3da8a59cf0
a little cleanup plus complete metadata
2012-08-20 22:42:54 +02:00
d226135986
Code Review Feedback
...
Removed trailing spaces and fixed indenting.
2012-08-20 10:41:42 -04:00
d82493a658
Code Review Feedback
...
Added 'Space' payload option, which in turn also required 'DisableNops'
Added/Corrected documentation for return addresses
2012-08-19 22:09:08 -04:00
bd249d1f28
Fixed exploit and made code review changes
...
The exploit was not working due to the user's root path causing
the EIP offset to change. To correct this, I was able to get
the server to disclose the root path in an error message (fixed in
5.67). I also radically refactored the exploit due to the feedback
I received from Juan Vazquez.
2012-08-19 10:01:03 -04:00
6dfe706860
Merge remote-tracking branch 'upstream/master' into sysax_create_folder
2012-08-19 09:58:04 -04:00
d1370c0f33
Alexander Gavrun gets a cookie
2012-08-17 12:23:49 -05:00
53a835dc85
Imply that we only garantee 11.3
2012-08-17 12:18:45 -05:00
13df1480c8
Add exploit for CVE-2012-1535
2012-08-17 12:16:54 -05:00
ac2e3dd44e
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-08-15 14:47:22 -05:00
54146b8e99
Add another ref about the technique
2012-08-15 14:46:51 -05:00
f325d47659
Fix up description a little
2012-08-15 13:57:24 -05:00
586d937161
Msftidy fix and adding OSVDB
2012-08-15 13:43:50 -05:00
d56ac81a57
Recapitalizing GlobalSCAPE
...
According to
http://kb.globalscape.com/Search.aspx?Keywords=globalscape
this seems to be the preferred capitalization.
2012-08-15 13:25:35 -05:00
dc5f8b874d
Found a bug with retrying.
2012-08-14 17:04:17 -05:00
bfe2ed0737
Minor title update
2012-08-14 12:14:13 -05:00
1ec7f03352
Changes proposed by todb: description, author email, zip data random
2012-08-14 18:45:05 +02:00
3c79509780
Added module for BID 46375
2012-08-14 18:15:29 +02:00
3e0e5a1a75
No manual stuff, probably prones to failure anyway.
2012-08-14 10:58:57 -05:00
612848df6f
Add priv escalation mod for exploiting trusted service path
2012-08-14 01:55:03 -05:00
bd408fc27e
Updating msft links to psexec
...
Thanks for the spot @shuckins-r7 !
2012-08-13 15:28:04 -05:00
6059bb5710
Merge branch 'cyclope' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-cyclope
2012-08-13 11:40:46 -05:00
dfa00ac499
Merge branch 'zenworks_assetmgmt_uploadservlet' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_assetmgmt_uploadservlet
2012-08-13 11:39:15 -05:00
f9b5f321cb
ADD OSVDB-84517
2012-08-12 17:56:18 -05:00
3711297719
dd Opt::Proxies and opthash[:proxies] to exploits
2012-08-12 16:29:39 -04:00
bf04e2dded
Added module for CVE-2011-2653
2012-08-12 18:27:56 +02:00
67cdea1788
Fix load order issues (again)
...
This is getting annoying. Some day we'll have autoload and never have
to deal with this.
2012-08-10 13:52:54 -06:00
b4b860f356
Correct MC's name
2012-08-08 14:16:02 -05:00
8587ff535a
Added exploit module for CVE-2009-1730
2012-08-08 16:28:03 +02:00
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
7221420267
When it hangs, it's actually the correct behavior, not a failure.
2012-08-07 15:00:08 -05:00
57c32c9c7b
Slip Plixer's name in there, because it's their product.
2012-08-07 12:20:44 -05:00
0f37c1704d
Add vendor's name in there fore better searching
2012-08-07 12:17:41 -05:00
5f4297a68a
I tested it 9.5.2 too
2012-08-07 11:01:08 -05:00
3ba73c4f7f
Fix check() function
2012-08-07 11:00:12 -05:00
6b4ae94dce
Add CVE-2012-3951 Scrutinizer NetFlow and sFlow Analyzer exploit
...
This uses a default MySQL admin credential to write a php file to
the web directory, extracts our malicious executable, and then
finally execute it. We get SYSTEM.
2012-08-07 03:19:44 -05:00
44dd8b0cc5
Merge branch 'update_juan_author' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-update_juan_author
2012-08-06 19:04:26 +02:00
c2cc4b3b15
juan author name updated
2012-08-06 18:59:16 +02:00
349c841f6b
Blah, OSVDB ref shouldn't be a link
2012-08-06 11:57:59 -05:00
647b587f75
Merge branch 'Meatballs1-uplay'
2012-08-06 11:54:51 -05:00
69ff9e7c1c
Lots of changes before commit.
2012-08-06 11:54:08 -05:00
25b2b2de68
Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay
2012-08-06 11:33:27 -05:00
13aca3fe4c
Merge branch 'oracle_autovue_setmarkupmode' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_autovue_setmarkupmode
2012-08-06 03:13:27 -05:00
79e04bb793
add osvdb ref
2012-08-05 09:02:11 -05:00
eb963ae52a
add osvdb ref
2012-08-05 09:01:46 -05:00
4e8a6f6508
Added module for CVE-2012-0549
2012-08-05 12:13:23 +02:00
d5b165abbb
Msftidy.rb cleanup on recent modules.
...
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
1aacea951d
Serve files as hidden
2012-08-04 18:03:12 +01:00
833999b2c3
Changed blacklist to 404 all files that are not our share and executable - this allows windows/exec payload to work
2012-08-04 17:59:45 +01:00
227d0dbc47
Add jabra to authors. I'm a jerk
2012-08-02 11:13:53 -06:00
1a2a1e70f7
Replace load with require, *facepalm*
2012-08-01 22:51:36 -06:00
2f1022a5a3
Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay
2012-08-01 16:24:23 -05:00
f6a2ba094d
Merge branch 'sonicwall_scrutinizer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sonicwall_scrutinizer
2012-08-01 15:14:34 -05:00
74a6c724a6
Merge branch 'cisco_playerpt_setsource_surl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cisco_playerpt_setsource_surl
2012-08-01 15:13:15 -05:00
6ae863cdff
Forgot two extra spaces, how dare me!
2012-08-01 15:11:33 -05:00
48533dc392
Merge branch 'current-user-psexec' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-current-user-psexec
2012-08-01 15:02:10 -05:00
92d1d26288
Add CVE-2012-2962 : Dell SonicWall Scrutinizer exploit
2012-08-01 15:00:24 -05:00
4c28b2a310
modified autopwn_info to add ie9
2012-08-01 19:36:20 +02:00
d3c10d5d39
Added module for CVE-2012-0284
2012-08-01 19:34:37 +02:00
0707730fe0
Remove superfluous method
...
Obsoleted by session.session_host, which does the same thing
2012-08-01 01:07:21 -06:00
47eb387886
Add current_user_psexec module
...
Tested against a 2k8 domain controller.
2012-08-01 01:05:10 -06:00
d66678e7ee
Forgot to randomize element ID
2012-07-31 17:25:50 -05:00
7a0b5a6169
Added module for CVE-2012-1876
2012-07-31 23:14:29 +02:00
75a9283fbf
Removed auto migrate as exploit loads in a seperate process to browser anyway
2012-07-31 20:44:14 +01:00
6f697ce519
Working with WebDAV
2012-07-31 20:26:47 +01:00
e7db0ebcef
Blah, removed the wrong ref.
2012-07-30 12:47:32 -05:00
edfe43e7e0
When I say to remove BID ref, I mean it...
2012-07-30 12:46:27 -05:00
e84214d1e1
Remove some references to avoid confusion.
...
rgod's poc and Mikado aren't actually the same thing, despite the
fact they both use the same method. To avoid confusion, refs to
Secunia and CVE are removed, but OSVDB/EDB are kept unless OSVDB
decides rgod's and Mikado's are separate issues.
2012-07-30 12:42:27 -05:00
f298dbbd04
Fixed to work with browser_autopwn
2012-07-30 16:43:21 +01:00
066020e572
Msftidy
2012-07-30 15:51:56 +01:00
404909cb95
Check as IE crashes if length > 693
2012-07-30 15:41:58 +01:00
690c381abd
Initial commit
2012-07-30 14:49:34 +01:00
2fa88366be
Added module for MS10-104
2012-07-30 09:01:38 +02:00
2f7b5f35af
Added Sysax 5.64 Create Folder exploit
2012-07-29 10:40:02 -04:00
0bbcac96ea
cleanup: delete revision metadata plus fix disc date
2012-07-26 15:04:15 +02:00
e885b84347
Added module for CVE-2012-0284
2012-07-26 13:08:24 +02:00
d2e1f4b448
Added module for OSVDB 83745
2012-07-25 19:24:09 +02:00
b527356e00
This check can be handy
2012-07-22 03:34:16 -05:00
beb1fbb55d
Added module for Simple Web Server Connection header bof
2012-07-21 12:07:36 +02:00
f4e4675dc5
Avoid unpack with native endian types
2012-07-20 22:07:12 +02:00
37f14f76b7
Descriptions updated
2012-07-19 17:38:01 +02:00
2bb36f5ef9
Remove repeating words
2012-07-19 10:17:05 -05:00
898530dd54
Fix description
2012-07-19 10:15:26 -05:00
2c648b1c5b
Merge branch 'zenworks_preboot_op6c_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6c_bof
2012-07-19 10:14:10 -05:00
8f867b5b0d
100 columns or each line in the description
2012-07-19 10:12:22 -05:00
d51209a3cf
Beautify
2012-07-19 15:53:47 +02:00
d69a46a9f0
Beautify
2012-07-19 15:53:09 +02:00
83b7b90c61
Added module for CVE-2011-3175
2012-07-19 15:30:51 +02:00
48f8145d97
Added module for CVE-2011-3176
2012-07-19 15:29:10 +02:00
ebe48ecf16
Add Rank for schelevator, update sock_sendpage's
2012-07-18 11:16:29 -06:00
f4547527a8
Merge branch 'omg-post-exploits' of https://github.com/jlee-r7/metasploit-framework
2012-07-17 17:43:40 -05:00
b3e11f2e6b
Merge branch 'zenworks_preboot_op6_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6_bof
2012-07-17 17:42:58 -05:00
80bfd48535
Added module for ZDI-010-090 Opcode 0x6
2012-07-17 23:25:55 +02:00
0514756e92
Added module for ZDI-010-090 Opcode 0x21
2012-07-17 23:25:04 +02:00
efe478f847
Merge branch 'master' into omg-post-exploits
2012-07-16 09:20:23 -06:00
7f3aeca501
Put lipstick on this pig for the time being
2012-07-15 21:35:29 -05:00
44e56c87f1
Make super sure that blank creds are not reported
2012-07-15 20:56:31 -05:00
8cf08c6ca3
Target W7 updated
2012-07-15 17:45:58 +02:00
e1ff6b0cef
Nicer cleanup
2012-07-14 17:57:32 -05:00
bdf009d7a8
Review of pull request #606
2012-07-15 00:20:12 +02:00
06974cbc43
This bug is now patched
2012-07-10 12:28:46 -05:00
jvazquez-r7
Matt Andreko
sinn3r
Tod Beardsley
RageLtMan
James Lee
Steve Tornio
Meatballs1
HD Moore