f7a85f3f9d
Make it clear that this works on Vista SP2
2012-06-18 20:13:37 -05:00
4739affd54
Fix the comment as well
2012-06-18 19:57:56 -05:00
bd0fd8195d
Add compatibility for Vista SP2 from troulouliou
2012-06-18 19:55:52 -05:00
4987acc703
Correct e-mail format, description, and some commas.
2012-06-18 18:52:26 -05:00
4a537675b5
Merge branch 'sempervictus-dns_enum_over_tcp'
2012-06-18 18:38:21 -05:00
c0bf362084
Fix the fix for enum_dns
2012-06-18 18:37:56 -05:00
af8cb03d1b
Merge branch 'distcc-add-check' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-distcc-add-check
2012-06-18 18:33:21 -05:00
e7688e1dba
Merge branch 'master' into feature/vuln-info
2012-06-18 18:15:20 -05:00
29887272a9
Correct the description to mention IE8 on Windows 7
2012-06-18 18:14:59 -05:00
2df237b066
minor fixes
2012-06-18 22:44:17 +02:00
10bd72f3a1
Merge pull request #500 from modpr0be/module-ezserver
...
added ezserver <=6.4.017 bof for winxp sp3
2012-06-18 13:42:35 -07:00
96c16a498a
Add a check for distcc_exec
...
Just executes the exploit with an "echo <random>" payload to see if it
works.
2012-06-18 14:34:02 -06:00
d706199a83
fix all changes suggested by jvazquez-r7
2012-06-19 02:05:25 +07:00
77022d10da
Added a bit of verbosity to SMB capture module to enhance logging and post exploitation
2012-06-18 15:55:40 -03:00
10b733edf9
Merge branch 'dns_enum_over_tcp' of https://github.com/sempervictus/metasploit-framework into sempervictus-dns_enum_over_tcp
2012-06-18 12:14:04 -05:00
256290c206
Additional changes
2012-06-18 10:49:16 -05:00
50269c910a
Add IE 8 targets
2012-06-18 10:44:52 -05:00
c68476cce2
Add DNS/TCP to enum_dns
2012-06-18 10:47:03 -04:00
909614569a
Revert "Banner encoding fix when running against dd-wrt on ruby 1.9.3"
...
This reverts commit 89d5af7ab2fe1ce31cd70561893d94bb73f3762c.
Telnet banner parsing restored
2012-06-18 10:44:06 -04:00
dd476f8c5d
Merge branch 'master' into feature/vuln-info
2012-06-18 01:32:49 -05:00
c388cba421
Fix up modules calling report_vuln() to use new syntax
2012-06-17 23:39:20 -05:00
5e3cf86794
Merge branch 'intersil_dos' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-intersil_dos
2012-06-17 18:22:22 -05:00
78876b74dd
Maintain scanner module standard
2012-06-17 20:09:01 +02:00
74cbca5809
Print out successful mysql connection URI
2012-06-17 13:19:53 +02:00
e72303a922
Add Intersil HTTP Basic auth pass reset (originally #453 )
...
The modified version of pull request #453 . This addresses a couple
of things including:
* Change the description to better explain what the vulnerability is.
The advisory focuses the problem as an auth bypass, not DoS,
although it can end up dosing the server.
* The title and filename are changed as a result of matching that
advisory's description.
* Use 'TARGETURI' option instead of 'URI'.
* The reset attempt needs to check if the directory actually has
401 in place, otherwise this may result a false-positive.
* The last HTTP request needs to check a possible nil return value.
* More verbose outputs.
2012-06-16 21:14:57 -05:00
931f24b380
Merge branch 'php_apache_request_headers_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-php_apache_request_headers_bof
2012-06-16 14:56:45 -05:00
d0e490feaa
Merge branch 'module-ms-outlook-post-update' of https://github.com/justincmsf/metasploit-framework into justincmsf-module-ms-outlook-post-update
2012-06-16 14:56:14 -05:00
cb1144c4ec
Added Revised windows file collector and loot module
2012-06-16 11:14:08 -04:00
a8a4594cd4
Documenting esi alignment plus using target_uri.to_s
2012-06-16 09:26:22 +02:00
7eebc671ba
Put the curly braces back and drop a comma
...
The curly braces make extra commas at the end ok in 1.8. So fe39642e
2012-06-16 01:17:33 -06:00
424948a358
Fix title
2012-06-16 01:48:00 -05:00
38926fb97c
Description and name change
2012-06-15 20:11:34 -05:00
c676708564
BrowserAutopwn info completed
2012-06-16 02:26:33 +02:00
ce241b7e80
BrowserAutopwn info completed
2012-06-16 02:18:01 +02:00
495ed2e434
BrowserAutopwn info added
2012-06-16 02:14:24 +02:00
8a89968a1d
Added module for CVE-2012-1889
2012-06-16 01:50:25 +02:00
7bb3679fef
Errors are different from mere failures (enum_dns)
...
This makes a clear distinction between errors and failures when
performing zone transfers, and logs accordingly.
[See #483 ]
2012-06-15 18:11:25 -05:00
5e19918020
Updated MS Outlook post module
2012-06-15 15:06:18 -04:00
fe39642e27
Dropping extra curly braces on f5 module
...
Also dropping extra whitespace.
2012-06-15 12:23:34 -05:00
5006db7550
The cert module now defaults SSL to true (didnt make sense)
2012-06-15 10:55:53 -05:00
5a49ac50f1
Shorten option description on enum_dns
2012-06-15 10:33:49 -05:00
80a0b4767a
add osvdb ref
2012-06-15 09:02:31 -05:00
1d121071f3
Prepend nops to raw payload in encoder if needed
2012-06-15 09:59:10 +02:00
80d46580ec
One last minor change for metadata format
2012-06-14 21:48:24 -05:00
82799f2601
Some final touchup
...
This commit includes the following changes:
* Description change
* Additional references
* More testing
* Format change
* Other minor stuff
2012-06-14 21:46:38 -05:00
75a67d7160
Merge branch 'module-tfm_mmplayer' of https://github.com/bcoles/metasploit-framework into bcoles-module-tfm_mmplayer
2012-06-14 21:14:29 -05:00
091b3bbbd9
Added module plus encoder for CVE-2012-2329
2012-06-15 00:29:52 +02:00
fb67fe9161
Merge branch 'mrmee-cmdsnd_ftp_exploit'
2012-06-14 14:19:56 -05:00
cde3c48765
Change title
2012-06-14 14:18:30 -05:00
b107025860
Correct typo. Also make use of random junks.
2012-06-14 14:17:57 -05:00
8e06babbba
Make msftidy happy
2012-06-14 14:16:07 -05:00
66e92d0200
Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit
2012-06-14 12:17:29 -05:00
c1685c44c3
Fix disclosure date
2012-06-14 10:03:49 -05:00
1cdf964719
A little change to the description
2012-06-14 10:03:15 -05:00
48ee81de29
Add CVE-2012-2915
2012-06-14 09:56:01 -05:00
940f904dee
Changed date format to new DisclosureDate format. Removed two redundant spaces. Now passes msftidy.
2012-06-14 12:10:03 +09:30
a5fca47f56
updated windows XP SP3 pivot offset, please retest this
2012-06-14 10:31:17 +10:00
5269776f3d
Merge branch 'redmine/6983' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-redmine/6983
2012-06-13 17:26:54 -05:00
ef84ce68e4
Fixes a module that used Wmap stuff without including it
...
[FIXRM #6983 ]
2012-06-13 15:58:54 -06:00
45eb531c23
Add Jun as an author for the initial discovery
2012-06-13 15:50:45 -05:00
7dc19bba16
Merge branch 'cmdsnd_ftp_exploit' of https://github.com/mrmee/metasploit-framework into mrmee-cmdsnd_ftp_exploit
2012-06-13 14:55:44 -05:00
e06ee6c0e9
Language on Skype enum module
2012-06-13 14:33:54 -05:00
15b674dab3
Language on MS12-005
2012-06-13 14:22:20 -05:00
99b9261294
Caps in title
2012-06-13 14:19:04 -05:00
ae59f03ac9
Fixing print message in snort module
2012-06-13 14:04:05 -05:00
a579709bac
Cleaning up Modbus scanner
2012-06-13 14:00:07 -05:00
3c73133a44
Fixing up mysql module text
2012-06-13 13:59:58 -05:00
559683f2a1
Fixing CRLFs on winlog_runtime_2
2012-06-13 13:59:39 -05:00
3cf4f7ab44
Fixing indents on msadc module
2012-06-13 13:59:38 -05:00
ca8769d725
Whitespace on mysql module.
2012-06-13 13:59:38 -05:00
42ee2b5c02
Add alienvault.com reference
2012-06-13 12:19:51 -05:00
6abb7bb987
Added module for CVE-2012-1875 as exploited in the wild
2012-06-13 18:33:26 +02:00
209d6d20d1
comsnd ftp remote format string overflow exploit
2012-06-14 02:22:31 +10:00
1138290a64
Return nil when an error occurred
...
Avoids anti-pattern of testing for a specific class.
2012-06-13 09:41:20 -06:00
a2aaca5e85
Correct a fp with this exploit module (would always print success)
2012-06-13 10:38:05 -05:00
cde508af03
Merge branch 'jjarmoc-php_cgi_arg_injection'
2012-06-13 00:44:41 -05:00
a631e1fef1
Change the default state to make it work on Metasploitable by default
2012-06-13 00:43:59 -05:00
597726d433
Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection
2012-06-13 00:40:02 -05:00
9756f87517
Added TFM MMPlayer (m3u/ppl File) Buffer Overflow module
2012-06-13 13:50:12 +09:30
bbfe0f8f49
" is 0x22, duh.
2012-06-12 20:00:28 -05:00
00aa8c0452
Add missing ExploitRank
2012-06-12 15:35:53 -05:00
4ea5712140
Add a timeout for wonky systems that hang during negotiation
2012-06-12 15:24:13 -05:00
26e72b4061
Enforce a timeout in the ssh handshake (avoid hangs in some cases)
2012-06-12 15:20:25 -05:00
5922ec1f7a
Permissions
2012-06-12 15:20:25 -05:00
12a28bd519
Fixed ruby 1.9 String Indexing issue, using Rex::Text.uri_encode
2012-06-12 14:59:06 -05:00
5775fa9e67
add osvdb ref
2012-06-12 14:53:55 -05:00
cc0f3632a8
Merge pull request #477 from jlee-r7/f5-priv
...
CVE-2012-1493 F5 known private key exploit module
2012-06-12 12:20:48 -07:00
a91085d6cd
Add a disclosure date and more detailed desc
2012-06-12 13:07:53 -06:00
11df90c98e
Call update_info
...
Not sure why all modules don't do this. Or none of them.
2012-06-12 13:01:36 -06:00
c564e9dcc4
Fix 1.8 compat error
...
Net::SSH expects +key_data+ to be an array of strings. Giving it just a
string works in 1.9 but not 1.8, presumably due to some errant use of
+each+.
2012-06-12 12:50:46 -06:00
539deabef5
Clean up title, options
2012-06-12 12:08:58 -06:00
85e1555e13
Payload compat to work with unix/interact
2012-06-12 11:46:21 -06:00
3d5417e574
Initial commit of F5 exploit
2012-06-12 11:37:22 -06:00
4ae786590a
php_wordpress_foxypress from patrick updated. Related to Pull Request #475
2012-06-12 17:39:05 +02:00
efbaff8b37
add osvdb ref
2012-06-11 22:47:30 -05:00
89e554de2b
Adds post module for stealing GPP Passwords
...
Post module steals Group Policy Preferences account
passwords.
2012-06-11 21:20:18 -05:00
34ecc7fd18
Adding @schierlm 's AES encryption for Java
...
Tested with and without AES, works as advertised. Set an AESPassword,
get encryptification. Score.
Squashed commit of the following:
commit cca6c5c36ca51d585b8d2fd0840ba34776bc0668
Author: Michael Schierl <schierlm@gmx.de>
Date: Wed Apr 4 00:45:24 2012 +0200
Do not break other architectures
even when using `setg AESPassword`
commit 422d1e341b3865b02591d4c135427903c8da8ac5
Author: Michael Schierl <schierlm@gmx.de>
Date: Tue Apr 3 21:50:42 2012 +0200
binaries
commit 27368b5675222cc1730ac22e4b7a387b88d0d2b3
Author: Michael Schierl <schierlm@gmx.de>
Date: Tue Apr 3 21:49:10 2012 +0200
Add AES support to Java stager
This is compatible to the AES mode of the JavaPayload project.
I'm pretty sure the way I did it in the handlers (Rex::Socket::tcp_socket_pair())
is not the supposed way, but it works :-)
2012-06-11 16:13:25 -05:00
c3c9051014
Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection
2012-06-11 11:15:15 -05:00
02a5dff51f
struts_code_exec_exception_delegator_on_new_session: on_new_session modified
2012-06-11 12:07:38 +02:00
a43cf76591
Merge pull request #463 from schierlm/struts_arch_java
...
Add ARCH_JAVA support to struts_code_exec_exception_delegator
2012-06-11 03:05:37 -07:00
59f591ac46
Adds jcran's MySQL bruteforce and dump module for CVE-2012-2122
2012-06-11 01:42:06 -05:00
93a2e29ed7
Merge branch 'darkoperator-skype_enum'
2012-06-11 01:41:01 -05:00
d226d80919
Make msftidy happy
2012-06-11 01:34:18 -05:00
2847ed9c43
Merge branch 'skype_enum' of https://github.com/darkoperator/metasploit-framework into darkoperator-skype_enum
2012-06-11 01:28:13 -05:00
bb80124d63
Added support for shell and tested on OSX 10.6 and 10.7. Added additional session type checks.
2012-06-10 21:59:14 -04:00
b908ccff0f
Added module for CVE-2012-0297
2012-06-10 22:38:58 +02:00
74c6eb6f78
Change the title and add a Microsoft reference.
...
This is a MS bug, therefore it's important to point out which
bulletin it belongs to.
2012-06-10 14:45:15 -05:00
efcb206cdf
Correct a typo
2012-06-10 14:38:14 -05:00
881ec8d920
Make the description clear that it only reads 4k, default datastore['FD'] to 1
2012-06-10 13:20:02 -05:00
15fa178a66
Add the MSF license text (since MSF_LICENSE is already set)
2012-06-10 02:07:27 -05:00
c7546638f2
Merge branch 'master' of https://github.com/linuxgeek247/metasploit-framework into linuxgeek247-master
2012-06-10 01:58:00 -05:00
498f3323f3
Merge branch 'ms12_005' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms12_005
2012-06-10 01:53:46 -05:00
8f6457661d
Change description
2012-06-10 01:52:26 -05:00
4743c9fb33
Add MS12-005 (CVE-2012-0013) exploit
2012-06-10 01:08:28 -05:00
2b67c5132c
Adding read_file linux shellcode
2012-06-09 20:36:47 -04:00
f0082ba38f
Added module for CVE-2012-0299
2012-06-09 22:27:27 +02:00
b4d33fb85a
Add ARCH_JAVA support to struts_code_exec_exception_delegator
2012-06-09 21:53:43 +02:00
a9ee2b3480
Use of make_nops
2012-06-08 19:20:58 +02:00
91f5f304cb
Added module for CVE-2011-2217
2012-06-08 18:10:20 +02:00
3726ddddac
Software name correction thanks to modpr0be
2012-06-08 07:07:19 -05:00
41d49ed553
Another badchar analysis. Allow shorter delay (5sec to 1)
2012-06-08 01:59:09 -05:00
e5b451c000
Too many tabs for the beginning of the description
2012-06-07 23:08:11 -05:00
520c0ca660
Make msftidy happy
2012-06-07 23:07:39 -05:00
61f5eddf47
Move winlog file
2012-06-07 23:03:30 -05:00
9adec7e7e7
Merge branch 'winlog-2.07.14' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-winlog-2.07.14
2012-06-07 23:02:23 -05:00
83d21df9f6
Merge branch 'master' of https://github.com/darkoperator/metasploit-framework into darkoperator-master
2012-06-07 22:58:50 -05:00
a709fe1fe3
Fix regex escaping thanks to w3bd3vil
2012-06-07 16:00:59 -05:00
1eb73dec38
Merge branch 'aushack-master'
2012-06-07 12:17:49 -05:00
42795fec00
Get rid of some whitespace
2012-06-07 12:17:25 -05:00
bd714017bb
samsung_neti_wiewer: add Space property for Payload
2012-06-07 16:00:36 +02:00
0e20d324b8
Added ms02_065_msadc exploit module.
2012-06-07 21:02:13 +10:00
2f3b1effb9
Added module for OSVDB 81453
2012-06-07 12:47:09 +02:00
b004f35354
Change failure of loading gem message to be in par with other gem error messages in the framework, also date is better represented in the CSV with UTC value
2012-06-06 16:28:42 -04:00
28fe4c0be5
What's this break stuff?
...
"break" should be "return"
2012-06-06 11:21:35 -05:00
a54b14b192
Remove whitespace
2012-06-06 11:21:34 -05:00
c36ab97d41
Updated msadc exploit with fixes.
2012-06-06 11:21:34 -05:00
f25b828d31
Added exploit module msadc.rb
2012-06-06 11:21:34 -05:00
34be642f84
msftidy found EOL spaces on new modules
2012-06-06 10:42:10 -05:00
698e2eab68
Fix nil res when vprints
2012-06-06 09:53:19 -05:00
f4f023cbfb
add BID
2012-06-06 09:44:16 +02:00
72cdd67cd0
Remove function cleanup()
...
There is no point of having this function, because there's nothing
in it.
2012-06-06 00:54:04 -05:00
462a91b005
Massive whitespace destruction
...
Remove tabs at the end of the line
2012-06-06 00:44:38 -05:00
3f0431cf51
Massive whitespace destruction
...
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
c30af98b53
Massive whitespace destruction
...
Remove all the lines that have nothing but whitespace
2012-06-06 00:22:36 -05:00
b302f50dbe
Initial version of the module supporting Windows and OSX
2012-06-05 19:11:30 -04:00
f438e6c121
Remove the 'Rop' key because we don't really use it
2012-06-05 16:07:23 -05:00
f9651be88e
Merge branch 'ms11_093_ole32' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ms11_093_ole32
2012-06-05 15:44:13 -05:00
37846c0de2
Handle get_once return value correctly
2012-06-05 15:40:49 -05:00
b6f591718a
Change recv to get_once
2012-06-05 15:40:20 -05:00
bc91135808
Correct description
2012-06-05 15:32:41 -05:00
HD Moore
sinn3r
jvazquez-r7
Juan Vazquez
James Lee
modpr0be
Rob Fuller
RageLtMan
Thomas Grainger
3vi1john
Tod Beardsley
justincmsf
Steve Tornio
bcoles
Steven Seeley
Jeff Jarmoc
David Maloney
Michael Schierl
Carlos Perez
linuxgeek247
Patrick Webster
m-1-k-3