scriptjunkie
e89dcc5ab0
While 1337 is fun and funny, it is easy to spot and the correct port is 137.
2012-09-22 17:00:51 -05:00
scriptjunkie
0158312615
Java meterpreter can run scripts too!
2012-09-22 16:49:16 -05:00
dcbz
202a78dd3f
Added say.rb: uses /usr/bin/say to output a string
2012-09-22 09:13:29 -05:00
dcbz
09b8a6d87f
Added reverse_tcp stager payload, and updated bind
2012-09-22 08:31:42 -05:00
dcbz
81ceff7370
Added a tcp stager, and a small exec for testing
2012-09-22 07:24:51 -05:00
sinn3r
cade078203
Update author info
2012-09-22 02:29:20 -05:00
dcbz
dccb8d235d
Adding OSX 64-bit find-tag module.
2012-09-21 15:39:35 -05:00
Chris John Riley
ce441e95a6
Corrected typo, missing \ and minor regex match
2012-09-21 22:04:19 +03:00
Barry Shteiman
b1226ab87c
mysql search config + less verbose
2012-09-21 20:01:32 +01:00
sinn3r
d3611c3f99
Correct the tab
2012-09-21 12:29:24 -05:00
sinn3r
25f4e3ee1f
Update patch information for MS12-063
2012-09-21 12:28:41 -05:00
Chris John Riley
9753494cba
Corrected regex scan vs. match issues
...
Altered PS and PCL to elsif to avoid
double detection of printjobs.
2012-09-21 13:20:14 +02:00
jvazquez-r7
ed24154915
minor fixes
2012-09-21 11:36:58 +02:00
Chris John Riley
f7aaae614e
Reduced instances of #{name} to client
...
connections and disconnections. All other
output should be self explanatory and
doesn't need #{name}
2012-09-21 11:08:47 +02:00
Chris John Riley
78f77a3df2
Replaced if @verbose with vprint_status
...
Corrected bug in non-detected print types
2012-09-21 10:59:39 +02:00
bcoles
6ee2c32f08
add ZEN Load Balancer module
2012-09-21 17:25:20 +09:30
jvazquez-r7
0032713198
description modified
2012-09-21 10:09:42 +02:00
jvazquez-r7
f6baf7fe34
Merge branch 'MySQL-JtR' of https://github.com/halfie/metasploit-framework into halfie-MySQL-JtR
2012-09-21 10:08:34 +02:00
sinn3r
54b98b4175
Merge branch 'ntr_activex_check_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_check_bof
2012-09-20 16:43:20 -05:00
sinn3r
4ead0643a0
Correct target parameters
2012-09-20 16:41:54 -05:00
sinn3r
41449d8379
Merge branch 'ntr_activex_stopmodule' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_stopmodule
2012-09-20 16:33:12 -05:00
sinn3r
1534c4af6f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-09-20 16:20:34 -05:00
sinn3r
776d24d8a9
cleanup
2012-09-20 16:16:30 -05:00
sinn3r
311c01be46
Cleanup, improve option handlingg
2012-09-20 16:14:15 -05:00
David Maloney
7fcc34766a
Added datastore items to BAP handlers
...
Added two datastore items to handlers created by BAP
2012-09-20 15:21:08 -05:00
Tod Beardsley
a5ffe7297f
Touching up Kernelsmith's wording.
...
It is merely the ROP chain, not the vuln, that requires Java.
2012-09-20 14:52:52 -05:00
Tod Beardsley
883dc26d73
Merge remote branch 'kernelsmith/ie_execcommand_uaf_info'
2012-09-20 14:48:36 -05:00
sinn3r
57fd9b8c18
Merge branch 'master' of https://github.com/dcbz/metasploit-framework into dcbz-master
2012-09-20 13:37:31 -05:00
jvazquez-r7
e98e3a1a28
added module for cve-2012-0266
2012-09-20 19:03:46 +02:00
jvazquez-r7
b61c8b85b8
Added module for CVE-2012-02672
2012-09-20 19:02:20 +02:00
Chris John Riley
3d254b69fd
Applied all requirements from pull/715
...
Reworked PCL regex to match PCL 6/XL
msftidy is still complaining about
an indent. Can't find why however!
New PULL created as per request from
jvazquez-r7
2012-09-20 18:04:36 +02:00
Dhiru Kholia
17f7e94f4d
Add support for dumping MySQL challenge-response pairs in JtR format
2012-09-20 13:54:12 +05:30
David Maloney
f75ff8987c
updated all my authour refs to use an alias
2012-09-19 21:46:14 -05:00
dcbz
f5df7e0e8a
Added 2 payload modules (reverse and bind tcp shells)
2012-09-19 16:59:26 -05:00
kernelsmith
f1a39c76ed
update to ie_execcommand_uaf's info to add ROP info
...
This module requires the following dependencies on the target for the
ROP chain to function. For WinXP SP3 with IE8, msvcrt must be present
(which it is on default installs). For Vista/Win7 with IE8 or Win7
with IE9, ire 1.6.x or below must be installed.
2012-09-19 14:10:02 -05:00
Ramon de C Valle
11f82de098
Update author information
2012-09-19 14:00:51 -03:00
sinn3r
cc8102434a
CVE assigned for the IE '0day'
2012-09-18 16:13:27 -05:00
Tod Beardsley
25475ffc93
Msftidy fixes.
...
Whitespace on ie_execcommand_uaf, and skipping a known-weird caps check
on a particular software name.
2012-09-18 11:25:00 -05:00
jvazquez-r7
8b251b053e
initializing msghdr a little better
2012-09-18 12:12:27 +02:00
jvazquez-r7
16c5df46fc
fix while testing ubuntu intrepid
2012-09-18 11:52:50 +02:00
sinn3r
5fbc4b836a
Add Microsoft advisory
2012-09-17 22:13:57 -05:00
Tod Beardsley
75bbd1c48d
Being slightly more clear on Browser Not Supported
...
With this and the rest of sinn3r's fixes, it looks like we can close the
Redmine bug.
[FixRM #7242 ]
2012-09-17 11:16:19 -05:00
sinn3r
d77ab9d8bd
Fix URIPATH and nil target
...
Allow random and '/' as URIPATh, also refuse serving the exploit
when the browser is unknown.
2012-09-17 10:54:12 -05:00
Tod Beardsley
48a46f3b94
Pack / Unpack should be V not L
...
Packing or unpacking to/from L, I, or S as pack types will cause
problems on big-endian builds of Metasloit, and are best avoided.
2012-09-17 09:52:43 -05:00
Tod Beardsley
d77efd587a
Merge remote branch 'wchen-r7/ie_0day_execcommand'
2012-09-17 08:48:22 -05:00
sinn3r
5eaefcf4c7
This is the right one, I promise
2012-09-17 08:41:25 -05:00
sinn3r
8f50a167bd
This is the right module
2012-09-17 08:36:04 -05:00
sinn3r
e43cae70a7
Add IE 0day exploiting the execcommand uaf
2012-09-17 08:28:33 -05:00
Tod Beardsley
c83b49ad58
Unix linefeeds, not windows
...
That's what I get for just committing willy-nilly with a fresh install
of Gvim for Windows.
Also, this is an experiment to see if linefeeds are being respected in
this editor Window. I doubt it will be, given GitHub's resistence to
50/72 as a sensible default.
2012-09-16 18:10:35 -05:00
Tod Beardsley
2fc34e0073
Auth successful, not successfully
...
Just fixing up some adverb versus adjective grammar.
2012-09-16 17:51:00 -05:00
sinn3r
b07b30839e
Merge branch 'webmin_edit_html_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-webmin_edit_html_fileaccess
2012-09-16 03:17:09 -05:00
jvazquez-r7
63d2d60c68
delete don't needed line
2012-09-15 23:56:38 +02:00
jvazquez-r7
ff2e9fc157
add changes proposed by sinn3r
2012-09-15 23:55:55 +02:00
jvazquez-r7
cbc778cb47
add changes proposed by sinn3r
2012-09-15 23:53:09 +02:00
jvazquez-r7
0708ec72fc
module moved to a more correct location
2012-09-15 15:31:21 +02:00
jvazquez-r7
0f67f8d08a
target modified
2012-09-15 15:14:33 +02:00
jvazquez-r7
70ff7621d6
added module for CVE-2012-2983
2012-09-15 15:11:12 +02:00
jvazquez-r7
0061d23b37
Added module for CVE-2012-2982
2012-09-15 15:09:19 +02:00
jvazquez-r7
9a83c7c338
changes according to egypt review
2012-09-14 18:47:50 +02:00
jvazquez-r7
eae571592c
Added rgod email
2012-09-14 17:45:16 +02:00
jvazquez-r7
a2649dc8d1
fix typo
2012-09-14 17:10:41 +02:00
jvazquez-r7
e27d5e2eb7
Description improved
2012-09-14 17:08:59 +02:00
jvazquez-r7
9c77c15cf5
Added module for osvdb 85087
2012-09-14 16:54:28 +02:00
James Lee
3c6319b75f
Add nonx stagers for linux
...
[See #784 ]
2012-09-13 15:15:38 -05:00
James Lee
caf7619b86
Remove extra comma, fixes syntax errors in 1.8
...
Thanks, Kanedaaa, for reporting
2012-09-13 12:07:34 -05:00
sinn3r
1f58458073
Merge branch 'udev_netlink' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-udev_netlink
2012-09-13 10:37:52 -05:00
sinn3r
b31e8fd080
Merge branch 'qdpm_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-qdpm_upload_exec
2012-09-13 10:37:10 -05:00
sinn3r
71a0db9ae5
Make sure the user has a 'myAccount' page
2012-09-13 10:33:43 -05:00
jvazquez-r7
6771466cb7
Added module for CVE-2011-2750
2012-09-13 17:24:16 +02:00
sinn3r
658502d5ad
Add OSVDB-82978
...
This module exploits a vuln in qdPM - a web-based project
management software. The user profile's photo upload feature can
be abused to upload any arbitrary file onto the victim server
machine, which allows remote code execution. However, note in
order to use this module, the attacker must have a valid cred
to sign.
2012-09-13 10:01:08 -05:00
jvazquez-r7
12f3ef9c7c
added osvdb numbers
2012-09-13 14:00:12 +02:00
James Lee
f38ac954b8
Update linux stagers for NX compatibility
...
- Adds a call to mprotect(2) to the reverse and bind stagers
- Adds accurate source for some other linux shellcode, including some
comments to make it more maintainable
- Adds tools/module_payload.rb for listing all payloads for each exploit
in a greppable format. Makes it easy to find out if a payload change
causes a payload to no longer be compatible with a given exploit.
- Missing from this commit is source for reverse_ipv6_tcp
2012-09-12 18:44:00 -05:00
Tod Beardsley
39f2cbfc3c
Older targets confirmed for CoolType SING
2012-09-12 16:51:51 -05:00
Tod Beardsley
fba219532c
Updating BID for openfiler
2012-09-12 14:13:21 -05:00
Tod Beardsley
32e2232de3
Disambiguating hkm from hdm
...
Having an author name of "hkm" really looks like a typo for "hdm," but
it's not.
2012-09-11 11:13:20 -05:00
HD Moore
c901002e75
Add ssh login module for cydia / ios defaults
2012-09-10 19:36:20 -05:00
HD Moore
fbbed2262b
Updated iOS modules
2012-09-10 17:42:17 -05:00
sinn3r
83f4b38609
Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 16:19:14 -05:00
jvazquez-r7
61bf15114a
deregistering FILENAME option
2012-09-10 23:14:14 +02:00
sinn3r
2259de3130
Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 16:10:22 -05:00
jvazquez-r7
199fbaf33d
use a static filename
2012-09-10 23:08:21 +02:00
sinn3r
1c14c270bc
Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 15:53:16 -05:00
jvazquez-r7
cb975ce0a2
cleanup plus documentation for the maki template
2012-09-10 22:48:04 +02:00
sinn3r
f5a0f74d27
Merge branch 'wanem_exec_improve' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-wanem_exec_improve
2012-09-10 13:35:48 -05:00
James Lee
bbeb6cc97a
Add a privilege escalation exploit for udev < 1.4.1
...
Also includes a new ```rm_f``` method for Post::File for deleting remote
files in a platform-independent way.
2012-09-10 12:32:14 -05:00
jvazquez-r7
607c0f023a
added edb references
2012-09-10 17:30:31 +02:00
jvazquez-r7
b813e4e650
Added module for CVE-2009-1831
2012-09-10 16:46:16 +02:00
sinn3r
64b8696e3c
Extra condition that's not actually needed
...
Don't actually need to check nil res, because no code will
actually try to access res when it's nil anyway. And the 'return'
at the of the function will catch it when the response times out.
2012-09-09 04:06:48 -05:00
bcoles
cb95a7b520
Add openfiler_networkcard_exec exploit
2012-09-09 17:28:09 +09:30
jvazquez-r7
37c7f366f2
check function test vulnerability + minor improvements
2012-09-09 00:42:02 +02:00
bcoles
f02659184a
Add WANem v2.3 command execution
2012-09-08 16:01:45 +09:30
jvazquez-r7
caae54a7ca
added osvdb reference
2012-09-07 16:56:37 +02:00
Tod Beardsley
aaf7fcd5e9
Closing bracket doh
2012-09-07 08:57:27 -05:00
Tod Beardsley
53e4818c2e
Humble-desser, not humble-dresser
2012-09-07 08:49:27 -05:00
jvazquez-r7
c572c20831
Description updated to explain conditions
2012-09-07 11:18:54 +02:00
sinn3r
bd596a3f39
Merge branch 'sflog_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sflog_upload_exec
2012-09-06 18:40:19 -05:00
sinn3r
86036737ca
Apparently this app has two different names
...
People may either call the app "ActiveFax", or "ActFax". Include
both names in there to allow the module to be more searchable.
2012-09-06 18:38:03 -05:00
sinn3r
6a484cdbc5
Merge branch 'actfax_local_exploit' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-actfax_local_exploit
2012-09-06 18:35:08 -05:00
sinn3r
b4270bb480
Add OSVDB-83767: SFlog Upload Exec Module
...
This module exploits multiiple flaws in SFlog!. By default, the
CMS has a default admin cred of "admin:secret", which can be
abused to access admin features such as blog management. Through
the management interface, we can upload a backdoor that's accessible
by any remote user, and then we gain code execution.
2012-09-06 18:30:45 -05:00
jvazquez-r7
fc1c1c93ba
ZDI references fixed
2012-09-07 00:50:07 +02:00
jvazquez-r7
4985cb0982
Added module for ActFac SYSTEM Local bof
2012-09-07 00:45:08 +02:00
jvazquez-r7
65681dc3b6
added osvdb reference
2012-09-06 13:56:52 +02:00
jvazquez-r7
b4113a2a38
hp_site_scope_uploadfileshandler is now multiplatform
2012-09-06 12:54:51 +02:00
jvazquez-r7
270fa1b87b
updated descriptions for hp sitescope modules tested over linux
2012-09-05 23:25:08 +02:00
Tod Beardsley
9531c95627
Adding BID
2012-09-05 15:04:05 -05:00
Tod Beardsley
ff97b1da00
Whitespace EOL
2012-09-05 14:04:20 -05:00
sinn3r
43041e3a0a
Merge branch 'hp_sitescope_uploadfileshandler' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_uploadfileshandler
2012-09-05 14:03:24 -05:00
sinn3r
6705f5405e
Merge branch 'symantec_smg_ssh_pass' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-symantec_smg_ssh_pass
2012-09-05 14:00:55 -05:00
sinn3r
bed3c7bbac
Merge branch 'hp_sitescope_loadfilecontent_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_loadfilecontent_fileaccess
2012-09-05 13:59:49 -05:00
jvazquez-r7
2f87af1c3a
add some checks while parsing the java serialization config file
2012-09-05 20:58:55 +02:00
sinn3r
598fdb5c50
Merge branch 'hp_sitescope_getsitescopeconfiguration' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_getsitescopeconfiguration
2012-09-05 13:58:39 -05:00
sinn3r
41904891c9
Merge branch 'hp_sitescope_getfileinternal_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_getfileinternal_fileaccess
2012-09-05 13:57:39 -05:00
jvazquez-r7
b2116e2394
cleanup, test, add on_new_session handler and osvdb references
2012-09-05 20:54:25 +02:00
sinn3r
bbab206eac
Add CVE-2012-3579 - Symantec Messaging Gateway 9 Default SSH Pass
...
This module exploits a default misconfig flaw on Symantec Messaging
Gateway 9.5 (or older). The "support" user has a known default
password, which can be used to login to the SSH service, and then
gain privileged access from remote.
2012-09-05 13:21:10 -05:00
jvazquez-r7
20655232d7
cleanup, tested and added osvdb reference
2012-09-05 20:03:46 +02:00
jvazquez-r7
c6f5b1f072
cleanup, test, osvdb reference
2012-09-05 19:56:04 +02:00
jvazquez-r7
ea2eb046c3
cleanup, final test, osvdb reference
2012-09-05 19:45:50 +02:00
jvazquez-r7
406202fc81
Added module for ZDI-12-174
2012-09-05 12:56:09 +02:00
jvazquez-r7
166f68b194
added module for ZDI-12-177
2012-09-05 12:54:30 +02:00
jvazquez-r7
534ab55e5c
Added module for ZDI-12-173
2012-09-05 12:53:03 +02:00
jvazquez-r7
8a50ca2f47
Added module for ZDI-12-176
2012-09-05 12:51:25 +02:00
Cristiano Maruti
8fce975593
Aux module raise an error because Report module is not included in the source
2012-09-05 10:38:36 +02:00
Tod Beardsley
c7de73e7bf
Clean up SVN metadata
2012-09-04 19:36:10 -05:00
Tod Beardsley
7b8ab53661
Use :unique_data option for dns.enum reporting
...
Otherwise, you will only report the last thing that comes through on
that host for the dns.enum note type.
2012-09-04 19:32:29 -05:00
Tod Beardsley
2edf4a676a
Merge remote branch 'bonsaiviking/axfr' into bonsai-afxr
2012-09-04 16:16:41 -05:00
Tod Beardsley
b8132cae5c
Add the redistribution comment splat
2012-09-04 15:58:43 -05:00
Tod Beardsley
15f1dd8525
Moving greetz to Author fields
2012-09-04 15:58:43 -05:00
Tod Beardsley
6e7cbe793c
Spamguard e-mail addresses, make auth name consistent
2012-09-04 15:58:43 -05:00
Tod Beardsley
a925eef070
Removed meterpreter reference from desc
...
This post module relies on meterpreter as a SessionType, but the
description shouldn't call this out specifically.
2012-09-04 15:58:42 -05:00
Tod Beardsley
ba0de5acd9
Retitled for consistency and accuracy
2012-09-04 15:58:42 -05:00
Tod Beardsley
f80abaf0d1
Dropping trailing whitespace
2012-09-04 15:58:42 -05:00
nullbind
69b2f95a6f
small update
2012-09-04 15:58:42 -05:00
nullbind
cac1e0a585
small update
2012-09-04 15:58:42 -05:00
nullbind
e1da14f786
access database with local os admin privs
2012-09-04 15:58:42 -05:00
nullbind
a08d2359d7
access database with local os admin privs
2012-09-04 15:58:42 -05:00
nullbind
114ade6bea
applied todb requested fixes, and added sql 2k support
2012-09-04 15:58:42 -05:00
nullbind
6cd6f9d5d1
minor comment updates
2012-09-04 15:58:42 -05:00
nullbind
7e168f2e5c
Modified module to write query results to a file with report/loot options
2012-09-04 15:58:42 -05:00
nullbind
522fb401e9
Find data on a SQL Server, sample it, and write it to a CSV file.
2012-09-04 15:58:42 -05:00
sinn3r
99009da567
Merge branch 'mobilecartly_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mobilecartly_upload_exec
2012-09-04 14:32:23 -05:00
sinn3r
e926bc16ba
Add MobileCartly 1.0 module
2012-09-04 14:23:16 -05:00
jvazquez-r7
4a92cc4641
jboss_invoke_deploy module cleanup
2012-09-04 18:49:11 +02:00
jvazquez-r7
cb40a0c362
Merge branch 'jboss-jmx-invoke-deploy' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-jmx-invoke-deploy
2012-09-04 18:47:30 +02:00
James Lee
828f37701d
Fix linux shell_bind_tcp payload
...
It was calling bind(2) with a family of 0x02ff, which makes no sense and
causes execution to fall off the end and segfault. Fix it by replacing
0x02ff with the appropriate 0x0002, or AF_INET.
[Fixrm #7216 ]
2012-09-04 04:23:48 -05:00
sinn3r
783ffb13c2
Add Adobe security bulletin references
2012-09-04 00:07:53 -05:00
sinn3r
b3bfaec089
Add reference about the patch
2012-09-03 23:58:21 -05:00
sinn3r
9d97dc8327
Add Metasploit blogs as references, because they're useful.
2012-09-03 15:57:27 -05:00
h0ng10
2b6aa6bbdb
Added Exploit for deployfilerepository via JMX
2012-09-03 13:50:16 -04:00
sinn3r
9ab62de637
Fix a spelling error
2012-09-03 01:44:02 -05:00
jvazquez-r7
943121dd61
Added module for CVE-2012-2611
2012-09-03 00:15:56 +02:00
sinn3r
53a9a8afce
Awww, typo! Nice catch, @Agarri_FR! :-)
2012-08-31 14:23:51 -05:00
sinn3r
d106a1150e
Be more clear that we dislike certain PDF templates
2012-08-31 14:07:58 -05:00
sinn3r
f48fbaccb0
Add Oracle's security alert
2012-08-30 14:04:16 -05:00
sinn3r
4758eb0dc3
Merge branch 'jvazquez-r7-taget_host_glassflish_deployer'
2012-08-30 12:18:02 -05:00
jvazquez-r7
f99982a85e
added java as platform to avoid confussion between target and payload
2012-08-30 18:39:20 +02:00
jvazquez-r7
4fd9f88304
avoid the redefinition of Module.target_host
2012-08-30 14:45:14 +02:00
jvazquez-r7
f439f256b5
Debug line deleted on
2012-08-30 00:18:07 +02:00
sinn3r
c3159e369a
A lot gotcha
...
When res is nil, that condition can fall into the 'else' clause.
If that happens, we can trigger a bug when we try to read res.code.
2012-08-29 14:46:35 -05:00
sinn3r
b70e205a7e
Merge branch 'sap_host_control_cmd_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sap_host_control_cmd_exec
2012-08-29 14:45:46 -05:00
sinn3r
5f64c55112
Update description
2012-08-29 11:10:35 -05:00
jvazquez-r7
6a24e042f9
fixing indentation
2012-08-29 16:17:56 +02:00
jvazquez-r7
2ed712949e
Added check function
2012-08-29 16:12:11 +02:00
jvazquez-r7
72cb39925a
Added exploit for OSVDB 84821
2012-08-29 12:17:44 +02:00
jvazquez-r7
363c0913ae
changed dir names according to CVE
2012-08-28 16:33:01 +02:00
sinn3r
34b12c4f55
Update CVE/OSVDB refs
2012-08-28 01:21:32 -05:00
jvazquez-r7
6e2369680b
Safari added
2012-08-28 02:04:03 +02:00
jvazquez-r7
30fd2cf256
Description updated
2012-08-28 02:01:26 +02:00
sinn3r
7e579db705
Add AlienVault reference
2012-08-27 13:29:27 -05:00
sinn3r
15a87a79f8
Add mihi's analysis
2012-08-27 13:24:43 -05:00
jvazquez-r7
52ca1083c2
Added java_jre17_exec
2012-08-27 11:25:04 +02:00
Rob Fuller
b0661a33a3
Update modules/post/windows/gather/tcpnetstat.rb
...
forgot to change table name with table code reuse
'connection table' is a better table header than
'routing table'.
2012-08-26 02:34:54 -03:00
sinn3r
8e56d4f2eb
This reference is too damn useful, must add
2012-08-25 16:05:58 -05:00
sinn3r
638d9d1095
Fix nil res bug, change action name, etc
2012-08-25 02:41:50 -05:00
sinn3r
6341260e13
Merge branch 'patch-1' of https://github.com/crashbrz/metasploit-framework into crashbrz-patch-1
2012-08-25 02:36:36 -05:00
sinn3r
d51f8cad25
Change title and description
2012-08-24 15:39:56 -05:00
Ewerson Guimaraes (Crash)
cad590488d
Update modules/auxiliary/scanner/http/http_traversal.rb
2012-08-24 15:47:07 -03:00
sinn3r
3036f7725d
Merge branch 'webdav_fix' of https://github.com/mubix/metasploit-framework into mubix-webdav_fix
2012-08-24 11:18:50 -05:00
sinn3r
ea7d7b847a
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-08-24 11:17:14 -05:00
jvazquez-r7
179e816194
Merge branch 'esva_bid' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-esva_bid
2012-08-24 17:37:25 +02:00
jvazquez-r7
8f748d833a
Added BID reference
2012-08-24 17:30:52 +02:00
jvazquez-r7
e27f736e95
BID reference added
2012-08-24 17:29:12 +02:00
jvazquez-r7
e461d542ac
added Windows 2003 SP1 Spanish targets
2012-08-24 12:50:30 +02:00
jvazquez-r7
54ce7268ad
modules/exploits/windows/smb/ms08_067_netapi.rb
2012-08-24 11:30:23 +02:00
jvazquez-r7
1a60abc7a7
Added W2003 SP2 Spanish targets
2012-08-24 11:16:08 +02:00
Rob Fuller
d0558218ee
Add non-authed OPTION response to support WebDAV
2012-08-23 15:11:10 -04:00
Tod Beardsley
a93c7836bd
Fixes load order with reverse http
...
This was originally intended to fix #664 .
SEERM #7141 also.
2012-08-23 12:16:47 -05:00
jvazquez-r7
261a17d28a
Added module for CVE-2009-4498
2012-08-23 18:29:39 +02:00
James Lee
aac56fc29b
Fix load order issue
...
[See #664 ][SeeRM #7141 ]
2012-08-23 10:54:23 -05:00
jvazquez-r7
57c6385279
heap spray from flash works pretty well on ie9 too
2012-08-22 20:47:11 +02:00
jvazquez-r7
730c0e9368
added windows vista and w7 targets
2012-08-22 20:13:10 +02:00
sinn3r
22051c9c2c
Merge branch 'flash_exploit_r2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-flash_exploit_r2
2012-08-22 10:00:34 -05:00
sinn3r
1b6fe22359
Give proper credit to Craig plus additional references
...
Craig first found the buffer overflow. But Matt found a more
reliable way to exploit the flaw.
2012-08-21 22:48:15 -05:00
sinn3r
f715527423
Improve CVE-2012-1535
2012-08-21 19:58:21 -05:00
jvazquez-r7
0e535e6485
added module for XODA file upload RCE
2012-08-22 00:54:13 +02:00
Tod Beardsley
8d187b272d
Some error handling on ntlm relayer
...
Instead of a cryptic exception, let the user know if the HTTP target
isn't actually asking for WWW-Authenticate.
There are likely many more opportunities to catch errors, but this is
the most obvious.
2012-08-21 16:13:00 -05:00
Tod Beardsley
635710402b
Removing bullet points from module description
...
Due to the vagaries of various Metasploit module description viewers, we
can't guarantee things like lists and bullet points render right.
Descriptions should avoid using these things.
2012-08-21 16:00:04 -05:00
Tod Beardsley
b457289e01
Merge remote branch 'webstersprodigy/module-http-ntlmrelay'
2012-08-21 15:28:50 -05:00
sinn3r
7ddcc787bd
Merge branch 'jboss-exploits-revision2' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-exploits-revision2
2012-08-21 14:37:09 -05:00
sinn3r
ed9ed25610
Merge branch 'esva_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-esva_exec
2012-08-21 14:20:17 -05:00
sinn3r
20b3dfca9f
Merge branch 'claudijd-master'
2012-08-21 14:19:45 -05:00
sinn3r
433c9f6b28
Final cleanup
2012-08-21 14:17:21 -05:00
Jonathan Claudius
c5623cae4c
Fixing Bug w/ XP Method & Improving formatting for smart_hashdump
...
1.) Addressed obvious bug in registry read for XP hint gathering code
2.) Cleaned up the formatting for smart_hashdump which needed
additional tabs
2012-08-21 07:56:52 -05:00
jvazquez-r7
3106f87687
badchars fixed
2012-08-21 13:30:15 +02:00
jvazquez-r7
e21ea6999c
added module for ESVA Command Injection Vulnerability
2012-08-21 13:25:03 +02:00
webstersprodigy
65b29d149f
Update to use OptEnum for RTYPE
2012-08-20 22:45:20 -04:00
Jonathan Claudius
a3bad0b3ae
Added XP Support and Changed Output Method for User Password Hints
...
1.) Now grabs clear-text user hint from XP systems in addition to
Win7/Win8 systems
2.) Changes output so it's no longer inline with hashes as not to
affect copy/paste of hashes output
3.) Adding alternate text in cases when no user hints are available
2012-08-20 21:30:12 -05:00
sinn3r
73eab8a8ee
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-08-20 15:44:28 -05:00
sinn3r
8d4b4fc7be
Some more changes before pushing to master
2012-08-20 15:43:39 -05:00
jvazquez-r7
3da8a59cf0
a little cleanup plus complete metadata
2012-08-20 22:42:54 +02:00
saint patrick
e6bda752ee
cleaned up and using HttpServer for handling requests and sending 401
2012-08-20 15:23:49 -05:00
Matt Andreko
d226135986
Code Review Feedback
...
Removed trailing spaces and fixed indenting.
2012-08-20 10:41:42 -04:00
Jonathan Claudius
fbc36b57d0
Adding Windows User Password Hint Decoding to Hashdump Tools
...
* UserPasswordHint, a key that is used to store the users password
hint, can be easily decoded to clear-text to get the users hint
(Example: "My Favorite Color")
* Added decode_windows_hint() method to perform the decode process
* Added decoded hint output for hashdump.rb and smart_hashdump.rb
2012-08-19 23:04:11 -05:00
Matt Andreko
d82493a658
Code Review Feedback
...
Added 'Space' payload option, which in turn also required 'DisableNops'
Added/Corrected documentation for return addresses
2012-08-19 22:09:08 -04:00
saint patrick
10698e2f99
Updating HTTP Basic capture mod with edits based on MSF team suggestions
2012-08-19 19:47:01 -05:00
Matt Andreko
bd249d1f28
Fixed exploit and made code review changes
...
The exploit was not working due to the user's root path causing
the EIP offset to change. To correct this, I was able to get
the server to disclose the root path in an error message (fixed in
5.67). I also radically refactored the exploit due to the feedback
I received from Juan Vazquez.
2012-08-19 10:01:03 -04:00
Matt Andreko
6dfe706860
Merge remote-tracking branch 'upstream/master' into sysax_create_folder
2012-08-19 09:58:04 -04:00
saint patrick
de380cfb46
Adding aux mod for HTTP Basic Auth capture
2012-08-19 01:51:01 -05:00
sinn3r
d1370c0f33
Alexander Gavrun gets a cookie
2012-08-17 12:23:49 -05:00
sinn3r
53a835dc85
Imply that we only garantee 11.3
2012-08-17 12:18:45 -05:00
sinn3r
13df1480c8
Add exploit for CVE-2012-1535
2012-08-17 12:16:54 -05:00
Daniel Miller
6db09ba20c
Key notes on nameserver IP, not discovered IP
2012-08-16 21:31:23 -05:00
Daniel Miller
7005216d1f
Fix axfr support for auxiliary/gather/enum_dns
...
AXFR support in net-dns is broken. This fixes it, and makes the
requisite modifications to enum_dns module. Basic problem is that AXFR
responses consist of a chain of DNS replies, not a single reply with
multiple answers. Previously, only the first of these replies, the SOA
record, was returned. Also added some exception handling to avoid
problems like #483 .
2012-08-16 20:40:24 -05:00
Daniel Miller
0311caf4df
Alternate means of looking up NS IP
...
Sometimes a nameserver won't have an A record for its own name. Check
for this and fall back to using the system resolver via
Rex::Socket.gethostbyname. Example:
$ dig +short zonetransfer.me NS
ns12.zoneedit.com.
ns16.zoneedit.com.
$ dig +short @ns12.zoneedit.com ns12.zoneedit.com A
$ dig +short @ns16.zoneedit.com ns12.zoneedit.com A
$ dig +short @ns16.zoneedit.com ns16.zoneedit.com A
$
Also removed an extra A lookup that was unnecessary.
2012-08-16 11:48:37 -05:00
Tod Beardsley
5cd20357d8
Updating URL for Bypass UAC
2012-08-15 22:34:44 -05:00
sinn3r
a228e42630
Add new target thanks for cabetux
2012-08-15 16:06:09 -05:00
h0ng10
c6b9121f8b
Added support for CVE-2010-0738
2012-08-15 15:47:44 -04:00
sinn3r
ac2e3dd44e
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-08-15 14:47:22 -05:00
h0ng10
6965431389
Added support for CVE-2010-0738, msftidy
2012-08-15 15:47:14 -04:00
sinn3r
54146b8e99
Add another ref about the technique
2012-08-15 14:46:51 -05:00
h0ng10
e5498e3e1d
Added fix for CVE-2010-0738, corrections
2012-08-15 15:46:34 -04:00
Tod Beardsley
9bf1f28c1f
Apostrophe
2012-08-15 14:19:56 -05:00
Tod Beardsley
f325d47659
Fix up description a little
2012-08-15 13:57:24 -05:00
Tod Beardsley
586d937161
Msftidy fix and adding OSVDB
2012-08-15 13:43:50 -05:00
Tod Beardsley
d56ac81a57
Recapitalizing GlobalSCAPE
...
According to
http://kb.globalscape.com/Search.aspx?Keywords=globalscape
this seems to be the preferred capitalization.
2012-08-15 13:25:35 -05:00
sinn3r
dc5f8b874d
Found a bug with retrying.
2012-08-14 17:04:17 -05:00
sinn3r
b3791b1545
I missed one
2012-08-14 16:51:55 -05:00
sinn3r
6a0271fb11
Correct OSX naming. See ticket #7182
2012-08-14 15:29:21 -05:00
Tod Beardsley
0e4e7dc903
Indentation fix
2012-08-14 12:27:27 -05:00
Tod Beardsley
6597d25726
Shortening an over-200 long line for readability
...
It's a contrived fix, but scrolling over is a hassle. This comes up a
lot in long regexes, not sure the best way to address these.
2012-08-14 12:27:27 -05:00
sinn3r
bfe2ed0737
Minor title update
2012-08-14 12:14:13 -05:00
jvazquez-r7
1ec7f03352
Changes proposed by todb: description, author email, zip data random
2012-08-14 18:45:05 +02:00
jvazquez-r7
3c79509780
Added module for BID 46375
2012-08-14 18:15:29 +02:00
sinn3r
3e0e5a1a75
No manual stuff, probably prones to failure anyway.
2012-08-14 10:58:57 -05:00
sinn3r
612848df6f
Add priv escalation mod for exploiting trusted service path
2012-08-14 01:55:03 -05:00
Tod Beardsley
bd408fc27e
Updating msft links to psexec
...
Thanks for the spot @shuckins-r7 !
2012-08-13 15:28:04 -05:00
jvazquez-r7
a872f624a1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2012-08-13 19:31:50 +02:00
jvazquez-r7
d6b28dc44d
ranking changed plus on_new_session handler added
2012-08-13 19:29:13 +02:00
jvazquez-r7
468030786f
small fixes, mainly check res agains nil, res.code and use send_request_cgi
2012-08-13 18:57:59 +02:00
sinn3r
7c6b6281d7
Merge branch 'beacon-addr' of https://github.com/bonsaiviking/metasploit-framework into bonsaiviking-beacon-addr
2012-08-13 11:57:22 -05:00
jvazquez-r7
29c48be2ed
Merge branch 'testlink_upload_exec' of https://github.com/bcoles/metasploit-framework into bcoles-testlink_upload_exec
2012-08-13 18:54:33 +02:00