6a28aa298e
Module for CVE-2013-4164
...
So far, just a DoS. So far, just tested on recent Rails with Webrick and
Thin front ends -- would love to see some testing on ngix/apache with
passenger/mod_rails but I don't have it set up at the moment.
2013-11-22 16:51:02 -06:00
266de2d27f
Updated
2013-11-23 00:01:03 +03:00
b5011891a0
corrected rport syntax
2013-11-21 08:57:45 +03:00
9539972340
Module for OpenMind Message-OS portal login
2013-11-21 06:33:05 +03:00
9f45121b23
Remove EOL spaces
2013-11-20 15:08:13 -06:00
ded56f89c3
Fix caps in description
2013-11-18 16:15:50 -06:00
f963f960cb
Update title
2013-11-18 15:07:59 -06:00
274247bfcd
Land #2647 , @jvennix-r7's module for Gzip Memory Bomb DoS
2013-11-18 15:06:46 -06:00
589660872e
Kill FILEPATH datastore option.
2013-11-18 14:13:25 -06:00
f690667294
Land #2617 , @FireFart's mixin and login bruteforcer for TYPO3
2013-11-18 13:37:16 -06:00
0391ae2bc0
Delete general reference
2013-11-18 13:19:09 -06:00
1c4dabaf34
Beautify typo3_bruteforce module
2013-11-18 13:17:15 -06:00
b5fc0493a5
Land #2642 - Fix titles
2013-11-18 12:14:36 -06:00
8e889c61f7
Update description.
2013-11-17 15:48:27 -06:00
f7820139dc
Add a content_type datastore option.
2013-11-17 15:38:55 -06:00
43d2711b98
Default to 1 round compression.
2013-11-17 15:35:35 -06:00
1e3860d648
Add gzip bomb dos aux module.
2013-11-17 14:44:33 -06:00
7d22312cd8
Fix redis communication
2013-11-15 19:36:18 -06:00
2c485c509e
Fix caps on module titles (first pass)
2013-11-15 00:03:42 -06:00
334a93af45
Land #2638 , refs for android_htmlfileprovider
2013-11-13 14:51:46 -06:00
0612f340f1
Commas are good.
2013-11-13 14:38:50 -06:00
ad5f82d211
Add missing refs to aux/gather/android_htmlfileprovider.
2013-11-13 14:36:18 -06:00
970e70a853
Land #2626 - Add wordpress scanner
2013-11-12 11:30:23 -06:00
6a28f1f2a7
Change 4-space tabs to 2-space tabs
2013-11-12 11:29:28 -06:00
2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
...
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints
[SeeRM #8498 ]
2013-11-11 21:23:35 -06:00
48faa38c44
bugfix for wordpress_scanner
2013-11-11 00:24:32 +01:00
b472c2b195
added a wordpress scanner
2013-11-10 23:08:59 +01:00
bdd33d4daf
implement feedback from @jlee-r7
2013-11-07 23:07:58 +01:00
cc3ee5f97b
typo3_bruteforce: update msf license
2013-11-07 22:53:28 +01:00
e897c8379f
typo3_bruteforce: bugfix
2013-11-07 22:46:26 +01:00
9d616dbfe9
added typo3 bruteforcer
2013-11-07 22:38:27 +01:00
09c31f7582
Small nitpicks to catch bad http responses
2013-11-06 15:06:04 -06:00
91639dbb99
Trailing whitespace
2013-11-06 14:25:28 -06:00
079816777a
I kin spel
2013-11-06 14:22:41 -06:00
6b43d94c72
Rename, change titles/descriptions, fix minor bugs
2013-11-06 13:45:40 -06:00
b9caf091d4
Change supermicro_ipmi_traversal location
2013-11-06 12:47:50 -06:00
c132a60973
Move Supermicro web interface name to a constant
2013-11-06 12:47:50 -06:00
0609c5b290
Move private key to a constant
2013-11-06 12:47:50 -06:00
275fd5e2ba
Sort options by name
2013-11-06 12:47:50 -06:00
9f87fb33a7
Move digest calculation to a variable
2013-11-06 12:47:50 -06:00
46f0998903
Add URL refs
2013-11-06 12:47:50 -06:00
a973862c74
Add new modules
2013-11-06 12:47:50 -06:00
84572c58a8
Minor fixup for release
...
* Adds some new refs.
* Fixes a typo in a module desc.
* Fixes a weird slash continuation for string building (See #2589 )
2013-11-04 12:10:38 -06:00
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
344413b74d
Reorder refs for some reason.
2013-10-30 12:25:55 -05:00
32794f9d37
Move OpenBravo to aux module land
2013-10-30 12:20:04 -05:00
9045eb06b0
Various title and description updates
2013-10-28 14:00:19 -05:00
9bb9f8b27b
Update descriptions on SMB file utils.
2013-10-28 13:48:25 -05:00
0f63420e9f
Be specific about the type of hash
...
See #2583 . Since there are several types of hashes, we need to be more
specific about this -- see modules/exploits/windows/smb/psexec.rb which
uses an "smb_hash" as a password type.
Also, the fixes in #2583 do not appear to address anything else reported
on the Redmine issue, namely, operating system and architecture
identification discovered with this module (assuming good credentials).
Therefore, the Redmine issue should not be considered resolved.
[SeeRM #4398 ]
2013-10-28 13:40:07 -05:00
1fee3ce952
Land #2584 , reporting for energizer_duo_detect
2013-10-28 10:48:20 -05:00
efcfc9eef7
Land #2273 , @kaospunk's enum domain feature for owa_login
2013-10-28 09:47:54 -05:00
71a1ccf771
Clean owa_login enum_domain feature
2013-10-28 09:46:41 -05:00
e0aec13ce1
[FixRM #4397 ] Add reporting for energizer_duo_detect
2013-10-25 16:51:44 -05:00
9276a839d4
[FixRM #4398 ] Report credentials to database
2013-10-25 16:19:47 -05:00
7d788fbf76
Land #2571 - HP Intelligent Management SOM FileDownloadServlet Arbitrary Download
2013-10-24 14:15:26 -05:00
7ee615223d
Land #2570 - HP Intelligent Management SOM Account Creation
2013-10-24 14:14:06 -05:00
ea80c15c3b
Land #2383 , @jamcut's aux module for jenkins enum
2013-10-24 11:31:36 -05:00
8428671f32
Land #2455 , @juushya's aux module for radware
2013-10-24 10:54:02 -05:00
1673b66cbe
Delete some white lines
2013-10-24 10:50:14 -05:00
b589e9aa6e
Use the peer method
2013-10-24 10:45:02 -05:00
b5f26455a3
Land #2545 , javascript library overhaul
2013-10-23 16:12:49 -05:00
255cd18868
Use peer helper
2013-10-23 16:08:40 -05:00
69da39ad52
Add module for ZDI-13-240
2013-10-23 16:01:01 -05:00
d1e1968cb9
Land #2566 - Download and delete a file via SMB
2013-10-23 12:28:57 -05:00
9a51dd5fc4
Do exception handling and stuff
2013-10-23 12:28:25 -05:00
0500842625
Do some exception handling
2013-10-23 12:22:49 -05:00
83a4ac17e8
Make sure fd is closed to avoid a possible resource leak
2013-10-23 12:16:18 -05:00
af02fd0355
Use store_loot, sorry mubix
2013-10-23 12:13:05 -05:00
55e3f36589
Add module for ZDI-13-242
2013-10-23 11:24:29 -05:00
8f3228d191
chage author but basic copied from hdms upload_file
2013-10-22 21:13:30 -04:00
dc0d9ae21d
Land #2560 , ZDI references
...
[FixRM #8513 ]
2013-10-22 15:58:21 -05:00
b2b8824e2e
add delete and download modules for smb
2013-10-22 16:31:56 -04:00
6989f16661
Land #2548 , @titanous's aux module for CVE-2013-4450
2013-10-22 15:02:54 -05:00
bdf07456ba
Last cleanup for nodejs_pipelining
2013-10-22 15:00:58 -05:00
db447b65f9
Add exploit for Node.js HTTP Pipelining DoS
2013-10-22 15:12:14 -04:00
a4dd53f650
Chane module filename
2013-10-22 11:16:14 -05:00
cdd183f43a
Add reporting
2013-10-22 11:15:16 -05:00
0d73275c3f
Delete not necessary check
2013-10-22 10:39:54 -05:00
c50e7c73b6
Make parsing easier
2013-10-22 10:30:03 -05:00
0cc7be0138
Use snake_case
2013-10-22 10:04:32 -05:00
e4a340b7f1
Fix small issues
2013-10-22 10:02:32 -05:00
a425e2be78
Fix typo
2013-10-22 09:28:43 -05:00
111c12ef0d
Do cosmetic changes
2013-10-22 09:28:15 -05:00
f46cdb8970
Add the correct plate
2013-10-22 09:27:37 -05:00
de0d09886c
Retab changes for PR #2383
2013-10-22 09:26:44 -05:00
0214501891
Merge for retab
2013-10-22 09:22:10 -05:00
afcce8a511
Merge osdetect and addonsdetect
2013-10-22 01:11:11 -05:00
9a3e719233
Rework the naming style
2013-10-21 20:16:37 -05:00
5613cfb249
Retab changes for PR #2455
2013-10-21 15:57:23 -05:00
39d38e598d
Merge for retab
2013-10-21 15:55:48 -05:00
2aed8a3aea
Update modules to use new ZDI reference
2013-10-21 15:13:46 -05:00
58a43e87dd
Added fixes suggested by jlee-r7
...
additional code clean up
2013-10-21 14:18:12 -04:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
6430fa3354
Land #2539 - Support Windows CMD generic payload
...
This also upgrades auxiliary/admin/scada/igss_exec_17 to an exploit
2013-10-21 11:26:13 -05:00
09c9cba3d5
Updated code
2013-10-21 19:29:05 +05:30
183116c81f
Make module work, and final cleanup
2013-10-20 18:39:41 -05:00
aa6a24da1b
Add module template
2013-10-19 00:27:57 -05:00
be1d6ee0d3
Support Windows CMD generic payload
2013-10-17 14:07:27 -05:00
07ab53ab39
Merge from master to clear conflict
...
Conflicts:
modules/exploits/windows/brightstor/tape_engine_8A.rb
modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
2013-10-17 13:29:24 -05:00
ba2c52c5de
Fixed up some more weird splat formatting.
2013-10-16 16:25:48 -05:00
cc42fbc59e
Added ext .rb
...
... ext .rb why you no save.
2013-10-17 01:40:05 +05:30
f3d4229ed4
Updated code
...
msftidy compliant now. Have run it thru retab.rb, hence the indent like this.
2013-10-17 01:36:26 +05:30
2833d58387
Add OSVDB for vbulletin exploit
2013-10-16 15:01:28 -05:00
3c2dddd7aa
Update reference with a non-plagarised source
2013-10-16 14:44:18 -05:00
5d86ab4ab8
Catch mis-formatted bracket comments.
2013-10-15 14:52:12 -05:00
ed0b84b7f7
Another round of re-splatting.
2013-10-15 14:14:15 -05:00
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
d0b1479d5b
Use the real timeout option for DCERPC
2013-10-14 17:41:51 -05:00
e8d0292118
Use read_response class method
...
Looks like this was never implemented in other modules, but it collects
data from the socket in the usual get_once sort of way.
2013-10-14 17:24:22 -05:00
14be85ea5d
Land #2511 , fix up NoMethodError and hanging connx
2013-10-14 16:30:19 -05:00
a3af5d681b
Ensure TCP connection is closed
2013-10-14 21:53:22 +01:00
63e40f9fba
Release time fixes to modules
...
* Period at the end of a description.
* Methods shouldn't be meth_name! unless the method is destructive.
* "Setup" is a noun, "set up" is a verb.
* Use the clunky post module naming convention.
2013-10-14 15:17:39 -05:00
4b4804538f
Fixes issues based on feedback
...
This commit addresses comments made by @jvazquez-r7.
2013-10-14 16:02:29 -04:00
2a1ade2541
Add disclosure date and some explanation about it
2013-10-13 19:29:51 -05:00
e2c5e6c19f
Fix email format
2013-10-13 18:28:35 -05:00
008f787627
Add module for the dlink user-agent backdoor
2013-10-13 14:42:45 -05:00
988ac68074
Dont define the NDR syntax
2013-10-12 19:56:52 +01:00
765b55182e
Randomize client variables
...
Also tidyup indents and use predefined UUID syntax.
2013-10-12 19:52:15 +01:00
cad717a186
Use NDR 32bit syntax.
...
Compatible with both x86 and x64 systems.
Tidy up the module...
2013-10-12 18:52:45 +01:00
7b82c64983
ms12-020 stack print resolve
2013-10-12 16:49:03 +05:00
e1b9f1a3c4
modified ms12-020 module to resolve stack print
2013-10-12 16:36:37 +05:00
291b90405d
Merge branch 'master' of https://github.com/darknight007/metasploit-framework
...
Conflicts:
modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids.rb
2013-10-12 16:23:09 +05:00
602fd276bc
using theirs
2013-10-12 16:20:26 +05:00
4e50c574c5
Update ms12_020_maxchannelids.rb
...
ms12_020_maxchannelids.rb produces a call stack when the connection is timed out.
To reproduct, just run the module against a system having no RDP enabled.
2013-10-12 15:39:13 +05:00
876d4e0aa8
Land #1420 , WDS scanner
2013-10-11 16:53:25 -05:00
a1cf9619d9
Be clear this is 64-bit only in the desc.
2013-10-11 16:52:50 -05:00
181606e7cc
Single byte description update. Adds a period.
2013-10-11 15:04:25 -05:00
75c5e885f2
Land #2142 , @morisson's exploit for CVE-2013-3319
2013-10-11 09:17:58 -05:00
63349e4664
Add OSVDB and BID references
2013-10-11 09:14:59 -05:00
b26085457f
Trying to prevent @jvazquez-r7 from crying when reading my code:
...
- Documented fields in the several tables;
- Fixed the "remote" field location on the fs_table (changed due to REXML parsing);
- Fixed Total Memory field on os_table (bug?);
2013-10-11 11:29:27 +01:00
cad7329f2d
Minor updates to vbulletin admin exploit
2013-10-10 22:09:38 -05:00
9ca9b4ab29
Merge branch 'master' into data_dir
...
Conflicts:
lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
09f0db7fdf
Switch to rexml parsing, add some comments and cleanup
2013-10-10 13:19:10 -05:00
9516bc5cf7
Retab changes for PR #2142
2013-10-10 11:02:51 -05:00
cdc7b75a78
Merge for retab
2013-10-10 11:02:16 -05:00
c264480651
Code cleanup, tried to implement suggestions from @jvazquez-r7. Hopefully is much more readable.
2013-10-10 11:58:33 +01:00
4f3bbaffd1
Clean module and add reporting
2013-10-09 13:54:28 -05:00
5c36533742
Add module for the vbulletin exploit in the wild
2013-10-09 13:12:57 -05:00
c10f0253bc
Land #2472 - Clean up the way Apple Safari UXSS aux module does data collection
2013-10-07 15:47:28 -05:00
293927aff0
msftidy fix for coldfusion exploit
2013-10-07 12:22:48 -05:00
47e7a2de83
Kill stray debugger statement.
2013-10-06 19:32:22 -05:00
c2a81907ba
Clean up the way Apple Safari UXSS aux module does data collection.
...
[FIXRM #7918 ]
2013-10-06 19:28:16 -05:00
813013fef5
Make defaults sane for the lockoutable smb_login
...
See #2376
2013-10-04 15:53:16 -05:00
541833e2cc
Convert llmnr_response to use Net::DNS
...
* Allows responding to AAAA requests in addition to the existing A
support
* Prevents problems when recvfrom returns a mapped address like
"::ffff:192.0.2.1"
Also:
* Fix a few typos
* capture: Don't shadow a method name (arp) with a local variable
* capture: Handle the case where our UDP send hits an ENETUNREACH
2013-10-04 12:35:30 -05:00
8b8422172f
Clean up tabs, warnings, modified datastore
2013-10-04 12:20:18 -05:00
c9cebfb3f0
Serve wpad.dat and proxy.pac in the same server
2013-10-04 12:00:53 -05:00
68ee692c19
Standardize prints, clean up whitespace/warnings
2013-10-04 11:58:21 -05:00
db11e88255
Land #2321 , @juushya's aux module for Sentry CDU enumeration
2013-10-04 08:35:54 -05:00
37e1e6533c
changed default options
...
Updated these default options to false:
'DB_ALL_CREDS' => false
'BLANK_PASSWORDS' => false
2013-10-04 02:48:42 +05:30
Tod Beardsley
Karn Ganeshen
William Vu
jvazquez-r7
joev
sinn3r
FireFart
HD Moore
jvazquez-r7
Rob Fuller
Jonathan Rudenberg
jamcut
Meatballs
kaospunk
darknight007
Bruno Morisson
James Lee