jvazquez-r7
d37d211ecc
Fix short escape sequences error
2013-05-09 17:29:55 -05:00
jvazquez-r7
b18a98259b
Modify default rport
2013-05-09 16:24:54 -05:00
jvazquez-r7
3e1d1a3f98
Land #1659 , @nmonkee's sap_soap_rfc_eps_delete_file module
2013-05-09 16:22:54 -05:00
jvazquez-r7
7b960a4f18
Add OSVDB reference
2013-05-06 00:54:00 -05:00
jvazquez-r7
a17062405d
Clean up for sap_soap_rfc_eps_delete_file
2013-05-06 00:53:07 -05:00
jvazquez-r7
5adc2879bf
Change module filename
2013-05-06 00:51:23 -05:00
jvazquez-r7
66a5eb74c5
Move file to auxiliary/dos/sap
2013-05-06 00:50:50 -05:00
Gregory Man
76e70adcff
Added Memcached Remote Denial of Service module
...
https://code.google.com/p/memcached/issues/detail?id=192
2013-04-30 17:45:09 +03:00
sinn3r
a09b3b8023
Lands #1169 - Adds a check
...
[Closes #1169 ]
Conflicts:
modules/auxiliary/dos/http/apache_range_dos.rb
2013-04-22 15:50:15 -05:00
sinn3r
882b084cba
Changes the default action
2013-04-22 15:47:38 -05:00
sinn3r
7e28a4ddb0
Uses "ACTIONS" keys instead of datastore options
...
It's better to use ACTIONS instead of datastore in this case. Also,
did some cleanup.
2013-04-22 15:41:47 -05:00
jvazquez-r7
225342ce8f
final cleanup for sysax_sshd_kexchange
2013-04-08 20:28:37 +02:00
jvazquez-r7
5bc454035c
Merge remote-tracking branch 'origin/pr/1710' into landing-pr1710
2013-04-08 20:20:11 +02:00
Matt Andreko
f96baa7e7e
Code Review Feedback
...
made the CLIENTVERSION always include the "SSH-2.0-OpenSSH_5.1p1 " to trigger DoS
2013-04-08 10:58:35 -04:00
Matt Andreko
4c8e19ad1a
Added reference
...
Removed final debug print statement
2013-04-08 08:28:53 -04:00
James Lee
9086c53751
Not an HttpClient, so doesn't have normalize_uri
...
[FixRM #7851 ]
2013-03-28 13:16:21 -05:00
Matt Andreko
fd5bd52e6d
Added some error handling if the connection dies.
2013-03-18 17:26:40 -04:00
Matt Andreko
66dcbca562
Sysax Multi-Server SSHD DoS
...
This exploit affects Sysax Multi-Server version 6.10. It causes a
Denial of Service by sending a specially crafted Key Exchange, which
causes the service to crash.
2013-03-18 17:16:12 -04:00
jvazquez-r7
02f90b5bbd
cleanup for dopewars
2013-03-14 15:53:19 +01:00
jvazquez-r7
4d9f2bbb06
Merge branch 'master' of https://github.com/dougsko/metasploit-framework into dougsko-master
2013-03-14 15:51:47 +01:00
James Lee
2f11796dfa
Fix typo
...
[SeeRM #7800 ]
2013-03-13 16:10:20 -05:00
Doug P
22133ba8ff
removed version number
2013-03-12 16:36:14 -04:00
Doug P
70da739666
fixed errors in dopewars.rb shown by msftidy
2013-03-12 15:47:31 -04:00
Doug P
c8c50a6407
cleaned up dopewars module
2013-03-12 12:56:12 -04:00
doug
a199c397e4
...
2013-03-11 17:09:17 -04:00
doug
4d6e19b40b
small edits to dopewars.rb
2013-03-11 17:07:05 -04:00
doug
0e607f8252
added dopewars module
2013-03-11 16:52:49 -04:00
James Lee
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
jvazquez-r7
781132b1cf
cleanup for openssl_aesni
2013-03-05 22:41:16 +01:00
Wolfgang Ettlinger
867875b445
Beautified OpenSSL-AESNI module
...
Modifed the CVE-2012-2686 module to follow
suggestions by @jvazquez-r7:
* Added description for all fields in the
SSL packets
* MAX_TRIES now required
* use get_once instead of timeout
2013-03-04 19:09:50 +01:00
Wolfgang Ettlinger
e7015985e7
Added CVE-2012-2686
...
Added Module for a DoS issue in OpenSSL (pre 1.0.1d). Can be exploited
with services that use TLS >= 1.1 and AES-NI. Because of improper
length computation, an integer underflow occurs leading to a
segmentation fault. This module brute-forces serveral encrypted
messages - when the decrypted message coincidentally specifies a
certain value for the size, the integer underflow occurs. Though this
could be accomplished more effectively (e.g. implementing or
maninpulating and TLS implementation), this module still does what it
should do.
2013-02-27 22:57:53 +01:00
sinn3r
92093cd7d8
There's no HttpClient, so it shouldn't be using normalize_uri
2013-02-19 15:04:18 -06:00
sinn3r
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
Tod Beardsley
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Christian Mehlmauer
e4a6669927
msftidy: remove $Revision$
2013-01-03 01:05:45 +01:00
Christian Mehlmauer
4d8a2a0885
msftidy: remove $Revision$
2013-01-03 01:01:18 +01:00
Christian Mehlmauer
95948b9d7c
msftidy: remove $Revision$
2013-01-03 00:58:09 +01:00
Christian Mehlmauer
ca890369b1
msftidy: remove $Id$
2013-01-03 00:54:48 +01:00
T0X1C-1
1714fa21b1
adjusted DOS part to use HttpClient
2012-12-17 15:46:39 +01:00
T0X1C-1
a48c14124b
added CHECK functionality to the existing module
2012-12-13 16:54:50 +01:00
sinn3r
64a8b59ff9
Change CVE forma
...
Although the original text should work perfectly, for better
consistency, it's best to remove the "CVE" part. This may not
be a big deal in framework, but stands out a lot in Pro.
2012-12-09 01:09:21 -06:00
HD Moore
93a69ea62e
Fix instances of invalid lower-case datastore use
2012-11-29 00:05:36 -06:00
Tod Beardsley
6b4c131cf5
Avoiding a future conflict with release
2012-11-20 13:24:19 -06:00
jvazquez-r7
e8fe6031e9
Let default timeout for send_request_cgi
2012-11-16 18:09:47 +01:00
jvazquez-r7
51f238ec38
up to date
2012-11-16 16:03:09 +01:00
Chris John Riley
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
sinn3r
2c4273e478
Correct some modules with res nil
2012-10-29 04:41:30 -05:00
Michael Schierl
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
Michael Schierl
39e81d3e53
Arch/Platform cleanup: aux modules need neither
2012-10-22 20:28:02 +02:00
David Maloney
f75ff8987c
updated all my authour refs to use an alias
2012-09-19 21:46:14 -05:00
sinn3r
9d97dc8327
Add Metasploit blogs as references, because they're useful.
2012-09-03 15:57:27 -05:00
sinn3r
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
sinn3r
e5dd6fc672
Update milw0rm references.
...
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links. Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
HD Moore
e31a09203d
Take into account an integer-normalized datastore
2012-06-24 22:59:14 -05:00
HD Moore
c388cba421
Fix up modules calling report_vuln() to use new syntax
2012-06-17 23:39:20 -05:00
sinn3r
3f0431cf51
Massive whitespace destruction
...
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
sinn3r
b282901b08
Correct emails for aux and exploit modules
2012-06-04 21:58:01 -05:00
sinn3r
0fcc53b0a2
Handle nil for get_once
2012-06-04 15:31:10 -05:00
Christian Mehlmauer
6ae17db7d3
Adding FireFart's hashcollision DoS module
...
Have some minor edits below, looks like it all works now though.
Squashed commit of the following:
commit b7befd4889f12105f36794b1caca316d1691b335
Author: Tod Beardsley <todb@metasploit.com>
Date: Fri Jun 1 14:31:32 2012 -0500
Removing ord in favor of unpack.
Also renaming a 'character' variable to 'c' rather than 'i' which is
easy to mistake for an Integer counter variable.
commit e80f6a5622df2136bc3557b2385822ba077e6469
Author: Tod Beardsley <todb@metasploit.com>
Date: Fri Jun 1 14:24:41 2012 -0500
Cleaning up print msgs
commit 5fd65ed54cb47834dc646fdca8f047fca4b74953
Author: Tod Beardsley <todb@metasploit.com>
Date: Fri Jun 1 14:19:10 2012 -0500
Clean up hashcollision_dos description
Caps, mostly. One sentence I still don't get but it's not really a show
stopper.
commit bec0ee43dc9078d34a328eb416970cdc446e6430
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Thu May 24 19:11:32 2012 +0200
Removed RPORT, ruby 1.8 safe, no case insensitive check, error handling
commit 20793f0dfd9103c4d7067a71e81212b48318d183
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Tue May 22 23:11:53 2012 +0200
Hashcollision Script (again)
2012-06-01 14:51:11 -05:00
Tod Beardsley
4772c1258e
Removing hashcollision_dos module due to license violation
...
The description text is a copy-paste of
http://www.ocert.org/advisories/ocert-2011-003.html , which has a
specific creative commons liscence prohibiting derivative works.
Since I have no idea what else in this module is a license violating,
I'm pulling it completely. I suspect a lot, though -- there are weird
all-caps methods in the module that look like copy-pastes as well.
Next time, please contribute original work, or at least work that is not
encumbered by restrictive licensing.
2012-05-21 11:28:58 -05:00
Tod Beardsley
eea20e773b
Capitalization fixups on hashcollision_dos
2012-05-21 11:06:18 -05:00
sinn3r
8428d16db3
Format correction
2012-05-15 19:21:16 -05:00
Christian Mehlmauer
19e32c210a
Added more references
2012-05-15 23:59:30 +02:00
Christian Mehlmauer
46e58f8618
Ruby naming style
2012-05-15 23:53:33 +02:00
Christian Mehlmauer
5f0075e24f
Revert API change
2012-05-15 23:28:51 +02:00
Christian Mehlmauer
b298597218
Switched to Http Library, Code formatting issues
2012-05-15 19:43:28 +02:00
Christian Mehlmauer
dc10fac885
Ported my Hashcollision Script to Ruby
2012-05-13 20:59:42 +02:00
sinn3r
f77efbf89e
Change the rest of print_*
2012-04-25 14:24:17 -05:00
Tod Beardsley
9c8e6ac9da
Ruby 1.8 compat for the SCADA modules.
...
But really, you should be using Ruby 1.9 by now.
2012-04-05 17:05:03 -05:00
Tod Beardsley
14d9953634
Adding DigitalBond SCADA modules
2012-04-05 12:35:48 -05:00
Tod Beardsley
2f3bbdc00c
Sed replacement of exploit-db links with EDB refs
...
This is the result of:
find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/ \([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
Tod Beardsley
8f17cc3f5c
MS12-020 not MS12-002
2012-03-21 13:58:18 -05:00
Tod Beardsley
4391c24d2f
Trivial touchups on RDP DoS module.
...
Dropping a line about what it can't do, adding freenode comment.
2012-03-19 14:27:27 -05:00
sinn3r
3a851ef2c2
Fix typo
2012-03-19 13:20:59 -05:00
sinn3r
3d72d52625
Add reporting to MS12-020
2012-03-19 13:18:51 -05:00
sinn3r
fa4504e1f6
Let's make this clear, it's just a DoS
2012-03-19 13:00:29 -05:00
sinn3r
13f16daca7
Actually, that date is way off. Corrected.
2012-03-19 12:58:52 -05:00
sinn3r
d8be328b89
Ported Daniel/Alex/jduck's MS12-020 PoC as a Metasploit module
2012-03-19 12:53:34 -05:00
sinn3r
aeb691bbee
Massive whitespace cleanup
2012-03-18 00:07:27 -05:00
HD Moore
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
HD Moore
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00
Tod Beardsley
f6a6963726
Msftidy run over the recent changed+added modules
2012-01-24 15:52:41 -06:00
sinn3r
be906023dc
one register_options() should be fine.
2012-01-20 13:02:54 -06:00
sinn3r
d6566aa818
Add CVE-2011-4050 7-Technologies IGSS 9 IGSSdataServer.exe DoS module (Feature #6267 )
2012-01-20 12:57:13 -06:00
sinn3r
b202c29153
Correct e-mail format
2011-12-29 11:27:10 -06:00
Rob Fuller
c411c216c0
Solved most of msftidy issues with the /modules directory
2011-11-28 17:10:29 -06:00
sinn3r
b7950a752e
Add feature #4929 (MS09-053)
2011-11-26 13:30:35 -06:00
James Lee
67120d4263
msftidy on aux modules, see #5749
2011-11-20 13:12:07 +11:00
Tod Beardsley
a5ef33305f
Fixes #5609 , thanks David!
...
git-svn-id: file:///home/svn/framework3/trunk@14052 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 21:57:42 +00:00
Joshua Drake
62c8c6ea9f
big msftidy pass, ping me if there are issues
...
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
Wei Chen
975cc52bac
Fix spelling errors
...
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 00:54:05 +00:00
Tod Beardsley
c336d063da
Mostly file format (unix linefeeds) and File.open() calls using binary. Fixed ranking for mozilla_nstreerange and disclosure and BID # for tugzip.
...
git-svn-id: file:///home/svn/framework3/trunk@13971 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 04:20:53 +00:00
Tod Beardsley
30ac88694f
More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster.
...
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:58:53 +00:00
Tod Beardsley
e9461c766e
Msftidy run against a bunch of whitespace violations, a few line too longs.
...
git-svn-id: file:///home/svn/framework3/trunk@13962 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:42:01 +00:00
Tod Beardsley
f0ee05eece
Moving dos modules to manual ranking.
...
git-svn-id: file:///home/svn/framework3/trunk@13940 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 22:20:04 +00:00
Tod Beardsley
c45add4199
Moving an old unnamed Microsoft exploit to the proper named exploit.
...
git-svn-id: file:///home/svn/framework3/trunk@13939 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 22:16:13 +00:00
HD Moore
0ff7f17cba
Cosmetic module and service name fixes
...
git-svn-id: file:///home/svn/framework3/trunk@13917 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 00:52:15 +00:00
Wei Chen
8f2c87fb5e
Add Beckhoff TwinCAT SCADA PLC dos module (Feature #5524 )
...
git-svn-id: file:///home/svn/framework3/trunk@13865 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 23:41:15 +00:00
David Rude
4d850c1ee6
Adds Apache Range DoS aka Apache Killer
...
git-svn-id: file:///home/svn/framework3/trunk@13781 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-23 16:38:35 +00:00
Wei Chen
835c5938d5
Fix typo. Thx mubix for spotting it.
...
git-svn-id: file:///home/svn/framework3/trunk@13687 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-03 04:39:47 +00:00