Commit Graph

6668 Commits (b813e4e650a9c989e2702e3cf2ab28faf4f3548d)

Author SHA1 Message Date
sinn3r e1ff6b0cef Nicer cleanup 2012-07-14 17:57:32 -05:00
jvazquez-r7 bdf009d7a8 Review of pull request #606 2012-07-15 00:20:12 +02:00
HD Moore 6cdd044e10 Remove a buggy payload that doesn't have NX support 2012-07-12 12:15:57 -05:00
jvazquez-r7 2da984d700 Added module for OSVDB 83275 2012-07-12 13:12:31 +02:00
jvazquez-r7 6c8ee443c8 datastore cleanup according to sinn3r 2012-07-12 09:31:22 +02:00
jvazquez-r7 65d15df9f9 Merge branch 'jboss-revision' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-revision 2012-07-12 09:25:37 +02:00
webstersprodigy fd009fe3ff Improved smb_put reliability
The .write function was having issues with large files, the
connection would close or sometimes there would be errors.
I changed thefunction to act more like smb_relay and it works better.
2012-07-11 23:30:55 -04:00
jvazquez-r7 b12f13f837 Review of Pull request #594 2012-07-12 00:46:24 +02:00
jvazquez-r7 16cd847e5a Merge branch 'mssql_review' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-mssql_review 2012-07-12 00:36:54 +02:00
jvazquez-r7 a840ff8cf8 Review of pull request #598 2012-07-12 00:34:17 +02:00
jvazquez-r7 f933d98d38 Review of #595 2012-07-12 00:19:27 +02:00
h0ng10 87f5002516 added datastore cleanup 2012-07-11 12:56:23 -04:00
h0ng10 0d38a7e45f switched to Rex::Text.encode_base64() 2012-07-11 12:52:09 -04:00
webstersprodigy c593a3429d fixed a type bug with the default response 2012-07-11 02:23:37 -04:00
LittleLightLittleFire 32fa8bdfcf Fixed typo in Stefan's last name 2012-07-11 14:53:26 +10:00
h0ng10 61ec07a10c additional targets, meterpreter, bugfixes 2012-07-10 13:33:28 -04:00
sinn3r 06974cbc43 This bug is now patched 2012-07-10 12:28:46 -05:00
Alexandre Maloteaux 81ba60169f ipv6 and arp_scanner fix 2012-07-10 18:28:24 +01:00
jvazquez-r7 4af75ff7ed Added module for CVE-2011-4542 2012-07-10 18:40:18 +02:00
sinn3r 6f97b330e7 Merge branch 'LittleLightLittleFire-module-cve-2012-1723' 2012-07-10 00:50:31 -05:00
sinn3r 5b7d1f17c0 Correct juan's name and comments 2012-07-10 00:43:46 -05:00
sinn3r 54576a9bbd Last touch-up
The contents of this pull request are very similar to what the msf
dev had in private, so everybody is credited for the effort.
2012-07-10 00:37:07 -05:00
sinn3r 64709be909 Merge branch 'module-cve-2012-1723' of https://github.com/LittleLightLittleFire/metasploit-framework into LittleLightLittleFire-module-cve-2012-1723 2012-07-10 00:27:36 -05:00
HD Moore c532d4307a Use the right failure reason 2012-07-10 00:26:14 -05:00
webstersprodigy f50843e0b7 Adding http_ntlmrelay module 2012-07-09 22:56:24 -04:00
LittleLightLittleFire e9ac90f7b0 added CVE-2012-1723 2012-07-10 12:20:37 +10:00
sinn3r b817070545 Merge branch 'mac_oui' of https://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-mac_oui 2012-07-09 20:14:25 -05:00
Alexandre Maloteaux e509c72574 better handle company name 2012-07-10 00:24:30 +01:00
Alexandre Maloteaux e949b8c2c8 mac_oui 2012-07-09 23:46:57 +01:00
sinn3r 81b4cb737d Merge branch 'zenworks_preboot_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_fileaccess 2012-07-09 11:14:56 -05:00
jvazquez-r7 73fcf73419 Added module for CVE-2011-2657 2012-07-09 18:03:16 +02:00
jvazquez-r7 b33220bf90 Added module for CVE-2012-2215 2012-07-09 17:32:55 +02:00
sinn3r 0fbfa8e6f7 Merge branch 'enum_unattend_ii' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-enum_unattend_ii 2012-07-09 10:14:30 -05:00
sinn3r 5586aa6c1b Move some code around 2012-07-09 09:44:22 -05:00
sinn3r 5db26beef7 Add more features
Please see the following ticket:
http://dev.metasploit.com/redmine/issues/7041
2012-07-09 05:17:40 -05:00
James Lee 6d6b4bfa92 Merge remote branch 'rapid7/master' into omg-post-exploits 2012-07-08 17:32:39 -06:00
sinn3r d626de66f7 Print out where the scheme info is stored.
This module needs to print out where the scheme is stored so the
user knows where it is, see complaint:
https://community.rapid7.com/message/4448
2012-07-08 18:24:18 -05:00
HD Moore 442eccd1d6 Merge pull request #578 from claudijd/master
Bug Fix to "Stamp Out" LM and NTLM Hash Corruption in Hashdump Code
2012-07-08 12:24:46 -07:00
Jonathan Claudius 5938771e6c Bug Fix to "Stamp Out" LM and NTLM Hash Corruption
-This commit Addresses Metasploit Bug #4402 that notes corrupted (aka:
incorrect) hashes yielded from hashdump
-Fail case can be reliably reproduced on a Windows system where (1) a
user is not storing an LM hash and (2) password histories are enabled
on the system
-This issue along with other extraction tools that are affected in a
similar way will be discussed at BlackHat USA 2012 and DEFCON 20 in 2
weeks.

If you have questions, please let us know.

-Jonathan Claudius (@claudijd)
-Ryan Reynolds (@reynoldsrb)
2012-07-08 14:02:22 -05:00
sinn3r 87bac91d71 Apply additional changes from #549
From pull request #549. Changes include:
* Use OptEnum to enforce the use of wpad.dat or proxy.pac
* Remove cli.peerhost:cli.peerport, the API does that already
* cleanup function to restore uripath datastore option
* More friendly error when the user doesn't have enough permission
  to bind to port 80, that way they don't blame it's a bug on msf.
* Remove unnecessary SVN stuff in modinfo
2012-07-07 15:59:16 -05:00
sinn3r 4e90da002d Merge branch 'master' of https://github.com/efraintorres/wmap-metasploit into wpad 2012-07-07 15:44:05 -05:00
Steve Tornio 44290c2c89 add osvdb ref 2012-07-07 08:40:25 -05:00
sinn3r 70c718a5ed Fix indent level 2012-07-06 12:44:03 -05:00
sinn3r 24c57b61a8 Add juan as an author too for improving the module a lot 2012-07-06 10:41:06 -05:00
jvazquez-r7 9fecc80459 User of TARGETURI plus improve of description 2012-07-06 15:47:25 +02:00
jvazquez-r7 7751c54a52 references updates 2012-07-06 11:56:03 +02:00
jvazquez-r7 f8ca5b4234 Revision of pull request #562 2012-07-06 11:52:43 +02:00
sinn3r 1e6c4301b6 We worked on it, so we got credit 2012-07-06 02:12:10 -05:00
sinn3r f8123ef316 Add a "#" in the end after the payload 2012-07-06 02:09:31 -05:00
sinn3r 187731f2cb Add a check function to detect the vuln 2012-07-06 01:58:01 -05:00
sinn3r dcddc712d2 Missing a "&" 2012-07-06 01:50:18 -05:00
sinn3r 3c8a836091 Add lcashdol's module from #568
Initial version being worked on by sinn3r & juan
2012-07-06 01:41:34 -05:00
sinn3r ecb4e20c92 Instead of deleting the "/", here's a different approach 2012-07-06 01:23:41 -05:00
sinn3r 7876d7fd60 Delete the extra "/" 2012-07-06 01:20:31 -05:00
sinn3r 686f176a99 Correct path 2012-07-06 01:12:47 -05:00
sinn3r 0c18662d46 Make msftidy happy and change the traversal option 2012-07-06 01:10:39 -05:00
sinn3r 3b7e1cd73a Add Dillion's module for Wangkongbao 2012-07-06 00:54:55 -05:00
sinn3r 260cea934d Add more reference 2012-07-05 16:48:43 -05:00
sinn3r 850242e733 Remove the extra comma and a tab char 2012-07-05 14:05:23 -05:00
jvazquez-r7 aee7d1a966 Added module for CVE-2012-0911 2012-07-05 20:58:27 +02:00
Meatballs1 fc58e485c3 Added further protection to enum_dcs method to prevent crashes 2012-07-05 14:27:45 +01:00
Meatballs1 a513b41283 Couple of readability changes suggested by TLC 2012-07-05 14:19:41 +01:00
jvazquez-r7 ff4a0bc3aa poisonivy_bof description updated 2012-07-05 00:18:13 +02:00
jvazquez-r7 8bdf3b56f5 tries updated 2012-07-04 15:48:32 +02:00
jvazquez-r7 d8a5af7084 last changes done by gal, added RANDHEADER to single_exploit 2012-07-04 15:25:12 +02:00
jvazquez-r7 644d5029d5 add bruteforce target as optional 2012-07-04 13:02:47 +02:00
jvazquez-r7 7214a6c969 check function updated 2012-07-04 12:16:30 +02:00
jvazquez-r7 c531bd264b brute force version of the exploit 2012-07-04 11:37:36 +02:00
jvazquez-r7 da2105787d no rop versio of the exploit, metadata used, check and description fixed 2012-07-04 10:54:35 +02:00
Loic Jaquemet cadbeafc4b match dot and not any character 2012-07-03 20:41:03 -03:00
Loic Jaquemet 5bba81b738 or something equivalent... if enum_dcs returns nil 2012-07-03 20:38:26 -03:00
jvazquez-r7 8bcc0ba440 Review of pull request #559 2012-07-03 23:49:47 +02:00
Meatballs1 c30b2de35b Removed comments in code! 2012-07-03 21:34:33 +01:00
Meatballs1 9998ca928d msftidy, bugfixes, and protection to prevent DNS style domains going into the DC enumeration (which causes a meterpreter crash) 2012-07-03 21:28:45 +01:00
Meatballs1 bdd9364fa4 Refactored registry DC enumeration to occur by default, fixed nil DomainCaches exception 2012-07-03 21:08:12 +01:00
jvazquez-r7 600ca5b1dd Added module for CVE-2012-0708 2012-07-03 19:03:58 +02:00
Loic Jaquemet f74fe39280 fix error message to a more helpful one. 2012-07-03 12:54:02 -03:00
Loic Jaquemet 12e24dbd99 failback to target's PDC to get policies 2012-07-03 12:49:34 -03:00
sinn3r 7cfb7c1915 Update description 2012-07-03 10:26:02 -05:00
Loic Jaquemet 5fff195eba DomainCache is a list of domainName = dnsDomainName 2012-07-03 12:20:00 -03:00
sinn3r 77d6fe16f0 Merge branch 'Winlog-CVE-resource' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-Winlog-CVE-resource 2012-07-02 16:04:02 -05:00
sinn3r 7262faac57 Correct a typo 2012-07-02 16:02:14 -05:00
sinn3r fa0422c88a Must respect the PlainText field to extract password info properly 2012-07-02 15:56:25 -05:00
sinn3r e2a2789f78 Support Ruby 1.8 syntax. Thanks M M. 2012-07-02 14:15:14 -05:00
m-1-k-3 e06ca8e654 Winlog-CVE-resource 2012-07-02 20:33:15 +02:00
jvazquez-r7 9d49052c52 hp_dataprotector_new_folder: added support for hpdp 6 2012-07-02 18:32:19 +02:00
efraintorres 4c68cdd584 Actions removed. 2012-07-02 10:57:32 -05:00
Meatballs1 4eec5a5288 msftidy 2012-07-02 16:51:15 +01:00
Meatballs1 261989dddf Fixed get_domain_reg where value returned was '.' 2012-07-02 16:46:02 +01:00
Meatballs1 bd2368d6ab Added specific details for each policy type to output table, modified REX:Ui:Table to prevent sorting when SortIndex == -1 2012-07-02 11:47:44 +01:00
Meatballs1 299ed9d1d5 Local loot storage of retrieved XML files with option to disable storage 2012-07-02 10:48:04 +01:00
Meatballs1 5c2c1ccc39 Added extra logic and fixes for user supplied domains option 2012-07-02 10:15:58 +01:00
HD Moore 3bb7405b09 Only report auth if the username is not blank 2012-07-02 04:11:29 -05:00
Meatballs1 b549c9b767 Added a number of registry locations to enumerate the domain as this was inconsistant across testing environments 2012-07-02 09:35:47 +01:00
Meatballs1 994074948a Removed @enumed_domains which inadvertantly skipped processing after the first file on a domain 2012-07-02 09:17:29 +01:00
Meatballs1 21776697b2 Merged with upstream 2012-07-02 08:57:54 +01:00
sinn3r 1b02f17d52 Shamelessly add my name too, because I made a lot of changes. 2012-07-01 19:23:34 -05:00
sinn3r e1c43c31bd Title change 2012-07-01 16:43:25 -05:00
sinn3r 326230b34b Don't need to print the xml path twice 2012-07-01 13:58:04 -05:00
sinn3r fcf5e02708 Be aware of bad XML format 2012-07-01 13:50:43 -05:00
sinn3r ac52b0cc9f Filter out 'AdministratorPassword' and 'Password' 2012-07-01 13:45:12 -05:00
sinn3r 61983b21b9 Add documentation about unattend.xml's specs 2012-07-01 04:15:11 -05:00
sinn3r bf03995e30 Add veritysr's unattend.xml collector. See #548. 2012-07-01 04:08:18 -05:00
efraintorres be666fde89 Full msftidy compliant 2012-06-30 22:08:10 -05:00
efraintorres cad749d495 More formatting. 2012-06-30 21:21:56 -05:00
efraintorres 22b47e32fe Fixed wrapping of module description 2012-06-30 21:12:01 -05:00
efraintorres f8aacc3482 All fixes applied to wpad module. 2012-06-30 20:57:59 -05:00
sinn3r a3d74f5b10 Correct dead milw0rm references 2012-06-30 16:50:04 -05:00
sinn3r 2874768539 Also add juan as author. And links to the vulnerable setup. 2012-06-30 13:12:13 -05:00
jvazquez-r7 5dbfb7b9aa last cleanup 2012-06-30 14:18:25 +02:00
jvazquez-r7 19d476122b versions affected corrected 2012-06-29 20:23:17 +02:00
jvazquez-r7 533111c6da irfanview_jpeg2000_bof: review of pull req #543 2012-06-29 20:13:02 +02:00
sinn3r 196e1b7f70 Update title & description to match what ZDI has.
ZDI publishes a new advisory that's closer to what we actually
see in a debugger. So we update the reference, as well as the
description + title to better match up theirs.
2012-06-29 11:10:28 -05:00
sinn3r 19b6ebbfbf Merge branch 'apple_quicktime_texml_zdi' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-apple_quicktime_texml_zdi 2012-06-29 10:59:11 -05:00
sinn3r 0e87238e58 Space space 2012-06-29 10:56:12 -05:00
jvazquez-r7 c79312547a Added module for CVE-2012-0124 2012-06-29 17:50:21 +02:00
jvazquez-r7 5efb459616 updated zdi reference 2012-06-29 16:36:11 +02:00
sinn3r e5dd6fc672 Update milw0rm references.
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links.  Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
sinn3r e37a71192d Make msftidy happy 2012-06-28 12:10:38 -05:00
Rob Fuller 77326edc45 fixed tcpnetstat table displaying 2012-06-28 12:56:29 -04:00
Rob Fuller 6f37ccbcae tcp netstat post module via railgun 2012-06-28 09:17:05 -04:00
sinn3r 7c9a8ba699 Add OSVDB reference 2012-06-28 02:09:12 -05:00
sinn3r cf9a6d58cc Update missing OSVDB ref 2012-06-28 00:44:01 -05:00
sinn3r f63a3959e0 Update web app module references 2012-06-28 00:37:37 -05:00
sinn3r 869aec5e3e Update CVE/OSVDB/Milw0rm references for browser modules 2012-06-28 00:26:20 -05:00
sinn3r 7dcdd205bb Update CVEs for fileformat exploits 2012-06-28 00:21:03 -05:00
sinn3r b83c02d8e3 Update CVE reference 2012-06-28 00:06:41 -05:00
sinn3r d85ce8db5c Update CVEs for HTTP exploits 2012-06-28 00:00:53 -05:00
sinn3r e8102284ff Add missing CVEs for misc exploit modules 2012-06-27 22:17:34 -05:00
sinn3r f5faccfa07 Add missing CVEs for SCADA modules 2012-06-27 22:10:24 -05:00
sinn3r 7c258d7aa9 Merge branch 'jvazquez-r7-atlassian_crowd' 2012-06-27 17:12:00 -05:00
sinn3r 68c582873b Add the MSF license text 2012-06-27 17:11:00 -05:00
sinn3r 6c80fd9b42 Merge branch 'atlassian_crowd' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-atlassian_crowd 2012-06-27 17:09:25 -05:00
sinn3r e605a35433 Make sure the check func is always returning the same data type 2012-06-27 17:07:55 -05:00
sinn3r cb1af5ab79 Final cleanup 2012-06-27 16:57:04 -05:00
jvazquez-r7 d3bc78c53b applied changes proposed by sinn3r 2012-06-27 23:55:51 +02:00
jvazquez-r7 73360dfae3 minor fixes 2012-06-27 23:38:52 +02:00
jvazquez-r7 245205c6c9 changes on openfire_auth_bypass 2012-06-27 23:15:40 +02:00
jvazquez-r7 6ec990ed85 Merge branch 'Openfire-auth-bypass' of https://github.com/h0ng10/metasploit-framework into h0ng10-Openfire-auth-bypass 2012-06-27 23:09:26 +02:00
sinn3r dc30a2dddb Merge branch 'atlassian_crowd' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-atlassian_crowd 2012-06-27 15:37:15 -05:00
sinn3r 2f733ff8b9 Add CVE-2012-0663 Apple QuickTime TeXML Exploit 2012-06-27 14:41:45 -05:00
Tod Beardsley 97974d9241 Shorten title for display 2012-06-27 10:19:46 -05:00
Tod Beardsley 94e28933c8 Whitespace fixes. msftidy.rb yall 2012-06-27 10:06:15 -05:00
jvazquez-r7 2c5cc697c9 Added auxiliary module for CVE-2012-2926 2012-06-27 10:21:18 +02:00
HD Moore 2dd51690c2 Add a missing require 2012-06-27 00:47:32 -05:00
sinn3r be2692a623 Merge branch 'pdf_parser_fix' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-pdf_parser_fix 2012-06-26 16:55:26 -05:00
James Lee 891400fdbb Array#select! is only in 1.9 2012-06-26 15:32:39 -06:00
sinn3r 9ea6d84a7a Make it clear the exploit doesn't like certain PDF formats
If the exploit cannot fetch certain xref fields, we warn the user
we don't like their PDF, and recommend them to try a different
one.
2012-06-26 16:32:10 -05:00
h0ng10 6cc8390da9 Module rewrite, included Java support, direct upload, plugin deletion 2012-06-26 11:56:44 -04:00
jvazquez-r7 cc90a60a1b Correct the use of the platform argument
The platform argument is meant to be a PlatformList object, not as an array:
http://dev.metasploit.com/redmine/issues/6826
This commit undoes the last change to init_platform() in alpha_mixed and modifies msfvenom to use it as intended.
2012-06-26 17:32:55 +02:00
j0hn__f 7d20f14525 exec SQL from file 2012-06-26 12:40:34 +01:00
j0hn__f 83260c9c89 module to exe SQL queries from a file 2012-06-26 12:15:30 +01:00
sinn3r b966dda980 Update missing CVE reference 2012-06-26 01:26:09 -05:00
sinn3r 8f355554c8 Update missing CVE reference 2012-06-26 01:21:24 -05:00
sinn3r 0d7b6d4053 Update missing CVE reference 2012-06-26 01:20:28 -05:00
sinn3r c7935e0e99 Update OSVDB reference 2012-06-26 01:18:25 -05:00
sinn3r 9980c8f416 Add rh0's analysis 2012-06-25 21:32:45 -05:00
sinn3r 7698b2994d Correct OSVDB typo 2012-06-25 18:32:35 -05:00
sinn3r 8927c8ae57 Make it more verbose, and do some exception handling for cleanup 2012-06-25 17:27:33 -05:00
sinn3r fef77bfd7f Merge branch 'sugarcrm_unserialize_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sugarcrm_unserialize_exec 2012-06-25 16:55:45 -05:00
jvazquez-r7 7b0f3383d2 delete default credentials 2012-06-25 23:53:56 +02:00
sinn3r 7f5687ef10 Merge branch 'sugarcrm_unserialize_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sugarcrm_unserialize_exec 2012-06-25 16:28:55 -05:00
jvazquez-r7 7dc1a572e5 trying to fix serialization issues 2012-06-25 23:25:38 +02:00
sinn3r 063a2119a3 Merge branch 'iis_auth_bypass' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-iis_auth_bypass 2012-06-25 15:51:33 -05:00
sinn3r f93658b37a Minor name change 2012-06-25 15:51:02 -05:00
sinn3r 637edc21ce Add CVE-2010-2731 2012-06-25 15:48:36 -05:00
jvazquez-r7 59bb9ac23b quoting ip to avoid php complaining 2012-06-25 18:52:26 +02:00
jvazquez-r7 4c453f9b87 Added module for CVE-2012-0694 2012-06-25 17:21:03 +02:00
HD Moore 807f7729f0 Merge branch 'master' into feature/vuln-info 2012-06-25 10:10:20 -05:00
Steve Tornio 5d2655b0ce add osvdb ref 2012-06-25 09:00:03 -05:00
HD Moore f7dca272b6 IE 10/Win8 detection support 2012-06-25 00:36:49 -05:00
HD Moore 1989f0ab46 IE 10/Win8 detection support 2012-06-25 00:36:04 -05:00
HD Moore 348a0b8f6e Merge branch 'master' into feature/vuln-info 2012-06-24 23:00:13 -05:00
HD Moore c28d47dc70 Take into account an integer-normalized datastore 2012-06-24 23:00:02 -05:00
HD Moore e31a09203d Take into account an integer-normalized datastore 2012-06-24 22:59:14 -05:00
sinn3r 05eaac9085 Fix possible param duplicates 2012-06-24 19:05:42 -05:00
dmaloney-r7 46dd286cc8 Merge pull request #519 from rapid7/gpp-passwords
Gpp passwords
2012-06-24 16:18:34 -07:00
David Maloney 6e19dddf2a Alleviate duplicated work in gpp module 2012-06-24 16:21:35 -05:00
David Maloney aa09cd7f82 More collaboration stuff on gpp module 2012-06-24 13:08:19 -05:00
h0ng10 65197e79e2 added Exploit for CVE-2008-6508 (Openfire Auth bypass) 2012-06-24 07:35:38 -04:00
sinn3r e805675c1f Add Apple iTunes 10 Extended M3U Stack Buffer Overflow
New exploit against Apple iTunes. Note that this appears to be
different than liquidworm's CVE-2012-0677, because this one is
a stack-based buffer overflow, while CVE-2012-0677 is heap-based,
and a different crash/backtrace. However, according to Rh0, this
bug is patched anyway in the same update... possibly a silent
patch.

As of now, there seems to be no CVE or OSVDB addressing this
particular bug.
2012-06-24 02:01:34 -05:00
David Maloney eefea8d9d3 Add newname attr in gpp module 2012-06-23 17:51:58 -05:00
David Maloney 7bcb9d1a45 Reintegrated extra options into gpp module
reintegrated meatballs control options into the gpp module
2012-06-23 17:38:07 -05:00
David Maloney b320679d1f Exception message fix for gpp 2012-06-23 12:56:12 -05:00
David Maloney 5497d091fc fix gpp attribution and description 2012-06-23 12:45:56 -05:00
David Maloney 534008b010 Major rework of the gpp module
Took the combination work Meatballs did
on pulling togetehr the three seperate gpp modules.
Cleaned it up and cut it down to a smaller, smoother form.
2012-06-23 12:42:33 -05:00
James Lee 3e974415d9 Give some verbose feedback if connection failed 2012-06-23 00:58:27 -06:00
James Lee 6913440d67 More progress on syscall wrappers
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
2012-06-22 17:45:49 -06:00
Tod Beardsley d708f2526c Adding ref for APSB12-09 to new Flash sploit 2012-06-22 17:30:52 -05:00
jvazquez-r7 72ef8c91f0 module for CVE-2012-0779 added 2012-06-23 00:21:18 +02:00
Meatballs1 26d99c6e41 Added more detail to description and stop execution if no DCs are enumerated. 2012-06-22 22:36:52 +01:00
Meatballs1 6a80b21124 Final tidyup 2012-06-22 19:12:42 +01:00
Meatballs1 27b884ca87 Fixed drives userName match 2012-06-22 18:47:44 +01:00
Meatballs1 90eaceef70 Fixed enum_domains exception when domains found = 0 2012-06-22 18:45:56 +01:00
Meatballs1 141195a5ae Adjusted attribute strings to match MSDN cases 2012-06-22 18:33:54 +01:00
Meatballs1 3519aff146 Added protection for division by 0 in the enum_domain code 2012-06-22 18:20:45 +01:00
Meatballs1 0d4feb9fce Various fixed suggested by trolldbois 2012-06-22 18:11:15 +01:00
Meatballs1 ca2c401cac Modified username to userName in XML parsing 2012-06-22 17:46:19 +01:00
Meatballs1 19a37c28b8 Fixed and added paths for user preferences 2012-06-22 17:21:32 +01:00
Meatballs1 506a91f7a8 Changed runas to runAs for scheduled tasks 2012-06-22 16:04:17 +01:00
Meatballs1 91cad8ee77 Fixed printer path 2012-06-22 14:41:51 +01:00
Meatballs1 7a4bd26132 Fixed msftidy eol 2012-06-22 14:36:29 +01:00
Meatballs1 b2cb5c1c8e Included other policy files for enumeration 2012-06-22 14:31:54 +01:00
m-1-k-3 315a1707e7 also new version v2.07.16 is vulnerable 2012-06-22 13:18:45 +02:00
Meatballs1 15a020dbda Clear EOL chars 2012-06-22 11:36:27 +01:00
Meatballs1 391a92ccfd More verbose and specific exception handling 2012-06-22 11:27:06 +01:00
Meatballs1 0ed49998e2 Allowed to run as SYSTEM 2012-06-22 11:17:24 +01:00
Meatballs1 2a3cd6e343 References 2012-06-22 11:14:19 +01:00
Meatballs1 9da2dd816c Fixed changed time to point to parent node 2012-06-22 11:03:34 +01:00
James Lee fd8b1636b9 Add the first bits of a sock_sendpage exploit
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.

Baby steps.
2012-06-22 00:03:29 -06:00
James Lee 815d80a2cc Merge branch 'rapid7' into omg-post-exploits 2012-06-21 17:02:55 -06:00
Meatballs1 e0966d5a3a Incorporated trolldbois comments about SYSTEM and changed date 2012-06-21 19:20:34 +01:00
Meatballs1 6768549c6d Fixed msftidy error 2012-06-21 18:46:20 +01:00
Meatballs1 5e64c2fb2e Will only enumerate one DC for each domain using the DOMAINS arg 2012-06-21 18:28:06 +01:00
Tod Beardsley 2729f33ff2 Merge Justin's TortoiseSVN module
This adds Justin's TortoiseSVN module with minor edits.

[Closes #508]
2012-06-21 11:56:08 -05:00
Tod Beardsley 504d3d477e Resolve http_proxy_host before reporting, too. 2012-06-21 11:55:13 -05:00
Tod Beardsley c795c2e438 Resolve hosts for tortoisesvn module reporting
report_host() does not expect a DNS name, but an IPv4 or IPv6 address.
In many cases, an SVN password is going to be associated with only a
hostname.

This may be a bug in report_host -- it's certainly inconveninent.
However, we don't usually wnat report_host to be making tons of DNS
lookups when importing hosts, so this forced step is likely intended.

Also, begin/rescue/end blocks that don't hint at what errors are
intended to be caught are rarely a good idea, so this at least informs
the user which exception was raised.
2012-06-21 11:47:37 -05:00
Meatballs1 9b943bc763 Removed redundant file 2012-06-21 17:29:52 +01:00
Meatballs1 82318f0dac Merge branch 'post_win_gather_creds_gpp_pass' of github:Meatballs1/metasploit-framework into post_win_gather_creds_gpp_pass 2012-06-21 17:27:45 +01:00
Meatballs1 81411374bc Removed old file 2012-06-21 17:23:14 +01:00
Meatballs1 56a8dda739 Reworking of module to incorporate all contributions 2012-06-21 17:23:13 +01:00
Meatballs1 bb60eacde7 Added store_loot 2012-06-21 17:23:12 +01:00
Meatballs1 be255d53c0 Initial post/windows/gather/credentials Windows Group Policy Preferences Passwords 2012-06-21 17:23:12 +01:00
sinn3r 4004b544c0 The condition for "else" doesn't really do anything for us 2012-06-21 02:53:44 -05:00
sinn3r 9d52ecfbb6 Fix a few mistakes (typos & reference) 2012-06-21 02:32:04 -05:00
sinn3r d957c021cb Handle another possible condition
If the path actually doesn't exist on the victim, we may run into
a RequestError. Need to handle that... should be pretty common.
2012-06-21 01:38:51 -05:00
sinn3r 6a386b7a88 Rename the file for naming style consistency 2012-06-21 01:25:55 -05:00
sinn3r 367e75bb06 Multiple changes to file_collector.rb
This module received the following changes:
* Make msftidy happy
* Remove the GETDRIVES option, and make the SEARCH_FROM option
  smarter.
* MSF license
* Other minor changes
2012-06-21 01:21:53 -05:00
sinn3r 327e86e08c Merge branch 'file_collector' of https://github.com/3vi1john/metasploit-framework into 3vi1john-file_collector 2012-06-20 23:46:04 -05:00
Juan Vazquez 4a8e94463a Merge pull request #512 from jvazquez-r7/ezserver_add_reference
ezserver_http: added bid reference
2012-06-20 13:11:55 -07:00
jvazquez-r7 6be7ba98aa ezserver_http: added bid reference 2012-06-20 22:08:58 +02:00
Tod Beardsley 302ab963d1 Adding ref for intersil module 2012-06-20 15:05:56 -05:00
HD Moore f7ecc98923 Merge branch 'master' into feature/vuln-info 2012-06-20 13:34:53 -05:00
sinn3r 61cad28a8c Merge branch 'gather-ssh-cleanup' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-gather-ssh-cleanup 2012-06-20 11:23:51 -05:00
sinn3r beb8e33fc4 Fix a typo 2012-06-20 09:53:09 -05:00
sinn3r efaf5cf193 Oops, I found a typo. 2012-06-19 22:57:45 -05:00
sinn3r 9a9dd53e86 Use get_resource() instead of the hard-coded path 2012-06-19 22:56:25 -05:00
sinn3r 79fc053a2e Merge branch 'module-CVE-2011-2110' of https://github.com/mrmee/metasploit-framework into mrmee-module-CVE-2011-2110 2012-06-19 22:05:07 -05:00
Steven Seeley fcf42d3e7b added adobe flashplayer array indexing exploit (CVE-2011-2110) 2012-06-20 12:52:37 +10:00
HD Moore d40e39b71b Additional exploit fail_with() changes to remove raise calls 2012-06-19 19:43:41 -05:00
HD Moore 664458ec45 No more crap :/ 2012-06-19 19:43:29 -05:00
jvazquez-r7 a93eeca68d msxml_get_definition_code_exec: added support for ie9 2012-06-20 00:17:50 +02:00
Tod Beardsley 3b1c434252 Remove trailing space 2012-06-19 16:44:07 -05:00
James Lee 967026a501 Make ssh_creds store keys as creds
Also cuts some redundant code by using existing Post API methods.
2012-06-19 14:24:32 -06:00
HD Moore fb7f6b49f0 This mega-diff adds better error classification to existing modules 2012-06-19 12:59:15 -05:00
HD Moore a4c98f9627 Fix title to be consistent 2012-06-19 12:58:42 -05:00
justincmsf b9a2c88733 New Post Module: TortoiseSVN Saved Password Extraction 2012-06-19 09:57:22 -04:00
James Lee 7c417fa977 Add a select command for the various SQL modules 2012-06-18 23:59:57 -06:00
HD Moore 073205a875 Merge branch 'master' into feature/vuln-info 2012-06-18 20:21:36 -05:00
HD Moore f7a85f3f9d Make it clear that this works on Vista SP2 2012-06-18 20:13:37 -05:00
HD Moore 4739affd54 Fix the comment as well 2012-06-18 19:57:56 -05:00
HD Moore bd0fd8195d Add compatibility for Vista SP2 from troulouliou 2012-06-18 19:55:52 -05:00
sinn3r 4987acc703 Correct e-mail format, description, and some commas. 2012-06-18 18:52:26 -05:00
sinn3r 4a537675b5 Merge branch 'sempervictus-dns_enum_over_tcp' 2012-06-18 18:38:21 -05:00
sinn3r c0bf362084 Fix the fix for enum_dns 2012-06-18 18:37:56 -05:00
sinn3r af8cb03d1b Merge branch 'distcc-add-check' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-distcc-add-check 2012-06-18 18:33:21 -05:00
HD Moore e7688e1dba Merge branch 'master' into feature/vuln-info 2012-06-18 18:15:20 -05:00
HD Moore 29887272a9 Correct the description to mention IE8 on Windows 7 2012-06-18 18:14:59 -05:00
jvazquez-r7 2df237b066 minor fixes 2012-06-18 22:44:17 +02:00
Juan Vazquez 10bd72f3a1 Merge pull request #500 from modpr0be/module-ezserver
added ezserver <=6.4.017 bof for winxp sp3
2012-06-18 13:42:35 -07:00
James Lee 96c16a498a Add a check for distcc_exec
Just executes the exploit with an "echo <random>" payload to see if it
works.
2012-06-18 14:34:02 -06:00
modpr0be d706199a83 fix all changes suggested by jvazquez-r7 2012-06-19 02:05:25 +07:00
Rob Fuller 77022d10da Added a bit of verbosity to SMB capture module to enhance logging and post exploitation 2012-06-18 15:55:40 -03:00
sinn3r 10b733edf9 Merge branch 'dns_enum_over_tcp' of https://github.com/sempervictus/metasploit-framework into sempervictus-dns_enum_over_tcp 2012-06-18 12:14:04 -05:00
sinn3r 256290c206 Additional changes 2012-06-18 10:49:16 -05:00
sinn3r 50269c910a Add IE 8 targets 2012-06-18 10:44:52 -05:00
RageLtMan c68476cce2 Add DNS/TCP to enum_dns 2012-06-18 10:47:03 -04:00
RageLtMan 909614569a Revert "Banner encoding fix when running against dd-wrt on ruby 1.9.3"
This reverts commit 89d5af7ab2fe1ce31cd70561893d94bb73f3762c.

Telnet banner parsing restored
2012-06-18 10:44:06 -04:00
HD Moore dd476f8c5d Merge branch 'master' into feature/vuln-info 2012-06-18 01:32:49 -05:00
HD Moore c388cba421 Fix up modules calling report_vuln() to use new syntax 2012-06-17 23:39:20 -05:00
sinn3r 5e3cf86794 Merge branch 'intersil_dos' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-intersil_dos 2012-06-17 18:22:22 -05:00
Thomas Grainger 78876b74dd Maintain scanner module standard 2012-06-17 20:09:01 +02:00
Thomas Grainger 74cbca5809 Print out successful mysql connection URI 2012-06-17 13:19:53 +02:00
sinn3r e72303a922 Add Intersil HTTP Basic auth pass reset (originally #453)
The modified version of pull request #453. This addresses a couple
of things including:
* Change the description to better explain what the vulnerability is.
  The advisory focuses the problem as an auth bypass, not DoS,
  although it can end up dosing the server.
* The title and filename are changed as a result of matching that
  advisory's description.
* Use 'TARGETURI' option instead of 'URI'.
* The reset attempt needs to check if the directory actually has
  401 in place, otherwise this may result a false-positive.
* The last HTTP request needs to check a possible nil return value.
* More verbose outputs.
2012-06-16 21:14:57 -05:00
sinn3r 931f24b380 Merge branch 'php_apache_request_headers_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-php_apache_request_headers_bof 2012-06-16 14:56:45 -05:00
sinn3r d0e490feaa Merge branch 'module-ms-outlook-post-update' of https://github.com/justincmsf/metasploit-framework into justincmsf-module-ms-outlook-post-update 2012-06-16 14:56:14 -05:00
3vi1john cb1144c4ec Added Revised windows file collector and loot module 2012-06-16 11:14:08 -04:00
jvazquez-r7 a8a4594cd4 Documenting esi alignment plus using target_uri.to_s 2012-06-16 09:26:22 +02:00
James Lee 7eebc671ba Put the curly braces back and drop a comma
The curly braces make extra commas at the end ok in 1.8. So fe39642e
broke this module for 1.8. Having braces doesn't hurt anything and
protects against syntax errors if a module author is not dilligent with
their commas, especially after copy-pasting another module.
2012-06-16 01:17:33 -06:00
sinn3r 424948a358 Fix title 2012-06-16 01:48:00 -05:00
sinn3r 38926fb97c Description and name change 2012-06-15 20:11:34 -05:00
jvazquez-r7 c676708564 BrowserAutopwn info completed 2012-06-16 02:26:33 +02:00
jvazquez-r7 ce241b7e80 BrowserAutopwn info completed 2012-06-16 02:18:01 +02:00
jvazquez-r7 495ed2e434 BrowserAutopwn info added 2012-06-16 02:14:24 +02:00
jvazquez-r7 8a89968a1d Added module for CVE-2012-1889 2012-06-16 01:50:25 +02:00
Tod Beardsley 7bb3679fef Errors are different from mere failures (enum_dns)
This makes a clear distinction between errors and failures when
performing zone transfers, and logs accordingly.

[See #483]
2012-06-15 18:11:25 -05:00
justincmsf 5e19918020 Updated MS Outlook post module 2012-06-15 15:06:18 -04:00
Meatballs1 6f1d5b3193 Added store_loot 2012-06-15 18:27:59 +01:00
Tod Beardsley fe39642e27 Dropping extra curly braces on f5 module
Also dropping extra whitespace.
2012-06-15 12:23:34 -05:00
Meatballs1 1b64fee5d2 Initial post/windows/gather/credentials Windows Group Policy Preferences Passwords 2012-06-15 17:50:36 +01:00
HD Moore 5006db7550 The cert module now defaults SSL to true (didnt make sense) 2012-06-15 10:55:53 -05:00
Tod Beardsley 5a49ac50f1 Shorten option description on enum_dns 2012-06-15 10:33:49 -05:00
Steve Tornio 80a0b4767a add osvdb ref 2012-06-15 09:02:31 -05:00
jvazquez-r7 1d121071f3 Prepend nops to raw payload in encoder if needed 2012-06-15 09:59:10 +02:00
sinn3r 80d46580ec One last minor change for metadata format 2012-06-14 21:48:24 -05:00
sinn3r 82799f2601 Some final touchup
This commit includes the following changes:
* Description change
* Additional references
* More testing
* Format change
* Other minor stuff
2012-06-14 21:46:38 -05:00
sinn3r 75a67d7160 Merge branch 'module-tfm_mmplayer' of https://github.com/bcoles/metasploit-framework into bcoles-module-tfm_mmplayer 2012-06-14 21:14:29 -05:00
jvazquez-r7 091b3bbbd9 Added module plus encoder for CVE-2012-2329 2012-06-15 00:29:52 +02:00
sinn3r fb67fe9161 Merge branch 'mrmee-cmdsnd_ftp_exploit' 2012-06-14 14:19:56 -05:00
sinn3r cde3c48765 Change title 2012-06-14 14:18:30 -05:00
sinn3r b107025860 Correct typo. Also make use of random junks. 2012-06-14 14:17:57 -05:00
sinn3r 8e06babbba Make msftidy happy 2012-06-14 14:16:07 -05:00
sinn3r 66e92d0200 Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit 2012-06-14 12:17:29 -05:00
sinn3r c1685c44c3 Fix disclosure date 2012-06-14 10:03:49 -05:00
sinn3r 1cdf964719 A little change to the description 2012-06-14 10:03:15 -05:00
sinn3r 48ee81de29 Add CVE-2012-2915 2012-06-14 09:56:01 -05:00
bcoles 940f904dee Changed date format to new DisclosureDate format. Removed two redundant spaces. Now passes msftidy. 2012-06-14 12:10:03 +09:30
Steven Seeley a5fca47f56 updated windows XP SP3 pivot offset, please retest this 2012-06-14 10:31:17 +10:00
sinn3r 5269776f3d Merge branch 'redmine/6983' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-redmine/6983 2012-06-13 17:26:54 -05:00
James Lee ef84ce68e4 Fixes a module that used Wmap stuff without including it
[FIXRM #6983]
2012-06-13 15:58:54 -06:00
sinn3r 45eb531c23 Add Jun as an author for the initial discovery 2012-06-13 15:50:45 -05:00
sinn3r 7dc19bba16 Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit 2012-06-13 14:55:44 -05:00
Tod Beardsley e06ee6c0e9 Language on Skype enum module 2012-06-13 14:33:54 -05:00
Tod Beardsley 15b674dab3 Language on MS12-005 2012-06-13 14:22:20 -05:00
Tod Beardsley 99b9261294 Caps in title 2012-06-13 14:19:04 -05:00
Tod Beardsley ae59f03ac9 Fixing print message in snort module 2012-06-13 14:04:05 -05:00
Tod Beardsley a579709bac Cleaning up Modbus scanner 2012-06-13 14:00:07 -05:00
Tod Beardsley 3c73133a44 Fixing up mysql module text 2012-06-13 13:59:58 -05:00
Tod Beardsley 559683f2a1 Fixing CRLFs on winlog_runtime_2 2012-06-13 13:59:39 -05:00
Tod Beardsley 3cf4f7ab44 Fixing indents on msadc module 2012-06-13 13:59:38 -05:00
Tod Beardsley ca8769d725 Whitespace on mysql module. 2012-06-13 13:59:38 -05:00
sinn3r 42ee2b5c02 Add alienvault.com reference 2012-06-13 12:19:51 -05:00
jvazquez-r7 6abb7bb987 Added module for CVE-2012-1875 as exploited in the wild 2012-06-13 18:33:26 +02:00
Steven Seeley 209d6d20d1 comsnd ftp remote format string overflow exploit 2012-06-14 02:22:31 +10:00
James Lee 1138290a64 Return nil when an error occurred
Avoids anti-pattern of testing for a specific class.
2012-06-13 09:41:20 -06:00
HD Moore a2aaca5e85 Correct a fp with this exploit module (would always print success) 2012-06-13 10:38:05 -05:00
James Lee c39a42da3d No need to alter time out 2012-06-12 23:58:20 -06:00
James Lee 1fbe5742bd Axe some copy-pasta 2012-06-12 23:58:20 -06:00
James Lee 9f78a9e18e Port ms10-092 to the new Exploit::Local format 2012-06-12 23:58:20 -06:00
James Lee 0e8fb0fe98 Add a post-exploitation exploit for suid nmap
Tested on Ubuntu with nmap 6.00 and nmap 5.00
2012-06-12 23:58:20 -06:00
sinn3r cde508af03 Merge branch 'jjarmoc-php_cgi_arg_injection' 2012-06-13 00:44:41 -05:00
sinn3r a631e1fef1 Change the default state to make it work on Metasploitable by default 2012-06-13 00:43:59 -05:00
sinn3r 597726d433 Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection 2012-06-13 00:40:02 -05:00
bcoles 9756f87517 Added TFM MMPlayer (m3u/ppl File) Buffer Overflow module 2012-06-13 13:50:12 +09:30
Jeff Jarmoc bbfe0f8f49 " is 0x22, duh. 2012-06-12 20:00:28 -05:00
HD Moore 00aa8c0452 Add missing ExploitRank 2012-06-12 15:35:53 -05:00
HD Moore 4ea5712140 Add a timeout for wonky systems that hang during negotiation 2012-06-12 15:24:13 -05:00
HD Moore 26e72b4061 Enforce a timeout in the ssh handshake (avoid hangs in some cases) 2012-06-12 15:20:25 -05:00
HD Moore 5922ec1f7a Permissions 2012-06-12 15:20:25 -05:00
Jeff Jarmoc 12a28bd519 Fixed ruby 1.9 String Indexing issue, using Rex::Text.uri_encode 2012-06-12 14:59:06 -05:00
Steve Tornio 5775fa9e67 add osvdb ref 2012-06-12 14:53:55 -05:00
HD Moore cc0f3632a8 Merge pull request #477 from jlee-r7/f5-priv
CVE-2012-1493 F5 known private key exploit module
2012-06-12 12:20:48 -07:00
James Lee a91085d6cd Add a disclosure date and more detailed desc 2012-06-12 13:07:53 -06:00
James Lee 11df90c98e Call update_info
Not sure why all modules don't do this. Or none of them.
2012-06-12 13:01:36 -06:00
James Lee c564e9dcc4 Fix 1.8 compat error
Net::SSH expects +key_data+ to be an array of strings. Giving it just a
string works in 1.9 but not 1.8, presumably due to some errant use of
+each+.
2012-06-12 12:50:46 -06:00
James Lee 539deabef5 Clean up title, options 2012-06-12 12:08:58 -06:00
James Lee 85e1555e13 Payload compat to work with unix/interact 2012-06-12 11:46:21 -06:00
James Lee 3d5417e574 Initial commit of F5 exploit 2012-06-12 11:37:22 -06:00
jvazquez-r7 4ae786590a php_wordpress_foxypress from patrick updated. Related to Pull Request #475 2012-06-12 17:39:05 +02:00
Steve Tornio efbaff8b37 add osvdb ref 2012-06-11 22:47:30 -05:00
David Maloney 89e554de2b Adds post module for stealing GPP Passwords
Post module steals Group Policy Preferences account
passwords.
2012-06-11 21:20:18 -05:00
Michael Schierl 34ecc7fd18 Adding @schierlm 's AES encryption for Java
Tested with and without AES, works as advertised. Set an AESPassword,
get encryptification. Score.

Squashed commit of the following:

commit cca6c5c36ca51d585b8d2fd0840ba34776bc0668
Author: Michael Schierl <schierlm@gmx.de>
Date:   Wed Apr 4 00:45:24 2012 +0200

    Do not break other architectures
    even when using `setg AESPassword`

commit 422d1e341b3865b02591d4c135427903c8da8ac5
Author: Michael Schierl <schierlm@gmx.de>
Date:   Tue Apr 3 21:50:42 2012 +0200

    binaries

commit 27368b5675222cc1730ac22e4b7a387b88d0d2b3
Author: Michael Schierl <schierlm@gmx.de>
Date:   Tue Apr 3 21:49:10 2012 +0200

    Add AES support to Java stager

    This is compatible to the AES mode of the JavaPayload project.

    I'm pretty sure the way I did it in the handlers (Rex::Socket::tcp_socket_pair())
    is not the supposed way, but it works :-)
2012-06-11 16:13:25 -05:00
sinn3r c3c9051014 Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection 2012-06-11 11:15:15 -05:00
jvazquez-r7 02a5dff51f struts_code_exec_exception_delegator_on_new_session: on_new_session modified 2012-06-11 12:07:38 +02:00
Juan Vazquez a43cf76591 Merge pull request #463 from schierlm/struts_arch_java
Add ARCH_JAVA support to struts_code_exec_exception_delegator
2012-06-11 03:05:37 -07:00
HD Moore 59f591ac46 Adds jcran's MySQL bruteforce and dump module for CVE-2012-2122 2012-06-11 01:42:06 -05:00
sinn3r 93a2e29ed7 Merge branch 'darkoperator-skype_enum' 2012-06-11 01:41:01 -05:00
sinn3r d226d80919 Make msftidy happy 2012-06-11 01:34:18 -05:00
sinn3r 2847ed9c43 Merge branch 'skype_enum' of https://github.com/darkoperator/metasploit-framework into darkoperator-skype_enum 2012-06-11 01:28:13 -05:00
Carlos Perez bb80124d63 Added support for shell and tested on OSX 10.6 and 10.7. Added additional session type checks. 2012-06-10 21:59:14 -04:00
jvazquez-r7 b908ccff0f Added module for CVE-2012-0297 2012-06-10 22:38:58 +02:00
sinn3r 74c6eb6f78 Change the title and add a Microsoft reference.
This is a MS bug, therefore it's important to point out which
bulletin it belongs to.
2012-06-10 14:45:15 -05:00
sinn3r efcb206cdf Correct a typo 2012-06-10 14:38:14 -05:00
HD Moore 881ec8d920 Make the description clear that it only reads 4k, default datastore['FD'] to 1 2012-06-10 13:20:02 -05:00
sinn3r 15fa178a66 Add the MSF license text (since MSF_LICENSE is already set) 2012-06-10 02:07:27 -05:00
sinn3r c7546638f2 Merge branch 'master' of https://github.com/linuxgeek247/metasploit-framework into linuxgeek247-master 2012-06-10 01:58:00 -05:00
sinn3r 498f3323f3 Merge branch 'ms12_005' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms12_005 2012-06-10 01:53:46 -05:00
sinn3r 8f6457661d Change description 2012-06-10 01:52:26 -05:00
sinn3r 4743c9fb33 Add MS12-005 (CVE-2012-0013) exploit 2012-06-10 01:08:28 -05:00
linuxgeek247 2b67c5132c Adding read_file linux shellcode 2012-06-09 20:36:47 -04:00
jvazquez-r7 f0082ba38f Added module for CVE-2012-0299 2012-06-09 22:27:27 +02:00
Michael Schierl b4d33fb85a Add ARCH_JAVA support to struts_code_exec_exception_delegator 2012-06-09 21:53:43 +02:00
jvazquez-r7 a9ee2b3480 Use of make_nops 2012-06-08 19:20:58 +02:00
jvazquez-r7 91f5f304cb Added module for CVE-2011-2217 2012-06-08 18:10:20 +02:00
sinn3r 3726ddddac Software name correction thanks to modpr0be 2012-06-08 07:07:19 -05:00
sinn3r 41d49ed553 Another badchar analysis. Allow shorter delay (5sec to 1) 2012-06-08 01:59:09 -05:00
sinn3r e5b451c000 Too many tabs for the beginning of the description 2012-06-07 23:08:11 -05:00
sinn3r 520c0ca660 Make msftidy happy 2012-06-07 23:07:39 -05:00
sinn3r 61f5eddf47 Move winlog file 2012-06-07 23:03:30 -05:00
sinn3r 9adec7e7e7 Merge branch 'winlog-2.07.14' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-winlog-2.07.14 2012-06-07 23:02:23 -05:00
sinn3r 83d21df9f6 Merge branch 'master' of https://github.com/darkoperator/metasploit-framework into darkoperator-master 2012-06-07 22:58:50 -05:00
sinn3r a709fe1fe3 Fix regex escaping thanks to w3bd3vil 2012-06-07 16:00:59 -05:00
sinn3r 1eb73dec38 Merge branch 'aushack-master' 2012-06-07 12:17:49 -05:00
sinn3r 42795fec00 Get rid of some whitespace 2012-06-07 12:17:25 -05:00
jvazquez-r7 bd714017bb samsung_neti_wiewer: add Space property for Payload 2012-06-07 16:00:36 +02:00
Patrick Webster 0e20d324b8 Added ms02_065_msadc exploit module. 2012-06-07 21:02:13 +10:00
jvazquez-r7 2f3b1effb9 Added module for OSVDB 81453 2012-06-07 12:47:09 +02:00
Carlos Perez b004f35354 Change failure of loading gem message to be in par with other gem error messages in the framework, also date is better represented in the CSV with UTC value 2012-06-06 16:28:42 -04:00
sinn3r 28fe4c0be5 What's this break stuff?
"break" should be "return"
2012-06-06 11:21:35 -05:00
sinn3r a54b14b192 Remove whitespace 2012-06-06 11:21:34 -05:00
Patrick Webster c36ab97d41 Updated msadc exploit with fixes. 2012-06-06 11:21:34 -05:00
Patrick Webster f25b828d31 Added exploit module msadc.rb 2012-06-06 11:21:34 -05:00
Tod Beardsley 34be642f84 msftidy found EOL spaces on new modules 2012-06-06 10:42:10 -05:00
sinn3r 698e2eab68 Fix nil res when vprints 2012-06-06 09:53:19 -05:00
m-1-k-3 f4f023cbfb add BID 2012-06-06 09:44:16 +02:00
sinn3r 72cdd67cd0 Remove function cleanup()
There is no point of having this function, because there's nothing
in it.
2012-06-06 00:54:04 -05:00
sinn3r 462a91b005 Massive whitespace destruction
Remove tabs at the end of the line
2012-06-06 00:44:38 -05:00
sinn3r 3f0431cf51 Massive whitespace destruction
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
sinn3r c30af98b53 Massive whitespace destruction
Remove all the lines that have nothing but whitespace
2012-06-06 00:22:36 -05:00
Carlos Perez b302f50dbe Initial version of the module supporting Windows and OSX 2012-06-05 19:11:30 -04:00