6a057560fa
Improvements to auxiiliary/scanner/http/soap_xml to:
...
* Detect additional SOAP faults to reduce false positives
* More obviously support SSL
* Report http/https
* Make it obvious when a SOAP endpoint falls over mid-scan
* Add a few more nouns/verbs
* Add an optional SLEEP to play nice with old/slow SOAP endpoints
https://dev.metasploit.com/redmine/issues/6249
2012-01-16 12:27:17 -08:00
11fc423339
Merge pull request #102 from cbgabriel/bsplayer-m3u
...
modules/exploits/windows/fileformat/bsplayer_m3u.rb
2012-01-16 11:24:48 -08:00
14a35da0fd
Merge pull request #104 from swtornio/master
...
add osvdb ref
2012-01-13 13:26:24 -08:00
4ac6c0c3ee
A great big pile of fixes to the ssh scanners
...
Not sure how this managed to fall out of master -- some of these fixes
are five days old, and should certianly have been merged in prior to
just now.
2012-01-13 13:49:21 -06:00
bd31f3f480
add osvdb ref
2012-01-13 13:21:33 -06:00
d52df50a77
Drop a spurious print_error line from smtp_version
2012-01-13 11:46:56 -06:00
2eb35728f6
Randomize nops
2012-01-12 18:37:25 -06:00
ffe81584d1
updated author
2012-01-12 19:02:34 -05:00
e42e0004a9
Merge branch 'ms05_054_onload' of https://github.com/SamSharps/metasploit-framework into SamSharps-ms05_054_onload
2012-01-12 17:46:50 -06:00
a8ef3417b5
Fixed the date
2012-01-12 20:54:55 -06:00
e75e23b963
Removed more unused variables and fixed some formatting
2012-01-12 18:13:28 -06:00
f22f54034a
Removed unused variables
2012-01-12 18:05:54 -06:00
87ee6905df
Modified exploit to not need egg hunter shellcode
2012-01-12 18:01:22 -06:00
6ad2eda24c
Windows artifacts module
2012-01-12 17:26:35 -06:00
02bd1f3407
Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework
2012-01-12 17:06:14 -06:00
ad0b745b31
new file: modules/exploits/windows/fileformat/bsplayer_m3u.rb
2012-01-12 16:12:43 -05:00
6234d13f7c
Added Schema Dump Module for Postgres
2012-01-12 15:20:46 -05:00
cb146f9021
Used msf library for digest, fixed name.
2012-01-12 12:49:50 -05:00
a3749f1d80
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-11 12:17:11 -08:00
52be1c3a7a
Add schemadump module for MySql
2012-01-11 12:16:22 -08:00
500cfa6dd1
Removing telnet_encrypt_keyid_bruteforce.rb to unstable
...
can't ship for a few problems, will be fixed up soonish but
about to release a build.
2012-01-11 14:00:42 -06:00
1a03777538
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-11 09:11:48 -08:00
8c594798d7
Fix to the AIX jtr module title.
2012-01-11 09:11:23 -08:00
092b226cce
Updating tns_auth_sesskey to use a user-supplied SID
...
Applying the patch suggested by Lukas, here: http://mail.metasploit.com/pipermail/framework/2012-January/008374.html
2012-01-11 07:31:36 -06:00
13069990eb
Added module for dumping schema information from Microsoft SQL Server
...
and storing it as loot and notes.
2012-01-10 15:32:09 -08:00
7e25f9a6cc
Death to unicode
...
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
ed0dbad243
Fix to MSSQL Ping that returns ALL known isntances onstead of jsut the first one.
...
Fixes #6066
2012-01-10 12:32:47 -08:00
bc9014e912
Add new v3.4 target by Michael Coppola (Feature #6207 )
2012-01-09 23:51:11 -06:00
b76767669c
Update Nenad's author name and e-mail
2012-01-09 20:14:47 -06:00
90eb2b9a75
Add CVE-2011-4862 encrypt_key_id using the brute-force method (Feature #6202 )
2012-01-09 19:35:06 -06:00
8eee54d1d0
Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb)
2012-01-09 14:23:37 -06:00
eeb3a442de
whitespace correctly smtp_version.rb
2012-01-09 14:11:10 -06:00
15990efd85
Removing useless (?) begin/rescue from smtp_version
...
Let the scanner mixin handle the exceptions.
2012-01-09 14:11:10 -06:00
e7d7302644
Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a viewer has a Unicode-capable terminal.
2012-01-09 11:22:44 -06:00
e12d5588c6
Set data on webdav scanner notes to include webdav path.
...
'Enabled' in the data field was useless since the note existing
already tells you webdav is enabled.
The path that webdav was running on wasn't kept anywhere though.
2012-01-09 08:33:45 -08:00
5a20b7d7ac
Fixed small typo
2012-01-09 14:19:00 +02:00
9a62b41ab7
Mac OS X x86 payload that executes Calculator.app
2012-01-09 12:12:20 +02:00
5d359785ae
Firefox 3.6.16 mChannel exploit for Mac OS X 10.6.8, 10.6.7 and 10.6.6
2012-01-09 12:10:25 +02:00
03a39f7fe8
Whitespace cleanup, also change print_status usage when verbose
2012-01-09 02:21:39 -06:00
2f9d563067
Update reference
2012-01-09 02:14:29 -06:00
a1668f2b23
Adds SSHKey gem and some other ssh goodies
...
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.
Squashed commit of the following:
commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 22:23:32 2012 -0600
Updates ssh credentials to easily find common keys
Instead of making the modules do all the work of cross-checking keys,
this introduces a few new methods to the Cred model to make this more
universal.
Also includes the long-overdue workspace() method for credentials.
So far, nothing actually implements it, but it's nice that it's there
now.
commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 20:10:40 2012 -0600
Adding back cross-checking for privkeys.
Needs to test to see if anything depends on order, but should
be okay to mark up the privkey proof with this as well.
commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 16:49:56 2012 -0600
Add SSHKey gem, convert PEM pubkeys to SSH pubkeys
commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 13:51:55 2012 -0600
Store pubkeys as loot for reuse.
Yanked cross checking for now, will drop back in before pushing.
commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 02:10:12 2012 -0600
Fixes up a couple typos in ssh_identify_pubkeys
commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date: Sat Jan 7 17:18:33 2012 -0600
Updates to ssh_identify_pubkeys and friends
Switches reporting to cred-based rather than note-based, accurately deal
with DSA keys, adds disable_agent option to other ssh modules, and
reports successful ssh_login attempts pubkey fingerprints as well.
This last thing Leads to some double accounting of creds, so I'm not
super-thrilled, but it sure makes searching for ssh_pubkey types a lot
easier.... maybe a better solution is to just have a special method for
the cred model, though.
2012-01-08 22:28:37 -06:00
243dbe50f0
Correct author name. Unfortunately not all editors can print unicode correctly.
2012-01-07 15:18:25 -06:00
181fe2d925
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-07 15:14:30 -06:00
4e858aba89
Add CVE-2012-0262 Op5 welcome.php Remote Code Execution
2012-01-07 15:13:45 -06:00
4645c1c2b9
Add CVE-2012-0261 Op5 license.php Remote Code Execution
2012-01-07 15:12:49 -06:00
b12baccc49
Quick update, added a research option
2012-01-07 01:13:23 -06:00
6d401b48d1
Fix typo
2012-01-07 00:02:51 -06:00
b7e29191f5
Add Drupal 'Views' module username enumeration (Feature #6194 )
2012-01-06 23:51:32 -06:00
40a1d8bcc8
Fixed issue with a missing nil check in ftp_login
2012-01-06 20:51:58 -08:00
81acfd2126
Adds hashdump and cracking modules for AIX
2012-01-06 20:31:22 -08:00
8e017fd4db
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-06 20:30:25 -08:00
bf425a6744
Fixed bug that prevented telnet sessions from opening with good creds
2012-01-06 16:59:08 -08:00
2e60d2e01a
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-01-06 17:46:42 -05:00
72072c4ef3
Added enum_artifacts
2012-01-06 17:43:50 -05:00
6ceb2f04a3
Add CVE-2011-2474 Sybase EAServer directory traversal vulnerability
2012-01-06 14:24:49 -06:00
9cf2af6a94
Adds exploit/windows/htt/xampp_webdav_upload_php
...
This exploit abuses weak default passwords on XAMPP
for windows to uplaod a php payload and execute it.
Fixes #2170
2012-01-06 12:00:14 -08:00
06414c2413
changed author to my actual name
2012-01-06 01:03:20 -06:00
7b26e33e19
Initial version
2012-01-06 00:53:50 -06:00
b26ed37467
Added description, urls, and another author
2012-01-06 00:47:01 -06:00
5c05cebaf7
Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790
2012-01-06 00:16:45 -06:00
f3a9bc2dad
Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790
2012-01-06 00:12:28 -06:00
ba86e8a04f
Added PROPFIND support to http_login
...
This allows http_login to test against WebDAV.
Also added XAMPP default usernames and passwords to default wordlists
2012-01-05 12:10:53 -08:00
8315709fb6
Correct typo and set the disclosure date
2012-01-04 19:46:56 -06:00
7b692aa0b9
Adding references to vss modules.
2012-01-04 12:10:03 -06:00
8cced0a91e
Add CVE-2011-2462 Adobe Reader U3D exploit
2012-01-04 03:49:49 -06:00
12221b0433
UAC will disrupt these modules
...
Added checks for UAC.
UAC must be bypassed before using these modules.
2012-01-03 12:07:38 -08:00
958ffe6e1d
Fix stack trace from unknown agents
2012-01-02 03:41:49 -06:00
7bfdc9eff4
add osvdb ref
2012-01-01 09:10:10 -06:00
dd0b07b2cc
Adds mixin and post modules to manipulate Volume shadowcopy Service(VSS)
2011-12-30 15:03:04 -08:00
d9db03dba6
Add CoCSoft StreamDown buffer overflow (Feature #6168 ; no CVE or OSVDB ref)
2011-12-30 10:16:29 -06:00
bc22b7de99
MSFConsole should display hostless loot, also typo fix.
...
Fixes the console to display loot not associated with a host, as when
the CorpWatch modules save loot. Also fixes a typo on
corpwatch_lookup_id.rb
Fixes #6177
2011-12-29 15:11:15 -06:00
b202c29153
Correct e-mail format
2011-12-29 11:27:10 -06:00
d484e18300
Add e-mail for tecr0c
2011-12-29 11:14:15 -06:00
9972f42953
Add e-mail for mr_me for consistency
2011-12-29 11:01:38 -06:00
b5b2c57b9f
Correct e-mail format
2011-12-29 10:57:00 -06:00
a330a5c63a
Add e-mail for Brandon
2011-12-29 10:53:39 -06:00
778d396bc6
add osvdb ref
2011-12-29 07:54:15 -06:00
6d72dbb609
add osvdb ref
2011-12-29 07:54:01 -06:00
a00dad32fe
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2011-12-29 07:50:33 -06:00
27d1601028
add osvdb ref
2011-12-29 07:49:16 -06:00
c88b582f97
Add CorpWatch Name lookup module by bperry
2011-12-28 15:43:21 -06:00
d896f128e5
Add CorpWatch ID Lookup module by bperry
2011-12-28 15:41:28 -06:00
0e3370f1fe
Grammar and spelling on splunk and oracle exploits
2011-12-28 13:42:56 -06:00
9e1e87508f
Fix to boundary validation for when no db is present
...
Fixes #6171
2011-12-28 08:47:22 -08:00
5dc647a125
Make it clear that this exploit is for RHEL 3 (White Box 3 uses the same
...
packages)
2011-12-28 02:02:03 -06:00
5d67bd2a5e
Phew. Exhaustive test of all i386 FreeBSD versions complete
2011-12-28 01:38:55 -06:00
1ff0cb2eef
More testing - looks like 5.5 is not exploitable, at least not the same
...
way
2011-12-28 01:30:25 -06:00
e071944a1a
Allow ff in payloads but double them back up
2011-12-28 00:04:24 -06:00
edb9843ef9
Add Linux exploit with one sample target (Whitebox Linux 3)
2011-12-28 00:00:10 -06:00
79103074cb
Add credit for Dan's advice
2011-12-27 23:39:02 -06:00
f9224d6010
Adds basic coverage for CVE-2011-4862. Ported from Jaime Penalba
...
Estebanez's code, mostly written by Brandon Perry, exploit method (jmp
edx) by Dan Rosenberg, and general mangling/targets by hdm.
2011-12-27 23:37:30 -06:00
2ad5c56d48
Typo in comment
2011-12-27 19:11:09 -06:00
617f3250cf
Handle patched systems accurately (requires actually triggering the bug)
2011-12-27 19:04:34 -06:00
f8e3119215
Add references
2011-12-27 17:50:06 -06:00
a2760b219d
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-12-27 11:34:36 -08:00
9b995bc0a5
Adds boundary validation to the framework
...
enforces boudnary checking on netbios probes
2011-12-27 11:33:52 -08:00
101eba6aa5
Add CVE-2011-3587 Plone/Zope Remote CMD Injection (Feature #6151 )
2011-12-27 00:59:26 -06:00
05f3af1e77
Fixed typo in the windows autlogin post module
2011-12-26 11:17:17 -08:00
a00937b4d8
Fix typo.
2011-12-24 15:32:08 -06:00
87cf4cefea
Fix bug #6164
2011-12-24 15:26:20 -06:00
062f661991
Fix bug #6161 - Must explicitly convert e to e.to_s
2011-12-24 15:11:26 -06:00
8a705c9223
Fix bug #6158 - session.db_record might return nil but wasn't checked
2011-12-24 15:06:43 -06:00
dcb66307be
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-12-24 14:58:40 -06:00
2e2e28afb8
Fix bug #6160 - undefined method '[] for nil:NilClass' due to an invalid path
2011-12-24 14:57:46 -06:00
06077a37f8
Fixes typo, variable name is paths not path.
2011-12-24 14:39:08 -06:00
4215ef3ae1
add osvdb ref
2011-12-24 06:54:39 -06:00
3fe076bcd6
Check nil before using .empty?
2011-12-23 17:42:58 -06:00
69570dada6
Add CVE-2008-2161 OpenTFTP SP 1.4 Buffer Overflow by steponequit
2011-12-23 16:28:36 -06:00
84c6739921
added initial opentftp 1.4 windows exploit
2011-12-23 11:27:11 -06:00
41697440c7
Add Oracle Job Scheduler Command Execution (CreateProcessA) - Feature #6079
2011-12-23 01:22:39 -06:00
ce6b1d6b8c
Improve:
...
- Use 'Actions' to configure which OWA version to try
- Fix a bug where the USER_AS_PASS option might overwrite PASSWORD (and not restoring it) even though a password is already set.
- Increase timeout to 25
- Update description
2011-12-22 16:26:02 -06:00
b5b24a1fbf
Add a check. I decided not to try to login in the check function in order to remain non-malicious.
...
However, this decision doesn't represent how modules should write their own check.
2011-12-22 13:16:54 -06:00
262fe75e0a
Add CVE-2011-4642 - Splunk Remote Code Execution (Feature #6129 )
2011-12-22 13:04:37 -06:00
a03f5e32f8
Merge branch 'master' of github_r7:rapid7/metasploit-framework
2011-12-22 11:11:29 -06:00
2f55f08ebe
Actually describe the module in the title/description
2011-12-22 11:10:24 -06:00
5e1efdcd73
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-12-22 10:49:53 -05:00
30141f3008
Fix typo in the oracle enum aux module
...
The password grace time query was not checking the right value,
spotted by user bNull in the IRC channel.
2011-12-22 10:47:57 -05:00
743a0546f1
Don't blow up if the user doesn't set a filename
...
Can't actually require FILENAME or REMOTE_FILENAME because I don't know
if you're going to upload or download. However, there shouldn't be a
stacktrace when you just try to go with neither.
2011-12-21 16:26:29 -06:00
2db697cd7a
Fixup on checkpoint firewall module
...
get() should get get_once() (intent is to get 4 bytes,
not timeout after 4 seconds), no need to escape equals
signs in regexes, no need to newline the unexpected
responses.
2011-12-21 11:21:46 -06:00
c6297458e6
Adding ref/disclosure date to checkpoint module
...
Talked with patrick, this all looks correct now.
2011-12-21 10:59:02 -06:00
1128c3ec6b
Checkpoint error msg should use res.inspect
...
Otherwise your terminal will go all wonky.
2011-12-20 15:46:31 -06:00
a58ddcae1b
Adds reporting to Patrick's Checkpoint module
...
Also refers to port 264/TCP as the SecuRemote service instead of the
Topology service (I believe this is correct)
Reporting is initially conservative -- if we don't get something for
fw_hostname, then don't bother reporting at all; assume we're
mis-identifying the target.
2011-12-20 15:44:05 -06:00
baaa1f6c82
Add US-Cert references to all these SCADA modules. The refers are based on this list:
...
http://www.scadahacker.com/resources/msf-scada.html
2011-12-20 14:07:29 -06:00
d439390aa2
Fix typo
2011-12-20 12:19:34 -06:00
c2d59f0307
Fix issue #6133
2011-12-20 11:32:33 -06:00
c83c3d5128
TFTP forgot to commit my rename.
...
Fixes #5291 for real.
2011-12-20 10:45:29 -06:00
1a396ba955
Merge pull request #70 from rapid7/tftp_client
...
Tftp client
2011-12-20 08:42:42 -08:00
11a27a1e61
Renaming TFTP transfer util.
...
See #5291 . Just renaming the file.
2011-12-20 10:06:44 -06:00
24d53efa7c
Final touches on TFTP client
...
See #5291 . Adds an option to mess with the block size in case someone
wants to write a fuzzer or exploit that leverages that. Adds a cleanup
method to the module (pretty much required, it turns out). Looking
nearly final, just need to rename the module and I think we're good to
push to master.
2011-12-20 10:03:04 -06:00
0200b6367a
Add OKI Scanner (Feature #6125 )
2011-12-20 03:09:09 -06:00
677cb4b152
Handle empty data sends sanely for TFTP.
...
Don't just hang forever -- let the user know they just send empty data.
TFTP servers don't like this of course.
2011-12-19 21:56:03 -06:00
2b3e3725ac
TFTP adding comment docs, ability to send w/out a file.
...
Commenting the tricksy parts a little better for general usage.
Adding the ability to set FILEDATA instead of FILENAME, in case
only short bits of data are desired and the user doesn't want
to go to the trouble of creating a source file to upload.
2011-12-19 18:15:19 -06:00
431ef826c9
TFTP client now uses constants, preserves trailing spaces/nulls in data
...
See #5291 , just rediscovered the bug on this.
2011-12-19 16:33:25 -06:00
5eaf2e7535
Adding download and loot functionality.
...
Still need to deal with the use case of not passing a block; blocks
should not be required, it should be okay to invoke and just wait for
the complete attribute to be true. You'll miss out on error messages but
eh, maybe those should be return values.
2011-12-19 15:50:50 -06:00
aecde6fea4
Updating TFTP client. Now with grown-up thread handling.
...
No longer blocks on successful connections.
2011-12-19 12:14:40 -06:00
902d7f5ea7
Adding more to TFTP. Still need a read tho
...
Adds error checking and some helpful messaging in the event of an error.
In the event of a failed transfer the module exits immediately, but in
success, I'm still hanging around for several seconds after. Not a deal
breaker but can be annoying.
Also, need to implement a read as well as a write and store it as loot,
to be actually useful for most TFTP checking.
2011-12-18 21:05:27 -06:00
23aadd04f7
Fixing merge conflict cruft
...
Dangit teach me to merge quickly. TFTP module now loads again.
2011-12-18 13:28:52 -06:00
b58097a2a7
Remove junk() because it's never used
2011-12-17 01:28:07 -06:00
1201d7fbf2
Merge branch 'tftp_client' of github_r7:rapid7/metasploit-framework into tftp_client
...
Conflicts:
modules/auxiliary/admin/tftp/tftp_upload_file.rb
2011-12-16 22:41:22 -06:00
0b8914021c
Switch to vprint_status, also add skeletal cleanup def.
2011-12-16 21:06:10 -06:00
50fa10679b
First draft of a TFTP client.
...
Could use some actual error checking and also needs to expose
more options.
2011-12-16 18:41:55 -06:00
a6867ef128
First draft of a TFTP client.
...
Could use some actual error checking and also needs to expose
more options.
2011-12-16 18:39:09 -06:00
fae80f8d49
typo
2011-12-16 11:10:46 -06:00
205637892b
Added checkpoint_hostname aux module.
2011-12-16 10:54:34 -06:00
e0c4afbf9e
Merge pull request #60 from darkoperator/master
...
Typo in the file opening option
2011-12-16 08:44:22 -08:00
208b93ce74
Merge pull request #58 from swtornio/master
...
add osvdb refs
2011-12-16 08:44:02 -08:00
3c08836f51
Typo on the file opening mode
2011-12-16 01:13:06 -04:00
bb2ea62de8
Add CVE-2008-0926: Novell eDirectory eMBox Unauthenticated Access (Feature #2729 )
2011-12-15 23:09:26 -06:00
e991094bd2
Fix host info for report_auth_info(). Change print_status vs print_line order
2011-12-15 13:05:03 -06:00
2648e533a2
nil bug fix
2011-12-15 12:58:21 -06:00
829d96ffbe
Add Windows Gather RazorSQL cred collector (Feature #6117 )
2011-12-15 11:15:44 -06:00
1712f2aa22
add osvdb ref
2011-12-14 07:23:11 -06:00
85caabbf5d
add osvdb ref
2011-12-14 07:19:34 -06:00
8dc85f1cc5
Fix up some nascent typos
2011-12-14 00:30:31 -06:00
866e2b6bf3
Additional IPv6 payload support
2011-12-14 00:27:38 -06:00
86b3409d47
Actually return
2011-12-13 20:01:13 -06:00
cb456337a0
Handle invalid http responses better, see #6113
2011-12-13 19:54:10 -06:00
fea4bfb85c
Repair dead milw0rm link to exploit-db
2011-12-13 16:13:53 -06:00
c1a4c4e584
Repair dead milw0rm link to exploit-db
2011-12-13 16:13:34 -06:00
acef9de711
Repair dead milw0rm link to exploit-db
2011-12-13 16:13:15 -06:00
e7ab48693c
Repair dead milw0rm link to exploit-db
2011-12-13 16:12:57 -06:00
94b736c76c
Repair dead milw0rm link to exploit-db
2011-12-13 16:12:38 -06:00
97b74101fb
Repair dead milw0rm link to exploit-db
2011-12-13 16:12:11 -06:00
7b2a1dc791
Repair dead milw0rm link to exploit-db
2011-12-13 16:11:33 -06:00
a5189917da
Add CVE-2005-4832: Oracle Database Server DBMS_CDC_SUBSCRIBE SUBSCRIPTION_NAME SQL Injection (Feature #6094 )
2011-12-13 15:44:39 -06:00
d246bfa4da
Credit Luigi Auriemma for the original discovery/poc, not Celil
2011-12-13 15:20:26 -06:00
d87d8d5799
Add CVE-2011-4453 (PmWiki Remote code exeuction - Feature #6103 )
2011-12-13 11:45:24 -06:00
a9e4474eda
Add missing require, fix load error on invalid constant
2011-12-12 23:24:03 -06:00
cd0679ab5d
Increase timeout for cmd_exec()
2011-12-12 21:15:28 -06:00
6e8fdf1ce1
Apply patch #6081
2011-12-12 19:51:02 -06:00
a8fad72fce
Merge branch 'msftidy_fixup'
...
Merging a local msftidy cleanup branch, adding a new optional msftidy
test to check for 1.8 compat and cleaning up some whitespace /
file.open()'s.
2011-12-12 17:55:21 -06:00
f402b8598b
Whitespace and File.open binary mode cleanups.
...
Fixes some recent modules: dns_fuzzer, shodan_search,
avidphoneticindexer, and win_privs.
2011-12-12 17:31:28 -06:00
32c8301c19
Add feature #6082 (Traq 2.3 Auth bypass remote code execution)
2011-12-12 15:45:19 -06:00
bacdbb90d7
ugh, stack overflow != stack buffer overflow. Also, metadata format fix.
2011-12-12 15:23:32 -06:00
5af5137241
Add CoDeSys SCADA bof module ( #6083 )
2011-12-12 15:21:15 -06:00
5ba5bbf077
Apply feature #6074
2011-12-12 12:03:34 -06:00
4e95eb5d34
Update description (Feature #6080 )
2011-12-12 11:33:17 -06:00
b4f58ef8fd
Trailing commas kill 1.8. dangit.
...
Fixed dns_fuzzer to knock that off.
2011-12-12 10:26:53 -06:00
4736cb1cbe
Merge pull request #48 from swtornio/master
...
add osvdb ref
2011-12-11 20:37:43 -08:00
17cc89ebad
Add IPv6 specific HTTP(S) handlers and payloads (simplifies
...
options/usage)
2011-12-11 13:26:48 -06:00
2d3064c1ec
Default the scope ID to 0, explicitly
2011-12-10 13:46:16 -06:00
1ae12e3a23
Remove the default target, since module doesn't fingerprint the service
...
pack, this can only end in tears.
2011-12-10 13:31:05 -06:00
a9db05e53b
Fix regular expression
2011-12-10 13:24:58 -06:00
cd4d7d3c47
Handle IPv6 properly (host header parsing)
2011-12-10 13:24:58 -06:00
25685c4c74
add osvdb ref
2011-12-10 08:07:21 -06:00
b521602d82
add osvdb ref
2011-12-10 07:49:50 -06:00
8ccb68c9df
Adding an add_socket() to dhcp and rftp as lauched with a survice
...
when succesful.
Closing the related pull reuquest for this one.
2011-12-10 03:39:25 -06:00
e52436e7ad
Drop the incorrect Id keyword from h323_version
2011-12-09 14:29:55 -06:00
e043fb52c2
Incrase timeout
2011-12-08 11:21:03 -06:00
d6d9ac17d2
use store_loot() instead of store_local()
2011-12-08 11:10:31 -06:00
c366e652b9
Revert "Using store_local() to store stuff for dir traversal bugs feels much better than store_loot()"
...
This reverts commit d37daa4934
2011-12-08 10:11:09 -06:00
d37daa4934
Using store_local() to store stuff for dir traversal bugs feels much better than store_loot()
2011-12-07 19:08:24 -06:00
aa5c0c46b6
Fix indent level
2011-12-07 18:44:49 -06:00
feab7f5077
Add CVE-2011-4350
2011-12-07 18:42:52 -06:00
b7ccbcd6b5
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-12-07 12:23:23 -06:00
84682b3615
Apply patch #6072
2011-12-07 12:22:58 -06:00
b8767d5f57
Fix typo on 1.8.7
2011-12-07 10:45:23 -06:00
5afba20c21
Merge pull request #43 from jduck/master
...
Clear up how to use native payloads for tomcat_mgr_deploy
2011-12-06 23:01:53 -08:00
1694e22e74
Merge pull request #42 from chao-mu/master
...
Fix for issue #6012 ; post/windows/manage/enable_rdp broken
2011-12-06 23:01:20 -08:00
0e2101e4c1
Correct author name
2011-12-07 00:24:16 -06:00
fd1935b3de
show is_admin
2011-12-07 00:23:06 -06:00
edec6b98ee
Add feature #6067 Family Connections CMS 2.7.1 exploit
2011-12-07 00:00:56 -06:00
8fdfd9f97b
Additional verbosity on WLAN error message
...
to explain that the modules will error if the
Wireless Zero Configuration Service is turned off.
2011-12-06 20:42:11 -05:00
459eafd96d
Fix to WLAN mdoules for when wLAN not installed on target
...
The modules did not close out properly when WLAN was determined not to be
installed on the host. This fix corrects that.
fixes #6070
2011-12-06 20:22:47 -05:00
92c1065508
Add CVE-2004-1626 (Ability FTP Server). OSCP l337-fu :-)
2011-12-06 18:52:42 -06:00
f1950c2fe1
Adding back bitstruct (current upstream) and dns_fuzzer module
...
Fixes #3289 .
This commit adds back the bit-struct library because in the end,
it is useful for some modules, especially pello's. It's small
and it has a nice license, so why not. After all, it /is/
useful for quicky application headers. Eventually, should
be replaced by StructFu, but that requires some doc work
on my part to get that transition in place.
This also adds pello's DNS fuzzer module which makes use of
BitStruct to create sometimes malformed-on-purpose DNS headers.
Tested against 3 different DNS servers, caused one to reboot,
so I'd say it works.
2011-12-06 17:03:36 -06:00
0bbbcd549d
Add port information, and allow search in data
2011-12-05 22:22:36 -06:00
84af4647db
Merge branch 'issue_1083_oracle'
2011-12-05 17:39:46 -06:00
4da2c32734
Minor update to xdb_side_brute, see #1083
...
Adds a typo fix and adds an explicit VERBOSE option.
2011-12-05 15:11:09 -06:00
dbd00efefe
Merge branch '4.3-schema'
2011-12-05 15:04:35 -06:00
37516134f0
FILTER shouldn't be case-sensitive
2011-12-05 13:19:04 -06:00
97087d88fa
Mark portscan modules as v6 incompatible
2011-12-05 13:07:36 -06:00
cf28713f9a
Mark specific modules as incompatible due to use of quad-dot code
2011-12-05 13:07:36 -06:00
fd2eb200fb
Add Shodan Search Module (Feature #5451 )
2011-12-05 12:50:21 -06:00
ac7edc268a
Add some more clear documentation for selecting payloads for this module.
2011-12-05 00:35:11 -06:00
e524215b55
WTH, the date format is wrong
2011-12-04 15:23:31 -06:00
679ef457d8
Correct spelling, thx bannedit
2011-12-04 14:59:54 -06:00
f26447e021
Correct my own weird grammar
2011-12-04 14:50:53 -06:00
e07868d613
Catch possible exception if WTSGetActiveConsoleSessionId isn't available on the target machine
2011-12-04 14:48:45 -06:00
e52ebd602f
Encorporating patch submitted by Boris Lukashev to fix issue 6012 (Post module enable rdp broken and fixed (here)). Fix was to have the module include Msf::Post::Windows::WindowsServices, make service_change_startup available
2011-12-04 15:26:43 -05:00
3cd2caca1a
Fix #6052
2011-12-04 13:49:13 -06:00
89ed25978d
Add feature #6048
2011-12-04 13:44:21 -06:00
f63a616739
add osvdb ref
2011-12-04 07:48:48 -06:00
950b4a54a0
Fix bug #6050
2011-12-03 22:00:48 -06:00
2720572a37
Add IPSwitch Whatsup Gold TFTP directory traversal module
2011-12-03 18:46:34 -06:00
27974c4c27
Merge branch 'master' of github.com:rapid7/metasploit-framework into fastlib
...
Conflicts:
modules/auxiliary/scanner/http/axis_login.rb
modules/exploits/multi/http/axis2_deployer.rb
modules/post/multi/gather/thunderbird_creds.rb
modules/post/windows/gather/credentials/imvu.rb
msfopcode
2011-12-03 14:07:09 -06:00
b75799d18d
=add osvdb ref
2011-12-02 16:50:42 -06:00
83f12c6fe0
=add osvdb ref
2011-12-02 16:46:01 -06:00
c8634390b7
Add CCMPlayer m3u exploit (Feature #6029 )
2011-12-02 16:27:59 -06:00
30e3607ec0
The SUCCESS message may not be constant across foreign language verions according to jduck, chaning back to the old way
2011-12-02 15:11:27 -06:00
f4b755c319
Add License comment (author already put 'MSF_LICENSE' in there). Also drop rank, because it doesn't cover so many targets
2011-12-02 15:00:39 -06:00
cd2bb027bf
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-12-02 14:54:53 -06:00
895a509bd3
Add Avid Media Composer 5.5 (Feature #6035 )
2011-12-02 14:53:26 -06:00
2bb97791f7
Update OSVDF refs for servu module.
...
* Added osvdb ref to servu module.
* Fixed rhino entry in osvdb, removed comment from module.
Squashed commit of the following:
commit 80ce65253f51e07a0bcb8900402a1b3d59eaeaa1
Author: Steve Tornio <swtornio@gmail.com>
Date: Fri Dec 2 07:44:28 2011 -0600
add osvdb ref
commit 558f20d84dd705b57b7f807a5ea3815e17b6f9f5
Author: Steve Tornio <swtornio@gmail.com>
Date: Wed Nov 30 08:15:20 2011 -0600
fixed in osvdb
[Closes #39 ]
2011-12-02 13:21:41 -05:00
dbe7e6aecf
Remove a leftover debugging statement
2011-12-02 00:06:04 -06:00
2d320b1828
Fix bug: table being saved while empty
2011-12-01 22:47:42 -06:00
608a5586b2
Actually, don't really have a good reason for that exception handling anymore. I think.
2011-12-01 22:47:42 -06:00
0eb3b5a49b
Fix undefined method 'cmd_exec' bug. Thx Boris.
2011-12-01 22:47:42 -06:00
19fae182da
Add Thunderbird credential collector (Feature #6014 )
2011-12-01 22:47:42 -06:00
a91926716d
don't dup the last part of the key, fixes #6036
2011-12-01 15:24:58 -07:00
9f99cfc757
Convert the h323 module to MSF_LICENSE (backport from Pro)
2011-12-01 16:01:01 -06:00
3e5e9a910e
Add h323 scanner
2011-12-01 16:01:01 -06:00
d0db88d35d
Make key_base an instance var so other functions can access it. Bug #6036
2011-12-01 14:41:44 -06:00
57f12cb2d8
Merge branch 'servu_sploit'
2011-12-01 11:21:32 -08:00
93a419c76b
Having nothing on the webpage may probably confuse some novice users. But I do like stealth.
2011-12-01 03:02:35 -06:00
8399ce6e41
Fix bug #6031
2011-11-30 15:22:52 -06:00
40ab37fa10
Merge branch 'iss5979'
2011-11-30 12:16:33 -08:00
2858cae296
Some quick corrections to tidy things up
2011-11-29 19:57:08 -08:00
be88f483a3
More Accurate Vulnerability Check
2011-11-29 18:38:00 -08:00
0dda948265
New Exploit for the Serv-U FTP Buffer overflow
...
from CVE 2004-2111
2011-11-29 17:34:01 -08:00
Jon Hart
Tod Beardsley
sinn3r
Tod Beardsley
Steve Tornio
sinn3r
root
root
Sam Sharps
Stephen Haywood
David Maloney
Patroklos Argyroudis
HD Moore
sam
Joshua J. Drake
Brandon Perry
steponequit
Patrick Webster
Carlos Perez
HD Moore
chao-mu
James Lee