sinn3r
7f5687ef10
Merge branch 'sugarcrm_unserialize_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sugarcrm_unserialize_exec
2012-06-25 16:28:55 -05:00
jvazquez-r7
7dc1a572e5
trying to fix serialization issues
2012-06-25 23:25:38 +02:00
sinn3r
063a2119a3
Merge branch 'iis_auth_bypass' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-iis_auth_bypass
2012-06-25 15:51:33 -05:00
sinn3r
f93658b37a
Minor name change
2012-06-25 15:51:02 -05:00
sinn3r
637edc21ce
Add CVE-2010-2731
2012-06-25 15:48:36 -05:00
jvazquez-r7
59bb9ac23b
quoting ip to avoid php complaining
2012-06-25 18:52:26 +02:00
jvazquez-r7
4c453f9b87
Added module for CVE-2012-0694
2012-06-25 17:21:03 +02:00
HD Moore
807f7729f0
Merge branch 'master' into feature/vuln-info
2012-06-25 10:10:20 -05:00
Steve Tornio
5d2655b0ce
add osvdb ref
2012-06-25 09:00:03 -05:00
HD Moore
f7dca272b6
IE 10/Win8 detection support
2012-06-25 00:36:49 -05:00
HD Moore
1989f0ab46
IE 10/Win8 detection support
2012-06-25 00:36:04 -05:00
HD Moore
348a0b8f6e
Merge branch 'master' into feature/vuln-info
2012-06-24 23:00:13 -05:00
HD Moore
c28d47dc70
Take into account an integer-normalized datastore
2012-06-24 23:00:02 -05:00
HD Moore
e31a09203d
Take into account an integer-normalized datastore
2012-06-24 22:59:14 -05:00
sinn3r
05eaac9085
Fix possible param duplicates
2012-06-24 19:05:42 -05:00
dmaloney-r7
46dd286cc8
Merge pull request #519 from rapid7/gpp-passwords
...
Gpp passwords
2012-06-24 16:18:34 -07:00
David Maloney
6e19dddf2a
Alleviate duplicated work in gpp module
2012-06-24 16:21:35 -05:00
David Maloney
aa09cd7f82
More collaboration stuff on gpp module
2012-06-24 13:08:19 -05:00
h0ng10
65197e79e2
added Exploit for CVE-2008-6508 (Openfire Auth bypass)
2012-06-24 07:35:38 -04:00
sinn3r
e805675c1f
Add Apple iTunes 10 Extended M3U Stack Buffer Overflow
...
New exploit against Apple iTunes. Note that this appears to be
different than liquidworm's CVE-2012-0677, because this one is
a stack-based buffer overflow, while CVE-2012-0677 is heap-based,
and a different crash/backtrace. However, according to Rh0, this
bug is patched anyway in the same update... possibly a silent
patch.
As of now, there seems to be no CVE or OSVDB addressing this
particular bug.
2012-06-24 02:01:34 -05:00
David Maloney
eefea8d9d3
Add newname attr in gpp module
2012-06-23 17:51:58 -05:00
David Maloney
7bcb9d1a45
Reintegrated extra options into gpp module
...
reintegrated meatballs control options into the gpp module
2012-06-23 17:38:07 -05:00
David Maloney
b320679d1f
Exception message fix for gpp
2012-06-23 12:56:12 -05:00
David Maloney
5497d091fc
fix gpp attribution and description
2012-06-23 12:45:56 -05:00
David Maloney
534008b010
Major rework of the gpp module
...
Took the combination work Meatballs did
on pulling togetehr the three seperate gpp modules.
Cleaned it up and cut it down to a smaller, smoother form.
2012-06-23 12:42:33 -05:00
James Lee
3e974415d9
Give some verbose feedback if connection failed
2012-06-23 00:58:27 -06:00
James Lee
6913440d67
More progress on syscall wrappers
...
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
2012-06-22 17:45:49 -06:00
Tod Beardsley
d708f2526c
Adding ref for APSB12-09 to new Flash sploit
2012-06-22 17:30:52 -05:00
jvazquez-r7
72ef8c91f0
module for CVE-2012-0779 added
2012-06-23 00:21:18 +02:00
Meatballs1
26d99c6e41
Added more detail to description and stop execution if no DCs are enumerated.
2012-06-22 22:36:52 +01:00
Meatballs1
6a80b21124
Final tidyup
2012-06-22 19:12:42 +01:00
Meatballs1
27b884ca87
Fixed drives userName match
2012-06-22 18:47:44 +01:00
Meatballs1
90eaceef70
Fixed enum_domains exception when domains found = 0
2012-06-22 18:45:56 +01:00
Meatballs1
141195a5ae
Adjusted attribute strings to match MSDN cases
2012-06-22 18:33:54 +01:00
Meatballs1
3519aff146
Added protection for division by 0 in the enum_domain code
2012-06-22 18:20:45 +01:00
Meatballs1
0d4feb9fce
Various fixed suggested by trolldbois
2012-06-22 18:11:15 +01:00
Meatballs1
ca2c401cac
Modified username to userName in XML parsing
2012-06-22 17:46:19 +01:00
Meatballs1
19a37c28b8
Fixed and added paths for user preferences
2012-06-22 17:21:32 +01:00
Meatballs1
506a91f7a8
Changed runas to runAs for scheduled tasks
2012-06-22 16:04:17 +01:00
Meatballs1
91cad8ee77
Fixed printer path
2012-06-22 14:41:51 +01:00
Meatballs1
7a4bd26132
Fixed msftidy eol
2012-06-22 14:36:29 +01:00
Meatballs1
b2cb5c1c8e
Included other policy files for enumeration
2012-06-22 14:31:54 +01:00
m-1-k-3
315a1707e7
also new version v2.07.16 is vulnerable
2012-06-22 13:18:45 +02:00
Meatballs1
15a020dbda
Clear EOL chars
2012-06-22 11:36:27 +01:00
Meatballs1
391a92ccfd
More verbose and specific exception handling
2012-06-22 11:27:06 +01:00
Meatballs1
0ed49998e2
Allowed to run as SYSTEM
2012-06-22 11:17:24 +01:00
Meatballs1
2a3cd6e343
References
2012-06-22 11:14:19 +01:00
Meatballs1
9da2dd816c
Fixed changed time to point to parent node
2012-06-22 11:03:34 +01:00
James Lee
fd8b1636b9
Add the first bits of a sock_sendpage exploit
...
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.
Baby steps.
2012-06-22 00:03:29 -06:00
James Lee
815d80a2cc
Merge branch 'rapid7' into omg-post-exploits
2012-06-21 17:02:55 -06:00
Meatballs1
e0966d5a3a
Incorporated trolldbois comments about SYSTEM and changed date
2012-06-21 19:20:34 +01:00
Meatballs1
6768549c6d
Fixed msftidy error
2012-06-21 18:46:20 +01:00
Meatballs1
5e64c2fb2e
Will only enumerate one DC for each domain using the DOMAINS arg
2012-06-21 18:28:06 +01:00
Tod Beardsley
2729f33ff2
Merge Justin's TortoiseSVN module
...
This adds Justin's TortoiseSVN module with minor edits.
[Closes #508 ]
2012-06-21 11:56:08 -05:00
Tod Beardsley
504d3d477e
Resolve http_proxy_host before reporting, too.
2012-06-21 11:55:13 -05:00
Tod Beardsley
c795c2e438
Resolve hosts for tortoisesvn module reporting
...
report_host() does not expect a DNS name, but an IPv4 or IPv6 address.
In many cases, an SVN password is going to be associated with only a
hostname.
This may be a bug in report_host -- it's certainly inconveninent.
However, we don't usually wnat report_host to be making tons of DNS
lookups when importing hosts, so this forced step is likely intended.
Also, begin/rescue/end blocks that don't hint at what errors are
intended to be caught are rarely a good idea, so this at least informs
the user which exception was raised.
2012-06-21 11:47:37 -05:00
Meatballs1
9b943bc763
Removed redundant file
2012-06-21 17:29:52 +01:00
Meatballs1
82318f0dac
Merge branch 'post_win_gather_creds_gpp_pass' of github:Meatballs1/metasploit-framework into post_win_gather_creds_gpp_pass
2012-06-21 17:27:45 +01:00
Meatballs1
81411374bc
Removed old file
2012-06-21 17:23:14 +01:00
Meatballs1
56a8dda739
Reworking of module to incorporate all contributions
2012-06-21 17:23:13 +01:00
Meatballs1
bb60eacde7
Added store_loot
2012-06-21 17:23:12 +01:00
Meatballs1
be255d53c0
Initial post/windows/gather/credentials Windows Group Policy Preferences Passwords
2012-06-21 17:23:12 +01:00
sinn3r
4004b544c0
The condition for "else" doesn't really do anything for us
2012-06-21 02:53:44 -05:00
sinn3r
9d52ecfbb6
Fix a few mistakes (typos & reference)
2012-06-21 02:32:04 -05:00
sinn3r
d957c021cb
Handle another possible condition
...
If the path actually doesn't exist on the victim, we may run into
a RequestError. Need to handle that... should be pretty common.
2012-06-21 01:38:51 -05:00
sinn3r
6a386b7a88
Rename the file for naming style consistency
2012-06-21 01:25:55 -05:00
sinn3r
367e75bb06
Multiple changes to file_collector.rb
...
This module received the following changes:
* Make msftidy happy
* Remove the GETDRIVES option, and make the SEARCH_FROM option
smarter.
* MSF license
* Other minor changes
2012-06-21 01:21:53 -05:00
sinn3r
327e86e08c
Merge branch 'file_collector' of https://github.com/3vi1john/metasploit-framework into 3vi1john-file_collector
2012-06-20 23:46:04 -05:00
Juan Vazquez
4a8e94463a
Merge pull request #512 from jvazquez-r7/ezserver_add_reference
...
ezserver_http: added bid reference
2012-06-20 13:11:55 -07:00
jvazquez-r7
6be7ba98aa
ezserver_http: added bid reference
2012-06-20 22:08:58 +02:00
Tod Beardsley
302ab963d1
Adding ref for intersil module
2012-06-20 15:05:56 -05:00
HD Moore
f7ecc98923
Merge branch 'master' into feature/vuln-info
2012-06-20 13:34:53 -05:00
sinn3r
61cad28a8c
Merge branch 'gather-ssh-cleanup' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-gather-ssh-cleanup
2012-06-20 11:23:51 -05:00
sinn3r
beb8e33fc4
Fix a typo
2012-06-20 09:53:09 -05:00
sinn3r
efaf5cf193
Oops, I found a typo.
2012-06-19 22:57:45 -05:00
sinn3r
9a9dd53e86
Use get_resource() instead of the hard-coded path
2012-06-19 22:56:25 -05:00
sinn3r
79fc053a2e
Merge branch 'module-CVE-2011-2110' of https://github.com/mrmee/metasploit-framework into mrmee-module-CVE-2011-2110
2012-06-19 22:05:07 -05:00
Steven Seeley
fcf42d3e7b
added adobe flashplayer array indexing exploit (CVE-2011-2110)
2012-06-20 12:52:37 +10:00
HD Moore
d40e39b71b
Additional exploit fail_with() changes to remove raise calls
2012-06-19 19:43:41 -05:00
HD Moore
664458ec45
No more crap :/
2012-06-19 19:43:29 -05:00
jvazquez-r7
a93eeca68d
msxml_get_definition_code_exec: added support for ie9
2012-06-20 00:17:50 +02:00
Tod Beardsley
3b1c434252
Remove trailing space
2012-06-19 16:44:07 -05:00
James Lee
967026a501
Make ssh_creds store keys as creds
...
Also cuts some redundant code by using existing Post API methods.
2012-06-19 14:24:32 -06:00
HD Moore
fb7f6b49f0
This mega-diff adds better error classification to existing modules
2012-06-19 12:59:15 -05:00
HD Moore
a4c98f9627
Fix title to be consistent
2012-06-19 12:58:42 -05:00
justincmsf
b9a2c88733
New Post Module: TortoiseSVN Saved Password Extraction
2012-06-19 09:57:22 -04:00
James Lee
7c417fa977
Add a select command for the various SQL modules
2012-06-18 23:59:57 -06:00
HD Moore
073205a875
Merge branch 'master' into feature/vuln-info
2012-06-18 20:21:36 -05:00
HD Moore
f7a85f3f9d
Make it clear that this works on Vista SP2
2012-06-18 20:13:37 -05:00
HD Moore
4739affd54
Fix the comment as well
2012-06-18 19:57:56 -05:00
HD Moore
bd0fd8195d
Add compatibility for Vista SP2 from troulouliou
2012-06-18 19:55:52 -05:00
sinn3r
4987acc703
Correct e-mail format, description, and some commas.
2012-06-18 18:52:26 -05:00
sinn3r
4a537675b5
Merge branch 'sempervictus-dns_enum_over_tcp'
2012-06-18 18:38:21 -05:00
sinn3r
c0bf362084
Fix the fix for enum_dns
2012-06-18 18:37:56 -05:00
sinn3r
af8cb03d1b
Merge branch 'distcc-add-check' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-distcc-add-check
2012-06-18 18:33:21 -05:00
HD Moore
e7688e1dba
Merge branch 'master' into feature/vuln-info
2012-06-18 18:15:20 -05:00
HD Moore
29887272a9
Correct the description to mention IE8 on Windows 7
2012-06-18 18:14:59 -05:00
jvazquez-r7
2df237b066
minor fixes
2012-06-18 22:44:17 +02:00
Juan Vazquez
10bd72f3a1
Merge pull request #500 from modpr0be/module-ezserver
...
added ezserver <=6.4.017 bof for winxp sp3
2012-06-18 13:42:35 -07:00
James Lee
96c16a498a
Add a check for distcc_exec
...
Just executes the exploit with an "echo <random>" payload to see if it
works.
2012-06-18 14:34:02 -06:00
modpr0be
d706199a83
fix all changes suggested by jvazquez-r7
2012-06-19 02:05:25 +07:00
Rob Fuller
77022d10da
Added a bit of verbosity to SMB capture module to enhance logging and post exploitation
2012-06-18 15:55:40 -03:00
sinn3r
10b733edf9
Merge branch 'dns_enum_over_tcp' of https://github.com/sempervictus/metasploit-framework into sempervictus-dns_enum_over_tcp
2012-06-18 12:14:04 -05:00
sinn3r
256290c206
Additional changes
2012-06-18 10:49:16 -05:00
sinn3r
50269c910a
Add IE 8 targets
2012-06-18 10:44:52 -05:00
RageLtMan
c68476cce2
Add DNS/TCP to enum_dns
2012-06-18 10:47:03 -04:00
RageLtMan
909614569a
Revert "Banner encoding fix when running against dd-wrt on ruby 1.9.3"
...
This reverts commit 89d5af7ab2fe1ce31cd70561893d94bb73f3762c.
Telnet banner parsing restored
2012-06-18 10:44:06 -04:00
HD Moore
dd476f8c5d
Merge branch 'master' into feature/vuln-info
2012-06-18 01:32:49 -05:00
HD Moore
c388cba421
Fix up modules calling report_vuln() to use new syntax
2012-06-17 23:39:20 -05:00
sinn3r
5e3cf86794
Merge branch 'intersil_dos' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-intersil_dos
2012-06-17 18:22:22 -05:00
Thomas Grainger
78876b74dd
Maintain scanner module standard
2012-06-17 20:09:01 +02:00
Thomas Grainger
74cbca5809
Print out successful mysql connection URI
2012-06-17 13:19:53 +02:00
sinn3r
e72303a922
Add Intersil HTTP Basic auth pass reset (originally #453 )
...
The modified version of pull request #453 . This addresses a couple
of things including:
* Change the description to better explain what the vulnerability is.
The advisory focuses the problem as an auth bypass, not DoS,
although it can end up dosing the server.
* The title and filename are changed as a result of matching that
advisory's description.
* Use 'TARGETURI' option instead of 'URI'.
* The reset attempt needs to check if the directory actually has
401 in place, otherwise this may result a false-positive.
* The last HTTP request needs to check a possible nil return value.
* More verbose outputs.
2012-06-16 21:14:57 -05:00
sinn3r
931f24b380
Merge branch 'php_apache_request_headers_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-php_apache_request_headers_bof
2012-06-16 14:56:45 -05:00
sinn3r
d0e490feaa
Merge branch 'module-ms-outlook-post-update' of https://github.com/justincmsf/metasploit-framework into justincmsf-module-ms-outlook-post-update
2012-06-16 14:56:14 -05:00
3vi1john
cb1144c4ec
Added Revised windows file collector and loot module
2012-06-16 11:14:08 -04:00
jvazquez-r7
a8a4594cd4
Documenting esi alignment plus using target_uri.to_s
2012-06-16 09:26:22 +02:00
James Lee
7eebc671ba
Put the curly braces back and drop a comma
...
The curly braces make extra commas at the end ok in 1.8. So fe39642e
broke this module for 1.8. Having braces doesn't hurt anything and
protects against syntax errors if a module author is not dilligent with
their commas, especially after copy-pasting another module.
2012-06-16 01:17:33 -06:00
sinn3r
424948a358
Fix title
2012-06-16 01:48:00 -05:00
sinn3r
38926fb97c
Description and name change
2012-06-15 20:11:34 -05:00
jvazquez-r7
c676708564
BrowserAutopwn info completed
2012-06-16 02:26:33 +02:00
jvazquez-r7
ce241b7e80
BrowserAutopwn info completed
2012-06-16 02:18:01 +02:00
jvazquez-r7
495ed2e434
BrowserAutopwn info added
2012-06-16 02:14:24 +02:00
jvazquez-r7
8a89968a1d
Added module for CVE-2012-1889
2012-06-16 01:50:25 +02:00
Tod Beardsley
7bb3679fef
Errors are different from mere failures (enum_dns)
...
This makes a clear distinction between errors and failures when
performing zone transfers, and logs accordingly.
[See #483 ]
2012-06-15 18:11:25 -05:00
justincmsf
5e19918020
Updated MS Outlook post module
2012-06-15 15:06:18 -04:00
Meatballs1
6f1d5b3193
Added store_loot
2012-06-15 18:27:59 +01:00
Tod Beardsley
fe39642e27
Dropping extra curly braces on f5 module
...
Also dropping extra whitespace.
2012-06-15 12:23:34 -05:00
Meatballs1
1b64fee5d2
Initial post/windows/gather/credentials Windows Group Policy Preferences Passwords
2012-06-15 17:50:36 +01:00
HD Moore
5006db7550
The cert module now defaults SSL to true (didnt make sense)
2012-06-15 10:55:53 -05:00
Tod Beardsley
5a49ac50f1
Shorten option description on enum_dns
2012-06-15 10:33:49 -05:00
Steve Tornio
80a0b4767a
add osvdb ref
2012-06-15 09:02:31 -05:00
jvazquez-r7
1d121071f3
Prepend nops to raw payload in encoder if needed
2012-06-15 09:59:10 +02:00
sinn3r
80d46580ec
One last minor change for metadata format
2012-06-14 21:48:24 -05:00
sinn3r
82799f2601
Some final touchup
...
This commit includes the following changes:
* Description change
* Additional references
* More testing
* Format change
* Other minor stuff
2012-06-14 21:46:38 -05:00
sinn3r
75a67d7160
Merge branch 'module-tfm_mmplayer' of https://github.com/bcoles/metasploit-framework into bcoles-module-tfm_mmplayer
2012-06-14 21:14:29 -05:00
jvazquez-r7
091b3bbbd9
Added module plus encoder for CVE-2012-2329
2012-06-15 00:29:52 +02:00
sinn3r
fb67fe9161
Merge branch 'mrmee-cmdsnd_ftp_exploit'
2012-06-14 14:19:56 -05:00
sinn3r
cde3c48765
Change title
2012-06-14 14:18:30 -05:00
sinn3r
b107025860
Correct typo. Also make use of random junks.
2012-06-14 14:17:57 -05:00
sinn3r
8e06babbba
Make msftidy happy
2012-06-14 14:16:07 -05:00
sinn3r
66e92d0200
Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit
2012-06-14 12:17:29 -05:00
sinn3r
c1685c44c3
Fix disclosure date
2012-06-14 10:03:49 -05:00
sinn3r
1cdf964719
A little change to the description
2012-06-14 10:03:15 -05:00
sinn3r
48ee81de29
Add CVE-2012-2915
2012-06-14 09:56:01 -05:00
bcoles
940f904dee
Changed date format to new DisclosureDate format. Removed two redundant spaces. Now passes msftidy.
2012-06-14 12:10:03 +09:30
Steven Seeley
a5fca47f56
updated windows XP SP3 pivot offset, please retest this
2012-06-14 10:31:17 +10:00
sinn3r
5269776f3d
Merge branch 'redmine/6983' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-redmine/6983
2012-06-13 17:26:54 -05:00
James Lee
ef84ce68e4
Fixes a module that used Wmap stuff without including it
...
[FIXRM #6983 ]
2012-06-13 15:58:54 -06:00
sinn3r
45eb531c23
Add Jun as an author for the initial discovery
2012-06-13 15:50:45 -05:00
sinn3r
7dc19bba16
Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit
2012-06-13 14:55:44 -05:00
Tod Beardsley
e06ee6c0e9
Language on Skype enum module
2012-06-13 14:33:54 -05:00
Tod Beardsley
15b674dab3
Language on MS12-005
2012-06-13 14:22:20 -05:00
Tod Beardsley
99b9261294
Caps in title
2012-06-13 14:19:04 -05:00
Tod Beardsley
ae59f03ac9
Fixing print message in snort module
2012-06-13 14:04:05 -05:00
Tod Beardsley
a579709bac
Cleaning up Modbus scanner
2012-06-13 14:00:07 -05:00
Tod Beardsley
3c73133a44
Fixing up mysql module text
2012-06-13 13:59:58 -05:00
Tod Beardsley
559683f2a1
Fixing CRLFs on winlog_runtime_2
2012-06-13 13:59:39 -05:00
Tod Beardsley
3cf4f7ab44
Fixing indents on msadc module
2012-06-13 13:59:38 -05:00
Tod Beardsley
ca8769d725
Whitespace on mysql module.
2012-06-13 13:59:38 -05:00
sinn3r
42ee2b5c02
Add alienvault.com reference
2012-06-13 12:19:51 -05:00
jvazquez-r7
6abb7bb987
Added module for CVE-2012-1875 as exploited in the wild
2012-06-13 18:33:26 +02:00
Steven Seeley
209d6d20d1
comsnd ftp remote format string overflow exploit
2012-06-14 02:22:31 +10:00
James Lee
1138290a64
Return nil when an error occurred
...
Avoids anti-pattern of testing for a specific class.
2012-06-13 09:41:20 -06:00
HD Moore
a2aaca5e85
Correct a fp with this exploit module (would always print success)
2012-06-13 10:38:05 -05:00
James Lee
c39a42da3d
No need to alter time out
2012-06-12 23:58:20 -06:00
James Lee
1fbe5742bd
Axe some copy-pasta
2012-06-12 23:58:20 -06:00
James Lee
9f78a9e18e
Port ms10-092 to the new Exploit::Local format
2012-06-12 23:58:20 -06:00
James Lee
0e8fb0fe98
Add a post-exploitation exploit for suid nmap
...
Tested on Ubuntu with nmap 6.00 and nmap 5.00
2012-06-12 23:58:20 -06:00
sinn3r
cde508af03
Merge branch 'jjarmoc-php_cgi_arg_injection'
2012-06-13 00:44:41 -05:00
sinn3r
a631e1fef1
Change the default state to make it work on Metasploitable by default
2012-06-13 00:43:59 -05:00
sinn3r
597726d433
Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection
2012-06-13 00:40:02 -05:00
bcoles
9756f87517
Added TFM MMPlayer (m3u/ppl File) Buffer Overflow module
2012-06-13 13:50:12 +09:30
Jeff Jarmoc
bbfe0f8f49
" is 0x22, duh.
2012-06-12 20:00:28 -05:00
HD Moore
00aa8c0452
Add missing ExploitRank
2012-06-12 15:35:53 -05:00
HD Moore
4ea5712140
Add a timeout for wonky systems that hang during negotiation
2012-06-12 15:24:13 -05:00
HD Moore
26e72b4061
Enforce a timeout in the ssh handshake (avoid hangs in some cases)
2012-06-12 15:20:25 -05:00
HD Moore
5922ec1f7a
Permissions
2012-06-12 15:20:25 -05:00
Jeff Jarmoc
12a28bd519
Fixed ruby 1.9 String Indexing issue, using Rex::Text.uri_encode
2012-06-12 14:59:06 -05:00
Steve Tornio
5775fa9e67
add osvdb ref
2012-06-12 14:53:55 -05:00
HD Moore
cc0f3632a8
Merge pull request #477 from jlee-r7/f5-priv
...
CVE-2012-1493 F5 known private key exploit module
2012-06-12 12:20:48 -07:00
James Lee
a91085d6cd
Add a disclosure date and more detailed desc
2012-06-12 13:07:53 -06:00
James Lee
11df90c98e
Call update_info
...
Not sure why all modules don't do this. Or none of them.
2012-06-12 13:01:36 -06:00
James Lee
c564e9dcc4
Fix 1.8 compat error
...
Net::SSH expects +key_data+ to be an array of strings. Giving it just a
string works in 1.9 but not 1.8, presumably due to some errant use of
+each+.
2012-06-12 12:50:46 -06:00
James Lee
539deabef5
Clean up title, options
2012-06-12 12:08:58 -06:00
James Lee
85e1555e13
Payload compat to work with unix/interact
2012-06-12 11:46:21 -06:00
James Lee
3d5417e574
Initial commit of F5 exploit
2012-06-12 11:37:22 -06:00
jvazquez-r7
4ae786590a
php_wordpress_foxypress from patrick updated. Related to Pull Request #475
2012-06-12 17:39:05 +02:00
Steve Tornio
efbaff8b37
add osvdb ref
2012-06-11 22:47:30 -05:00
David Maloney
89e554de2b
Adds post module for stealing GPP Passwords
...
Post module steals Group Policy Preferences account
passwords.
2012-06-11 21:20:18 -05:00
Michael Schierl
34ecc7fd18
Adding @schierlm 's AES encryption for Java
...
Tested with and without AES, works as advertised. Set an AESPassword,
get encryptification. Score.
Squashed commit of the following:
commit cca6c5c36ca51d585b8d2fd0840ba34776bc0668
Author: Michael Schierl <schierlm@gmx.de>
Date: Wed Apr 4 00:45:24 2012 +0200
Do not break other architectures
even when using `setg AESPassword`
commit 422d1e341b3865b02591d4c135427903c8da8ac5
Author: Michael Schierl <schierlm@gmx.de>
Date: Tue Apr 3 21:50:42 2012 +0200
binaries
commit 27368b5675222cc1730ac22e4b7a387b88d0d2b3
Author: Michael Schierl <schierlm@gmx.de>
Date: Tue Apr 3 21:49:10 2012 +0200
Add AES support to Java stager
This is compatible to the AES mode of the JavaPayload project.
I'm pretty sure the way I did it in the handlers (Rex::Socket::tcp_socket_pair())
is not the supposed way, but it works :-)
2012-06-11 16:13:25 -05:00
sinn3r
c3c9051014
Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection
2012-06-11 11:15:15 -05:00
jvazquez-r7
02a5dff51f
struts_code_exec_exception_delegator_on_new_session: on_new_session modified
2012-06-11 12:07:38 +02:00
Juan Vazquez
a43cf76591
Merge pull request #463 from schierlm/struts_arch_java
...
Add ARCH_JAVA support to struts_code_exec_exception_delegator
2012-06-11 03:05:37 -07:00
HD Moore
59f591ac46
Adds jcran's MySQL bruteforce and dump module for CVE-2012-2122
2012-06-11 01:42:06 -05:00
sinn3r
93a2e29ed7
Merge branch 'darkoperator-skype_enum'
2012-06-11 01:41:01 -05:00
sinn3r
d226d80919
Make msftidy happy
2012-06-11 01:34:18 -05:00
sinn3r
2847ed9c43
Merge branch 'skype_enum' of https://github.com/darkoperator/metasploit-framework into darkoperator-skype_enum
2012-06-11 01:28:13 -05:00
Carlos Perez
bb80124d63
Added support for shell and tested on OSX 10.6 and 10.7. Added additional session type checks.
2012-06-10 21:59:14 -04:00
jvazquez-r7
b908ccff0f
Added module for CVE-2012-0297
2012-06-10 22:38:58 +02:00
sinn3r
74c6eb6f78
Change the title and add a Microsoft reference.
...
This is a MS bug, therefore it's important to point out which
bulletin it belongs to.
2012-06-10 14:45:15 -05:00
sinn3r
efcb206cdf
Correct a typo
2012-06-10 14:38:14 -05:00
HD Moore
881ec8d920
Make the description clear that it only reads 4k, default datastore['FD'] to 1
2012-06-10 13:20:02 -05:00
sinn3r
15fa178a66
Add the MSF license text (since MSF_LICENSE is already set)
2012-06-10 02:07:27 -05:00
sinn3r
c7546638f2
Merge branch 'master' of https://github.com/linuxgeek247/metasploit-framework into linuxgeek247-master
2012-06-10 01:58:00 -05:00
sinn3r
498f3323f3
Merge branch 'ms12_005' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms12_005
2012-06-10 01:53:46 -05:00
sinn3r
8f6457661d
Change description
2012-06-10 01:52:26 -05:00
sinn3r
4743c9fb33
Add MS12-005 (CVE-2012-0013) exploit
2012-06-10 01:08:28 -05:00
linuxgeek247
2b67c5132c
Adding read_file linux shellcode
2012-06-09 20:36:47 -04:00
jvazquez-r7
f0082ba38f
Added module for CVE-2012-0299
2012-06-09 22:27:27 +02:00
Michael Schierl
b4d33fb85a
Add ARCH_JAVA support to struts_code_exec_exception_delegator
2012-06-09 21:53:43 +02:00
jvazquez-r7
a9ee2b3480
Use of make_nops
2012-06-08 19:20:58 +02:00
jvazquez-r7
91f5f304cb
Added module for CVE-2011-2217
2012-06-08 18:10:20 +02:00
sinn3r
3726ddddac
Software name correction thanks to modpr0be
2012-06-08 07:07:19 -05:00
sinn3r
41d49ed553
Another badchar analysis. Allow shorter delay (5sec to 1)
2012-06-08 01:59:09 -05:00
sinn3r
e5b451c000
Too many tabs for the beginning of the description
2012-06-07 23:08:11 -05:00
sinn3r
520c0ca660
Make msftidy happy
2012-06-07 23:07:39 -05:00
sinn3r
61f5eddf47
Move winlog file
2012-06-07 23:03:30 -05:00
sinn3r
9adec7e7e7
Merge branch 'winlog-2.07.14' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-winlog-2.07.14
2012-06-07 23:02:23 -05:00
sinn3r
83d21df9f6
Merge branch 'master' of https://github.com/darkoperator/metasploit-framework into darkoperator-master
2012-06-07 22:58:50 -05:00
sinn3r
a709fe1fe3
Fix regex escaping thanks to w3bd3vil
2012-06-07 16:00:59 -05:00
sinn3r
1eb73dec38
Merge branch 'aushack-master'
2012-06-07 12:17:49 -05:00
sinn3r
42795fec00
Get rid of some whitespace
2012-06-07 12:17:25 -05:00
jvazquez-r7
bd714017bb
samsung_neti_wiewer: add Space property for Payload
2012-06-07 16:00:36 +02:00
Patrick Webster
0e20d324b8
Added ms02_065_msadc exploit module.
2012-06-07 21:02:13 +10:00
jvazquez-r7
2f3b1effb9
Added module for OSVDB 81453
2012-06-07 12:47:09 +02:00
Carlos Perez
b004f35354
Change failure of loading gem message to be in par with other gem error messages in the framework, also date is better represented in the CSV with UTC value
2012-06-06 16:28:42 -04:00
sinn3r
28fe4c0be5
What's this break stuff?
...
"break" should be "return"
2012-06-06 11:21:35 -05:00
sinn3r
a54b14b192
Remove whitespace
2012-06-06 11:21:34 -05:00
Patrick Webster
c36ab97d41
Updated msadc exploit with fixes.
2012-06-06 11:21:34 -05:00
Patrick Webster
f25b828d31
Added exploit module msadc.rb
2012-06-06 11:21:34 -05:00
Tod Beardsley
34be642f84
msftidy found EOL spaces on new modules
2012-06-06 10:42:10 -05:00
sinn3r
698e2eab68
Fix nil res when vprints
2012-06-06 09:53:19 -05:00
m-1-k-3
f4f023cbfb
add BID
2012-06-06 09:44:16 +02:00
sinn3r
72cdd67cd0
Remove function cleanup()
...
There is no point of having this function, because there's nothing
in it.
2012-06-06 00:54:04 -05:00
sinn3r
462a91b005
Massive whitespace destruction
...
Remove tabs at the end of the line
2012-06-06 00:44:38 -05:00
sinn3r
3f0431cf51
Massive whitespace destruction
...
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
sinn3r
c30af98b53
Massive whitespace destruction
...
Remove all the lines that have nothing but whitespace
2012-06-06 00:22:36 -05:00
Carlos Perez
b302f50dbe
Initial version of the module supporting Windows and OSX
2012-06-05 19:11:30 -04:00
sinn3r
f438e6c121
Remove the 'Rop' key because we don't really use it
2012-06-05 16:07:23 -05:00
sinn3r
f9651be88e
Merge branch 'ms11_093_ole32' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ms11_093_ole32
2012-06-05 15:44:13 -05:00
sinn3r
37846c0de2
Handle get_once return value correctly
2012-06-05 15:40:49 -05:00
sinn3r
b6f591718a
Change recv to get_once
2012-06-05 15:40:20 -05:00
sinn3r
bc91135808
Correct description
2012-06-05 15:32:41 -05:00
sinn3r
19e187e88e
Correct the description
2012-06-05 15:08:43 -05:00
sinn3r
28511cf666
Title change, use get_once instead of recv. Add a reference.
2012-06-05 15:06:05 -05:00
sinn3r
1c99119ecd
Remove the version key, and correct spacing
2012-06-05 13:53:11 -05:00
sinn3r
8f5759ac13
Move these SCADA modules to SCADA folder
2012-06-05 13:50:53 -05:00
sinn3r
215e0e48a0
Fix Modbus version scanner's format
2012-06-05 11:47:44 -05:00
sinn3r
50243a9679
Add Metasploit license disclaimer since it has a MSF_LICENSE
2012-06-05 11:36:45 -05:00
sinn3r
30ceb98d87
Merge branch 'modbus-auxil' of https://github.com/esmnemon/metasploit-framework into esmnemon-modbus-auxil
2012-06-05 11:35:10 -05:00
sinn3r
a3048c7ae8
Clear whitespace
2012-06-05 11:28:47 -05:00
jvazquez-r7
a30f104ee6
Fix space on Authors
2012-06-05 18:23:57 +02:00
jvazquez-r7
93741770e2
Added module for CVE-2011-3400
2012-06-05 18:21:55 +02:00
m-1-k-3
95d949e860
sleep and at
2012-06-05 18:08:46 +02:00
0a2940
dc6b2f4205
merged unstable-modules/exploits/incomplete/linux/ids/snortdcerpc.rb with exploits/windows/ids/snort_dce_rpc.rb
2012-06-05 04:14:40 -07:00
sinn3r
b282901b08
Correct emails for aux and exploit modules
2012-06-04 21:58:01 -05:00
sinn3r
d9c39d3798
Fix the rest of nil res from get_once
2012-06-04 17:26:15 -05:00
sinn3r
0fcc53b0a2
Handle nil for get_once
2012-06-04 15:31:10 -05:00
sinn3r
a071d2805e
Fix the rest of possible nil res bugs I've found
2012-06-04 14:56:27 -05:00
sinn3r
01803c4a33
Fix possible nil res. Bug #6939 . Part 1.
2012-06-04 13:11:47 -05:00
m-1-k-3
0acbd99e71
targets
2012-06-04 20:08:58 +02:00
m-1-k-3
08ff6c72b1
winlog_lite_2.07.14 initial commit
2012-06-04 17:24:01 +02:00
Carlos Perez
b9e7af6bcd
fixes to OSX modules as requested by egypt on redmine ticket and fixes to the remote desktop post modules
2012-06-04 10:56:40 -04:00
Steve Tornio
0759c3b75c
Adding swtornio's OSVDB ref
...
Watch the trailing commas, that wangs up Ruby 1.8.7 and prior.
Squashed commit of the following:
commit c00363993a726cd0c87fbaee769c44f680feff72
Author: Tod Beardsley <todb@metasploit.com>
Date: Mon Jun 4 09:33:18 2012 -0500
Removing trailing comma
commit 594cae0cab60ba0493a6c50a001cd6885f05522b
Author: Steve Tornio <swtornio@gmail.com>
Date: Mon Jun 4 09:10:36 2012 -0500
add osvdb ref
2012-06-04 09:34:28 -05:00
jvazquez-r7
b53a1396fc
Use of TARGETURI
2012-06-03 22:36:23 +02:00
jvazquez-r7
659b030269
Verbose messages cleanup
2012-06-03 22:29:31 +02:00
jvazquez-r7
34f42bab17
Fix typo in the URI param
2012-06-03 22:14:13 +02:00
jvazquez-r7
efe4136e5b
Added module for CVE-2012-0391
2012-06-03 22:08:31 +02:00
sinn3r
2565888ec5
Change how we handle the password complexity failure
2012-06-03 13:13:44 -05:00
sinn3r
11e6a09cb0
Merge branch 'adduser_tabs' of https://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-adduser_tabs
2012-06-03 12:31:46 -05:00
Chris John Riley
a51df5fc3a
Altered description to include information on the password complexity check
...
Altered the default password to meet the complexity checks
Note: The complexity checks (even if they fail) don't prevent the payload from running. At this point it only raises an warning and continues on. I can change this if it's more desirable however!
2012-06-03 09:22:48 +02:00
sinn3r
86d20b2de1
Merge branch 'adduser_tabs' of https://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-adduser_tabs
2012-06-02 20:27:16 -05:00
sinn3r
1817942aae
Merge branch 'logcms_writeinfo' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-logcms_writeinfo
2012-06-02 17:43:51 -05:00
sinn3r
7bb36bfbde
Fix typo thanks to juan
2012-06-02 16:57:53 -05:00
sinn3r
7e318e9787
Merge branch 'logcms_writeinfo' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-logcms_writeinfo
2012-06-02 14:14:56 -05:00
Chris John Riley
ea66deb779
Added WMIC and complexity checks
2012-06-02 19:41:12 +02:00
Chris John Riley
bada88cdf0
Added WMIC and complexity checks
2012-06-02 19:38:37 +02:00
Christian Mehlmauer
3752c10ccf
Adding FireFart's RPORT(80) cleanup
...
This was tested by creating a resource script to load every changed
module and displaying the options, like so:
````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````
...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.
Thanks FireFart!
Squashed commit of the following:
commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Fri May 25 22:09:42 2012 +0200
Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
2012-06-02 09:53:19 -05:00
sinn3r
59468846e3
Change filename
2012-06-02 01:51:20 -05:00
sinn3r
522991f351
Correct name
2012-06-02 01:49:43 -05:00
sinn3r
7fd3644b8b
Add CVE-2011-4825 module
2012-06-01 18:45:44 -05:00
Christian Mehlmauer
6ae17db7d3
Adding FireFart's hashcollision DoS module
...
Have some minor edits below, looks like it all works now though.
Squashed commit of the following:
commit b7befd4889f12105f36794b1caca316d1691b335
Author: Tod Beardsley <todb@metasploit.com>
Date: Fri Jun 1 14:31:32 2012 -0500
Removing ord in favor of unpack.
Also renaming a 'character' variable to 'c' rather than 'i' which is
easy to mistake for an Integer counter variable.
commit e80f6a5622df2136bc3557b2385822ba077e6469
Author: Tod Beardsley <todb@metasploit.com>
Date: Fri Jun 1 14:24:41 2012 -0500
Cleaning up print msgs
commit 5fd65ed54cb47834dc646fdca8f047fca4b74953
Author: Tod Beardsley <todb@metasploit.com>
Date: Fri Jun 1 14:19:10 2012 -0500
Clean up hashcollision_dos description
Caps, mostly. One sentence I still don't get but it's not really a show
stopper.
commit bec0ee43dc9078d34a328eb416970cdc446e6430
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Thu May 24 19:11:32 2012 +0200
Removed RPORT, ruby 1.8 safe, no case insensitive check, error handling
commit 20793f0dfd9103c4d7067a71e81212b48318d183
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Tue May 22 23:11:53 2012 +0200
Hashcollision Script (again)
2012-06-01 14:51:11 -05:00
Tod Beardsley
ced5b9916e
Whitespace fix for script-fu module
...
This is really just to check the GitHub IRC bot thinger.
2012-06-01 12:24:52 -05:00
sinn3r
353d49d05b
Modify the description
2012-06-01 12:04:46 -05:00
jvazquez-r7
abbd8c8cd5
Added module for CVE-2012-2763
2012-06-01 18:53:25 +02:00
David Maloney
92dafd4d17
Bringin in new version of pcanywhere_login
2012-06-01 11:15:12 -05:00
David Maloney
933949a6b0
trying to work around wierd git issue
2012-06-01 11:13:28 -05:00
David Maloney
28bf017ca9
Fix nil responses
2012-05-31 23:12:17 -05:00
James Lee
4681ed1c1e
Whitespace, thanks msftidy.rb!
2012-05-31 18:18:27 -06:00
Tod Beardsley
c463bd7c6d
Fixing description for citrix module
2012-05-31 16:37:35 -05:00
Tod Beardsley
17e41b2e39
Fixing description for citrix module
2012-05-31 16:36:21 -05:00
Juan Vazquez
a0b491355c
Merge pull request #436 from jvazquez-r7/citrix_streamprocess_get_footer
...
Added module for Citrix Provisioning Services 5.6 SP1
2012-05-31 14:35:22 -07:00
Tod Beardsley
02a41afb2b
Fixing description for juan's Citrix module
2012-05-31 16:34:13 -05:00
Juan Vazquez
00bb216927
Merge pull request #435 from jvazquez-r7/citrix_streamprocess_get_boot_record_request
...
Added module for Citrix Streamprocess Opcode 0x40020004 Buffer Overflow
2012-05-31 14:33:20 -07:00
jvazquez-r7
47c5745673
Fixed name module
2012-05-31 23:23:11 +02:00
jvazquez-r7
e324ed5251
Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020002 Buffer Overflow
2012-05-31 23:21:43 +02:00
jvazquez-r7
1c11b1b1b7
Added module for Citrix Streamprocess Opcode 0x40020002 Buffer Overflow
2012-05-31 23:17:38 +02:00
jvazquez-r7
b5f5804d94
description updated
2012-05-31 23:14:25 +02:00
jvazquez-r7
198070361b
Added module for ZDI-12-010
2012-05-31 22:45:55 +02:00
HD Moore
2ad17299e2
Handle cisco devices better with ssh logins
2012-05-31 14:59:24 -05:00
David Maloney
e93a6ddf83
Adds thelightcosine's pcanywhere module
...
Adds PCAnywhere bruteforce capabilities
Squashed commit of the following:
commit 5354fd849f0c009c534d7ce18369382dd56de550
Author: David Maloney <DMaloney@rapid7.com>
Date: Thu May 31 14:35:23 2012 -0500
Add explicit pack to encrypted header
commit 7911dd309a94df2729c8247c3817cf5de6b99aad
Author: David Maloney <DMaloney@rapid7.com>
Date: Thu May 31 13:11:19 2012 -0500
adds pcanywhere_login module
2012-05-31 14:46:26 -05:00
Steve Tornio
5105c1a4df
add osvdb ref
2012-05-31 08:49:58 -05:00
sinn3r
4d94eeb79d
Merge pull request #430 from wchen-r7/s40_traversal
...
Add s40 dir traversal vuln
2012-05-31 02:46:53 -07:00
sinn3r
a19583624e
Add s40 dir traversal vuln
...
I can't believe I stayed up all night, and this is all I could find.
2012-05-31 04:43:57 -05:00
Tod Beardsley
7e6c2f340e
Minor updates; added BID, fixed grammar
...
Modules should not refer to themselves in the first person unless they
are looking for Sarah Connor.
2012-05-30 16:16:41 -05:00
sinn3r
54e14014c3
Merge pull request #428 from wchen-r7/php_volunteer
...
Add PHP Volunteer Management System exploit
2012-05-30 09:33:32 -07:00
sinn3r
59ea8c9ab9
Print IP/Port for each message
2012-05-30 11:30:55 -05:00
sinn3r
43dffbe996
If we don't get a new file, we assume the upload failed. This is
...
possible when we actually don't have WRITE permission to the
'uploads/' directory.
2012-05-30 11:26:06 -05:00
sinn3r
efdcda55ef
Don't really care about the return value for the last send_request_raw
2012-05-30 11:00:31 -05:00
sinn3r
13ba51db34
Allow the login() function to be a little more verbose for debugging purposes
2012-05-30 10:56:59 -05:00
sinn3r
b81315790d
Add PHP Volunteer Management System exploit
2012-05-30 10:38:45 -05:00
David Maloney
1d63cd6f6b
Revert " Sets the passive flag on the JtR modules"
...
This reverts commit e70ccddc9a
.
2012-05-29 21:28:23 -05:00
David Maloney
9e7acf3a57
left debug statement in module
2012-05-29 20:23:56 -05:00
David Maloney
5496beebbc
fix bad proto name in winscp post mod
...
The service name would get set as SCP instead of SSH
this screws up bruteforce options later
2012-05-29 18:17:28 -05:00
David Maloney
e70ccddc9a
Sets the passive flag on the JtR modules
2012-05-29 17:16:07 -05:00
David Maloney
54fb6d2f7a
Fixes unreal ircd race condition
...
Handler would exit before finishing staging
2012-05-29 17:16:07 -05:00
jvazquez-r7
065d3187d3
Added module for OSVDB 74604
2012-05-29 21:10:51 +02:00
esmnemon
c00222b4c2
Added one modbus-scanner and one modbus-client aux-module SCADA
2012-05-29 20:34:33 +02:00
Steve Tornio
fe86ab9914
=Add osvdb ref
2012-05-29 13:31:20 -05:00
jvazquez-r7
db5b3c8259
Added module for OSVDB 82000
2012-05-28 08:51:36 +02:00
sinn3r
d615e3bcb8
Print target IP/Port when restoring currencies.php
2012-05-28 01:33:45 -05:00
sinn3r
712a21717a
Totally forgot about disclosure date, damn it
2012-05-28 01:31:13 -05:00
sinn3r
7c1442c4b4
Merge pull request #421 from wchen-r7/symantec_web_gateway
...
Add CVE-2012-0297 Symantec Web Gateway
2012-05-27 23:28:59 -07:00
sinn3r
34c93d8e44
Fix check
2012-05-28 00:51:46 -05:00
sinn3r
96d70e5fb6
Add CVE-2012-0297 Symantec Web Gateway
2012-05-27 22:47:39 -05:00
sinn3r
86ba759c07
Oops, I left one more anonymous out.
2012-05-26 15:30:20 -05:00
sinn3r
18c8314d79
Change unknown authors to "Unknown".
...
Since "Anonymous" has become a well known organization, the meaning of the
term also may cause confusion. In order to clarify, we correct unknown
authors to simply "Unknown".
2012-05-26 15:23:09 -05:00
sinn3r
8f537653b4
Merge pull request #420 from wchen-r7/quickshare
...
Add OSVDB-70776 - QuickShare File Share
2012-05-26 01:04:21 -07:00
sinn3r
0b86ceb528
Add OSVDB-70776
2012-05-26 03:00:32 -05:00
jvazquez-r7
e774df5c32
target info plus relocation
2012-05-25 20:16:13 +02:00
jvazquez-r7
c4fad0dea5
module added for OSVDB-73609
2012-05-25 17:18:09 +02:00
sinn3r
7b0fbaed23
Merge pull request #417 from wchen-r7/rabidhamster
...
Add OSVDB-79007 - RabidHamster R4 Log Entry BoF
2012-05-25 01:11:17 -07:00
sinn3r
d595f908fc
Add OSVDB-79007
2012-05-25 03:06:28 -05:00
jvazquez-r7
f7224ab306
flexnet_lmgrd_bof rand_text fix
2012-05-24 18:02:25 +02:00
sinn3r
c606896122
Multiple fixes and improvements:
...
* Make session ID configurable based on feature #6894's suggestion.
* Fix a potential bug when res is nil.
* Use print_error() to make the error message more readable.
2012-05-24 02:16:29 -05:00
Tod Beardsley
5004515187
Resolved conflicts merging back from release
...
Merge branch 'release'
Conflicts:
lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb
modules/exploits/windows/license/flexnet_lmgrd_bof.rb
2012-05-24 00:27:41 -05:00
sinn3r
101abb45a1
Merge branch 'bug/4400-postgres-store-loot' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/4400-postgres-store-loot
2012-05-23 20:38:03 -05:00
James Lee
22601180f3
Save the pilfered file as loot
2012-05-23 18:07:13 -06:00
sinn3r
ac0d22453a
Merge pull request #414 from wchen-r7/apprain
...
Add CVE-2012-1153
2012-05-23 16:34:30 -07:00
sinn3r
8d837f5d20
Module description update. TARGETURI description update.
2012-05-23 18:33:32 -05:00
sinn3r
fab3bfcea1
Add CVE-2012-1153
2012-05-23 17:50:13 -05:00
sinn3r
0b7b71e240
Correct run-on sentence
2012-05-23 10:27:23 -05:00
sinn3r
94f114b69a
Fix typos
2012-05-23 10:22:52 -05:00
sinn3r
7a4f1a111b
Merge branch 'cve-2008-0320_openoffice_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cve-2008-0320_openoffice_bof
2012-05-23 10:20:16 -05:00
jvazquez-r7
287d68f304
added module for CVE-2008-0320
2012-05-23 17:14:11 +02:00
Tod Beardsley
a37e98f159
Updating release from master.
2012-05-22 14:12:08 -05:00
Jeff Jarmoc
c4b64a51f7
Added reference to vendor advisory
2012-05-22 13:22:26 -05:00
Tod Beardsley
87ce3fe2f7
Adding extra ref from jjarmoc
2012-05-22 11:17:57 -05:00
sinn3r
c9604d8902
Add an invisible reference
2012-05-22 10:52:54 -05:00
sinn3r
d9ab464d4d
A very quick update to the title.
2012-05-22 03:11:05 -05:00
sinn3r
c9aa057b6d
Merge pull request #407 from wchen-r7/osx_voice
...
OSX Text-to-Speech tool
2012-05-22 01:06:50 -07:00
sinn3r
ca08e225fb
Add OSX Text-to-Speech tool
2012-05-22 03:03:30 -05:00
jvazquez-r7
c823e8099e
randomization when possible for flexnet_lmgrd_bof
2012-05-22 08:32:10 +02:00
sinn3r
cafe803217
Fix typos
2012-05-21 16:32:33 -05:00
jvazquez-r7
72b1f113ce
Added module for ZDI-12-052
2012-05-21 16:32:33 -05:00
David Maloney
df85e4f586
Remove trailing comma
2012-05-21 16:28:02 -05:00
David Maloney
17943c7a48
Makes it so we don't ever use local config files for Net::SSH
...
Also makes sure that the :config =>false option keeps
Net:SSH from meddling with knowns_hosts too
2012-05-21 16:09:08 -05:00
David Maloney
c386e1ce31
Add an option to the schemadump modules to not display output to the
...
screen
2012-05-21 16:09:07 -05:00
RageLtMan
77f95df1e9
Banner encoding fix when running against dd-wrt on ruby 1.9.3
2012-05-21 14:50:57 -05:00
RageLtMan
125aa43072
PowerShell post module download and exec
...
This adds sempervictus's PowerShell post module, along with a default
post module one can use for quick testing (for expected results, see
the screencap Gist at https://gist.github.com/6011cb87b01e970deca8
[Closes #403 ]
Squashed commit of the following:
commit c6b5a6aac1dc8781c67b611289d7710129592e83
Author: Tod Beardsley <todb@metasploit.com>
Date: Mon May 21 14:43:48 2012 -0500
Minor tweaks to language
commit ef088e135cd7b0ccb514a3011889154661d5bd09
Merge: 0a05455 1e14211
Author: Tod Beardsley <todb@metasploit.com>
Date: Mon May 21 14:34:27 2012 -0500
Merge remote branch 'todb/default-powershell' into Pull403
commit 0a0545558604c53d4648e3314ca8963ff9b225a7
Author: Tod Beardsley <todb@metasploit.com>
Date: Mon May 21 14:33:33 2012 -0500
Reverting unrelated telnet fix
While I'm sure it's great, it needs to be tested.
commit 1e1421102b44a4c60c6eb9b442227075e959d7c6
Author: Tod Beardsley <todb@metasploit.com>
Date: Mon May 21 14:14:09 2012 -0500
Adds a default path to a script for exec_powershell.rb
commit 9978787f44896d06744d50febf4344111edcd7b1
Author: Tod Beardsley <todb@metasploit.com>
Date: Mon May 21 14:06:46 2012 -0500
Adds a new default powershell script
commit 25b605949fbf772e95a510162ca5af510c59788f
Author: RageLtMan <rageltman [at] sempervictus>
Date: Mon May 21 14:15:15 2012 -0400
Synchronized SVIT version of lib...powershell.rb to github. Adds timeout option, check for script encoding, etc. Added post/windows/manage/powershell folder with script execution module. Other modules which can be placed here would be WinRM meterp exec, PS persistence, etc
commit c4a7fd932fb8850de732bfa911cf8d729a5db42d
Merge: 21b31f1 36207eb
Author: RageLtMan <rageltman [at] sempervictus>
Date: Mon May 21 14:07:26 2012 -0400
msfvenom formatting merge conflict fix
commit 36207eb21ee04483c19790b5db7855d0a715e43d
Merge: c77eb03 4772c12
Author: RageLtMan <rageltman [at] sempervictus>
Date: Mon May 21 14:06:07 2012 -0400
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
commit 21b31f10c505862c14234824d4dabbb6fdfe7cbb
Merge: 81a7d62 c77eb03
Author: RageLtMan <rageltman [at] sempervictus>
Date: Fri May 18 12:57:52 2012 -0400
Merge branch 'master' into powershell
commit c77eb03ca4428a741f5d231b3ec1cf80c90e9395
Merge: 89d5af7 52183aa
Author: RageLtMan <rageltman [at] sempervictus>
Date: Fri May 18 12:57:21 2012 -0400
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
commit 89d5af7ab2fe1ce31cd70561893d94bb73f3762c
Author: RageLtMan <rageltman [at] sempervictus>
Date: Fri Mar 2 01:28:02 2012 -0500
Banner encoding fix when running against dd-wrt on ruby 1.9.3
commit 81a7d62c6dab8404c1c0566a8be84c7280edeef8
Author: RageLtMan <rageltman [at] sempervictus>
Date: Tue Mar 20 20:19:13 2012 -0400
powershell for msfvenom
commit 672c7bc37ea37a3b111f755ef17fe0c16047e488
Merge: 3e86dc4 ed542e2
Author: RageLtMan <rageltman [at] sempervictus>
Date: Tue Mar 20 20:08:12 2012 -0400
exe.rb merge cleanup
commit 3e86dc4c40da1df3d0ff4a9ab6fffe8eeda52544
Author: RageLtMan <rageltman [at] sempervictus>
Date: Tue Mar 20 20:06:03 2012 -0400
psh encoder cleanup
commit f619ed477fef7a2830b99ce6a9b27bb523c9d3ce
Author: RageLtMan <rageltman@sempervictus.com>
Date: Sun Feb 5 13:35:11 2012 -0500
method call fix for psh-net encoder
commit 7b035e6da0ead328aebbfdf9fbbebed506cdca18
Author: RageLtMan <rageltman@sempervictus.com>
Date: Fri Feb 3 18:53:54 2012 -0500
PS encoders: .net and architecture dependent native (psh-net, psh)
commit 7a2749bf2682686a87d37d240e61adece53fba8e
Merge: 32730b9 f89853d
Author: RageLtMan <rageltman@sempervictus.com>
Date: Fri Feb 3 18:38:03 2012 -0500
Merge branch 'master' into powershell
commit 32730b96be4c9bd73f1f45b5d2d4330b8fb72cb8
Merge: e69fcd1 f6a6963
Author: RageLtMan <rageltman@sempervictus.com>
Date: Wed Jan 25 10:33:17 2012 -0500
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into powershell
commit e69fcd1a83412d6c0c96605b5acf0675e5b07205
Author: RageLtMan <rageltman@sempervictus.com>
Date: Wed Jan 25 07:59:38 2012 -0500
msfvenom psh addition
commit 9a5d8ead7e69c40ff5e9a73244165a5685ca47ec
Author: RageLtMan <rageltman@sempervictus.com>
Date: Wed Jan 25 07:29:38 2012 -0500
Proper author reference
commit 9fd8ac75a89ca2678b0d09192227eb23f00bf549
Author: RageLtMan <rageltman@sempervictus.com>
Date: Tue Jan 24 19:07:30 2012 -0500
Fix script handling
commit fa363dfe965382a9f89ff404398e38e8f164c11a
Author: RageLtMan <rageltman@sempervictus.com>
Date: Tue Jan 24 17:31:09 2012 -0500
added Msf::Post::Windows::Powershell, reworked post module to use mixin
commit e078d15b5464ff47ce616334d8cb1aa84a00df33
Author: RageLtMan <rageltman@sempervictus.com>
Date: Mon Jan 23 13:42:35 2012 -0500
vprint_good change
commit 355f8bb19a62d974c5c89079dd26dd4cbb756c0a
Author: RageLtMan <rageltman@sempervictus.com>
Date: Mon Jan 23 12:50:51 2012 -0500
exec powershell module
commit 5f9509444953f25352c994f90cae8a168878f7ea
Author: RageLtMan <rageltman@sempervictus.com>
Date: Mon Jan 23 12:45:41 2012 -0500
powershell encoder support - Redmine Feature #6049
2012-05-21 14:48:16 -05:00
Tod Beardsley
4772c1258e
Removing hashcollision_dos module due to license violation
...
The description text is a copy-paste of
http://www.ocert.org/advisories/ocert-2011-003.html , which has a
specific creative commons liscence prohibiting derivative works.
Since I have no idea what else in this module is a license violating,
I'm pulling it completely. I suspect a lot, though -- there are weird
all-caps methods in the module that look like copy-pastes as well.
Next time, please contribute original work, or at least work that is not
encumbered by restrictive licensing.
2012-05-21 11:28:58 -05:00
Tod Beardsley
675dfe4e14
Don't keep the weblogi return codes secret
2012-05-21 11:27:24 -05:00
Tod Beardsley
1104dccde8
Noting rhost/rport, cli.peerhost where appropriate
...
There's no msftidy check for this, and it's irritating to have to
remember to do this all the time.
2012-05-21 11:19:02 -05:00
Tod Beardsley
7cc905832e
Consistent caps on SVG in batik_svg_java exploit
...
Also, modules should not refer to themselves as "I" or "me." It's
creepy.
2012-05-21 11:14:03 -05:00
Tod Beardsley
5dd866ed4a
Fixed print_status to include rhost:rport
...
Also don't let the failed user:pass be a mystery to the user.
2012-05-21 11:11:34 -05:00
Tod Beardsley
eea20e773b
Capitalization fixups on hashcollision_dos
2012-05-21 11:06:18 -05:00
Tod Beardsley
1fc7597a56
Msftidy fixes.
...
Fixed up activecollab_chat, batik_svg_java, and foxit_reader_launch
All whitespace fixes.
2012-05-21 10:59:52 -05:00
sinn3r
822e109b1f
Merge pull request #398 from wchen-r7/foxit_reader_launch
...
CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action BoF
2012-05-20 07:58:29 -07:00
Steve Tornio
ba2787df8a
add osvdb ref
2012-05-20 07:13:56 -05:00
Steve Tornio
c95a06e247
add osvdb ref
2012-05-20 07:13:31 -05:00
sinn3r
628233d15c
Merge pull request #399 from wchen-r7/hp_storageworks
...
Add HP StorageWorks VSA command execution vulnerability
2012-05-19 14:14:49 -07:00
sinn3r
d8c3edd316
Add HP StorageWorks VSA command execution vulnerability
2012-05-19 14:53:45 -05:00
sinn3r
f9bcb95952
Correct EDB references
2012-05-19 02:24:29 -05:00
sinn3r
964a6af423
Add Active Collab chat module PHP injection exploit, by mr_me
2012-05-19 02:06:30 -05:00
sinn3r
e4f80a1fab
Francisco is the the one who found it according to advisory
2012-05-18 17:12:52 -05:00
sinn3r
41aac751e9
Add CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action Buffer Overflow
...
This was added last year, but yanked due to some reliability issues.
bannedit gave me the updated version recently, and the issue he was having
appears to be resolved.
There is no good P/P/R to use in XP SP3, so that system isn't supported.
2012-05-18 13:25:51 -05:00
jvazquez-r7
bedf010676
description modified
2012-05-18 01:23:09 +02:00
jvazquez-r7
e7f5bf132c
trying to improve bea weblogic connector bof
2012-05-18 01:13:56 +02:00
sinn3r
c0d17734ed
Improve run-on sentences.
2012-05-17 15:00:00 -05:00
sinn3r
32a0596a03
Merge branch 'oracle_bea_post_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_bea_post_bof
2012-05-17 14:52:10 -05:00
jvazquez-r7
c4ab521d7b
better tab indentation
2012-05-17 21:41:31 +02:00
sinn3r
0b35ab6a75
If the target isn't support, make sure we warn the user
2012-05-17 12:34:17 -05:00
jvazquez-r7
a21e832336
fingerprinting bea connector with Transfer-Encoding
2012-05-17 19:21:16 +02:00
sinn3r
952ada1742
Fix broken target (variable naming)
2012-05-17 11:37:49 -05:00
sinn3r
2fccf4674f
Be explicit on what version we've tested
2012-05-17 11:04:40 -05:00
sinn3r
1b70ba8208
Merge branch 'batik_module' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-batik_module
2012-05-17 10:55:58 -05:00
jvazquez-r7
0fd3f96720
errata fixed
2012-05-17 17:23:16 +02:00
jvazquez-r7
14d8ba00af
Added batik svg java module
2012-05-17 16:48:38 +02:00
HD Moore
99368d27e5
Fix a missing require
2012-05-17 09:37:23 -05:00
jvazquez-r7
9a5e4d6500
Added target BEA Weblogic 8.1 SP4
2012-05-17 11:07:22 +02:00
jvazquez-r7
445bd90afb
Added module for CVE-2008-3257
2012-05-17 10:28:18 +02:00
jlee-r7
fe7928c18d
Merge pull request #390 from jlee-r7/consolidate-250-254-375
...
Consolidate #250 , #254 , #375
2012-05-16 17:07:33 -07:00
Tod Beardsley
dd4aaa07fa
Fixing CVE reference
2012-05-16 14:34:41 -05:00
Tod Beardsley
336a00bc54
Fixing CVE reference
2012-05-16 14:34:04 -05:00
Tod Beardsley
7a78c99c5e
Adding credit to original PoC guy for RuggedCom
...
Just added and commented. It'd be nice to have a real spot for this kind
of credit, because it comes up a lot and it's hard to parse out in a
machine way who 'wrote' the module and who came up with the exploit.
2012-05-16 13:47:15 -05:00
sinn3r
0b2a8e0b70
Correct e-mail format
2012-05-16 02:40:39 -05:00
HD Moore
4943b4c694
Bug fix from mubix (ruby 1.8 syntax)
2012-05-15 23:05:22 -05:00
sinn3r
b89e77c842
Add Spanish dir path. Thanks Miguel
2012-05-15 19:27:48 -05:00
sinn3r
8428d16db3
Format correction
2012-05-15 19:21:16 -05:00