Commit Graph

6507 Commits (bfe2ed07378b65ccd971703dfab51203bc28b5c1)

Author SHA1 Message Date
modpr0be d706199a83 fix all changes suggested by jvazquez-r7 2012-06-19 02:05:25 +07:00
Rob Fuller 77022d10da Added a bit of verbosity to SMB capture module to enhance logging and post exploitation 2012-06-18 15:55:40 -03:00
sinn3r 10b733edf9 Merge branch 'dns_enum_over_tcp' of https://github.com/sempervictus/metasploit-framework into sempervictus-dns_enum_over_tcp 2012-06-18 12:14:04 -05:00
sinn3r 256290c206 Additional changes 2012-06-18 10:49:16 -05:00
sinn3r 50269c910a Add IE 8 targets 2012-06-18 10:44:52 -05:00
RageLtMan c68476cce2 Add DNS/TCP to enum_dns 2012-06-18 10:47:03 -04:00
RageLtMan 909614569a Revert "Banner encoding fix when running against dd-wrt on ruby 1.9.3"
This reverts commit 89d5af7ab2fe1ce31cd70561893d94bb73f3762c.

Telnet banner parsing restored
2012-06-18 10:44:06 -04:00
HD Moore dd476f8c5d Merge branch 'master' into feature/vuln-info 2012-06-18 01:32:49 -05:00
HD Moore c388cba421 Fix up modules calling report_vuln() to use new syntax 2012-06-17 23:39:20 -05:00
sinn3r 5e3cf86794 Merge branch 'intersil_dos' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-intersil_dos 2012-06-17 18:22:22 -05:00
Thomas Grainger 78876b74dd Maintain scanner module standard 2012-06-17 20:09:01 +02:00
Thomas Grainger 74cbca5809 Print out successful mysql connection URI 2012-06-17 13:19:53 +02:00
sinn3r e72303a922 Add Intersil HTTP Basic auth pass reset (originally #453)
The modified version of pull request #453. This addresses a couple
of things including:
* Change the description to better explain what the vulnerability is.
  The advisory focuses the problem as an auth bypass, not DoS,
  although it can end up dosing the server.
* The title and filename are changed as a result of matching that
  advisory's description.
* Use 'TARGETURI' option instead of 'URI'.
* The reset attempt needs to check if the directory actually has
  401 in place, otherwise this may result a false-positive.
* The last HTTP request needs to check a possible nil return value.
* More verbose outputs.
2012-06-16 21:14:57 -05:00
sinn3r 931f24b380 Merge branch 'php_apache_request_headers_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-php_apache_request_headers_bof 2012-06-16 14:56:45 -05:00
sinn3r d0e490feaa Merge branch 'module-ms-outlook-post-update' of https://github.com/justincmsf/metasploit-framework into justincmsf-module-ms-outlook-post-update 2012-06-16 14:56:14 -05:00
3vi1john cb1144c4ec Added Revised windows file collector and loot module 2012-06-16 11:14:08 -04:00
jvazquez-r7 a8a4594cd4 Documenting esi alignment plus using target_uri.to_s 2012-06-16 09:26:22 +02:00
James Lee 7eebc671ba Put the curly braces back and drop a comma
The curly braces make extra commas at the end ok in 1.8. So fe39642e
broke this module for 1.8. Having braces doesn't hurt anything and
protects against syntax errors if a module author is not dilligent with
their commas, especially after copy-pasting another module.
2012-06-16 01:17:33 -06:00
sinn3r 424948a358 Fix title 2012-06-16 01:48:00 -05:00
sinn3r 38926fb97c Description and name change 2012-06-15 20:11:34 -05:00
jvazquez-r7 c676708564 BrowserAutopwn info completed 2012-06-16 02:26:33 +02:00
jvazquez-r7 ce241b7e80 BrowserAutopwn info completed 2012-06-16 02:18:01 +02:00
jvazquez-r7 495ed2e434 BrowserAutopwn info added 2012-06-16 02:14:24 +02:00
jvazquez-r7 8a89968a1d Added module for CVE-2012-1889 2012-06-16 01:50:25 +02:00
Tod Beardsley 7bb3679fef Errors are different from mere failures (enum_dns)
This makes a clear distinction between errors and failures when
performing zone transfers, and logs accordingly.

[See #483]
2012-06-15 18:11:25 -05:00
justincmsf 5e19918020 Updated MS Outlook post module 2012-06-15 15:06:18 -04:00
Meatballs1 6f1d5b3193 Added store_loot 2012-06-15 18:27:59 +01:00
Tod Beardsley fe39642e27 Dropping extra curly braces on f5 module
Also dropping extra whitespace.
2012-06-15 12:23:34 -05:00
Meatballs1 1b64fee5d2 Initial post/windows/gather/credentials Windows Group Policy Preferences Passwords 2012-06-15 17:50:36 +01:00
HD Moore 5006db7550 The cert module now defaults SSL to true (didnt make sense) 2012-06-15 10:55:53 -05:00
Tod Beardsley 5a49ac50f1 Shorten option description on enum_dns 2012-06-15 10:33:49 -05:00
Steve Tornio 80a0b4767a add osvdb ref 2012-06-15 09:02:31 -05:00
jvazquez-r7 1d121071f3 Prepend nops to raw payload in encoder if needed 2012-06-15 09:59:10 +02:00
sinn3r 80d46580ec One last minor change for metadata format 2012-06-14 21:48:24 -05:00
sinn3r 82799f2601 Some final touchup
This commit includes the following changes:
* Description change
* Additional references
* More testing
* Format change
* Other minor stuff
2012-06-14 21:46:38 -05:00
sinn3r 75a67d7160 Merge branch 'module-tfm_mmplayer' of https://github.com/bcoles/metasploit-framework into bcoles-module-tfm_mmplayer 2012-06-14 21:14:29 -05:00
jvazquez-r7 091b3bbbd9 Added module plus encoder for CVE-2012-2329 2012-06-15 00:29:52 +02:00
sinn3r fb67fe9161 Merge branch 'mrmee-cmdsnd_ftp_exploit' 2012-06-14 14:19:56 -05:00
sinn3r cde3c48765 Change title 2012-06-14 14:18:30 -05:00
sinn3r b107025860 Correct typo. Also make use of random junks. 2012-06-14 14:17:57 -05:00
sinn3r 8e06babbba Make msftidy happy 2012-06-14 14:16:07 -05:00
sinn3r 66e92d0200 Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit 2012-06-14 12:17:29 -05:00
sinn3r c1685c44c3 Fix disclosure date 2012-06-14 10:03:49 -05:00
sinn3r 1cdf964719 A little change to the description 2012-06-14 10:03:15 -05:00
sinn3r 48ee81de29 Add CVE-2012-2915 2012-06-14 09:56:01 -05:00
bcoles 940f904dee Changed date format to new DisclosureDate format. Removed two redundant spaces. Now passes msftidy. 2012-06-14 12:10:03 +09:30
Steven Seeley a5fca47f56 updated windows XP SP3 pivot offset, please retest this 2012-06-14 10:31:17 +10:00
sinn3r 5269776f3d Merge branch 'redmine/6983' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-redmine/6983 2012-06-13 17:26:54 -05:00
James Lee ef84ce68e4 Fixes a module that used Wmap stuff without including it
[FIXRM #6983]
2012-06-13 15:58:54 -06:00
sinn3r 45eb531c23 Add Jun as an author for the initial discovery 2012-06-13 15:50:45 -05:00
sinn3r 7dc19bba16 Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit 2012-06-13 14:55:44 -05:00
Tod Beardsley e06ee6c0e9 Language on Skype enum module 2012-06-13 14:33:54 -05:00
Tod Beardsley 15b674dab3 Language on MS12-005 2012-06-13 14:22:20 -05:00
Tod Beardsley 99b9261294 Caps in title 2012-06-13 14:19:04 -05:00
Tod Beardsley ae59f03ac9 Fixing print message in snort module 2012-06-13 14:04:05 -05:00
Tod Beardsley a579709bac Cleaning up Modbus scanner 2012-06-13 14:00:07 -05:00
Tod Beardsley 3c73133a44 Fixing up mysql module text 2012-06-13 13:59:58 -05:00
Tod Beardsley 559683f2a1 Fixing CRLFs on winlog_runtime_2 2012-06-13 13:59:39 -05:00
Tod Beardsley 3cf4f7ab44 Fixing indents on msadc module 2012-06-13 13:59:38 -05:00
Tod Beardsley ca8769d725 Whitespace on mysql module. 2012-06-13 13:59:38 -05:00
sinn3r 42ee2b5c02 Add alienvault.com reference 2012-06-13 12:19:51 -05:00
jvazquez-r7 6abb7bb987 Added module for CVE-2012-1875 as exploited in the wild 2012-06-13 18:33:26 +02:00
Steven Seeley 209d6d20d1 comsnd ftp remote format string overflow exploit 2012-06-14 02:22:31 +10:00
James Lee 1138290a64 Return nil when an error occurred
Avoids anti-pattern of testing for a specific class.
2012-06-13 09:41:20 -06:00
HD Moore a2aaca5e85 Correct a fp with this exploit module (would always print success) 2012-06-13 10:38:05 -05:00
James Lee c39a42da3d No need to alter time out 2012-06-12 23:58:20 -06:00
James Lee 1fbe5742bd Axe some copy-pasta 2012-06-12 23:58:20 -06:00
James Lee 9f78a9e18e Port ms10-092 to the new Exploit::Local format 2012-06-12 23:58:20 -06:00
James Lee 0e8fb0fe98 Add a post-exploitation exploit for suid nmap
Tested on Ubuntu with nmap 6.00 and nmap 5.00
2012-06-12 23:58:20 -06:00
sinn3r cde508af03 Merge branch 'jjarmoc-php_cgi_arg_injection' 2012-06-13 00:44:41 -05:00
sinn3r a631e1fef1 Change the default state to make it work on Metasploitable by default 2012-06-13 00:43:59 -05:00
sinn3r 597726d433 Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection 2012-06-13 00:40:02 -05:00
bcoles 9756f87517 Added TFM MMPlayer (m3u/ppl File) Buffer Overflow module 2012-06-13 13:50:12 +09:30
Jeff Jarmoc bbfe0f8f49 " is 0x22, duh. 2012-06-12 20:00:28 -05:00
HD Moore 00aa8c0452 Add missing ExploitRank 2012-06-12 15:35:53 -05:00
HD Moore 4ea5712140 Add a timeout for wonky systems that hang during negotiation 2012-06-12 15:24:13 -05:00
HD Moore 26e72b4061 Enforce a timeout in the ssh handshake (avoid hangs in some cases) 2012-06-12 15:20:25 -05:00
HD Moore 5922ec1f7a Permissions 2012-06-12 15:20:25 -05:00
Jeff Jarmoc 12a28bd519 Fixed ruby 1.9 String Indexing issue, using Rex::Text.uri_encode 2012-06-12 14:59:06 -05:00
Steve Tornio 5775fa9e67 add osvdb ref 2012-06-12 14:53:55 -05:00
HD Moore cc0f3632a8 Merge pull request #477 from jlee-r7/f5-priv
CVE-2012-1493 F5 known private key exploit module
2012-06-12 12:20:48 -07:00
James Lee a91085d6cd Add a disclosure date and more detailed desc 2012-06-12 13:07:53 -06:00
James Lee 11df90c98e Call update_info
Not sure why all modules don't do this. Or none of them.
2012-06-12 13:01:36 -06:00
James Lee c564e9dcc4 Fix 1.8 compat error
Net::SSH expects +key_data+ to be an array of strings. Giving it just a
string works in 1.9 but not 1.8, presumably due to some errant use of
+each+.
2012-06-12 12:50:46 -06:00
James Lee 539deabef5 Clean up title, options 2012-06-12 12:08:58 -06:00
James Lee 85e1555e13 Payload compat to work with unix/interact 2012-06-12 11:46:21 -06:00
James Lee 3d5417e574 Initial commit of F5 exploit 2012-06-12 11:37:22 -06:00
jvazquez-r7 4ae786590a php_wordpress_foxypress from patrick updated. Related to Pull Request #475 2012-06-12 17:39:05 +02:00
Steve Tornio efbaff8b37 add osvdb ref 2012-06-11 22:47:30 -05:00
David Maloney 89e554de2b Adds post module for stealing GPP Passwords
Post module steals Group Policy Preferences account
passwords.
2012-06-11 21:20:18 -05:00
Michael Schierl 34ecc7fd18 Adding @schierlm 's AES encryption for Java
Tested with and without AES, works as advertised. Set an AESPassword,
get encryptification. Score.

Squashed commit of the following:

commit cca6c5c36ca51d585b8d2fd0840ba34776bc0668
Author: Michael Schierl <schierlm@gmx.de>
Date:   Wed Apr 4 00:45:24 2012 +0200

    Do not break other architectures
    even when using `setg AESPassword`

commit 422d1e341b3865b02591d4c135427903c8da8ac5
Author: Michael Schierl <schierlm@gmx.de>
Date:   Tue Apr 3 21:50:42 2012 +0200

    binaries

commit 27368b5675222cc1730ac22e4b7a387b88d0d2b3
Author: Michael Schierl <schierlm@gmx.de>
Date:   Tue Apr 3 21:49:10 2012 +0200

    Add AES support to Java stager

    This is compatible to the AES mode of the JavaPayload project.

    I'm pretty sure the way I did it in the handlers (Rex::Socket::tcp_socket_pair())
    is not the supposed way, but it works :-)
2012-06-11 16:13:25 -05:00
sinn3r c3c9051014 Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection 2012-06-11 11:15:15 -05:00
jvazquez-r7 02a5dff51f struts_code_exec_exception_delegator_on_new_session: on_new_session modified 2012-06-11 12:07:38 +02:00
Juan Vazquez a43cf76591 Merge pull request #463 from schierlm/struts_arch_java
Add ARCH_JAVA support to struts_code_exec_exception_delegator
2012-06-11 03:05:37 -07:00
HD Moore 59f591ac46 Adds jcran's MySQL bruteforce and dump module for CVE-2012-2122 2012-06-11 01:42:06 -05:00
sinn3r 93a2e29ed7 Merge branch 'darkoperator-skype_enum' 2012-06-11 01:41:01 -05:00
sinn3r d226d80919 Make msftidy happy 2012-06-11 01:34:18 -05:00
sinn3r 2847ed9c43 Merge branch 'skype_enum' of https://github.com/darkoperator/metasploit-framework into darkoperator-skype_enum 2012-06-11 01:28:13 -05:00
Carlos Perez bb80124d63 Added support for shell and tested on OSX 10.6 and 10.7. Added additional session type checks. 2012-06-10 21:59:14 -04:00
jvazquez-r7 b908ccff0f Added module for CVE-2012-0297 2012-06-10 22:38:58 +02:00
sinn3r 74c6eb6f78 Change the title and add a Microsoft reference.
This is a MS bug, therefore it's important to point out which
bulletin it belongs to.
2012-06-10 14:45:15 -05:00
sinn3r efcb206cdf Correct a typo 2012-06-10 14:38:14 -05:00
HD Moore 881ec8d920 Make the description clear that it only reads 4k, default datastore['FD'] to 1 2012-06-10 13:20:02 -05:00
sinn3r 15fa178a66 Add the MSF license text (since MSF_LICENSE is already set) 2012-06-10 02:07:27 -05:00
sinn3r c7546638f2 Merge branch 'master' of https://github.com/linuxgeek247/metasploit-framework into linuxgeek247-master 2012-06-10 01:58:00 -05:00
sinn3r 498f3323f3 Merge branch 'ms12_005' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms12_005 2012-06-10 01:53:46 -05:00
sinn3r 8f6457661d Change description 2012-06-10 01:52:26 -05:00
sinn3r 4743c9fb33 Add MS12-005 (CVE-2012-0013) exploit 2012-06-10 01:08:28 -05:00
linuxgeek247 2b67c5132c Adding read_file linux shellcode 2012-06-09 20:36:47 -04:00
jvazquez-r7 f0082ba38f Added module for CVE-2012-0299 2012-06-09 22:27:27 +02:00
Michael Schierl b4d33fb85a Add ARCH_JAVA support to struts_code_exec_exception_delegator 2012-06-09 21:53:43 +02:00
jvazquez-r7 a9ee2b3480 Use of make_nops 2012-06-08 19:20:58 +02:00
jvazquez-r7 91f5f304cb Added module for CVE-2011-2217 2012-06-08 18:10:20 +02:00
sinn3r 3726ddddac Software name correction thanks to modpr0be 2012-06-08 07:07:19 -05:00
sinn3r 41d49ed553 Another badchar analysis. Allow shorter delay (5sec to 1) 2012-06-08 01:59:09 -05:00
sinn3r e5b451c000 Too many tabs for the beginning of the description 2012-06-07 23:08:11 -05:00
sinn3r 520c0ca660 Make msftidy happy 2012-06-07 23:07:39 -05:00
sinn3r 61f5eddf47 Move winlog file 2012-06-07 23:03:30 -05:00
sinn3r 9adec7e7e7 Merge branch 'winlog-2.07.14' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-winlog-2.07.14 2012-06-07 23:02:23 -05:00
sinn3r 83d21df9f6 Merge branch 'master' of https://github.com/darkoperator/metasploit-framework into darkoperator-master 2012-06-07 22:58:50 -05:00
sinn3r a709fe1fe3 Fix regex escaping thanks to w3bd3vil 2012-06-07 16:00:59 -05:00
sinn3r 1eb73dec38 Merge branch 'aushack-master' 2012-06-07 12:17:49 -05:00
sinn3r 42795fec00 Get rid of some whitespace 2012-06-07 12:17:25 -05:00
jvazquez-r7 bd714017bb samsung_neti_wiewer: add Space property for Payload 2012-06-07 16:00:36 +02:00
Patrick Webster 0e20d324b8 Added ms02_065_msadc exploit module. 2012-06-07 21:02:13 +10:00
jvazquez-r7 2f3b1effb9 Added module for OSVDB 81453 2012-06-07 12:47:09 +02:00
Carlos Perez b004f35354 Change failure of loading gem message to be in par with other gem error messages in the framework, also date is better represented in the CSV with UTC value 2012-06-06 16:28:42 -04:00
sinn3r 28fe4c0be5 What's this break stuff?
"break" should be "return"
2012-06-06 11:21:35 -05:00
sinn3r a54b14b192 Remove whitespace 2012-06-06 11:21:34 -05:00
Patrick Webster c36ab97d41 Updated msadc exploit with fixes. 2012-06-06 11:21:34 -05:00
Patrick Webster f25b828d31 Added exploit module msadc.rb 2012-06-06 11:21:34 -05:00
Tod Beardsley 34be642f84 msftidy found EOL spaces on new modules 2012-06-06 10:42:10 -05:00
sinn3r 698e2eab68 Fix nil res when vprints 2012-06-06 09:53:19 -05:00
m-1-k-3 f4f023cbfb add BID 2012-06-06 09:44:16 +02:00
sinn3r 72cdd67cd0 Remove function cleanup()
There is no point of having this function, because there's nothing
in it.
2012-06-06 00:54:04 -05:00
sinn3r 462a91b005 Massive whitespace destruction
Remove tabs at the end of the line
2012-06-06 00:44:38 -05:00
sinn3r 3f0431cf51 Massive whitespace destruction
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
sinn3r c30af98b53 Massive whitespace destruction
Remove all the lines that have nothing but whitespace
2012-06-06 00:22:36 -05:00
Carlos Perez b302f50dbe Initial version of the module supporting Windows and OSX 2012-06-05 19:11:30 -04:00
sinn3r f438e6c121 Remove the 'Rop' key because we don't really use it 2012-06-05 16:07:23 -05:00
sinn3r f9651be88e Merge branch 'ms11_093_ole32' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ms11_093_ole32 2012-06-05 15:44:13 -05:00
sinn3r 37846c0de2 Handle get_once return value correctly 2012-06-05 15:40:49 -05:00
sinn3r b6f591718a Change recv to get_once 2012-06-05 15:40:20 -05:00
sinn3r bc91135808 Correct description 2012-06-05 15:32:41 -05:00
sinn3r 19e187e88e Correct the description 2012-06-05 15:08:43 -05:00
sinn3r 28511cf666 Title change, use get_once instead of recv. Add a reference. 2012-06-05 15:06:05 -05:00
sinn3r 1c99119ecd Remove the version key, and correct spacing 2012-06-05 13:53:11 -05:00
sinn3r 8f5759ac13 Move these SCADA modules to SCADA folder 2012-06-05 13:50:53 -05:00
sinn3r 215e0e48a0 Fix Modbus version scanner's format 2012-06-05 11:47:44 -05:00
sinn3r 50243a9679 Add Metasploit license disclaimer since it has a MSF_LICENSE 2012-06-05 11:36:45 -05:00
sinn3r 30ceb98d87 Merge branch 'modbus-auxil' of https://github.com/esmnemon/metasploit-framework into esmnemon-modbus-auxil 2012-06-05 11:35:10 -05:00
sinn3r a3048c7ae8 Clear whitespace 2012-06-05 11:28:47 -05:00
jvazquez-r7 a30f104ee6 Fix space on Authors 2012-06-05 18:23:57 +02:00
jvazquez-r7 93741770e2 Added module for CVE-2011-3400 2012-06-05 18:21:55 +02:00
m-1-k-3 95d949e860 sleep and at 2012-06-05 18:08:46 +02:00
0a2940 dc6b2f4205 merged unstable-modules/exploits/incomplete/linux/ids/snortdcerpc.rb with exploits/windows/ids/snort_dce_rpc.rb 2012-06-05 04:14:40 -07:00
sinn3r b282901b08 Correct emails for aux and exploit modules 2012-06-04 21:58:01 -05:00
sinn3r d9c39d3798 Fix the rest of nil res from get_once 2012-06-04 17:26:15 -05:00
sinn3r 0fcc53b0a2 Handle nil for get_once 2012-06-04 15:31:10 -05:00
sinn3r a071d2805e Fix the rest of possible nil res bugs I've found 2012-06-04 14:56:27 -05:00
sinn3r 01803c4a33 Fix possible nil res. Bug #6939. Part 1. 2012-06-04 13:11:47 -05:00
m-1-k-3 0acbd99e71 targets 2012-06-04 20:08:58 +02:00
m-1-k-3 08ff6c72b1 winlog_lite_2.07.14 initial commit 2012-06-04 17:24:01 +02:00
Carlos Perez b9e7af6bcd fixes to OSX modules as requested by egypt on redmine ticket and fixes to the remote desktop post modules 2012-06-04 10:56:40 -04:00
Steve Tornio 0759c3b75c Adding swtornio's OSVDB ref
Watch the trailing commas, that wangs up Ruby 1.8.7 and prior.

Squashed commit of the following:

commit c00363993a726cd0c87fbaee769c44f680feff72
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Jun 4 09:33:18 2012 -0500

    Removing trailing comma

commit 594cae0cab60ba0493a6c50a001cd6885f05522b
Author: Steve Tornio <swtornio@gmail.com>
Date:   Mon Jun 4 09:10:36 2012 -0500

    add osvdb ref
2012-06-04 09:34:28 -05:00
jvazquez-r7 b53a1396fc Use of TARGETURI 2012-06-03 22:36:23 +02:00
jvazquez-r7 659b030269 Verbose messages cleanup 2012-06-03 22:29:31 +02:00
jvazquez-r7 34f42bab17 Fix typo in the URI param 2012-06-03 22:14:13 +02:00
jvazquez-r7 efe4136e5b Added module for CVE-2012-0391 2012-06-03 22:08:31 +02:00
sinn3r 2565888ec5 Change how we handle the password complexity failure 2012-06-03 13:13:44 -05:00
sinn3r 11e6a09cb0 Merge branch 'adduser_tabs' of https://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-adduser_tabs 2012-06-03 12:31:46 -05:00
Chris John Riley a51df5fc3a Altered description to include information on the password complexity check
Altered the default password to meet the complexity checks

Note: The complexity checks (even if they fail) don't prevent the payload from running. At this point it only raises an warning and continues on. I can change this if it's more desirable however!
2012-06-03 09:22:48 +02:00
sinn3r 86d20b2de1 Merge branch 'adduser_tabs' of https://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-adduser_tabs 2012-06-02 20:27:16 -05:00
sinn3r 1817942aae Merge branch 'logcms_writeinfo' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-logcms_writeinfo 2012-06-02 17:43:51 -05:00
sinn3r 7bb36bfbde Fix typo thanks to juan 2012-06-02 16:57:53 -05:00
sinn3r 7e318e9787 Merge branch 'logcms_writeinfo' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-logcms_writeinfo 2012-06-02 14:14:56 -05:00
Chris John Riley ea66deb779 Added WMIC and complexity checks 2012-06-02 19:41:12 +02:00
Chris John Riley bada88cdf0 Added WMIC and complexity checks 2012-06-02 19:38:37 +02:00
Christian Mehlmauer 3752c10ccf Adding FireFart's RPORT(80) cleanup
This was tested by creating a resource script to load every changed
module and displaying the options, like so:

````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````

...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.

Thanks FireFart!

Squashed commit of the following:

commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Fri May 25 22:09:42 2012 +0200

    Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
2012-06-02 09:53:19 -05:00
sinn3r 59468846e3 Change filename 2012-06-02 01:51:20 -05:00
sinn3r 522991f351 Correct name 2012-06-02 01:49:43 -05:00
sinn3r 7fd3644b8b Add CVE-2011-4825 module 2012-06-01 18:45:44 -05:00
Christian Mehlmauer 6ae17db7d3 Adding FireFart's hashcollision DoS module
Have some minor edits below, looks like it all works now though.

Squashed commit of the following:

commit b7befd4889f12105f36794b1caca316d1691b335
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Jun 1 14:31:32 2012 -0500

    Removing ord in favor of unpack.

    Also renaming a 'character' variable to 'c' rather than 'i' which is
    easy to mistake for an Integer counter variable.

commit e80f6a5622df2136bc3557b2385822ba077e6469
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Jun 1 14:24:41 2012 -0500

    Cleaning up print msgs

commit 5fd65ed54cb47834dc646fdca8f047fca4b74953
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Jun 1 14:19:10 2012 -0500

    Clean up hashcollision_dos description

    Caps, mostly. One sentence I still don't get but it's not really a show
    stopper.

commit bec0ee43dc9078d34a328eb416970cdc446e6430
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Thu May 24 19:11:32 2012 +0200

    Removed RPORT, ruby 1.8 safe, no case insensitive check, error handling

commit 20793f0dfd9103c4d7067a71e81212b48318d183
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Tue May 22 23:11:53 2012 +0200

    Hashcollision Script (again)
2012-06-01 14:51:11 -05:00
Tod Beardsley ced5b9916e Whitespace fix for script-fu module
This is really just to check the GitHub IRC bot thinger.
2012-06-01 12:24:52 -05:00
sinn3r 353d49d05b Modify the description 2012-06-01 12:04:46 -05:00
jvazquez-r7 abbd8c8cd5 Added module for CVE-2012-2763 2012-06-01 18:53:25 +02:00
David Maloney 92dafd4d17 Bringin in new version of pcanywhere_login 2012-06-01 11:15:12 -05:00
David Maloney 933949a6b0 trying to work around wierd git issue 2012-06-01 11:13:28 -05:00
David Maloney 28bf017ca9 Fix nil responses 2012-05-31 23:12:17 -05:00
James Lee 4681ed1c1e Whitespace, thanks msftidy.rb! 2012-05-31 18:18:27 -06:00
Tod Beardsley c463bd7c6d Fixing description for citrix module 2012-05-31 16:37:35 -05:00
Tod Beardsley 17e41b2e39 Fixing description for citrix module 2012-05-31 16:36:21 -05:00
Juan Vazquez a0b491355c Merge pull request #436 from jvazquez-r7/citrix_streamprocess_get_footer
Added module for Citrix Provisioning Services 5.6 SP1
2012-05-31 14:35:22 -07:00
Tod Beardsley 02a41afb2b Fixing description for juan's Citrix module 2012-05-31 16:34:13 -05:00
Juan Vazquez 00bb216927 Merge pull request #435 from jvazquez-r7/citrix_streamprocess_get_boot_record_request
Added module for Citrix Streamprocess Opcode 0x40020004 Buffer Overflow
2012-05-31 14:33:20 -07:00
jvazquez-r7 47c5745673 Fixed name module 2012-05-31 23:23:11 +02:00
jvazquez-r7 e324ed5251 Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020002 Buffer Overflow 2012-05-31 23:21:43 +02:00
jvazquez-r7 1c11b1b1b7 Added module for Citrix Streamprocess Opcode 0x40020002 Buffer Overflow 2012-05-31 23:17:38 +02:00
jvazquez-r7 b5f5804d94 description updated 2012-05-31 23:14:25 +02:00
jvazquez-r7 198070361b Added module for ZDI-12-010 2012-05-31 22:45:55 +02:00
HD Moore 2ad17299e2 Handle cisco devices better with ssh logins 2012-05-31 14:59:24 -05:00
David Maloney e93a6ddf83 Adds thelightcosine's pcanywhere module
Adds PCAnywhere bruteforce capabilities

Squashed commit of the following:

commit 5354fd849f0c009c534d7ce18369382dd56de550
Author: David Maloney <DMaloney@rapid7.com>
Date:   Thu May 31 14:35:23 2012 -0500

    Add explicit pack to encrypted header

commit 7911dd309a94df2729c8247c3817cf5de6b99aad
Author: David Maloney <DMaloney@rapid7.com>
Date:   Thu May 31 13:11:19 2012 -0500

    adds pcanywhere_login module
2012-05-31 14:46:26 -05:00
Steve Tornio 5105c1a4df add osvdb ref 2012-05-31 08:49:58 -05:00
sinn3r 4d94eeb79d Merge pull request #430 from wchen-r7/s40_traversal
Add s40 dir traversal vuln
2012-05-31 02:46:53 -07:00
sinn3r a19583624e Add s40 dir traversal vuln
I can't believe I stayed up all night, and this is all I could find.
2012-05-31 04:43:57 -05:00
Tod Beardsley 7e6c2f340e Minor updates; added BID, fixed grammar
Modules should not refer to themselves in the first person unless they
are looking for Sarah Connor.
2012-05-30 16:16:41 -05:00
sinn3r 54e14014c3 Merge pull request #428 from wchen-r7/php_volunteer
Add PHP Volunteer Management System exploit
2012-05-30 09:33:32 -07:00
sinn3r 59ea8c9ab9 Print IP/Port for each message 2012-05-30 11:30:55 -05:00
sinn3r 43dffbe996 If we don't get a new file, we assume the upload failed. This is
possible when we actually don't have WRITE permission to the
'uploads/' directory.
2012-05-30 11:26:06 -05:00
sinn3r efdcda55ef Don't really care about the return value for the last send_request_raw 2012-05-30 11:00:31 -05:00
sinn3r 13ba51db34 Allow the login() function to be a little more verbose for debugging purposes 2012-05-30 10:56:59 -05:00
sinn3r b81315790d Add PHP Volunteer Management System exploit 2012-05-30 10:38:45 -05:00
David Maloney 1d63cd6f6b Revert " Sets the passive flag on the JtR modules"
This reverts commit e70ccddc9a.
2012-05-29 21:28:23 -05:00
David Maloney 9e7acf3a57 left debug statement in module 2012-05-29 20:23:56 -05:00
David Maloney 5496beebbc fix bad proto name in winscp post mod
The service name would get set as SCP instead of SSH
this screws up bruteforce options later
2012-05-29 18:17:28 -05:00
David Maloney e70ccddc9a Sets the passive flag on the JtR modules 2012-05-29 17:16:07 -05:00
David Maloney 54fb6d2f7a Fixes unreal ircd race condition
Handler would exit before finishing staging
2012-05-29 17:16:07 -05:00
jvazquez-r7 065d3187d3 Added module for OSVDB 74604 2012-05-29 21:10:51 +02:00
esmnemon c00222b4c2 Added one modbus-scanner and one modbus-client aux-module SCADA 2012-05-29 20:34:33 +02:00
Steve Tornio fe86ab9914 =Add osvdb ref 2012-05-29 13:31:20 -05:00
jvazquez-r7 db5b3c8259 Added module for OSVDB 82000 2012-05-28 08:51:36 +02:00
sinn3r d615e3bcb8 Print target IP/Port when restoring currencies.php 2012-05-28 01:33:45 -05:00
sinn3r 712a21717a Totally forgot about disclosure date, damn it 2012-05-28 01:31:13 -05:00
sinn3r 7c1442c4b4 Merge pull request #421 from wchen-r7/symantec_web_gateway
Add CVE-2012-0297 Symantec Web Gateway
2012-05-27 23:28:59 -07:00
sinn3r 34c93d8e44 Fix check 2012-05-28 00:51:46 -05:00
sinn3r 96d70e5fb6 Add CVE-2012-0297 Symantec Web Gateway 2012-05-27 22:47:39 -05:00
sinn3r 86ba759c07 Oops, I left one more anonymous out. 2012-05-26 15:30:20 -05:00
sinn3r 18c8314d79 Change unknown authors to "Unknown".
Since "Anonymous" has become a well known organization, the meaning of the
term also may cause confusion.  In order to clarify, we correct unknown
authors to simply "Unknown".
2012-05-26 15:23:09 -05:00
sinn3r 8f537653b4 Merge pull request #420 from wchen-r7/quickshare
Add OSVDB-70776 - QuickShare File Share
2012-05-26 01:04:21 -07:00
sinn3r 0b86ceb528 Add OSVDB-70776 2012-05-26 03:00:32 -05:00
jvazquez-r7 e774df5c32 target info plus relocation 2012-05-25 20:16:13 +02:00
jvazquez-r7 c4fad0dea5 module added for OSVDB-73609 2012-05-25 17:18:09 +02:00
sinn3r 7b0fbaed23 Merge pull request #417 from wchen-r7/rabidhamster
Add OSVDB-79007 - RabidHamster R4 Log Entry BoF
2012-05-25 01:11:17 -07:00
sinn3r d595f908fc Add OSVDB-79007 2012-05-25 03:06:28 -05:00
jvazquez-r7 f7224ab306 flexnet_lmgrd_bof rand_text fix 2012-05-24 18:02:25 +02:00
sinn3r c606896122 Multiple fixes and improvements:
* Make session ID configurable based on feature #6894's suggestion.
* Fix a potential bug when res is nil.
* Use print_error() to make the error message more readable.
2012-05-24 02:16:29 -05:00
Tod Beardsley 5004515187 Resolved conflicts merging back from release
Merge branch 'release'

Conflicts:
	lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb
	modules/exploits/windows/license/flexnet_lmgrd_bof.rb
2012-05-24 00:27:41 -05:00
sinn3r 101abb45a1 Merge branch 'bug/4400-postgres-store-loot' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/4400-postgres-store-loot 2012-05-23 20:38:03 -05:00
James Lee 22601180f3 Save the pilfered file as loot 2012-05-23 18:07:13 -06:00
sinn3r ac0d22453a Merge pull request #414 from wchen-r7/apprain
Add CVE-2012-1153
2012-05-23 16:34:30 -07:00
sinn3r 8d837f5d20 Module description update. TARGETURI description update. 2012-05-23 18:33:32 -05:00
sinn3r fab3bfcea1 Add CVE-2012-1153 2012-05-23 17:50:13 -05:00
sinn3r 0b7b71e240 Correct run-on sentence 2012-05-23 10:27:23 -05:00
sinn3r 94f114b69a Fix typos 2012-05-23 10:22:52 -05:00
sinn3r 7a4f1a111b Merge branch 'cve-2008-0320_openoffice_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cve-2008-0320_openoffice_bof 2012-05-23 10:20:16 -05:00
jvazquez-r7 287d68f304 added module for CVE-2008-0320 2012-05-23 17:14:11 +02:00
Tod Beardsley a37e98f159 Updating release from master. 2012-05-22 14:12:08 -05:00
Jeff Jarmoc c4b64a51f7 Added reference to vendor advisory 2012-05-22 13:22:26 -05:00
Tod Beardsley 87ce3fe2f7 Adding extra ref from jjarmoc 2012-05-22 11:17:57 -05:00
sinn3r c9604d8902 Add an invisible reference 2012-05-22 10:52:54 -05:00
sinn3r d9ab464d4d A very quick update to the title. 2012-05-22 03:11:05 -05:00
sinn3r c9aa057b6d Merge pull request #407 from wchen-r7/osx_voice
OSX Text-to-Speech tool
2012-05-22 01:06:50 -07:00
sinn3r ca08e225fb Add OSX Text-to-Speech tool 2012-05-22 03:03:30 -05:00
jvazquez-r7 c823e8099e randomization when possible for flexnet_lmgrd_bof 2012-05-22 08:32:10 +02:00
sinn3r cafe803217 Fix typos 2012-05-21 16:32:33 -05:00
jvazquez-r7 72b1f113ce Added module for ZDI-12-052 2012-05-21 16:32:33 -05:00
David Maloney df85e4f586 Remove trailing comma 2012-05-21 16:28:02 -05:00
David Maloney 17943c7a48 Makes it so we don't ever use local config files for Net::SSH
Also makes sure that the :config =>false option keeps
Net:SSH from meddling with knowns_hosts too
2012-05-21 16:09:08 -05:00
David Maloney c386e1ce31 Add an option to the schemadump modules to not display output to the
screen
2012-05-21 16:09:07 -05:00
RageLtMan 77f95df1e9 Banner encoding fix when running against dd-wrt on ruby 1.9.3 2012-05-21 14:50:57 -05:00
RageLtMan 125aa43072 PowerShell post module download and exec
This adds sempervictus's PowerShell post module, along with a default
post module one can use for quick testing (for expected results, see
the screencap Gist at https://gist.github.com/6011cb87b01e970deca8

[Closes #403]

Squashed commit of the following:

commit c6b5a6aac1dc8781c67b611289d7710129592e83
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon May 21 14:43:48 2012 -0500

    Minor tweaks to language

commit ef088e135cd7b0ccb514a3011889154661d5bd09
Merge: 0a05455 1e14211
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon May 21 14:34:27 2012 -0500

    Merge remote branch 'todb/default-powershell' into Pull403

commit 0a0545558604c53d4648e3314ca8963ff9b225a7
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon May 21 14:33:33 2012 -0500

    Reverting unrelated telnet fix

    While I'm sure it's great, it needs to be tested.

commit 1e1421102b44a4c60c6eb9b442227075e959d7c6
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon May 21 14:14:09 2012 -0500

    Adds a default path to a script for exec_powershell.rb

commit 9978787f44896d06744d50febf4344111edcd7b1
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon May 21 14:06:46 2012 -0500

    Adds a new default powershell script

commit 25b605949fbf772e95a510162ca5af510c59788f
Author: RageLtMan <rageltman [at] sempervictus>
Date:   Mon May 21 14:15:15 2012 -0400

    Synchronized SVIT version of lib...powershell.rb to github. Adds timeout option, check for script encoding, etc. Added post/windows/manage/powershell folder with script execution module. Other modules which can be placed here would be WinRM meterp exec, PS persistence, etc

commit c4a7fd932fb8850de732bfa911cf8d729a5db42d
Merge: 21b31f1 36207eb
Author: RageLtMan <rageltman [at] sempervictus>
Date:   Mon May 21 14:07:26 2012 -0400

    msfvenom formatting merge conflict fix

commit 36207eb21ee04483c19790b5db7855d0a715e43d
Merge: c77eb03 4772c12
Author: RageLtMan <rageltman [at] sempervictus>
Date:   Mon May 21 14:06:07 2012 -0400

    Merge branch 'master' of https://github.com/rapid7/metasploit-framework

commit 21b31f10c505862c14234824d4dabbb6fdfe7cbb
Merge: 81a7d62 c77eb03
Author: RageLtMan <rageltman [at] sempervictus>
Date:   Fri May 18 12:57:52 2012 -0400

    Merge branch 'master' into powershell

commit c77eb03ca4428a741f5d231b3ec1cf80c90e9395
Merge: 89d5af7 52183aa
Author: RageLtMan <rageltman [at] sempervictus>
Date:   Fri May 18 12:57:21 2012 -0400

    Merge branch 'master' of https://github.com/rapid7/metasploit-framework

commit 89d5af7ab2fe1ce31cd70561893d94bb73f3762c
Author: RageLtMan <rageltman [at] sempervictus>
Date:   Fri Mar 2 01:28:02 2012 -0500

    Banner encoding fix when running against dd-wrt on ruby 1.9.3

commit 81a7d62c6dab8404c1c0566a8be84c7280edeef8
Author: RageLtMan <rageltman [at] sempervictus>
Date:   Tue Mar 20 20:19:13 2012 -0400

    powershell for msfvenom

commit 672c7bc37ea37a3b111f755ef17fe0c16047e488
Merge: 3e86dc4 ed542e2
Author: RageLtMan <rageltman [at] sempervictus>
Date:   Tue Mar 20 20:08:12 2012 -0400

    exe.rb merge cleanup

commit 3e86dc4c40da1df3d0ff4a9ab6fffe8eeda52544
Author: RageLtMan <rageltman [at] sempervictus>
Date:   Tue Mar 20 20:06:03 2012 -0400

    psh encoder cleanup

commit f619ed477fef7a2830b99ce6a9b27bb523c9d3ce
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Sun Feb 5 13:35:11 2012 -0500

    method call fix for psh-net encoder

commit 7b035e6da0ead328aebbfdf9fbbebed506cdca18
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Fri Feb 3 18:53:54 2012 -0500

    PS encoders: .net and architecture dependent native (psh-net, psh)

commit 7a2749bf2682686a87d37d240e61adece53fba8e
Merge: 32730b9 f89853d
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Fri Feb 3 18:38:03 2012 -0500

    Merge branch 'master' into powershell

commit 32730b96be4c9bd73f1f45b5d2d4330b8fb72cb8
Merge: e69fcd1 f6a6963
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Wed Jan 25 10:33:17 2012 -0500

    Merge branch 'master' of https://github.com/rapid7/metasploit-framework into powershell

commit e69fcd1a83412d6c0c96605b5acf0675e5b07205
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Wed Jan 25 07:59:38 2012 -0500

    msfvenom psh addition

commit 9a5d8ead7e69c40ff5e9a73244165a5685ca47ec
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Wed Jan 25 07:29:38 2012 -0500

    Proper author reference

commit 9fd8ac75a89ca2678b0d09192227eb23f00bf549
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Tue Jan 24 19:07:30 2012 -0500

    Fix script handling

commit fa363dfe965382a9f89ff404398e38e8f164c11a
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Tue Jan 24 17:31:09 2012 -0500

    added Msf::Post::Windows::Powershell, reworked post module to use mixin

commit e078d15b5464ff47ce616334d8cb1aa84a00df33
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Mon Jan 23 13:42:35 2012 -0500

    vprint_good change

commit 355f8bb19a62d974c5c89079dd26dd4cbb756c0a
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Mon Jan 23 12:50:51 2012 -0500

    exec powershell module

commit 5f9509444953f25352c994f90cae8a168878f7ea
Author: RageLtMan <rageltman@sempervictus.com>
Date:   Mon Jan 23 12:45:41 2012 -0500

    powershell encoder support - Redmine Feature #6049
2012-05-21 14:48:16 -05:00
Tod Beardsley 4772c1258e Removing hashcollision_dos module due to license violation
The description text is a copy-paste of
http://www.ocert.org/advisories/ocert-2011-003.html , which has a
specific creative commons liscence prohibiting derivative works.

Since I have no idea what else in this module is a license violating,
I'm pulling it completely. I suspect a lot, though -- there are weird
all-caps methods in the module that look like copy-pastes as well.

Next time, please contribute original work, or at least work that is not
encumbered by restrictive licensing.
2012-05-21 11:28:58 -05:00
Tod Beardsley 675dfe4e14 Don't keep the weblogi return codes secret 2012-05-21 11:27:24 -05:00
Tod Beardsley 1104dccde8 Noting rhost/rport, cli.peerhost where appropriate
There's no msftidy check for this, and it's irritating to have to
remember to do this all the time.
2012-05-21 11:19:02 -05:00
Tod Beardsley 7cc905832e Consistent caps on SVG in batik_svg_java exploit
Also, modules should not refer to themselves as "I" or "me." It's
creepy.
2012-05-21 11:14:03 -05:00
Tod Beardsley 5dd866ed4a Fixed print_status to include rhost:rport
Also don't let the failed user:pass be a mystery to the user.
2012-05-21 11:11:34 -05:00
Tod Beardsley eea20e773b Capitalization fixups on hashcollision_dos 2012-05-21 11:06:18 -05:00
Tod Beardsley 1fc7597a56 Msftidy fixes.
Fixed up activecollab_chat, batik_svg_java, and foxit_reader_launch

All whitespace fixes.
2012-05-21 10:59:52 -05:00
sinn3r 822e109b1f Merge pull request #398 from wchen-r7/foxit_reader_launch
CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action BoF
2012-05-20 07:58:29 -07:00
Steve Tornio ba2787df8a add osvdb ref 2012-05-20 07:13:56 -05:00
Steve Tornio c95a06e247 add osvdb ref 2012-05-20 07:13:31 -05:00
sinn3r 628233d15c Merge pull request #399 from wchen-r7/hp_storageworks
Add HP StorageWorks VSA command execution vulnerability
2012-05-19 14:14:49 -07:00
sinn3r d8c3edd316 Add HP StorageWorks VSA command execution vulnerability 2012-05-19 14:53:45 -05:00
sinn3r f9bcb95952 Correct EDB references 2012-05-19 02:24:29 -05:00
sinn3r 964a6af423 Add Active Collab chat module PHP injection exploit, by mr_me 2012-05-19 02:06:30 -05:00
sinn3r e4f80a1fab Francisco is the the one who found it according to advisory 2012-05-18 17:12:52 -05:00
sinn3r 41aac751e9 Add CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action Buffer Overflow
This was added last year, but yanked due to some reliability issues.
bannedit gave me the updated version recently, and the issue he was having
appears to be resolved.
There is no good P/P/R to use in XP SP3, so that system isn't supported.
2012-05-18 13:25:51 -05:00
jvazquez-r7 bedf010676 description modified 2012-05-18 01:23:09 +02:00
jvazquez-r7 e7f5bf132c trying to improve bea weblogic connector bof 2012-05-18 01:13:56 +02:00
sinn3r c0d17734ed Improve run-on sentences. 2012-05-17 15:00:00 -05:00
sinn3r 32a0596a03 Merge branch 'oracle_bea_post_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_bea_post_bof 2012-05-17 14:52:10 -05:00
jvazquez-r7 c4ab521d7b better tab indentation 2012-05-17 21:41:31 +02:00
sinn3r 0b35ab6a75 If the target isn't support, make sure we warn the user 2012-05-17 12:34:17 -05:00
jvazquez-r7 a21e832336 fingerprinting bea connector with Transfer-Encoding 2012-05-17 19:21:16 +02:00
sinn3r 952ada1742 Fix broken target (variable naming) 2012-05-17 11:37:49 -05:00
sinn3r 2fccf4674f Be explicit on what version we've tested 2012-05-17 11:04:40 -05:00
sinn3r 1b70ba8208 Merge branch 'batik_module' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-batik_module 2012-05-17 10:55:58 -05:00
jvazquez-r7 0fd3f96720 errata fixed 2012-05-17 17:23:16 +02:00
jvazquez-r7 14d8ba00af Added batik svg java module 2012-05-17 16:48:38 +02:00
HD Moore 99368d27e5 Fix a missing require 2012-05-17 09:37:23 -05:00
jvazquez-r7 9a5e4d6500 Added target BEA Weblogic 8.1 SP4 2012-05-17 11:07:22 +02:00
jvazquez-r7 445bd90afb Added module for CVE-2008-3257 2012-05-17 10:28:18 +02:00
jlee-r7 fe7928c18d Merge pull request #390 from jlee-r7/consolidate-250-254-375
Consolidate #250, #254, #375
2012-05-16 17:07:33 -07:00
Tod Beardsley dd4aaa07fa Fixing CVE reference 2012-05-16 14:34:41 -05:00
Tod Beardsley 336a00bc54 Fixing CVE reference 2012-05-16 14:34:04 -05:00
Tod Beardsley 7a78c99c5e Adding credit to original PoC guy for RuggedCom
Just added and commented. It'd be nice to have a real spot for this kind
of credit, because it comes up a lot and it's hard to parse out in a
machine way who 'wrote' the module and who came up with the exploit.
2012-05-16 13:47:15 -05:00
sinn3r 0b2a8e0b70 Correct e-mail format 2012-05-16 02:40:39 -05:00
HD Moore 4943b4c694 Bug fix from mubix (ruby 1.8 syntax) 2012-05-15 23:05:22 -05:00
sinn3r b89e77c842 Add Spanish dir path. Thanks Miguel 2012-05-15 19:27:48 -05:00
sinn3r 8428d16db3 Format correction 2012-05-15 19:21:16 -05:00
sinn3r 3cd66402b7 Merge branch 'master' of https://github.com/FireFart/metasploit-framework into FireFart-master 2012-05-15 18:35:48 -05:00
James Lee 42719ab34b Squashed commit of the following:
commit 6a3ad1d887df9d277e4878de94f8700ed8e404f9
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 16:22:49 2012 -0600

    Add register_command calls for md5 and sha1

commit dbd52c5a1edfe1818a580d4d46aac0a9ca038e9c
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 16:22:09 2012 -0600

    Read the file instead of downloading it

commit 55b84ad8e2a8532b3f8520ccb1162169b8e9c056
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 15:27:11 2012 -0600

    Re-compile linux meterp to support the loadlib api

commit d112e84e490aa30aa9533fb0bdb33a9713ce01a5
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:50:25 2012 -0600

    Re-compile java meterp to support the loadlib api

commit c137187b346b708487245a849b95343223e4e7b0
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:44:10 2012 -0600

    Don't try to get interfaces if this session doesn't implement it

commit 88bba1e6c360c5725c4174623f56bcb6d8b54228
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:38:17 2012 -0600

    Remove debugging load

commit 02954cbf93e2a13da967780cb703103b3f83ecf4
Merge: d9ef256 88b35a3
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 12:06:53 2012 -0600

    Merge branch 'rapid7' into feature/4905

    Conflicts:
    	data/meterpreter/ext_server_stdapi.php
    	modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb

commit d9ef2569b88ae8bce67f13316f6eff76311fd846
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 2 18:06:06 2012 -0600

    PHP doesn't support rev2self

commit bf13ea0ff25541da07b8c099218e5ad7ea6ae8ba
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 18:21:59 2012 -0600

    Add php support for returning new extension commands

commit 7e35f2d671d3797fc3fab12e54015387f44b0b33
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 16:03:26 2012 -0600

    Reset CVE-2012-0507 back to master

    Purges commits unrelated to this branch.

commit 86a77b3cd017e1e3a3f23d9fba3b9ed173761f80
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 15:59:35 2012 -0600

    Revert "Make building the jar for cve-2012-0507 a bit easier"

    This reverts commit 27ef76522ad10436ec785728445ed2cc0657f85f.

    Conflicts:

    	external/source/exploits/CVE-2012-0507/Makefile
    	external/source/exploits/CVE-2012-0507/src/msf/x/PayloadX.java

commit 8c259fb779f736be16fe972215ddff1dd32fd0f3
Merge: fe2c273 1c03c2b
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 15:35:44 2012 -0600

    Merge branch 'rapid7' into feature/4905

    Conflicts:
    	data/meterpreter/ext_server_stdapi.jar
    	data/meterpreter/meterpreter.jar
    	external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/Meterpreter.java
    	modules/auxiliary/server/browser_autopwn.rb

commit fe2c273a6d840c67040d6c9e337f908204337e18
Merge: 8caff47 4e955e5
Author: James Lee <egypt@metasploit.com>
Date:   Fri Apr 6 10:19:53 2012 -0600

    Merge branch 'rapid7' into feature/4905

commit 8caff47d97469f1a5459c04461fd1098487ea514
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 17:51:18 2012 -0600

    Fix requires to find the test library

commit 51c33574cee3c47f0b2900c388d3d1213dd0a90d
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 17:48:35 2012 -0600

    Fix a load order problem with solaris post mods

commit 81b658362e5e6bdd215d18b53d14429d163aff72
Merge: adad2cf 6ef4257
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 15:43:19 2012 -0600

    Merge branch 'master' into feature/4905

commit 6ef42579471c6fde4bba71d0d4ce2c6c3e836180
Merge: 70ab8c0 5852455
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 15:16:56 2012 -0600

    Merge branch 'rapid7'

    Conflicts:
    	lib/rex/exploitation/javascriptosdetect.rb

commit adad2cf04c501c2a787e5475b62abd31871c06a0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 20:20:21 2012 -0600

    Deal with null data/jar

    Not sure why "" turns into null sometimes, but it was breaking shells;
    this fixes it.

commit 4f8a437b490e2b2774f9efd23b4891eaf007cf16
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:10:59 2012 -0600

    Prev commit moved these to src/a

commit 27ef76522ad10436ec785728445ed2cc0657f85f
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:08:32 2012 -0600

    Make building the jar for cve-2012-0507 a bit easier

    Mostly stolen from cve-2008-5353

commit db3dbad0a5ff20b05758be073c3502138ff095c2
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 14:52:23 2012 -0600

    Fix incorrect option name

commit 776976af31795bdf1b405e208a2d4b78a6b6c2cf
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:36:20 2012 -0600

    Add bap support to java_rhino

commit a611ab16e06bd324d6616d0bd69f2c09d671bca0
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:35:16 2012 -0600

    Put next_exploit on the window object so it's always in scope

    Solves some issues with Chrome not running more than one exploit

commit 5114d35de7c2f234ac7fe4288b344d4f2bb9731f
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 14:31:53 2012 -0600

    Pull common stuff up out of the body

commit 748309465a029593e2fe2fd445149745367513f4
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:04:03 2012 -0600

    Fix indentation level

commit 954d485e3b8ffea9a7451bd495c1956a098e0eda
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:02:42 2012 -0600

    Abstract out copy-pasted methods

    Need to do the same thing for OSX, but it's a different implementation.

commit cba8d7c911fb184f6358948022fd4a0e010878d0
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 18:04:50 2012 -0600

    Linux doesn't implement (drop|steal)_token

commit 1cfda3a7b045c08ecfae1ad688e0124e76bd0c8f
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 17:57:37 2012 -0600

    Add availability checks for net, sys, ui, and webcam

commit 4bdf39a8bf4b5aab293fc47cb8282d0346db0811
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 16:45:59 2012 -0600

    add requirement checking for fs and core commands

commit 42e35971c9f7348b57293b2b94a42dd0260ac7e4
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 21 17:20:59 2012 -0600

    Add a to_octal method that converts e.g. "A" to \0101

commit c3b9415a0a9e2b55b1effbaf2396e11f88301aaa
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 21 17:20:07 2012 -0600

    Don't use "echo -n"

    It's not portable

commit b0f3ceccfaedbeaf67fbbe76f1a0a9aec7b44548
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 20 17:01:10 2012 -0600

    Return a list of new commands after core_loadlib, java version

    Thanks mihi for the patch and the awesome responsiveness!

commit d65303e1b6458bd4b95138dc0d61e5354c4e8d3a
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 20 13:21:06 2012 -0600

    Make sure we have a response before doing stuff with it

commit 721001ead474a17d1a16de543f78b548879f5e7e
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 21:25:31 2012 -0600

    Add missing rmdir and mkdir protocol commands to PHP

    Now passes all the stdapi tests that it can
    	[*] Session type is meterpreter and platform is php/php
    	[+] should return a user id
    	[+] should return a sysinfo Hash
    	[-] FAILED: should return network interfaces
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1
    	[-] FAILED: should have an interface that matches session_host
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1
    	[-] FAILED: should return network routes
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_routes: Operation failed: 1
    	[+] should return the proper directory separator
    	[+] should return the current working directory
    	[+] should list files in the current directory
    	[+] should stat a directory
    	[+] should create and remove a dir
    	[+] should change directories
    	[+] should create and remove files
    	[+] should upload a file
    	[-] Passed: 10; Failed: 3

commit 024e99167a025f4678a707e1ee809a1524007d4d
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:26:00 2012 -0600

    Use a proper TLV type instead of a generic one

commit 1836d915cbe0bfd2f536a667e74d8d6a6ccee72a
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:24:25 2012 -0600

    Fix a counting error that caused segfaults (Linux)

commit 1e419d3fc392e435ae0af703561ce10bd5a45eb0
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:06:02 2012 -0600

    Return a list of new commands after core_loadlib

    Gets Windows back in sync with Linux

commit 3d3959f720de68e2f36ebfabe8196e01f98fe904
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 14:50:55 2012 -0600

    Refactor extensionList -> extension_commands

    It's not the same as extension_list.

commit a7acb638af803732fc5f3975e0c0632f427e0deb
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sun Mar 18 00:07:27 2012 -0500

    Massive whitespace cleanup

commit ef8b9fd5cea7db43860a5b88d7397ba84393ecd5
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 16:00:20 2012 -0500

    Add back enum_protections with some new changes

commit d778eec36953bb9bf4985e967ad2c119a1acd79b
Author: ohdae <bindshell@live.com>
Date:   Sat Mar 17 13:28:31 2012 -0400

    Added fix for enum_protections

commit 64611819d43bf13ab2d68f4353513c39e5a64fe0
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 03:14:26 2012 -0500

    A bunch of fixes

commit bb1a0205d73e75a61a8fbf5ff6440dd09f9780f9
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:28:05 2012 -0500

    The comments in get_chatlogs need an update

commit 666477e42a734f3120dcc4282b01b5ab5819384a
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:25:41 2012 -0500

    Correct license format

commit 3c8eecbcd7b952abaca0b1ce14dca41e1d4cabb7
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:22:03 2012 -0500

    Add enum_adium.rb post module

commit d290cf4fef1309df9a1af748e7c6c259a6788576
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 16:54:36 2012 -0300

    Changed store_note to store_loot. Fixed local/remote file retrieval

commit ccb830b594ea0f0a8ce7c29b24f2f137ecfd5c4c
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 11:29:07 2012 -0600

    Fall back to MIB method if we can't get netmasks

    Misses IPv6 addresses, but at least doesn't break everything.

    [Fixes #6525]

commit a9a30232dd5fcc0854c10b4d58df8511a23f3091
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Fri Mar 16 11:49:31 2012 -0500

    This module is not ready, yanked.

commit 6bb34f7fd0785d31902f1edc938a6b05b91a1495
Author: Gregory Man <man.gregory@gmail.com>
Date:   Fri Mar 16 18:09:08 2012 +0200

    sockso_traversal 1.8 compatibility fix

commit e76965ce565a8ae634dc0d3c743542f1a6d977d7
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 09:17:35 2012 -0400

    fix

commit 61ce7b587de54363f7071bc19df5a29eb29e9aa7
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 09:14:48 2012 -0400

    saves each config to loot instead of notes

commit f4713974fa82d8b13017cb0817b5fd36696194d9
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 03:46:10 2012 -0600

    Check for a 0 prefix length

    If the OnLinkPrefixLength is 0, something is wrong, try the value in the
    prefix linked list.  Appears to fix v4 addresses on XP but not 2k3.

    [See #6525]

commit cde7fcc012e04880f2faa28226a1fc5834a2e3d5
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 01:46:41 2012 -0600

    Return network prefixes when available

    Solves #6525 on Vista+.  Win2k still works using the old MIB method
    (which doesn't support ipv6).  Win2k3 and XP are still busted for
    unknown reasons.

commit 98bd9a7bd09149f524ebbe1501ec916bf99b078d
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 22:59:42 2012 -0400

    Enumerate important and interesting configuration files

commit 9336df2ac28ee2df10a0e66e7006df3d23493492
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Thu Mar 15 19:06:48 2012 -0500

    More Virtualisation SSL fixes

commit f24c378281ee6c85f687d4823f09ef5848812daf
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Thu Mar 15 18:15:29 2012 -0500

    Default SSL to true for esx_fingerprint module

commit d6e14c42120df0fd16b79709ac5723d0e2818810
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 15:56:24 2012 -0500

    Fix typo

commit b24dcfe43e625740ec8a1465f33be02f7ec40162
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 15:55:54 2012 -0500

    Add sockso dir traversal

commit 033052c1e075fcf43e9c17e5ee4a5006247cb375
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 15 14:31:25 2012 -0600

    Fix syntax error in 1.8, thanks Jun Koi for the patch

commit 4529efaeaa22e52c9c7c1528c68efb60af8af729
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 14:27:40 2012 -0500

    enum_protections is now find_apps

commit 49e823802bd8f2cb1940545e74db04f3788352d1
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 14:22:23 2012 -0500

    File rename, as well as design and cosmetic changes

commit ccf6b011145cf9db444f7e2d3fb3ec61738e88cb
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 15:29:52 2012 -0300

    added report_note, removed store_loot function, cleaned up info/author

commit 27d571932e51afbac0c0fcd95c52f038786a9a28
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 12:18:29 2012 -0300

    fixed output newline issue

commit 5a828e35d1629dc68825fe7d9322d1316888f8d7
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:05:35 2012 -0300

    fixed save line

commit 805c2ee9871c076a8c0ac62b028a7942af70b6a5
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:02:07 2012 -0300

    removed unneeded comments

commit 5861e1512f2949c0d7848d9ebed8241277462085
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:00:55 2012 -0300

    fixed output issue

commit 593a3648111f1db1f56a410250539261c2a7cd9f
Author: ohdae <bindshell@live.com>
Date:   Wed Mar 14 18:26:53 2012 -0300

    removed unneeded dependency

commit 05053e6e74b0ac99bbd4005c40ecc3b1196fd13f
Author: ohdae <bindshell@live.com>
Date:   Wed Mar 14 13:30:16 2012 -0400

    locates installed 3rd part av, fws, etc

commit 5bf512d0e9d2b412c4107228db178a7078111443
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Wed Mar 14 16:50:54 2012 -0500

    Add OSVDB-79863 NetDecision Directory Traversal

commit 18715d0367f4ef01b5998d732043cbe224e1787e
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 23:03:01 2012 -0600

    Store the retrieved commands on the session

commit b752cb8b31fd8dcd221fb6caa483f6202bf5a4fd
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 22:45:16 2012 -0600

    Retrieve the list of new commands

    The client side doesn't do anything with them yet

commit 69ce8ef42d4089a0b26644bd4d6bebf57c4cfd50
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 22:41:16 2012 -0600

    Return a list of the new commands in response to core_loadlib

    Linux

commit 354c754aa4cce63ffebb4567f3bbfd621ffef46c
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 15:13:45 2012 -0600

    Whitespace at EOL

commit 4afcb4cb9da1921ede29b03b149433cc65d680da
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 14:30:09 2012 -0600

    Create instance methods that return extensions

    Before this change, meterpreter sessions would not #respond_to? their
    extensions despite having a pseudo-accessor for them:
    ```
    >> client.respond_to? :sys
    => false
    >> client.sys
    => #<Rex::Post::Meterpreter::ObjectAliases:0x0000000e263488 @aliases={"config"=>#<Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Config:0x0000000e268dc8 @client=#<Session:meterpreter 192.168.99.1:55882 (192.168.99.1) "uid=1000, gid=1000, euid=1000, egid=1000, suid=1000, sgid=1000 @ wpad">>, "process"=>#<Class:0x0000000e268d20>, "registry"=>#<Class:0x0000000e266da0>, "eventlog"=>#<Class:0x0000000e2654e8>, "power"=>#<Class:0x0000000e263c30>}>

    ```

    After:
    ```
    >> client.respond_to? :sys
    => true
    ```

commit 70ab8c018f67d15929b6f41322540837ab7b37c5
Merge: a8a3938 5f2bace
Author: James Lee <egypt@metasploit.com>
Date:   Tue Apr 3 11:46:25 2012 -0600

    Merge branch 'master' into bap-refactor

    Conflicts:
    	external/source/exploits/CVE-2012-0507/Help.java
    	external/source/exploits/CVE-2012-0507/Makefile
    	external/source/exploits/CVE-2012-0507/msf/x/Help.java
    	external/source/exploits/CVE-2012-0507/src/a/Exploit.java
    	external/source/exploits/CVE-2012-0507/src/a/Help.java

commit a8a393891588a8b5c18e3c2173f1cd9c2480b2d0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 20:20:21 2012 -0600

    Deal with null data/jar

    Not sure why "" turns into null sometimes, but it was breaking shells;
    this fixes it.

commit 5e5eb39d3ccb62a9fc006be8241cfb97723caa06
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:10:59 2012 -0600

    Prev commit moved these to src/a

commit 5074eadbea426fc4f83d6d165a01e640ef42b4de
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:08:32 2012 -0600

    Make building the jar for cve-2012-0507 a bit easier

    Mostly stolen from cve-2008-5353

commit bdb3fbe7fd19aa76b4069edca5a78c53fec668c0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 14:52:23 2012 -0600

    Fix incorrect option name

commit 78824ef60084510d3befe0ded6eed314d55eeb12
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 13:24:33 2012 -0600

    Add the detected browser version to the DOM

    Doing it this way lets modules grab the info a bit more easily.

commit 9813ccb8d6b14e0e728b8a13bacf59dd31b9c4b9
Merge: 0faa3f6 b5fc8e4
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 13:19:05 2012 -0600

    Merge branch 'master' into bap-refactor

commit 0faa3f65240c3a2b3ab0e72f4aeb2e9f50ed54ee
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:36:20 2012 -0600

    Add bap support to java_rhino

commit 66ca27f994e3b11c9c8adae85642820768158860
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:35:16 2012 -0600

    Put next_exploit on the window object so it's always in scope

    Solves some issues with Chrome not running more than one exploit

commit 7fc2ca1a0690c7a973307772aed42ab3514e1761
Merge: 325d306 e48c47e
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:10:54 2012 -0600

    Merge branch 'master' into bap-refactor

commit 325d3060599bc79674e93dd5f55a4e60061e9bdb
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 14:31:53 2012 -0600

    Pull common stuff up out of the body

commit 4f2b3260bf7f14f4d763625792adb0c3cfd1ed7c
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:04:03 2012 -0600

    Fix indentation level

commit 9b905c53b4d46beb86da8168a1c2c5b2da340f6d
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:02:42 2012 -0600

    Abstract out copy-pasted methods

    Need to do the same thing for OSX, but it's a different implementation.
2012-05-15 17:00:02 -06:00
Christian Mehlmauer 19e32c210a Added more references 2012-05-15 23:59:30 +02:00
Christian Mehlmauer 46e58f8618 Ruby naming style 2012-05-15 23:53:33 +02:00
Christian Mehlmauer 5f0075e24f Revert API change 2012-05-15 23:28:51 +02:00
Tod Beardsley f5698f4bdc Msftidy on mozilla_attribchildremoved.rb
was executable, had bad spacing.
2012-05-15 15:45:07 -05:00
Tod Beardsley 82885cc6e5 Fixing author tags
Ensuring a space between name and email.
2012-05-15 15:45:07 -05:00
Tod Beardsley 898398fd54 Fixing author tags
Ensuring a space between name and email.
2012-05-15 15:43:53 -05:00
Tod Beardsley 9b3f602910 Msftidy on mozilla_attribchildremoved.rb
was executable, had bad spacing.
2012-05-15 15:39:30 -05:00
James Lee bc6ec537f9 Fix a ruby 1.8 compat error
Can't have commas at the end of argument lists.
2012-05-15 11:53:49 -06:00
Christian Mehlmauer b298597218 Switched to Http Library, Code formatting issues 2012-05-15 19:43:28 +02:00
Tod Beardsley 4ee24f7e42 Adding Justin's CCTV module. 2012-05-15 08:03:39 -05:00
sinn3r 8b06835109 Make changes to proper API usage, whitespace, and extra characters. 2012-05-15 01:26:42 -05:00
sinn3r 3c683fcf99 Merge branch 'pyoor' of https://github.com/pyoor/metasploit-framework into pyoor-pyoor 2012-05-15 01:20:01 -05:00
sinn3r d54a228f65 Correct version number 2012-05-15 01:16:41 -05:00
pyoor a8b534ddec Cisco Secure ACS Module - Updated error handling 2012-05-14 20:03:26 -04:00
pyoor 2e49e56126 Made suggested changes 2012-05-14 19:50:34 -04:00
sinn3r 6bbf018423 Fix bug #6815: A race condition that results in an invalid handle.
Under certain conditions, the module may run into an "The handle
is invalid" while obtaining registry keys and values from the
victim machine.  The fix is to retry a couple of times, and hope
we don't hit the race condition again.
2012-05-14 17:44:35 -05:00
sinn3r 84269f399b Correct EDB reference 2012-05-14 15:10:21 -05:00
sinn3r f4a446a6c1 Add module CVE-2011-4404 2012-05-14 15:08:43 -05:00
Steve Tornio 7690e86a89 add osvdb ref 2012-05-14 07:14:10 -05:00
Steve Tornio bcfa96ced8 add osvdb ref 2012-05-14 07:13:49 -05:00
pyoor 6b6dc60b25 Cisco Secure ACS Auth Bypass Module 2012-05-13 16:16:18 -04:00
Christian Mehlmauer dc10fac885 Ported my Hashcollision Script to Ruby 2012-05-13 20:59:42 +02:00
sinn3r 79a590ccf7 Merge pull request #380 from wchen-r7/bmerinofe-telnet_ruggedcom
Modified version of pull request #379 - RuggedCom Telnet Password Generator by bmerinofe
2012-05-13 11:13:27 -07:00
sinn3r d2c26f989c Cleanup whitespace 2012-05-13 04:42:22 -05:00
sinn3r c1fbf1f931 Merge branch 'mozilla_attribchildremoved' of https://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-mozilla_attribchildremoved 2012-05-13 04:37:49 -05:00
Peter Van Eeckhoutte (corelanc0d3r) dd42c3096e added exploit for Firefox 8&9 AttributeChildRemoved UAF 2012-05-13 11:31:46 +02:00
sinn3r 15fbb1e86c This the modified version of pull request #379. Changes include:
* Add more references
* Update description
* MSF license disclaimer
* Remove the to() function. Instead it's in run_host()
* Put 'info' in the :proof key
* Remove ::Exception handling, so we can see the original that's also logged in framework.log
2012-05-13 04:09:17 -05:00
Tod Beardsley bc1c9a7fe4 Prepend all messages with victim host:port
Redefining print_status locally to handle this. Seems like an easy way
to do this kind of thing for a particular module.

[Closes #272]
2012-05-11 17:48:54 -05:00
Tod Beardsley ab655677b4 Fixed typo, converted to OptEnum for fakedns targetaction 2012-05-11 17:12:31 -05:00
Jose Selvi af71cdafe2 Update modules/auxiliary/server/fakedns.rb 2012-05-11 17:01:14 -05:00
Jose Selvi 1d6b2eb3fe Added TARGETACTION options and wildcard support 2012-05-11 17:01:13 -05:00
sinn3r 5d8fbefc3d Merge pull request #378 from wchen-r7/distinct
Add OSVDB-80984 - Distinct TFTP Directory traversal
2012-05-11 13:14:19 -07:00
sinn3r 653d7e5923 Add OSVDB-80984 2012-05-11 15:07:31 -05:00
Jeff Jarmoc c2c160f86c randomizes options from equivilants 2012-05-11 11:31:26 -05:00
Tod Beardsley aa3930fcb9 Typo on fixed tftp module 2012-05-10 21:42:33 -05:00
Tod Beardsley 36c805c5ff Move the context setting to the module
Apparently you can't hit the framework object before running the module
any more. Bummer.

[Fixes #6843]
2012-05-10 21:21:32 -05:00
sinn3r 7eabce8872 Add comment for PrependEncoder 2012-05-10 12:18:50 -05:00
sinn3r 2b13330483 Merge pull request #376 from wchen-r7/wikkawiki
Add CVE-2011-4449
2012-05-10 10:13:56 -07:00
sinn3r 6e8c3ad1e3 It's "inject", not "upload"... because technically that's what really happens. 2012-05-10 12:06:02 -05:00
sinn3r c69e34d407 Update description 2012-05-10 12:02:55 -05:00
sinn3r 86c3ad5e0c Add CVE-2011-4449 2012-05-10 11:57:40 -05:00
Jeff Jarmoc e1156834b9 Lots of encoding randomizations for php_cgi_arg_injection 2012-05-09 14:13:21 -05:00
Tod Beardsley 65800f7c6e Whitespace on solarwinds 2012-05-09 12:47:22 -05:00
Jeff Jarmoc 4909d8073a Added lots or encoding randomness 2012-05-09 11:01:15 -05:00
James Lee 536fa39ae8 Keep the client and the server on tracked tcp sessions 2012-05-08 16:38:12 -06:00
Alexandre Maloteaux 452cead1e9 Merge psnuffle ntlmv2 support from Alex Malateaux
Testing this with smbclient requires setting "client ntlmv2 auth = yes"
in /etc/samba/smb.conf

Squashed commit of the following:

commit 7acc32f5f00914fed355a080ca237543448f80ca
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date:   Thu Apr 12 01:52:49 2012 +0100

    psnuffle : move protocol filtering in load function

commit 9c9ae9711c760b4f072271b7e5993f9bf8366671
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date:   Thu Apr 12 01:50:48 2012 +0100

    psnuffle : add hash exctratiopn from smbv2 session

[Closes #327]
2012-05-08 13:41:42 -06:00
Tod Beardsley 86500aad47 Author is always singular. 2012-05-08 08:47:52 -05:00
sinn3r 91a8ff2766 Use print_good when SQL injection is found 2012-05-08 01:30:13 -05:00
sinn3r fa9d23d839 When a blind SQL injection, it's a good thing (for the attacker), so we should use print_good 2012-05-08 01:26:39 -05:00
sinn3r ce16ab662c Cosmetic changes. Also lower the rank for now, because I picked up a state where it can be less stable. 2012-05-08 00:22:19 -05:00
sinn3r 22585ad935 Merge branch 'firefox_exploit' of https://github.com/lincoln-corelan/metasploit-framework into lincoln-corelan-firefox_exploit 2012-05-08 00:00:03 -05:00
lincoln-corelan b8227b8a2e Firefox Exploit 2012-05-07 19:41:03 -07:00
HD Moore 1a30e221a0 See #362 by changing the exitfunc arguments to be the correct type 2012-05-07 02:42:29 -05:00
HD Moore f6c88377f4 Fixes #362 by changing the exitfunction arguments to be the correct type 2012-05-07 02:41:08 -05:00
Steve Tornio ba4ae384d7 add osvdb ref 2012-05-05 10:14:07 -05:00
Steve Tornio cef2da6110 add osvdb ref 2012-05-05 10:13:42 -05:00
Steve Tornio 92e07aab12 Add osvdb ref 2012-05-05 10:13:18 -05:00
James Lee 18a44148dc Randomize case for ini true/false values 2012-05-04 17:32:32 -06:00
sinn3r 9c3d2355b1 Allow this module to be more verbose for future debugging 2012-05-04 15:47:30 -05:00
sinn3r f48d36ca31 Output changes. #6511 2012-05-04 15:11:54 -05:00
sinn3r 454a20b079 Fix bug #6438 2012-05-04 14:52:27 -05:00
sinn3r 457ca44f27 Fix #6511 2012-05-04 14:33:49 -05:00
sinn3r babababeb1 1. Fix enum_dns: .txt is not (or no longer a method)
2. Patch snmp_enum: bug #6500
2012-05-04 13:23:27 -05:00
sinn3r 8b3b952ccd Fix bug #6761 - false negative when OWA brings the user to the Options page insetad of inbox 2012-05-04 12:30:43 -05:00
HD Moore 423437c620 Woops, small typo in disable_functions 2012-05-04 12:17:41 -05:00
HD Moore c6b39e8e5c Add additional definitions to disable safe_mode, open_basedir, suhosin. (thanks @i0n1c) 2012-05-04 12:15:46 -05:00
sinn3r 69b60b88f8 Fix bug #6801: Error handling for get_imperstoken() 2012-05-04 11:44:05 -05:00
HD Moore 2ce3558bb4 Bump the rank 2012-05-04 10:19:37 -05:00
HD Moore bed4846763 A little more module cleanup 2012-05-04 10:06:18 -05:00
HD Moore d668e2321d Rename this to a more suitable location 2012-05-04 09:59:40 -05:00
HD Moore 6cf6a9548d Fix up the PHP CGI exploit, remove debug lines 2012-05-04 09:58:10 -05:00
sinn3r d5d35551ab Add EDB reference 2012-05-04 00:11:29 -05:00
sinn3r 6d5ceb07b6 Merge pull request #359 from wchen-r7/solarwinds_storage_manager_sql
Add Solarwinds Storage Manager 5.1.0 SQL Injection (code execution)
2012-05-03 22:02:12 -07:00
sinn3r 9a36017271 no unicode 2012-05-04 00:01:03 -05:00
sinn3r 25b11a02b5 Update the comment for check() 2012-05-03 20:37:36 -05:00
sinn3r 4bf674ece6 Pff, and of course, I had to make a typo on that one 2012-05-03 20:34:52 -05:00
sinn3r 1a4d3f849c A little change to the description 2012-05-03 20:33:28 -05:00
sinn3r 1cdc376f2b Merge branch 'msfvenom_nomethoderror' of https://github.com/silviupopescu/metasploit-framework into silviupopescu-msfvenom_nomethoderror 2012-05-03 20:29:06 -05:00
sinn3r 7ca69f00b0 Add Solarwinds Storage Manager 5.1.0 SQL Injection (code execution) 2012-05-03 20:24:42 -05:00
James Lee 2d1f4d4f3e Add hdm's better check method 2012-05-03 19:00:40 -06:00
James Lee 40ec3d9d40 Add an exploit module for the recent php cgi bug (CVE-2012-1823) 2012-05-03 18:51:54 -06:00
Silviu-Mihai Popescu 605e1929e4 Fixed msfvenom NoMethodError with alpha_mixed encoder.
The issue was reported on Github[1] and Redmine[2].

The error consisted of trying to use the supports?() method
on an Array instead of a PlatformList.

[1] https://github.com/rapid7/metasploit-framework/issues/357
[2] http://dev.metasploit.com/redmine/issues/6826

Reported by: Brandon Perry
Signed off by: Silviu Popescu <silviupopescu1990@gmail.com>
2012-05-03 17:47:25 +03:00
HD Moore 5151a4c530 Cosmetic 2012-05-03 00:33:09 -05:00
HD Moore 99d7b2601c Cosmetic 2012-05-03 00:31:50 -05:00
Tod Beardsley 43d730d564 Squashed commit of minor cosmetic fixes:
commit eed15ea9ecc88683c8d922fe155d4777a7ce1286
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed May 2 21:55:56 2012 -0500

    Whitespace at EOL. Dangit.

commit 8159b27728d1a4fd0ad94ff56c4b4f2b995646f8
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed May 2 16:38:01 2012 -0500

    Disambiguating 'WebCalendar'
2012-05-02 21:57:41 -05:00
James Lee dd7bc23d16 Whitespace 2012-05-02 18:06:39 -06:00
sinn3r c26dff4cff Clear whitespace 2012-05-01 17:29:27 -05:00
James Lee 1c03c2b157 Fix indentation 2012-05-01 15:21:42 -06:00
James Lee 194c0906c2 Fix a stack trace when SMBUser is nil 2012-05-01 15:21:42 -06:00
James Lee 6ab66dc59e Fix a stack trace when the SMBUser isn't set
For some reason an invalid user/pass don't seem to trigger
STATUS_ACCESS_DENIED responses, but an empty user does.
2012-05-01 15:21:42 -06:00
Alexandre Maloteaux d68d832c9d Squashed commit of the following:
commit a0b50c394962fc90afc8d6232e1875588ed7ecb3
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date:   Fri Apr 20 01:45:06 2012 +0100

    enumshare: add srvsvc netshareenum request for compatibility with win 7 / 2008r2

[Closes #346]
2012-05-01 15:21:42 -06:00
sinn3r 3e72f555ae Forgot... I don't need to print the client's IP manually anymore 2012-05-01 12:56:03 -05:00
sinn3r 3099236059 We no longer have to print the client's IP, because it's now a built-in feature. 2012-05-01 12:47:55 -05:00
juan 01b0d85526 module for cve-2012-1775 added 2012-05-01 16:39:30 +02:00
HD Moore 9988d6a430 Tabs. Sweet sweet tabs 2012-05-01 00:35:01 -05:00
sinn3r 5fec29e6b7 Add McAfee Virtual Technician ActiveX MVTControl vulnerability 2012-04-30 16:23:52 -05:00
sinn3r fd2e4c12a2 Fix possible "can't convert Fixnum into String" error 2012-04-30 13:49:53 -05:00
David Maloney 348da8e5a6 Fixes an issue with mysql probes not timing out properly. 2012-04-30 12:22:49 -05:00
HD Moore e12c29a5dc Fix up the check so it doesn't throw a marshal exception 2012-04-29 18:40:01 -05:00
HD Moore ffd91793b9 Make RMI easier to correlate, add a vulnerability check to the scanner module 2012-04-29 18:11:28 -05:00
sinn3r 46ad599673 Add CVE-2012-1495 WebCalendar settings.php code injection 2012-04-28 02:32:04 -05:00
Tod Beardsley 7904fe5bba Fixes load error for post/multi/general/execute.rb
Need to require 'msf/core/post/common' before including
Msf::Post::Common
2012-04-27 20:16:24 -05:00
David Maloney f1cd488f19 Overrirdes the autofilter results from the HTTPServer mixin for the rmi
exploit
2012-04-27 15:22:40 -05:00
HD Moore 67fe5b775a Bump this up 2012-04-27 01:23:40 -05:00
HD Moore ec831a1658 Smarter RMI class loader logic 2012-04-27 01:02:18 -05:00
HD Moore 4c2e1c2859 Small updates to the rmi modules 2012-04-27 00:07:00 -05:00
sinn3r 63ed7fcc8f Whitespace, be gone! 2012-04-26 02:38:29 -05:00
sinn3r d985ba5e5d Clean up whitespace 2012-04-26 02:36:29 -05:00
sinn3r 91763dd063 Fix 1.8 compatibility 2012-04-25 15:54:42 -05:00
sinn3r cc76438a75 Merge branch 'jlee-r7-http-print-standardization' 2012-04-25 15:38:46 -05:00
sinn3r 711fb73048 Fix more print_* 2012-04-25 15:01:50 -05:00
sinn3r f77efbf89e Change the rest of print_* 2012-04-25 14:24:17 -05:00
sinn3r 9189dea4e4 Merge branch 'http-print-standardization' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-http-print-standardization 2012-04-25 13:53:30 -05:00
HD Moore 4a8068905f Add a generic execute module and update migrate to handle a process name too 2012-04-25 12:40:20 -05:00
HD Moore 2a5a80a485 Rename and updates 2012-04-25 12:09:23 -05:00
HD Moore 03117ffa95 Add a version scanner for RMI 2012-04-25 11:24:28 -05:00
sinn3r 5bebd01eb0 Tabs vs spaces war round 2 2012-04-24 16:06:08 -05:00
sinn3r bc42375565 Fix spaces to proper hard tabs. Not very fun to do. 2012-04-24 16:03:41 -05:00
sinn3r 0671fc9ea1 Merge branch 'axis2_mods' of https://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-axis2_mods 2012-04-24 15:49:34 -05:00
sinn3r 9c9b74cae2 Small change with the description 2012-04-24 15:47:31 -05:00
sinn3r ecd7762df9 Merge branch 'shadow-exploit-module' of https://github.com/b0telh0/metasploit-framework into b0telh0-shadow-exploit-module 2012-04-24 15:30:09 -05:00
sinn3r c27195b189 Merge pull request #347 from wchen-r7/wol
Add wake-on-lan module
2012-04-24 11:50:05 -07:00
sinn3r 5bf5e8888d Minor changes 2012-04-24 13:48:45 -05:00
sinn3r e57ba79402 Merge branch 'cve-2012-0158_mscomctl_bof' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-cve-2012-0158_mscomctl_bof 2012-04-24 13:46:24 -05:00
HD Moore ac6247963c Fix a missing require 2012-04-24 11:54:07 -05:00
sinn3r 4c72193922 Fix undefined method `[something]' for nil:NilClass 2012-04-24 01:46:03 -05:00
HD Moore bfbfc19116 Cosmetic 2012-04-23 21:59:44 -05:00
HD Moore e8ac6521d1 Cosmetic 2012-04-23 21:59:09 -05:00
HD Moore 86a1a58d2c Fixes #6689 by moving to 7za which is included in the installer 2012-04-23 16:25:24 -05:00
juan cca97f2989 added module for CVE-2012-0158 2012-04-23 22:59:25 +02:00
sinn3r 90a7458b56 Lower the rank a little to favor other modules in BAP 2012-04-23 15:15:08 -05:00
HD Moore a1f9d2c27a Bump up the wait_timeout (works with the recent AR patch) and fix a typo in the http_version commit 2012-04-23 02:44:56 -05:00
HD Moore 59ecc8584d Force http_version to always make a new request, even if the information is in the DB 2012-04-23 02:39:02 -05:00
Leonardo Botelho 66ecf28451 Shadow stream recorder exploit. 2012-04-22 19:19:40 -03:00
HD Moore 1d2581ebf4 Cosmetic 2012-04-21 14:51:20 -05:00
sinn3r b0a76a1aa1 Add wake-on-lan module 2012-04-21 03:29:49 -05:00
James Lee 9cdd8912c5 Remove spurious cli.peerhost in output 2012-04-20 13:31:42 -06:00
sinn3r 37e75dc644 Make this description a little more sense 2012-04-20 12:25:51 -05:00
sinn3r b955569b10 Update the use of get2() in order to support ruby 1.9.3 2012-04-20 01:37:24 -05:00
sinn3r c68a775106 Fix EDB references 2012-04-19 23:53:32 -05:00
sinn3r 12bf301d2b Correct file name 2012-04-19 21:17:19 -05:00
sinn3r 05459ca3ff Change module description 2012-04-19 21:17:19 -05:00
sinn3r 072faa65ec Massive code cleanup 2012-04-19 21:17:19 -05:00
sinn3r 93134e6fd2 Change default target 2012-04-19 21:17:19 -05:00
unknown 47ecd36805 Implemented Changes suggested by wchen-r7 (sinn3r) 2012-04-19 21:17:19 -05:00
unknown feb625cab0 Updated module 2012-04-19 21:17:19 -05:00
unknown 8caec4777f TFTPserverST addition 2012-04-19 21:17:18 -05:00
sinn3r 93390fa6e2 Fix metadata and some cosmetic stuff 2012-04-19 19:12:27 -05:00
sinn3r bce6c9abcf Verify checksum to avoid jumping to a corrupt payload 2012-04-19 18:52:43 -05:00
sinn3r ae7c2acf9d Merge branch 'xradio-exploit-module' of https://github.com/b0telh0/metasploit-framework into b0telh0-xradio-exploit-module 2012-04-19 18:09:20 -05:00
sinn3r 9a00823828 Merge branch '0a2940-CVE-2008-5499_adobe_flashplayer_aslaunch' 2012-04-19 18:08:22 -05:00
sinn3r f5e8f57497 Minor fixes 2012-04-19 18:07:35 -05:00
sinn3r 8d1d63dda8 Correct OSVDB reference, thanks modpr0be 2012-04-19 12:04:11 -05:00
sinn3r 45997b8dd4 Fix typos 2012-04-19 10:54:05 -05:00
Tod Beardsley ce3d98bc88 vcms_login.rb description 2012-04-19 07:44:28 -05:00
sinn3r 5fde6b759f Add VCMS brute-force module 2012-04-19 02:25:03 -05:00
sinn3r 81b6e76619 Correct CVE/OSVDB/BID references, thanks Chad. 2012-04-19 00:24:56 -05:00
sinn3r 946ab1514e Correct module naming style 2012-04-18 20:45:25 -05:00
sinn3r 1065111817 Correct TARGETURI description 2012-04-18 18:57:37 -05:00
sinn3r 7071c30b4b These modules don't really print anything out with print_status(), which makes it weird to look now that we've implemented egypt's output style changes 2012-04-18 16:07:41 -05:00
sinn3r 0e45b6c06c Avoid printing ip:port twice 2012-04-18 16:01:10 -05:00
James Lee 1f577b24b2 Merge branch 'rapid7' into http-print-standardization 2012-04-18 08:51:42 -06:00
sinn3r f3ebe284ca Minor cosmetic changes 2012-04-18 02:38:25 -05:00
sinn3r 15539c633b Merge branch 'chap0-gsm' of https://github.com/chap0/metasploit-framework into chap0-chap0-gsm 2012-04-18 02:32:42 -05:00
sinn3r e52f40daf1 Cosmetic changes 2012-04-18 02:25:43 -05:00
sinn3r 01beddc609 Merge branch 'cyberlink' of https://github.com/mrmee/metasploit-framework into mrmee-cyberlink
Conflicts:
	modules/exploits/windows/fileformat/cyberlink_p2g_bof.rb
2012-04-18 02:03:59 -05:00
sinn3r 862869e4f2 Strip ms03_020_ie_objecttype from Browser AutoPwn because:
1. We have newer browser modules that can replace it, and already do.
2. It uses an egghunter that we don't favor in BAP
3. It uses system addresses, which we no longer favor.
2012-04-17 22:26:14 -05:00
James Lee a2dc890cfa Don't puke if the connection came from localhost 2012-04-17 19:49:42 -06:00
James Lee f9b2fe89b2 Merge branch 'rapid7' into http-print-standardization
Conflicts:
	modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb
	modules/exploits/windows/browser/apple_quicktime_rtsp.rb
	modules/exploits/windows/browser/apple_quicktime_smil_debug.rb
2012-04-17 19:15:06 -06:00
James Lee afe28523f3 Puts testAXO() on window so we can access it from anywhere
Also uses the new :method property which allows an array syntax.  See
ie_createobject for a usage example.
2012-04-17 18:54:26 -06:00
James Lee f9a48ace48 Switch to using :method, see previous commit 2012-04-17 18:48:14 -06:00
James Lee eedf4520be Merge branch 'rapid7' into bap-refactor 2012-04-17 16:20:11 -06:00
sinn3r 0fccc67774 Add MS12-004 to BAP 2012-04-17 16:40:32 -05:00
sinn3r 02c3b7df7a 'cli' should be 'client' 2012-04-17 07:13:17 -05:00
sinn3r 1a0c8e5d42 'cli' should be 'client' 2012-04-17 07:12:08 -05:00
sinn3r dd7caa5186 'cli' should be 'client' 2012-04-17 07:10:32 -05:00
sinn3r a8eada6016 This module should be able to support more payloads 2012-04-16 14:43:36 -05:00
sinn3r edadc19757 This module should be able to support more payloads than it should be 2012-04-16 14:41:11 -05:00
sinn3r 1e2203867c Repair 'no encoders encoded the buffer successfully' issues 2012-04-16 13:43:25 -05:00
James Lee 3e0747f5d2 Randomize guid and payload filename 2012-04-16 12:09:25 -06:00
Tod Beardsley 4bcbdc54c9 Cutting over rails3 to master.
This switches the Metasploit Framework to a Rails 3 backend. If you run
into new problems (especially around Active Record or your postgresql
gem) you should try first updating your Ruby installation to 1.9.3 and
use a more recent 'pg' gem.

If that fails, we'd love to see your bug report (just drop all the
detail you can into an issue on GitHub). In the meantime, you can
checkout the rails2 branch, which was branched from master immediately
before this cutover.

Squashed commit of the following:

commit 5802ec851580341c6717dfea529027c12678d35f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 23:30:12 2012 -0500

    Enable MSF_BUNDLE_GEMS mode by default (set to N/F/0 to disable)

commit 8102f98dce9eb0c73c4374e40dce09af7b51d060
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 23:30:03 2012 -0500

    Add a method to expand win32 file paths

commit bda6479d154cf75572dd5de8b66bfde661a55de9
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:53:44 2012 -0500

    Fix 1.8.x compatibility

commit 101ce4eb17bfdf755ef8c0a5198174668b6cd6fd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:40:59 2012 -0500

    Use verbose instead of stringio

commit 5db467ffb593488285576d183b1662093e454b3e
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:30:06 2012 -0500

    Hide the iconv warning, were stuck with it due to EBCDIC support

commit 63b9cb20eb6a61daf4effb4c8d2761c16ff0c4e0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:29:58 2012 -0500

    Dont use GEM_HOME by default

commit ca49271c22c314a4465fff934334df18c704cbc0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:23:34 2012 -0500

    Move Gemfile to root (there be dragons, lets find them) and catch failed bundler loads

commit 34af04076a068e9f60c5526045ddbba5fca359fd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:18:29 2012 -0500

    Fallback to bundler when not running inside of a installer env

commit ed1066a4f3f12fae7d4afc03eb1ab70ffe2f9cf3
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 16:26:55 2012 -0500

    Remove a mess of gems that were not actually required

commit 21290a73926809e9049a59359449168f740d13d2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:59:10 2012 -0500

    Hack around a gem() call that is well-intentioned but an obstacle in this case

commit 8e414a8bfab9641c81088d22f73033be5b37a700
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 15:06:08 2012 -0500

    Ruby, come on. Ducktype this. Please.

    Use interpolated strings to get the to_s behavior you don't get with
    just plussing.

commit 0fa92c58750f8f84edbecfaab72cd2da5062743f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:05:42 2012 -0500

    Add new eventmachine/thin gems

commit 819d5e7d45e0a16741d3852df3ed110b4d7abc44
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:01:18 2012 -0500

    Purge (reimport in a second)

commit ea6f3f6c434537ca15b6c6674e31081e27ce7f86
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:54:42 2012 -0500

    Cleanup uncessary .so files (ext vs lib)

commit d219330a3cc563e9da9f01fade016c9ed8cda21c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:53:02 2012 -0500

    PG gems built against the older installation environment

commit d6e590cfa331ae7b25313ff1471c6148a6b36f3b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:06:35 2012 -0500

    Rename to include the version

commit a893de222b97ce1222a55324f1811b0262aae2d0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 13:56:47 2012 -0500

    Detect older installation environments and load the arch-lib directories into the search path

commit 6444bba0a421921e2ebe2df2323277a586f9736f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 13:49:25 2012 -0500

    Merge in windows gems

commit 95efbcfde220917bc7ee08e6083d7b383240d185
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 13:49:33 2012 -0500

    Report_vuln shouldn't use :include in finder

    find_or_create_by doesn't take :include as a param.

commit c5f99eb87f0874ef7d32fa42828841c9a714b787
Author: David Maloney <DMaloney@rapid7.com>
Date:   Sun Apr 15 12:44:09 2012 -0500

    One more msised Mdm namespace issue

commit 2184e2bbc3dd9b0993e8f21d2811a65a0c694d68
Author: David Maloney <DMaloney@rapid7.com>
Date:   Sun Apr 15 12:33:41 2012 -0500

    Fixes some mroe Mdm namespace confusion
    Fixes #6626

commit 10cee17f391f398bb2be3409137ff7348c7a66ee
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 03:40:44 2012 -0500

    Add robots gem (required by webscan)

commit 327e674c83850101364c9cca8f8d16da1de3dfb5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 03:39:05 2012 -0500

    Fix missing error checks

commit a5a24641866e47e611d7636a3f19ba3b3ed10ac5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 01:15:37 2012 -0500

    Reorder requires and add a method for injecting a new migration path

commit 250a5fa5ae8cb05807af022aa4168907772c15f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:56:09 2012 -0500

    Remove missing constant (use string) and add gemcache cleaner

commit 37ad6063fce0a41dddedb857fa49aa2c4834a508
Merge: d47ee82 4be0361
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 00:40:16 2012 -0500

    Merge branch 'master-clone' into rails3-clone

commit d47ee82ad7e66de53dd3d3a65649cc37299a2479
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:30:03 2012 -0500

    cleanup leftovers from gems

commit 6d883b5aa8a3a7ddbcde5bfd4521d57c5b30d3c2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:25:47 2012 -0500

    MDM update with purged DBSave module

commit 71e4f2d81f6da221b76150562a16c730888f5925
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 23:19:37 2012 -0500

    Add new mdm

commit 651cd5adac8211d65e0c8079371d8264e549533a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 23:19:13 2012 -0500

    Update mdm

commit 0191a8bd0acec30ddb2a9e9c291111a12378537f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 22:30:40 2012 -0500

    This fixes numerous cases of missed Mdm:: prefixes on db objects

commit a2a9bb3f2148622c135663dead80b3367b6f7695
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 18:30:18 2012 -0500

    Add eventmachine

commit 301ddeb12b906ed3c508613ca894347bedc3b499
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 18:18:12 2012 -0500

    A nicer error for folks who need to upgrade pg

commit fa6bde1e67b12e2d3d9978f59bbc98e0c1a1a707
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:54:55 2012 -0500

    Remove bundler requirements

commit 2e3ab9ed211303f1116e602b9a450141b71e56a4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:35:38 2012 -0500

    Pull in eventmachine with actual .so's this time

commit 901fb33ff6b754ce2c2cfd51e3b0b669f6ec600b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:19:12 2012 -0500

    Update deps, still need to add eventmachine

commit 6b0e17068e8caa0601f3ef81e8dbdb672758fcbe
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 13:07:06 2012 -0500

    Handle older installer environments and only allow binary gems when the
    environment specifically asks for it

commit b98eb7873a6342834840424699caa414a5cb172a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 04:05:13 2012 -0500

    Bump version to -testing

commit 6ac508c4ba3fdc278aaf8cfe2c58d01de3395431
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:25:09 2012 -0500

    Remove msf3 subdir

commit a27dac5067635a95b4cbb773df1985f2a2dc2c5a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:24:39 2012 -0500

    Remove the old busted external

commit 5fb5a0fc642b6c301934c319db854cc3145427a1
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:03:10 2012 -0500

    Add the gemcache loader

commit 09e2d89dfd09b9ac0c123fcc4e19816c86725627
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:02:23 2012 -0500

    Purge gemfile/bundler configure in exchange for new gemcache setup

commit 3cc0264e1cfb027b515d7f24b95a74b023bd905c
Author: Tod Beardsley <todb@metasploit.com>
Date:   Thu Apr 12 14:11:45 2012 -0500

    Mode change on modicon_ladder.apx

commit c18b3d56efd639e461137acdc76b4b283fe978d4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Thu Apr 12 01:38:56 2012 -0500

    The go faster button

commit ca2a67d51d6d4c7c3ca2e745f8b018279aef668a
Merge: 674ee09 b8129f9
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Apr 9 15:50:33 2012 -0500

    Merge branch 'master-clone' into rails3-clone

    Picking up Packetfu upstream changes, all pretty minor

commit 674ee097ab8a6bc9608bf377479ccd0b87e7302b
Merge: e9513e5 a26e844
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Apr 9 13:57:26 2012 -0500

    Merge branch 'master-clone' into rails3-clone

    Conflicts:
    	lib/msf/core/handler/reverse_http.rb
    	lib/msf/core/handler/reverse_https.rb
    	modules/auxiliary/scanner/discovery/udp_probe.rb
    	modules/auxiliary/scanner/discovery/udp_sweep.rb

    Resolved conflicts with the reverse_http handlers and the udp probe /
    scanners byt favoring the more recent changes (which happened to be the
    intent anyway). The reverse_http and reverse_https changes were mine so
    I know what the intent was, and @dmaloney-r7 changed udp_probe and
    udp_sweep to use pcAnywhere_stat instead of merely pcAnywhere, so the
    intent is clear there as well.

commit e9513e54f984fdb100c13b44a1724246779ccb76
Author: David Maloney <dmaloney@melodie.gateway.2wire.net>
Date:   Fri Apr 6 18:21:46 2012 -0500

    Some fixes to how services get reported to prevent issues with the web interface

commit adeb44e9aaf1a329a0e587d2b26e678398730422
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Mon Apr 2 15:39:46 2012 -0500

    Some corrections to pcAnywhere discovery modules to distinguish between the two services

commit b13900176484fea8f5217a2ef925ae2ad9b7af47
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 31 12:03:21 2012 -0500

    Enable additional migration-path parameters, use a temporary directory to bring the database online

commit 526b4c56883f461417f71269404faef38639917c
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Wed Mar 28 23:24:56 2012 -0500

    A bunch of Mdsm fixes for .kind_of? calls, to make sure we ponit to the right place

commit 2cf3143370af808637d164ce59400605300f922c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 16:22:09 2012 -0500

    Check for ruby 2.0 as well as 1.9 for encoding override

commit 4d0f51b76d89f00f7acbce6b1f00dc6e4c4545ee
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 15:36:04 2012 -0500

    Remove debug statement

commit f5d2335e7745aa1a354f4d6c8fc9d0b3876c472a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 15:01:55 2012 -0500

    Be explicit about the Mdm namespace

commit bc8be225606d6ea38dd2a85ab4310c1c181a94ee
Author: hdm <hdm@hypo.(none)>
Date:   Mon Mar 26 11:49:51 2012 -0500

    Precalculate some uri strings in case the 1000-round generation fails

commit 4254f419723349ffb93e4aebdaeabbd7d66bf8c0
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Sat Mar 24 14:03:44 2012 -0500

    Removed some non-namespaced calls to Host

commit c8190e1bb8ad365fb0d7a1c4a9173e6c739be85c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Mar 20 00:37:00 2012 -0500

    Purge the rvmrc, this is causing major headaches

commit 76df18588917b7150a3bedf2569710a80bab51f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Mar 20 00:31:52 2012 -0500

    Switch .rvmrc to the shipping 1.9.3 version

commit 7124971d0032b268f4ddf89aca125f15e284f345
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Mon Mar 12 16:56:40 2012 -0500

    Adds mixin for looking up Mime Types by extension

commit b7ca8353164c43db6bacb2f3f16afa1269f66e43
Merge: a0b0c75 6b9a219
Author: Matt Buck <techpeace@gmail.com>
Date:   Tue Mar 6 19:38:53 2012 -0600

    Merge from develop.

commit a0b0c7528d2b8fabb76b2246a15004bc89239cf0
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Mar 6 11:08:59 2012 -0600

    Somehow migration file is new?

commit 84d2b3cb1ad6290413c3ea3222ddf9932270b105
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Wed Feb 29 16:38:55 2012 -0600

    Added ability to specify headers to redirects in http server

commit e50d27cda83872c616722adb03dc1a6a5e685405
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Feb 4 04:44:50 2012 -0600

    Tweak the event dispatcher to enable customer events without a category
    and trigger http request events from the main exploit mixin.
    Experimental

commit 0e4fd2040df49df2e6cb0e8d2c6240a03d108033
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Thu Feb 2 22:09:05 2012 -0600

    Change Msm -> Mdm in migrations. This is what was preventing migrations from finishing on first boot.

commit c94a2961d04eee84adfd42bb01ed7a3e3846b83a
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Wed Feb 1 12:48:48 2012 -0600

    Changed Gemfile to use new gem name

commit 245c2063f06b4fddbfc607d243796669ef236136
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Wed Feb 1 12:47:42 2012 -0600

    Did find/replace for final namespace of Mdm

commit 6ed9bf8430b555dcbe62daeddb2f33bd400ab5bc
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 24 10:47:44 2012 -0600

    Fix a bunch of namespace issues

commit 2fe08d9e4226c27e78d07a00178c58f528cbc72e
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Fri Jan 20 14:37:37 2012 -0600

    Update Msm contstants in migrations for initial DB builds.

commit 4cc6b8fb0440c6258bf70de77a9153468fea4ea5
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Fri Jan 20 14:37:25 2012 -0600

    Update Gemfile.lock.

commit 1cc655b678f0a054a9a783da119237fe3f67faa4
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Thu Jan 19 11:48:29 2012 -0600

    Errant Workspaces needed namespace

commit 607a78285582c530a68985add33ccf4d899c467a
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 17 15:44:02 2012 -0600

    Refactored all models to use the new namespace

    * Every model using DBManager::* namespace is now Msm namespace
    * Almost all of this in msf/base/core
    * Some in modules

commit a690cd959b3560fa2284975ca7ecca10c228fb05
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 17 13:41:44 2012 -0600

    Move bundler setup

commit dae115cc8f7619ca7a827123079cb67fb4d9354b
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Mon Jan 9 15:51:07 2012 -0600

    Moved ActiveSupport dep to gem

commit d32f8edb6e7f82079b775ffbc2b9a405d1f32b3b
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Mon Jan 9 14:40:05 2012 -0600

    Removed model require file

commit d0c74cff8c44771e566ec63b03eda10d03b25c42
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 3 16:06:10 2012 -0600

    Update some more finds

commit 4eb79ea6b58b74c309ab1f1bb0bd35fe9041de46
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 3 14:21:15 2012 -0600

    Yet another dumb commit

commit a75febcb593d52fdfe930306b4275829759d81d1
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Thu Dec 29 19:20:51 2011 -0600

    Fixing deletion

commit dc139ff2fdfc4e7cdee3901dfb863e70913d6b92
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Wed Dec 7 17:06:45 2011 -0600

    Fixed erroneous commit

commit 531c1e611cf4d23aeb9c48350dabf7630d662d25
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Mon Nov 21 16:11:35 2011 -0600

    Remove AR patch stuff; attempting to debug non-connection between MSF and Pro

commit 458611224189c7aa27e500aabd373d85dc2dc5c0
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Fri Nov 18 16:17:27 2011 -0600

    Drop ActiveRecord/ActiveSupport in preparation for upgrade
2012-04-15 23:35:38 -05:00
Leonardo Botelho fdd8afea88 minor changes 2012-04-15 22:58:58 -03:00
Leonardo Botelho 5bb087d9a7 Exploit module for xRadio Buffer Overflow. 2012-04-15 19:16:11 -03:00
Chris John Riley f4f1ec70bc Altered regex to detect Jetty hosts
Added in detection for 401 Authentication responses
Added alternative REST based run method (seen in Axis2 1.1.1)
Added check to prevent // from appearing at the start of the URI (causes issues on Jetty hosts)

There should be a default method for URI to prevent double / from appearing at the start of the path (can cause unknown issues).
2012-04-15 15:13:21 +02:00
Steven Seeley 9b2797f707 better randomization 2012-04-15 12:16:51 +10:00
Steven Seeley 50e36d3fb0 cyberlink Power2Go name attribute stack buffer overflow 2012-04-14 17:57:22 +10:00
sinn3r 4be0361f69 These modules shouldn't be here, sorry 2012-04-14 02:12:45 -05:00
chap0 c6a6b79c23 gsm sim 5.15 module, can get the download to test here >
download.cnet.com/GSM-SIM-Utility/3000-18508_4-10396246.html
2012-04-13 22:12:48 -07:00
sinn3r 5cbf447a13 Correct OSVDB reference, thanks Daniel 2012-04-13 23:34:44 -05:00
sinn3r 1927feb9c3 Merge branch 'master' of https://github.com/mrmee/metasploit-framework 2012-04-13 18:17:38 -05:00
sinn3r 2d069f8013 Add CVE-2011-4828 module 2012-04-13 18:12:16 -05:00
Steven Seeley cdd49bf16a fixed references, describe target better 2012-04-13 11:23:28 +10:00
Steven Seeley c851722d50 fixed the description... 2012-04-13 11:18:24 +10:00
Steven Seeley 9b0c211160 exploit for cyberlinks Power2Go application. I find this software installed by default on alot of HP notebooks along with the CD installer. Not quite sure this was exploited earlier.. 2012-04-13 11:07:36 +10:00
Steven Seeley 762324e286 Merge remote-tracking branch 'upstream/master' 2012-04-13 10:26:12 +10:00
sinn3r d31771d7f9 Randomize as many nops as possible without making the exploit too unstable 2012-04-12 03:45:13 -05:00
sinn3r 0d739a1a51 Module rename. Cleanup whitespace. Fix typos. 2012-04-12 03:45:12 -05:00
Steven Seeley 14f85e406f exploit for Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution 2012-04-12 03:45:12 -05:00