Tod Beardsley
0219c4974a
Release fixups, word choice, refs, etc.
2014-06-23 11:17:00 -05:00
jvazquez-r7
267642aa4b
Fix description
2014-06-23 09:20:47 -05:00
jvazquez-r7
cc3c06440f
Add module for ZDI-14-195, HP AutoPass License Traversal
2014-06-23 09:19:56 -05:00
William Vu
40d1ec551e
Add WEP, PSK, and MGT
2014-06-21 23:15:20 -05:00
Spencer McIntyre
61f4c769eb
Land #3461 , Chromecast factory reset module
2014-06-21 17:43:31 -04:00
William Vu
79bf80e6bf
Add generic error handling
...
Just in case a factory reset happens to fail.
2014-06-21 15:35:03 -05:00
jvazquez-r7
469fae7058
Land #3465 , @hmoore-r7's module for SMC IPMI Port 49152 file exposure vulnerability
2014-06-20 17:22:28 -05:00
jvazquez-r7
252d917bbb
Fix msftidy and favor && over and
2014-06-20 17:21:10 -05:00
jvazquez-r7
e8b914a62f
Download rankings for reliable exploit, but depending on a specific version without autodetection
2014-06-20 14:33:02 -05:00
jvazquez-r7
191c871e9b
[SeeRM #8815 ] Dont try to exploit when generate_payload_exe fails
2014-06-20 14:07:49 -05:00
jvazquez-r7
f0d04fe77e
Do some randomizations
2014-06-20 11:38:10 -05:00
jvazquez-r7
f26f8ae5db
Change module filename
2014-06-20 11:27:49 -05:00
jvazquez-r7
33eaf643aa
Fix usage of :concat_operator operator
2014-06-20 11:27:23 -05:00
jvazquez-r7
5542f846d6
Merge to solve conflicts
2014-06-20 11:24:08 -05:00
jvazquez-r7
4203e75777
Land #3408 , @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950
2014-06-20 10:27:32 -05:00
jvazquez-r7
f74594c324
Order metadata
2014-06-20 10:26:50 -05:00
jvazquez-r7
a081beacc2
Use Gem::Version for string versions comparison
2014-06-20 09:44:29 -05:00
Tod Beardsley
5d6b582adc
Update modules to use new path.
2014-06-19 18:44:19 -05:00
Joshua Smith
45dc197827
Lands 3454, exploits/linux/ids/alienvault_centerd_soap_exec
2014-06-19 15:58:33 -05:00
jvazquez-r7
d28ced5b7b
change module filename
2014-06-19 15:56:55 -05:00
jvazquez-r7
a0386f0797
Fix cmd_concat_operator
2014-06-19 15:52:55 -05:00
HD Moore
fa5fc724eb
Fix the disclosure date
2014-06-19 15:36:17 -05:00
HD Moore
f7fd17106a
Add the final cari.net URL
2014-06-19 15:33:06 -05:00
Michael Messner
86f523f00c
concator handling
2014-06-18 18:15:58 +02:00
William Vu
075eec39e1
Add Chromecast factory reset module
2014-06-18 10:04:17 -05:00
jvazquez-r7
45ea59050c
Fix the if cleanup
2014-06-17 23:40:00 -05:00
Joshua Smith
288430d813
wraps some long lines
2014-06-17 22:30:28 -05:00
Spencer McIntyre
c685e0d06e
Land #3444 , chromecast wifi enumeration
2014-06-17 22:09:58 -04:00
OJ
5879ca3340
Merge branch 'upstream/master' into meatballs x64_injection
2014-06-18 10:24:33 +10:00
Joshua Smith
bab1e30557
Land #3460 , Ericom AccessNow Server BOF exploit
2014-06-17 19:10:34 -05:00
Joshua Smith
9af9d2f5c2
slight cleanup
2014-06-17 19:08:31 -05:00
jvazquez-r7
1133332702
Finish module
2014-06-17 15:01:35 -05:00
William Vu
1394ad1431
Break my double quote habit
...
Doesn't it feel better? C doesn't love me anymore.
2014-06-17 14:22:55 -05:00
jvazquez-r7
8f8af0e93a
Add draft version
2014-06-17 14:21:49 -05:00
Christian Mehlmauer
03fa858089
Added newline at EOF
2014-06-17 21:05:00 +02:00
Christian Mehlmauer
8e1949f3c8
Added newline at EOF
2014-06-17 21:03:18 +02:00
William Vu
8376b4aa2b
Map constants to readable values
...
Thanks, @zeroSteiner and @kernelsmith. :)
2014-06-17 13:10:08 -05:00
OJ
b710014ece
Land #3435 -- Rocket Servergraph ZDI-14-161/162
2014-06-17 18:06:03 +10:00
Michael Messner
508998263b
removed wrong module file
2014-06-17 08:57:46 +02:00
Michael Messner
6f45eb13c7
moved module file
2014-06-17 08:56:07 +02:00
Michael Messner
a5eed71d50
renamed and other module removed
2014-06-17 08:50:09 +02:00
Michael Messner
e908b7bc25
renamed and other module removed
2014-06-17 08:49:46 +02:00
jvazquez-r7
d44d409ff2
Land #3407 , @julianvilas's exploit for Java JDWP RCE
2014-06-16 13:38:51 -05:00
jvazquez-r7
6a780987d5
Do minor cleanup
2014-06-16 13:37:44 -05:00
jvazquez-r7
f7b892e55b
Add module for AlienVault's ZDI-14-202
2014-06-16 12:10:30 -05:00
Tod Beardsley
19da7d551e
Kill newline (race @wvu-r7 on this)
...
See PR #3453
2014-06-16 11:46:08 -05:00
Tod Beardsley
2aa26fa290
Minor spacing and word choice fixups
2014-06-16 11:40:21 -05:00
joev
461fba97d7
Update forgotten call to js() in webview exploit.
2014-06-15 23:43:05 -05:00
scriptjunkie
5fe8814af6
Land #3330 adding admin check to smb_login
2014-06-15 14:42:26 -05:00
Julian Vilas
caa1e10370
Add feature for disabling Java Security Manager
2014-06-15 20:35:19 +02:00
Michael Messner
12ec785bdb
clean up, echo stager, concator handling
2014-06-14 17:37:09 +02:00
Michael Messner
8eb21ded97
clean up
2014-06-14 17:02:55 +02:00
Tim Wright
9b43749916
Land #3418 - android adobe reader addjisf pdf exploit
...
Merge branch 'landing-3418' into upstream-master
2014-06-14 11:25:29 +01:00
jvazquez-r7
2fe7593559
Land #3433 , @TecR0c's exploit for Easy File Management Web Server
2014-06-13 09:54:12 -05:00
joev
eddac55c37
Remove spaces at EOL.
2014-06-13 08:37:44 -05:00
Michael Messner
a3ae177347
echo stager, arch_cmd, echo module
2014-06-13 11:42:47 +02:00
Michael Messner
894af92b22
echo stager, arch_cmd
2014-06-13 11:40:50 +02:00
Tod Beardsley
1ab379a0fe
Land #3448 , ident =! indent
2014-06-12 14:15:06 -05:00
Tod Beardsley
e9783200f2
Land #3447 , fix variable typo
2014-06-12 14:07:34 -05:00
William Vu
cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key)
2014-06-12 13:41:44 -05:00
Jon Cave
a647246148
Use correct variable name
2014-06-12 19:38:41 +01:00
William Vu
62a4991508
Land #3446 , some code cleanup from @todb-r7
2014-06-12 13:35:36 -05:00
Tod Beardsley
3f5e50d18f
Aux modules don't have ranking.
...
msftidy should have defintely caught this. That it didn't catch on
Travis-CI concerns me. Need to research this.
2014-06-12 13:21:59 -05:00
Tod Beardsley
1aa029dbed
Avoid double quotes in the initialize/elewhere
...
There is no need to have double quotes there for uninterpolated strings,
and every other module uses single quotes.
2014-06-12 13:20:59 -05:00
jvazquez-r7
e85f829ee4
modules living inside scanner should include the Scanner mixin
2014-06-12 12:20:44 -05:00
HD Moore
fa4e835804
Fix up scanner mixin usage, actual test/bug fix
2014-06-12 11:52:34 -05:00
jvazquez-r7
67d4097e1d
Land #3271 , @claudijd's Cisco ASA SSL VPN Bruteforce Aux Module
2014-06-12 11:27:23 -05:00
HD Moore
487bf219f0
Rename to match the title
2014-06-12 11:23:34 -05:00
jvazquez-r7
7650067b41
Fix metadata
2014-06-12 11:22:52 -05:00
jvazquez-r7
e76c85c5d1
Fix usage of print_*
2014-06-12 11:13:45 -05:00
sinn3r
2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX
2014-06-11 22:27:25 -05:00
joev
56efd82112
Correct the disclosure date.
2014-06-11 21:53:42 -05:00
joev
6bc37cca0c
Land #3430 , @brandonprry's generic MongoDB injection enum.
2014-06-11 21:41:23 -05:00
William Vu
23f7fe45ed
Add Chromecast wifi enumeration module
2014-06-11 21:00:47 -05:00
Julian Vilas
2296dea5ad
Clean and fix
2014-06-12 01:55:27 +02:00
Julian Vilas
4f67db60ed
Modify breakpoint approach by step into
2014-06-12 01:23:20 +02:00
Spencer McIntyre
e6aba3ee35
Land #3438 , chromecast youtube video aux module
2014-06-11 18:21:12 -04:00
Brandon Perry
cca91dd7c5
Update mongodb_js_inject_collection_enum.rb
...
some @jvennix-r7 fixes
2014-06-11 17:07:57 -05:00
HD Moore
0bac24778e
Fix the case statements to match platform
2014-06-11 15:22:55 -05:00
HD Moore
d5b32e31f8
Fix a typo where platform was 'windows' not 'win'
...
This was reported by dracu on freenode
2014-06-11 15:10:33 -05:00
joev
8b35815ead
Move module to post/firefox/manage.
2014-06-11 15:10:22 -05:00
joev
bdd86bf863
Add check for windows bug (RM#8810).
2014-06-11 15:09:52 -05:00
HD Moore
81019ed850
Supermicro work
2014-06-11 15:03:54 -05:00
jvazquez-r7
34f98ddc50
Do minor cleanup
2014-06-11 09:20:22 -05:00
TecR0c
b27b00afbb
Added target 4.0 and cleaned up exploit
2014-06-11 06:22:47 -07:00
TecR0c
f1382af018
Added target 4.0 and cleaned up exploit
2014-06-11 06:20:49 -07:00
William Vu
6ca5cf6c26
Add Chromecast YouTube remote control
2014-06-11 00:08:08 -05:00
Tod Beardsley
44540e6d00
Land #3437 , CSS Injection MITM scanner
2014-06-10 13:36:35 -05:00
jvazquez-r7
4aa1fee398
Land #3326 , @FireFart's Heartbleed - server response parsing
2014-06-10 13:27:28 -05:00
Tod Beardsley
521284253f
Be more clear about the vuln and impact
2014-06-10 10:29:23 -05:00
jvazquez-r7
2c8a99143b
Land #3426 , @Meatballs1's Python v2.3.3 Compatible Command Shell payloads
2014-06-10 09:55:58 -05:00
jvazquez-r7
3ec15b6512
Land #3431 , @bcoles's new targets for efs_easychatserver_username
2014-06-10 09:52:16 -05:00
jvazquez-r7
a554b25855
Use EXITFUNC
2014-06-10 09:51:06 -05:00
jvazquez-r7
9b55f5143a
Add module for CVE-2014-0224
2014-06-09 17:38:11 -05:00
Meatballs
dc69afebb1
License and Require
2014-06-09 21:41:38 +01:00
Tod Beardsley
4103f2295b
Missing comma
2014-06-09 13:44:46 -05:00
Tod Beardsley
0e14d77dba
Minor fixup on DTLS module
2014-06-09 13:42:30 -05:00
jvazquez-r7
0e611b5d64
Land #3429 , @jhart-r7's auxiliary module for CVE-2014-0195
2014-06-09 13:34:38 -05:00
jvazquez-r7
ed5d83a41b
Add vulnerability discoverer
2014-06-09 13:25:33 -05:00
jvazquez-r7
daf662b3c0
Do minor cleanup
2014-06-09 13:23:56 -05:00
jvazquez-r7
1f33566033
Land #3432 , @Meatballs1 sap_soap_rfc_brute_login's clean up
2014-06-09 11:39:52 -05:00
TecR0c
3d33a82c1c
Changed to unless
2014-06-09 09:31:14 -07:00
TecR0c
1252eea4b9
Changed to unless
2014-06-09 09:26:03 -07:00
jvazquez-r7
b39b41e29f
Land #3371 , @Meatballs1 fix for sap_mgmt_con_getprocessparameter
2014-06-09 11:25:01 -05:00
Jon Hart
06e45e8253
Clean up TLS fragment building
2014-06-09 08:39:30 -07:00
TecR0c
52d26f290f
Added check in exploit func
2014-06-09 03:23:14 -07:00
jvazquez-r7
e4d14194bb
Add module for Rocket Servergraph ZDI-14-161 and ZDI-14-162
2014-06-08 11:07:10 -05:00
Meatballs
25ed68af6e
Land #3017 , Windows x86 Shell Hidden Bind
...
A bind shellcode that responds as 'closed' unless the client matches the
AHOST ip.
2014-06-08 13:49:49 +01:00
TecR0c
8ecafbc49e
Easy File Management Web Server v5.3 Stack Buffer Overflow
2014-06-08 04:21:14 -07:00
Christian Mehlmauer
099003708c
Land #3422 , SAP Bruterforcer datastore cleanup
2014-06-08 08:42:27 +02:00
Brandon Perry
4367e8ef0c
Update mongodb_js_inject_collection_enum.rb
...
Fix some logic bugs that caused incorrect results.
2014-06-07 21:03:28 -05:00
Brandon Perry
dc89621d5c
Update mongodb_js_inject_collection_enum.rb
...
No need to make extra requests. Off by one.
2014-06-07 20:09:00 -05:00
Brandon Perry
2663af986b
Update mongodb_js_inject_collection_enum.rb
...
This adds a bit more error handling, and better decision making in regards to false responses.
2014-06-07 19:58:12 -05:00
Julian Vilas
73536f2ac0
Add support Java 8
2014-06-07 22:43:14 +02:00
Brendan Coles
6bef6edb81
Update efs_easychatserver_username.rb
...
Add targets for versions 2.0 to 3.1.
Add install path detection for junk size calculation.
Add version detection for auto targeting.
2014-06-08 06:36:18 +10:00
Jon Hart
a7a1a2bf3b
Move dtls_fragment_overflow.rb under ssl where it belongs
2014-06-07 12:56:34 -07:00
Brandon Perry
4071fb332b
Create mongodb_js_inject_collection_enum.rb
...
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7
https://gist.github.com/brandonprry/c2de8ac2be825007c4de
2014-06-07 11:20:34 -05:00
Meatballs
2be6b8befe
Remove bind hidden handler
2014-06-07 14:34:20 +01:00
Meatballs
bf1a665259
Land #2657 , Dynamic generation of windows service executable functions
...
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
Jon Hart
8637a1fff1
OpenSSL DTLS CVE-2014-0195 POC
2014-06-06 19:24:47 -07:00
Meatballs
fe20e6e1c4
Merge remote-tracking branch 'upstream/master' into soap_brute_fix
...
Conflicts:
modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb
2014-06-07 02:44:16 +01:00
Meatballs
8624ddfc3e
Clean up SAP SOAP RFC Brute Login
...
Honour the user supplied settings
Abort a host on connection error
Check a 200 response for some appropriate data
Let datastore validation handle things like options being present
Be more verbose if needed
Use the HTTPClient more appropriately
2014-06-07 02:34:49 +01:00
Meatballs
b997c2ac1f
Further tidies
2014-06-07 02:00:35 +01:00
joev
a33de66da4
Fix transparent background, add VISIBLE option.
2014-06-06 16:52:00 -05:00
joev
a45a5631f5
Make window invisible.
2014-06-06 16:40:55 -05:00
joev
496be5c336
Ensure command_shell_options is present.
2014-06-06 16:26:45 -05:00
joev
d990fb4999
Remove a number of stray edits and bs.
2014-06-06 16:24:45 -05:00
joev
4a9f50bb60
Clean up some dead code.
2014-06-06 16:20:40 -05:00
joev
7c762ad42c
Fix some minor bugs in webrtc stuff, inline API code.
2014-06-06 16:18:39 -05:00
Julian Vilas
e7957bf999
Change GET request by random text
2014-06-05 01:33:00 +02:00
jvazquez-r7
c9bd0ca995
Add minor changes
2014-06-04 15:56:14 -05:00
jvazquez-r7
bb77327b09
Warn the user if the detected platform doesnt match target
2014-06-04 14:50:18 -05:00
jvazquez-r7
b76253f9ff
Add context to the socket
2014-06-04 14:25:01 -05:00
jvazquez-r7
77eeb5209a
Do small cleanups
2014-06-04 14:23:21 -05:00
jvazquez-r7
6c643f8837
Fix usage of Rex::Sockket::Tcp
2014-06-04 14:14:23 -05:00
jvazquez-r7
837668d083
use optiona argument for read_reply
2014-06-04 13:48:53 -05:00
jvazquez-r7
d184717e55
delete blank lines
2014-06-04 13:24:34 -05:00
jvazquez-r7
33a7bc64fa
Do some easy cleaning
2014-06-04 13:18:59 -05:00
jvazquez-r7
1ff539fc73
No sense to check two times
2014-06-04 12:48:20 -05:00
jvazquez-r7
7a5b5d31f9
Avoid messages inside check
2014-06-04 12:43:39 -05:00
jvazquez-r7
3869fcb438
common http breakpoint event
2014-06-04 12:41:23 -05:00
jvazquez-r7
9ffe8d80b4
Do some metadata cleaning
2014-06-04 12:33:57 -05:00
jvazquez-r7
079fe8622a
Add module for ZDI-14-136
2014-06-04 10:29:33 -05:00
Meatballs
c032b8ce8e
Compat
2014-06-04 02:27:06 +01:00
Julian Vilas
b9d8f75f59
Add breakpoint autohitting
2014-06-03 23:34:40 +02:00
Julian Vilas
6061e5e713
Fix suggestions
2014-06-03 23:13:14 +02:00
William Vu
6c7fd3642a
Land #3411 , Python 3.[34] Meterpreter support
2014-06-03 11:34:22 -05:00
Meatballs
0e3549ebc4
mc brute tidy
2014-06-03 17:27:46 +01:00
Spencer McIntyre
0e4177fb75
Pymeterpreter shorten stagers by 3 bytes
2014-06-03 12:03:20 -04:00
jvazquez-r7
43699b1dfb
Don't clean env variable before using it
2014-06-03 09:56:19 -05:00