infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,722 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

5556 Commits (c851722d502f09dcecefdfb1c651be76ceff4f01)

Author SHA1 Message Date
Steven Seeley c851722d50 fixed the description... 2012-04-13 11:18:24 +10:00
Steven Seeley 9b0c211160 exploit for cyberlinks Power2Go application. I find this software installed by default on alot of HP notebooks along with the CD installer. Not quite sure this was exploited earlier.. 2012-04-13 11:07:36 +10:00
Steven Seeley 762324e286 Merge remote-tracking branch 'upstream/master' 2012-04-13 10:26:12 +10:00
sinn3r d31771d7f9 Randomize as many nops as possible without making the exploit too unstable 2012-04-12 03:45:13 -05:00
sinn3r 0d739a1a51 Module rename. Cleanup whitespace. Fix typos. 2012-04-12 03:45:12 -05:00
Steven Seeley 14f85e406f exploit for Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution 2012-04-12 03:45:12 -05:00
Steven Seeley 846be0e983 exploit for Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution 2012-04-12 13:10:18 +10:00
James Lee 810d496ade Chmod the payload executable 
Makes native payloads work on non-windows, thanks mihi!
 2012-04-11 12:48:14 -06:00
James Lee 090566610a Make sure @shares is initialized 
Fixes a stack trace when the target isn't Windows
 2012-04-10 15:00:47 -06:00
Tod Beardsley 94cf69cdf8 Yank the ACTION option from persistence 
Other problems with this module since commit
5ba5bbf077 but this should be enough to
get it working again.
 2012-04-10 15:01:14 -05:00
Tod Beardsley 03c958a9b1 ACTION on persistence.rb should be an OptEnum 
That way, upcase / downcase problems get caught on option validation,
rather than down in the module's guts.
 2012-04-10 14:45:54 -05:00
Tod Beardsley cbc12560a5 Leading tabs, not spaces 
There's a coding style in here that will make msftidy.rb cry, and
that's:

```
varfoo = %q|
    stuff
      thats
        html
|
```

Usually, you want something like

varfoo = ""
varfoo << %q|    stuff|
varfoo << %q|      thats|
varfoo << %q|        html|

That said, the Description field is usually written as tab-intended
multiline %q{} enclosures, so that's what I'll do here to make
msftidy.rb happy.
 2012-04-10 14:25:00 -05:00
Tod Beardsley cdc020ba9f Trailing space on xpi bootstrap module 2012-04-10 14:24:08 -05:00
Tod Beardsley 3cb7cbe994 Adding another ref and a disclosuredate to mihi's XPI module 
Calling the disclosure date 2007 since TippingPoint published a blog
post back then about this XPI confirm-and-install vector.
 2012-04-10 13:59:21 -05:00
sinn3r 0e1fff2c4b Change the output style to comply with egyp7's expectations. 2012-04-10 13:42:52 -05:00
sinn3r 76c12fe7e6 Whitespace cleanup 2012-04-10 13:22:10 -05:00
Michael Schierl 705cf41858 Add firefox_xpi_bootstrapped_addon exploit 
This is similar to java_signed_applet as it does not exploit a vulnerability, but
hope that the user will trust the addon.
 2012-04-10 13:39:54 +02:00
HD Moore a9d733f9fe Fix pack order 2012-04-09 21:21:42 -05:00
HD Moore 2c473e3cdd Fix up koyo login 2012-04-09 15:07:47 -05:00
juan 246ebca940 added module for CVE-2012-0198 2012-04-09 20:45:27 +02:00
sinn3r a26e844ce5 Merge pull request #318 from wchen-r7/dolibarr_login 
Add an aux module to brute force Dolibarr's login interface
 2012-04-09 09:20:48 -07:00
sinn3r bef12478fc Merge branch 'bap-refactor' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-bap-refactor 2012-04-09 09:58:22 -05:00
James Lee 037fbf655e Standardize the print format for modules used by browser autopwn 2012-04-09 01:57:50 -06:00
James Lee b38933328f Send exploits that are not assocated with any browser to all of them 2012-04-09 01:53:57 -06:00
James Lee 3ca440089e Add checks for .NET requisites 
Also standardizes print_status format to look nicer with lots of cilents
 2012-04-09 01:23:44 -06:00
James Lee a6b106e867 Remove autopwn support for enjoysapgui_comp_download 
No automatic targeting, the payload doesn't execute immediately, and
requires the browser be running as Admin. Bascially just not a great
candidate for being run automatically.
 2012-04-09 01:05:37 -06:00
James Lee 409ba3139b Add bap checks for blackice exploit 2012-04-09 00:50:04 -06:00
sinn3r 5fefb47b7f Some cosmetic changes 2012-04-09 01:43:20 -05:00
sinn3r 95dbb8a818 Merge branch 'snort-dce-rpc' of https://github.com/carmaa/metasploit-framework into carmaa-snort-dce-rpc 2012-04-09 00:17:44 -05:00
James Lee da1cb2b81d ActiveX controls require IE 2012-04-08 22:07:09 -06:00
sinn3r 9cec9639c7 Add an aux module to brute force Dolibarr's login interface 2012-04-08 18:16:38 -05:00
James Lee f520af036f Move next_exploit() onto window object so it's accessible everywhere 
I swear I committed this before, not sure what happened.
 2012-04-08 17:11:15 -06:00
Carsten Maartmann-Moe ce0de02a2a Modified for 8-space tabs 2012-04-08 16:09:28 -04:00
Carsten Maartmann-Moe 89c1894e07 Minor formatting changes, tabs etc. and comments for clarity 2012-04-08 15:45:23 -04:00
sinn3r 51bdfe14fd 2012, not 2011, oops 2012-04-08 13:21:37 -05:00
sinn3r 24478e9eb5 Add Dolibarr ERP & CRM Command Injection Exploit 2012-04-08 13:20:22 -05:00
sinn3r 05eba0ab4c Cosmetic changes, mostly :-) 2012-04-07 14:47:23 -05:00
sinn3r 00ff2e3dc1 Merge branch 'CVE-2012-1195_thinkmanagement' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2012-1195_thinkmanagement 2012-04-07 14:41:19 -05:00
juan 938d5d0a75 added references for cve-2012-1196 2012-04-07 20:22:59 +02:00
juan ee7bce5995 deletion of the ASP script 2012-04-07 20:19:45 +02:00
Tod Beardsley dfe2bbc958 Use rport for modicon_password recovery, not 21. 2012-04-07 13:03:43 -05:00
juan 8761d39190 exploit module added for CVE-2012-1195 2012-04-07 19:04:17 +02:00
Carsten Maartmann-Moe b2e0acd92a Tidied up the exploit 2012-04-06 20:41:54 -04:00
andurin 4e955e5870 replace spaces with tabs 2012-04-06 10:45:10 -05:00
andurin 67e6c7b850 tomcat_mgr_deploy may report successful creds 
Using following code for 'check' as 'exploit':
               report_auth_info(
                       :host   => rhost,
                       :port   => rport,
                       :sname  => (ssl ? "https" : "http"),
                       :user   => datastore['BasicAuthUser'],
                       :pass   => datastore['BasicAuthPass'],
                       :proof  => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
                       :active => true
               )

Resulting in:

Credentials
===========

host           port  user    pass    type      active?
----           ----  ----    ----    ----      -------
192.168.x.xxx  8080  tomcat  s3cret  password  true
 2012-04-06 10:45:10 -05:00
Tod Beardsley 461352f24f Don't need to require net/ftp anymore 
Nothing actually used it anyway.
 2012-04-06 10:35:28 -05:00
sinn3r 56b10d4d23 Merge branch 'CVE-2012-0270_csound_getnum_bof' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2012-0270_csound_getnum_bof 2012-04-06 02:28:26 -05:00
sinn3r 68c81e3ae0 Add OSVDB-80661 TRENDnet SecurView ActiveX BoF 2012-04-06 02:26:04 -05:00
Carsten Maartmann-Moe b184a6dc5c Exploit for Snort CVE-2006-5276 on Windows 2012-04-05 19:46:56 -04:00
Tod Beardsley 9c8e6ac9da Ruby 1.8 compat for the SCADA modules. 
But really, you should be using Ruby 1.9 by now.
 2012-04-05 17:05:03 -05:00