infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,488 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

14488 Commits (b9bf0e6c2822ab6eebc639cd6efa26b51e5a0da1)

Author SHA1 Message Date
sinn3r b31e8fd080 Merge branch 'qdpm_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-qdpm_upload_exec 2012-09-13 10:37:10 -05:00
sinn3r 71a0db9ae5 Make sure the user has a 'myAccount' page 2012-09-13 10:33:43 -05:00
jvazquez-r7 6771466cb7 Added module for CVE-2011-2750 2012-09-13 17:24:16 +02:00
sinn3r 658502d5ad Add OSVDB-82978 
This module exploits a vuln in qdPM - a web-based project
management software. The user profile's photo upload feature can
be abused to upload any arbitrary file onto the victim server
machine, which allows remote code execution. However, note in
order to use this module, the attacker must have a valid cred
to sign.
 2012-09-13 10:01:08 -05:00
jvazquez-r7 12f3ef9c7c added osvdb numbers 2012-09-13 14:00:12 +02:00
James Lee ac2ec99fb7 Add bin for mephos' netstat fixes 
[Closes #777]
 2012-09-12 16:57:17 -05:00
James Lee 823bc0a7f6 Merge branch 'mephos-netstat' into rapid7 2012-09-12 16:56:17 -05:00
Tod Beardsley 39f2cbfc3c Older targets confirmed for CoolType SING 2012-09-12 16:51:51 -05:00
Tod Beardsley fba219532c Updating BID for openfiler 2012-09-12 14:13:21 -05:00
m m 40b383e247 I was pretty sure to have removed those fclose before 2012-09-12 13:11:24 -05:00
m m 76e05dff30 fix netstat program name 2012-09-12 13:11:24 -05:00
m m 2ec92030ae fix netstat program name 2012-09-12 13:11:24 -05:00
Tod Beardsley 033442bf28 Merge remote branch 'jlee-r7/bug/redmine-7233-meterpreter-on-client-exploits' 2012-09-11 15:24:29 -05:00
James Lee 46dfeec402 Adds meterpreter bins all compiled with the same VS 
Not sure exactly what was causing the breakage, but using bins compiled
with the same version of Visual Studio seems to have fixed the issue.

[FixRM #7233]
 2012-09-11 14:16:21 -05:00
Tod Beardsley 32e2232de3 Disambiguating hkm from hdm 
Having an author name of "hkm" really looks like a typo for "hdm," but
it's not.
 2012-09-11 11:13:20 -05:00
sinn3r b0ce2c0003 Merge branch 'master' of github.com:rapid7/metasploit-framework into jvazquez-r7-winamp_maki_bof 2012-09-10 16:24:27 -05:00
sinn3r 83f4b38609 Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof 2012-09-10 16:19:14 -05:00
jvazquez-r7 61bf15114a deregistering FILENAME option 2012-09-10 23:14:14 +02:00
sinn3r 2259de3130 Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof 2012-09-10 16:10:22 -05:00
jvazquez-r7 199fbaf33d use a static filename 2012-09-10 23:08:21 +02:00
HD Moore 221eb88313 Make filename easy to override 2012-09-10 15:59:01 -05:00
sinn3r 1c14c270bc Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof 2012-09-10 15:53:16 -05:00
jvazquez-r7 cb975ce0a2 cleanup plus documentation for the maki template 2012-09-10 22:48:04 +02:00
sinn3r c1604d989f Merge branch 'bug/redmine-7226-rhost-dns' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/redmine-7226-rhost-dns 2012-09-10 14:05:00 -05:00
sinn3r f5a0f74d27 Merge branch 'wanem_exec_improve' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-wanem_exec_improve 2012-09-10 13:35:48 -05:00
James Lee bbeb6cc97a Add a privilege escalation exploit for udev < 1.4.1 
Also includes a new ```rm_f``` method for Post::File for deleting remote
files in a platform-independent way.
 2012-09-10 12:32:14 -05:00
jvazquez-r7 607c0f023a added edb references 2012-09-10 17:30:31 +02:00
jvazquez-r7 b813e4e650 Added module for CVE-2009-1831 2012-09-10 16:46:16 +02:00
Tod Beardsley cf98f52036 Should resuce nil as well 2012-09-10 09:33:45 -05:00
RageLtMan 1facfcf6d9 remove commented old method 2012-09-10 09:33:45 -05:00
RageLtMan ef0f4d0acc Fix Meterpreter edit command file removal 
fs.rb was originally attempting to call the "close" method on a
string holding the temporary path to the file being editted.
Replaced with ::File.delete(temp_path).
 2012-09-10 09:33:45 -05:00
sinn3r 64b8696e3c Extra condition that's not actually needed 
Don't actually need to check nil res, because no code will
actually try to access res when it's nil anyway. And the 'return'
at the of the function will catch it when the response times out.
 2012-09-09 04:06:48 -05:00
bcoles cb95a7b520 Add openfiler_networkcard_exec exploit 2012-09-09 17:28:09 +09:30
jvazquez-r7 37c7f366f2 check function test vulnerability + minor improvements 2012-09-09 00:42:02 +02:00
bcoles f02659184a Add WANem v2.3 command execution 2012-09-08 16:01:45 +09:30
jvazquez-r7 caae54a7ca added osvdb reference 2012-09-07 16:56:37 +02:00
Tod Beardsley aaf7fcd5e9 Closing bracket doh 2012-09-07 08:57:27 -05:00
Tod Beardsley 53e4818c2e Humble-desser, not humble-dresser 2012-09-07 08:49:27 -05:00
jvazquez-r7 c572c20831 Description updated to explain conditions 2012-09-07 11:18:54 +02:00
sinn3r bd596a3f39 Merge branch 'sflog_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sflog_upload_exec 2012-09-06 18:40:19 -05:00
sinn3r 86036737ca Apparently this app has two different names 
People may either call the app "ActiveFax", or "ActFax". Include
both names in there to allow the module to be more searchable.
 2012-09-06 18:38:03 -05:00
sinn3r 6a484cdbc5 Merge branch 'actfax_local_exploit' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-actfax_local_exploit 2012-09-06 18:35:08 -05:00
sinn3r b4270bb480 Add OSVDB-83767: SFlog Upload Exec Module 
This module exploits multiiple flaws in SFlog!. By default, the
CMS has a default admin cred of "admin:secret", which can be
abused to access admin features such as blog management.  Through
the management interface, we can upload a backdoor that's accessible
by any remote user, and then we gain code execution.
 2012-09-06 18:30:45 -05:00
jvazquez-r7 fc1c1c93ba ZDI references fixed 2012-09-07 00:50:07 +02:00
jvazquez-r7 4985cb0982 Added module for ActFac SYSTEM Local bof 2012-09-07 00:45:08 +02:00
James Lee ac0415eae0 Normalize hosts when doing a framework.db.get_host 
Ensures that the host is an address (not a host name).

[FixRM #7226]
 2012-09-06 17:23:21 -05:00
sinn3r f7407deb7b Merge branch 'hp_sitescope_uploadfileshandler_multi' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_uploadfileshandler_multi 2012-09-06 11:33:19 -05:00
David Maloney a07f521969 Minor fix to broken interpolation 2012-09-06 11:31:10 -05:00
jvazquez-r7 65681dc3b6 added osvdb reference 2012-09-06 13:56:52 +02:00
jvazquez-r7 b4113a2a38 hp_site_scope_uploadfileshandler is now multiplatform 2012-09-06 12:54:51 +02:00