Commit Graph

13098 Commits (c386e1ce31607ee74a4496a251a5671be687296f)

Author SHA1 Message Date
Steve Tornio 7690e86a89 add osvdb ref 2012-05-14 07:14:10 -05:00
Steve Tornio bcfa96ced8 add osvdb ref 2012-05-14 07:13:49 -05:00
sinn3r 0b817944c3 Merge pull request #386 from jlee-r7/fix-posix-execute
Fix posix execute
2012-05-13 16:17:34 -07:00
sinn3r 2e8b11ca78 Merge pull request #383 from rsmudge/armitage
Armitage 05.14.12
2012-05-13 16:15:59 -07:00
root 99a5d1a7b5 fix :pname in the web_vuln_info hash to no include the parameter value 2012-05-13 14:43:02 -07:00
James Lee ecb106d714 throw is not the same as raise
Clearly this code never gets called.
2012-05-13 15:31:57 -06:00
root 2906686da1 forgot to git add db.rb. oops 2012-05-13 14:30:27 -07:00
root d5cec05cc3 fix tabs 2012-05-13 14:28:50 -07:00
root 253802761f Remove extraneous puts 2012-05-13 14:19:19 -07:00
root d0f49c1213 Finished! Importing wapiti now adds Mdm::WebVulns to the db.
However, I see no way to actually seeing the webvulns in framework
after importing the report.
2012-05-13 13:58:25 -07:00
James Lee 73331b66e6 Fix execution with spaces in args by using sh -c
In posix, a command like "echo 'foo bar'" would previously get parsed
out into arguments for execve like [ "echo", "'foo", "bar'" ] which
obviously isn't what you want. After this commit, it sticks the whole
thing in an arg to sh so the execve call ends up looking like
  execve("/bin/sh", ["sh", "-c", "echo 'foo bar'"], [/* 26 vars */]) = 0
This is still a little less than ideal because shell escapes become a
problem; fortunately, that's easy to deal with on the client side as
long as module developers take it into account.
2012-05-13 14:55:57 -06:00
pyoor 6b6dc60b25 Cisco Secure ACS Auth Bypass Module 2012-05-13 16:16:18 -04:00
Christian Mehlmauer dc10fac885 Ported my Hashcollision Script to Ruby 2012-05-13 20:59:42 +02:00
sinn3r 79a590ccf7 Merge pull request #380 from wchen-r7/bmerinofe-telnet_ruggedcom
Modified version of pull request #379 - RuggedCom Telnet Password Generator by bmerinofe
2012-05-13 11:13:27 -07:00
Brandon Perry b0b72b05d5 Adding the beginning of the wapiti report import nokogiri document 2012-05-13 13:02:48 -05:00
Raphael Mudge c7b9b711f1 Armitage 05.14.12
This release SSL-enables the red team collaboration architecture, adds several keyboard
shortcuts and it improves the workflow for viewing downloaded files/loots.
2012-05-13 13:56:10 -04:00
sinn3r d2c26f989c Cleanup whitespace 2012-05-13 04:42:22 -05:00
sinn3r c1fbf1f931 Merge branch 'mozilla_attribchildremoved' of https://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-mozilla_attribchildremoved 2012-05-13 04:37:49 -05:00
Peter Van Eeckhoutte (corelanc0d3r) dd42c3096e added exploit for Firefox 8&9 AttributeChildRemoved UAF 2012-05-13 11:31:46 +02:00
sinn3r 15fbb1e86c This the modified version of pull request #379. Changes include:
* Add more references
* Update description
* MSF license disclaimer
* Remove the to() function. Instead it's in run_host()
* Put 'info' in the :proof key
* Remove ::Exception handling, so we can see the original that's also logged in framework.log
2012-05-13 04:09:17 -05:00
James Lee e2bf3c5750 throw is not the same as raise
Clearly this code never gets called.
2012-05-12 16:53:54 -06:00
Tod Beardsley bc1c9a7fe4 Prepend all messages with victim host:port
Redefining print_status locally to handle this. Seems like an easy way
to do this kind of thing for a particular module.

[Closes #272]
2012-05-11 17:48:54 -05:00
Tod Beardsley ab655677b4 Fixed typo, converted to OptEnum for fakedns targetaction 2012-05-11 17:12:31 -05:00
Jose Selvi af71cdafe2 Update modules/auxiliary/server/fakedns.rb 2012-05-11 17:01:14 -05:00
Jose Selvi 1d6b2eb3fe Added TARGETACTION options and wildcard support 2012-05-11 17:01:13 -05:00
sinn3r 5d8fbefc3d Merge pull request #378 from wchen-r7/distinct
Add OSVDB-80984 - Distinct TFTP Directory traversal
2012-05-11 13:14:19 -07:00
sinn3r 653d7e5923 Add OSVDB-80984 2012-05-11 15:07:31 -05:00
Tod Beardsley aa3930fcb9 Typo on fixed tftp module 2012-05-10 21:42:33 -05:00
Tod Beardsley 36c805c5ff Move the context setting to the module
Apparently you can't hit the framework object before running the module
any more. Bummer.

[Fixes #6843]
2012-05-10 21:21:32 -05:00
sinn3r 7eabce8872 Add comment for PrependEncoder 2012-05-10 12:18:50 -05:00
sinn3r 2b13330483 Merge pull request #376 from wchen-r7/wikkawiki
Add CVE-2011-4449
2012-05-10 10:13:56 -07:00
sinn3r 6e8c3ad1e3 It's "inject", not "upload"... because technically that's what really happens. 2012-05-10 12:06:02 -05:00
sinn3r c69e34d407 Update description 2012-05-10 12:02:55 -05:00
sinn3r 86c3ad5e0c Add CVE-2011-4449 2012-05-10 11:57:40 -05:00
Tod Beardsley 65800f7c6e Whitespace on solarwinds 2012-05-09 12:47:22 -05:00
sinn3r b29f2265f5 Merge pull request #369 from jlee-r7/psnuffle-cleanup
Psnuffle cleanup
2012-05-08 20:24:47 -07:00
James Lee 7a05f3eab4 Mark failed logins as inactive 2012-05-08 16:51:22 -06:00
James Lee 318b14af4c Fix improper reporting and stack traces when we missed a banner
Also makes sure we delete the session if we got a 221 response, even if
we haven't seen a login yet.
2012-05-08 16:40:56 -06:00
James Lee 1eec1cebb5 Fix improper reporting
:proto is always tcp, udp, etc., name is the higher layer name
2012-05-08 16:39:32 -06:00
James Lee 536fa39ae8 Keep the client and the server on tracked tcp sessions 2012-05-08 16:38:12 -06:00
James Lee 88b35a32e5 Make permissions consistent 2012-05-08 13:50:43 -06:00
James Lee 421630ef85 Binaries with fixed timestamps
[See #304]
2012-05-08 13:49:35 -06:00
Michael Schierl 5bf03aff7d Squashed commit of the following:
commit db8a4fe575ec09607036ae5550adb83b345d9f2c
Author: Michael Schierl <schierlm@gmx.de>
Date:   Wed Apr 11 00:41:51 2012 +0200

    Ensure the manifest is always at the beginning of the JAR files

    Might create strange errors when loading stdapi if not.

commit fc02de4e36b3b952e256885d277e9c8e91f8f065
Author: Michael Schierl <schierlm@gmx.de>
Date:   Wed Apr 4 23:20:20 2012 +0200

    Change the build file so that it generates fixed timestamps inside meterpreter.jar / ext_server_stdapi.jar

[Closes #304]
2012-05-08 13:48:21 -06:00
Alexandre Maloteaux 452cead1e9 Merge psnuffle ntlmv2 support from Alex Malateaux
Testing this with smbclient requires setting "client ntlmv2 auth = yes"
in /etc/samba/smb.conf

Squashed commit of the following:

commit 7acc32f5f00914fed355a080ca237543448f80ca
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date:   Thu Apr 12 01:52:49 2012 +0100

    psnuffle : move protocol filtering in load function

commit 9c9ae9711c760b4f072271b7e5993f9bf8366671
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date:   Thu Apr 12 01:50:48 2012 +0100

    psnuffle : add hash exctratiopn from smbv2 session

[Closes #327]
2012-05-08 13:41:42 -06:00
Tod Beardsley 86500aad47 Author is always singular. 2012-05-08 08:47:52 -05:00
sinn3r 91a8ff2766 Use print_good when SQL injection is found 2012-05-08 01:30:13 -05:00
sinn3r fa9d23d839 When a blind SQL injection, it's a good thing (for the attacker), so we should use print_good 2012-05-08 01:26:39 -05:00
sinn3r ce16ab662c Cosmetic changes. Also lower the rank for now, because I picked up a state where it can be less stable. 2012-05-08 00:22:19 -05:00
sinn3r 22585ad935 Merge branch 'firefox_exploit' of https://github.com/lincoln-corelan/metasploit-framework into lincoln-corelan-firefox_exploit 2012-05-08 00:00:03 -05:00
lincoln-corelan b8227b8a2e Firefox Exploit 2012-05-07 19:41:03 -07:00