tornio 54ed27c1b3 add osvdb ref 2012-08-05 09:02:54 -05:00
bcoles 2bf0899d09 minor improvements to Zenoss showdaemonxmlconfig exploit 2012-08-01 20:15:45 +09:30
bcoles bdf8f1a543 Clean up Zenoss exploit + minor improvements 
Changed send_request_raw() to send_request_cgi()
 - Removed redundant request headers 'Content-Length'

Added rescue error message for connection failures

Changed username to the default 'admin' account
 2012-07-30 18:04:14 +09:30
bcoles 8d3700cc3c Add Zenoss <= 3.2.1 exploit and Python payload 
- modules/exploits/linux/http/zenoss_3.2.1_showdaemonxmlconfig_exec.rb
 - modules/payloads/singles/cmd/unix/reverse_python.rb
 2012-07-30 01:24:27 +09:30
sinn3r e483af64e4 Random text 2012-07-26 15:14:02 -05:00
sinn3r 6c3b05f1c4 Add CVE-2012-2953 Symantec Web Gateway proxy_file() cmd exec bug 2012-07-26 13:11:05 -05:00
sinn3r 3cb60fb42a Fix 1.8-specific regexp syntax bug 
The bug was:
line 343: warning: regexp has invalid interval
line 343: warning: regexp has '}' without escape
 2012-07-26 02:19:13 -05:00
sinn3r b662881613 Enforce a check before firing the exploit 2012-07-19 16:43:52 -05:00
James Lee d238debb2f Add disclo date, discoverers, and better description 2012-07-18 16:14:32 -06:00
James Lee ebe48ecf16 Add Rank for schelevator, update sock_sendpage's 2012-07-18 11:16:29 -06:00
James Lee 7091d1c65b Add an exploit for sock_sendpage 
Unfortunately, adds a dep on bionic for runtime compilation.

Gets ring0, sets the (res)uid to 0 and jumps to the payload.  Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into.  Single payloads work fine, though.

Also cleans up and improves local exploits' ability to compile C.

[SEERM #3038]
 2012-07-15 20:29:48 -06:00
James Lee 6d6b4bfa92 Merge remote branch 'rapid7/master' into omg-post-exploits 2012-07-08 17:32:39 -06:00
sinn3r e5dd6fc672 Update milw0rm references. 
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links.  Change to exploit-db instead.
 2012-06-28 14:27:12 -05:00
James Lee 6913440d67 More progress on syscall wrappers 
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
 2012-06-22 17:45:49 -06:00
James Lee fd8b1636b9 Add the first bits of a sock_sendpage exploit 
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.

Baby steps.
 2012-06-22 00:03:29 -06:00
HD Moore d40e39b71b Additional exploit fail_with() changes to remove raise calls 2012-06-19 19:43:41 -05:00
HD Moore fb7f6b49f0 This mega-diff adds better error classification to existing modules 2012-06-19 12:59:15 -05:00
James Lee 7eebc671ba Put the curly braces back and drop a comma 
The curly braces make extra commas at the end ok in 1.8. So fe39642e
broke this module for 1.8. Having braces doesn't hurt anything and
protects against syntax errors if a module author is not dilligent with
their commas, especially after copy-pasting another module.
 2012-06-16 01:17:33 -06:00
Tod Beardsley fe39642e27 Dropping extra curly braces on f5 module 
Also dropping extra whitespace.
 2012-06-15 12:23:34 -05:00
sinn3r 45eb531c23 Add Jun as an author for the initial discovery 2012-06-13 15:50:45 -05:00
Tod Beardsley ae59f03ac9 Fixing print message in snort module 2012-06-13 14:04:05 -05:00
James Lee 1138290a64 Return nil when an error occurred 
Avoids anti-pattern of testing for a specific class.
 2012-06-13 09:41:20 -06:00
HD Moore a2aaca5e85 Correct a fp with this exploit module (would always print success) 2012-06-13 10:38:05 -05:00
HD Moore 00aa8c0452 Add missing ExploitRank 2012-06-12 15:35:53 -05:00
HD Moore 4ea5712140 Add a timeout for wonky systems that hang during negotiation 2012-06-12 15:24:13 -05:00
Steve Tornio 5775fa9e67 add osvdb ref 2012-06-12 14:53:55 -05:00
James Lee a91085d6cd Add a disclosure date and more detailed desc 2012-06-12 13:07:53 -06:00
James Lee 11df90c98e Call update_info 
Not sure why all modules don't do this. Or none of them.
 2012-06-12 13:01:36 -06:00
James Lee c564e9dcc4 Fix 1.8 compat error 
Net::SSH expects +key_data+ to be an array of strings. Giving it just a
string works in 1.9 but not 1.8, presumably due to some errant use of
+each+.
 2012-06-12 12:50:46 -06:00
James Lee 539deabef5 Clean up title, options 2012-06-12 12:08:58 -06:00
James Lee 85e1555e13 Payload compat to work with unix/interact 2012-06-12 11:46:21 -06:00
James Lee 3d5417e574 Initial commit of F5 exploit 2012-06-12 11:37:22 -06:00
jvazquez-r7 b908ccff0f Added module for CVE-2012-0297 2012-06-10 22:38:58 +02:00
sinn3r 8f6457661d Change description 2012-06-10 01:52:26 -05:00
jvazquez-r7 f0082ba38f Added module for CVE-2012-0299 2012-06-09 22:27:27 +02:00
sinn3r d9c39d3798 Fix the rest of nil res from get_once 2012-06-04 17:26:15 -05:00