81e2dbc71e
added module for CVE-2012-3485
2013-03-03 19:48:12 +01:00
76180f22fc
added module for cve-2012-4284
2013-03-03 13:23:21 +01:00
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
abdcde06cd
Fix polarcms_upload_exec exploit
2013-02-25 22:58:26 -08:00
181e3c0496
Uses normalize_uri
2013-02-25 19:36:48 -06:00
1ed74b46be
Add CVE-2013-0803
...
From:
http://dev.metasploit.com/redmine/issues/7691
2013-02-25 14:14:57 -06:00
f3f913edc5
Correct bad naming style
2013-02-25 13:29:27 -06:00
690e7ec8a7
Uses normalize_uri
2013-02-25 13:28:00 -06:00
b930613653
Merge branch 'kordil-edms-upload-exec' of github.com:bcoles/metasploit-framework into bcoles-kordil-edms-upload-exec
2013-02-25 12:43:50 -06:00
5fe2c26d82
Merge branch 'bcoles-glossword_upload_exec'
2013-02-25 12:41:05 -06:00
52241b847a
Uses normalize_uri instead of manually adding a slash
2013-02-25 12:20:37 -06:00
1446992253
Merge jvazquez-r7's java exploit
2013-02-25 07:19:12 -06:00
d7c0ce4e4a
Fix 'check()' in glossword_upload_exec
2013-02-25 15:52:07 +10:30
1f46b3aa02
Add Glossword Arbitrary File Upload Vulnerability exploit
2013-02-25 01:59:46 +10:30
2b65cfa5ab
Minor changes
2013-02-22 21:02:19 -06:00
1623877151
Merge branch 'MS13-009' of github.com:jjarmoc/metasploit-framework into jjarmoc-MS13-009
2013-02-22 20:58:42 -06:00
002654317c
Add Kordil EDMS File Upload Vulnerability exploit
2013-02-22 23:32:17 +10:30
5b16e26f82
change module filename
2013-02-21 20:05:13 +01:00
b4f4cdabbc
cleanup for the module
2013-02-21 20:04:05 +01:00
1913d60d65
multibrowser support
2013-02-21 01:13:25 +01:00
bf216cca5c
description and references updated
2013-02-20 18:14:53 +01:00
d7b89a2228
added security level bypass
2013-02-20 17:50:47 +01:00
d88ad80116
Added first version of cve-2013-0431
2013-02-20 16:39:53 +01:00
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
9d4a3ca729
Fix a typo that broke this module against x64
...
[SeeRM #7747 ]
2013-02-19 19:22:42 -06:00
37634a9e60
Merge branch 'hp_vsa_exec_9' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_vsa_exec_9
2013-02-19 12:36:39 -06:00
189558b862
Merge branch 'openemr_upload_exec' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-openemr_upload_exec
2013-02-19 12:25:00 -06:00
5108e8ef1c
Correct tab
2013-02-19 11:44:41 -06:00
b2664e04fb
Merge branch 'bigant_server_dupf_upload' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-bigant_server_dupf_upload
2013-02-19 11:42:04 -06:00
9813c815ef
Minor changes
2013-02-19 11:40:06 -06:00
553d7abe43
Merge branch 'bigant_server_sch_dupf_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-bigant_server_sch_dupf_bof
2013-02-19 11:26:47 -06:00
416a7aeaa3
make msftidy happy for s4u_persistence
2013-02-18 15:23:06 +01:00
be0feecf8f
Merge branch 's4u_persistence' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-s4u_persistence
2013-02-18 15:22:37 +01:00
25f8a7dcb9
Fix expire tag logic and slight clean up
...
Was a dumbass again and didn't fully understand how Optints worked when left blank at run time. If not 0 the expire tag will be inserted now. Also made it print the xpath if used because I believe it will be of value to the user for trouble shooting.
2013-02-17 22:35:52 -05:00
322fa53d49
fix typo
2013-02-17 20:29:41 +01:00
31a3a374c3
Added module for CVE-2012-6274
2013-02-17 20:25:39 +01:00
1a2a0bc38e
Added module for CVE-2012-6275
2013-02-17 20:21:45 +01:00
a8d574e4ce
Updated one print_status
2013-02-17 14:08:33 -05:00
3ab5585107
make msftidy happy
2013-02-16 20:49:32 +01:00
121a736e28
initial commit
2013-02-16 20:42:02 +01:00
6b1bb9e1e8
Added module for OSVDB 90222
2013-02-16 13:11:46 +01:00
221ce22f53
make msftidy happy
2013-02-15 19:01:58 +01:00
ade2c9ef56
msftidy - fix line endings.
2013-02-14 11:42:02 -06:00
4c90cacffe
Send iframe when URIPATH isnt '/'
2013-02-14 11:23:08 -06:00
947aa24d44
MS13-009 / CVE-2013-0025 ie_slayout_uaf.rb by Scott Bell
2013-02-14 11:18:19 -06:00
7b2c1afadb
I'm an idiot, fix logon xpath
2013-02-14 09:16:47 -05:00
e78cbdd14d
missed one line
2013-02-13 18:17:38 -05:00
bbf8fe0213
Use Post::File methods and fail_with
2013-02-13 18:10:05 -05:00
4074a12fd7
Randomize some gadgets
2013-02-13 14:12:52 -06:00
f58cc6a2e0
more fix version info
2013-02-12 18:51:04 +01:00
96b1cb3cfb
fix version info
2013-02-12 18:50:36 +01:00
69267b82b0
Make stable #1318 foxit reader exploit
2013-02-12 18:44:19 +01:00
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
9040fcd5ae
Merge branch 'darkoperator-post2localexploit' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-post2localexploit
2013-02-12 01:52:05 +01:00
42a6d96ff4
using Post::File methods plus little more cleanup
2013-02-12 01:33:07 +01:00
97edbb7868
using always a vbs file to drop exe
2013-02-12 00:58:26 +01:00
5edb138a8f
fixed nil issue
2013-02-11 11:51:33 -04:00
3a499b1a6d
added s4u_persistence.rb
2013-02-10 14:22:36 -05:00
17b349ab50
added crash to comments
2013-02-09 17:49:57 +01:00
5b576c1ed0
fix ident and make happy msftidy
2013-02-09 17:40:45 +01:00
fea84cad10
Fix additional typos per recomendation
2013-02-08 14:47:16 -04:00
5b3b0a8b6d
Merge branch 'dmaloney-r7-http/auth_methods' into rapid7
2013-02-08 12:45:35 -06:00
b8f0a94c3f
Fixed typos mentioned by Egypt
2013-02-08 14:42:10 -04:00
98457c0a4d
Merge branch 'sonicwall_gms' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-sonicwall_gms
2013-02-08 19:18:57 +01:00
9b6f2fcd1d
Use the install path to tell us the separator
...
Fixes the java target on windows victims
2013-02-08 12:10:42 -06:00
5b398076ae
Couple of fixes for windows
...
* Catch IOError when chmod doesn't exist (i.e. Windows)
* Proper escaping for paths
2013-02-08 11:52:50 -06:00
071df7241b
Merge branch 'rapid7' into sonicwall_gms
...
Conflicts:
modules/exploits/multi/http/sonicwall_gms_upload.rb
Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
1f9a09d5dd
Add a method to upload and exec in one step
2013-02-07 21:09:32 -06:00
0ad548a777
I expect people to know what a share is.
2013-02-07 19:16:44 -06:00
9415e55211
Merge branch 'feature/rm5455-patch-smb_relay' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm5455-patch-smb_relay
2013-02-07 19:12:58 -06:00
c131b7ef0e
Added exception handing and return checking as requested by Sinn3r
2013-02-07 21:06:05 -04:00
19e989dff9
Initial commit fo the migrated module
2013-02-07 19:11:44 -04:00
13d1045989
Works for java and native linux targets
2013-02-07 16:56:38 -06:00
b6c6397da3
typo
2013-02-06 19:21:20 -06:00
1095fe198b
Merge branch 'rapid7' into dmaloney-r7-http/auth_methods
2013-02-06 16:57:50 -06:00
0186e290d3
Merge branch 'ovftool_format_string_fileformat' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_fileformat
2013-02-05 15:13:51 -06:00
b706af54a0
Merge branch 'ovftool_format_string_browser' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_browser
2013-02-05 15:12:24 -06:00
80a8bab02f
Correct the CVE reference
2013-02-05 10:37:24 -06:00
42912bf286
Merge branch 'jjarmoc-rails_methods' of github.com:jjarmoc/metasploit-framework into jjarmoc-jjarmoc-rails_methods
2013-02-04 16:50:01 -06:00
44d4e298dc
Attempting to cleanup winrm auth
2013-02-04 15:48:31 -06:00
9b30e354ea
Updates HTTP_METHOD option to use OptEnum.
2013-02-04 15:32:36 -06:00
45db43d2b3
Merge branch 'msftidy/no-twitter-handles' of github.com:todb-r7/metasploit-framework into todb-r7-msftidy/no-twitter-handles
2013-02-04 14:21:40 -06:00
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
2c3de43f4b
datastore opts cleanup
...
cleanuo digestauth datastore options in modules
2013-02-04 12:10:44 -06:00
9ce5f39bc6
added migrate as initial script
2013-02-04 16:42:56 +01:00
e0d4bb5799
Added module for cve-2012-3569, browser version
2013-02-04 16:37:42 +01:00
135718a97b
Added module for cve-2012-3569, fileformat version
2013-02-04 16:36:33 +01:00
4c8811bb8a
Add a debug target
2013-02-03 23:24:44 -06:00
191eed88bc
Fix liberal matching expression on target
2013-02-03 21:50:03 -06:00
9379c68e51
Fix typo, auto-fingerprint, unconnected sockets
2013-02-03 21:23:05 -06:00
42c8a2d265
Add VU and blog references
2013-02-03 18:17:51 -06:00
c24da99104
Update authors, add Richard (thanks!)
2013-02-03 18:13:28 -06:00
9e491f0b1c
Add a fingerprint string and more comments
2013-02-03 18:03:32 -06:00
1f227243b8
Make it clear BadChars are ignored
2013-02-03 17:54:25 -06:00
214a60aa01
iFix spacing
2013-02-03 17:52:33 -06:00
94953d0450
Fix idents from copypasta
2013-02-03 17:48:13 -06:00
975230c9e7
Add the first module for unique_service_name()
2013-02-03 17:46:20 -06:00
ffb88baf4a
initial module import from SV rev_ssl branch
2013-02-03 15:06:24 -05:00
e8def29b4f
Dropping all twitter handles
...
Also adds "pbot" as an accepted lowercase word. This will come up pretty
routinley for functions and stuff.
2013-02-01 16:33:52 -06:00
027ba28e70
Merge branch 'jvazquez-r7-datalife_template'
2013-02-01 16:27:18 -06:00
a63cf6977c
Fix 1.8 support
2013-02-01 14:39:32 -06:00
bf7bb9952e
added template stuff improve
2013-02-01 11:53:42 +01:00
de8572d934
Use normalize_uri for URI
2013-01-31 16:57:48 -06:00
70b252dc7b
Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2
2013-01-31 22:32:50 +01:00
1a01d6d033
Fix scrutinizer checks
2013-01-31 14:48:54 -06:00
5332e80ae9
Fix errant use of .to_s instead of .path
2013-01-31 14:18:42 -06:00
b2ce9302c6
uri normalization in the old way
2013-01-31 16:59:49 +01:00
365e1b0557
added module for cve-2013-1412
2013-01-31 16:09:14 +01:00
4de5e475c3
Fix check
2013-01-31 02:15:50 -06:00
66ca906bfb
This is a string, not a variable
2013-01-31 01:56:05 -06:00
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
ec0db66fcb
Merge branch 'patch-2' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-2
2013-01-30 12:36:53 -06:00
09fd224763
Merge branch 'patch-1' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-1
2013-01-30 12:33:40 -06:00
aaf18f0257
EOL whitespace, yo.
2013-01-29 14:22:30 -06:00
deb9385181
Patch for smb_relay.rb to allow the share written to, to be defined in an option
...
As described in Redmine Feature #5455
2013-01-29 15:19:35 -05:00
6002e35460
Merge pull request #1397 from wchen-r7/target_uri_fix
...
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
55600ce276
Update modules/exploits/multi/http/rails_xml_yaml_code_exec.rb
...
Remove unecessary include. Tested against rails 3.2.10.
2013-01-29 11:46:02 -06:00
929814dabf
Update modules/exploits/multi/http/rails_json_yaml_code_exec.rb
...
Removes unnecessary include. Tested on 3.0.19 and 2.3.15.
2013-01-29 11:04:20 -06:00
38785015e1
Missing period in description
2013-01-28 23:08:53 -06:00
464d048eca
Remove debugging print
2013-01-28 22:25:57 -06:00
dc19968555
Minor cleanups
2013-01-28 22:21:03 -06:00
c0757ce905
Add support for 2.x
2013-01-28 21:41:15 -06:00
92c736a6a9
Move fork stuff out of exploit into payload mixin
...
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
ee2579607a
Working against 3.0.19
2013-01-28 21:05:14 -06:00
690ef85ac1
Fix trailing slash problem
...
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.
Related to: [SeeRM: #7727 ]
2013-01-28 13:19:31 -06:00
044fefd02a
Initial support for Java target
...
Still some debugging junk, needs some more love.
2013-01-28 00:02:26 -06:00
49aac302e6
normalize_uri() breaks URI parsing
...
Please see: http://dev.metasploit.com/redmine/issues/7727
2013-01-26 22:57:01 -06:00
3faf4b3aca
adding sinn3r as author
2013-01-24 18:13:30 +01:00
f1f8782a5d
Merge branch 'payload_inject.rb' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-payload_inject.rb
2013-01-24 18:13:00 +01:00
2cedcad810
Check PID
2013-01-24 10:46:23 -06:00
1bccc410a3
Merge branch 'module-movabletype_upgrade_exec' of https://github.com/kacpern/metasploit-framework into kacpern-module-movabletype_upgrade_exec
2013-01-24 15:02:48 +01:00
ba41ee9c83
- applied all the changes from #1363
...
- some extra escaping for the sake of it
- removed the timeout in http_send_raw
2013-01-24 13:15:42 +00:00
96d0b13de2
Merge branch 'excellentrankings' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-excellentrankings
2013-01-24 13:00:01 +01:00
3146b7ce77
Change default target
...
ExcellentRanking requires the module to auto-target. If the payload
is universal, that works too.
2013-01-23 23:40:47 -06:00
0c0f4a3e66
Lower ranking because they cannot auto-target
...
In order to be qualified as ExcellentRanking, auto-target is a must,
or the module has to default to a payload that's universal for
multiple platforms. Otherwise you're wasting time in Pro.
2013-01-23 23:35:31 -06:00
75f3a62ac4
Explain why we need this empty on_new_session
2013-01-23 16:43:36 -06:00
9c3e9f798f
Lower the ranking, because it cannot auto-target.
...
When it's excellent, Pro will fire this first, and that will only
generate more traffic than actually popping a shell.
2013-01-23 16:39:24 -06:00
53599e4c45
It's better to have a version # in the title, easier to find
2013-01-23 16:32:57 -06:00
d1736b8880
Merge branch 'sonicwall_upload' of github.com:julianvilas/metasploit-framework into julianvilas-sonicwall_upload
2013-01-23 16:32:06 -06:00
ad108900d5
Why yes I know it's a module
2013-01-23 16:23:41 -06:00
22f7619892
Improve Carlos' payload injection module - See #1201
...
Lots of changes, mainly:
* Description update
* Avoid accessing protected methods
* More careful exception & return value handling
2013-01-23 16:15:14 -06:00
e93b7ffcaf
Add Carlos Perez's payload injection module
...
See #1201
2013-01-23 14:07:48 -06:00
f50c7ea551
A version number helps deciding which exploit to use
2013-01-23 11:43:39 -06:00
a1f8da9ff6
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-01-23 11:41:35 -06:00
ca144b9e84
msftidy fix
2013-01-23 11:40:12 -06:00
dd0fdac73c
fix indent
2013-01-23 18:19:14 +01:00
c47392f5d1
normalize_uri and path fix
2013-01-23 16:57:30 +00:00
ff875d04e0
- RPATH changed to TARGETURI
...
- both CVE numbers referenced
- sightly changed exception handling
2013-01-23 16:50:35 +00:00
jvazquez-r7
David Maloney
Joe Rozner
sinn3r
Tod Beardsley
bcoles
James Lee
Thomas McCarthy
m-1-k-3
Jeff Jarmoc
smilingraccoon
Carlos Perez
HD Moore
RageLtMan
lmercer
Tod Beardsley
Kacper Nowak