Commit Graph

13499 Commits (c957d0a1e7ca3b8a9ad8cf672998400478e646d7)

Author SHA1 Message Date
Tod Beardsley 0219c4974a
Release fixups, word choice, refs, etc. 2014-06-23 11:17:00 -05:00
jvazquez-r7 267642aa4b Fix description 2014-06-23 09:20:47 -05:00
jvazquez-r7 cc3c06440f Add module for ZDI-14-195, HP AutoPass License Traversal 2014-06-23 09:19:56 -05:00
William Vu 40d1ec551e
Add WEP, PSK, and MGT 2014-06-21 23:15:20 -05:00
Spencer McIntyre 61f4c769eb
Land #3461, Chromecast factory reset module 2014-06-21 17:43:31 -04:00
William Vu 79bf80e6bf
Add generic error handling
Just in case a factory reset happens to fail.
2014-06-21 15:35:03 -05:00
jvazquez-r7 469fae7058
Land #3465, @hmoore-r7's module for SMC IPMI Port 49152 file exposure vulnerability 2014-06-20 17:22:28 -05:00
jvazquez-r7 252d917bbb Fix msftidy and favor && over and 2014-06-20 17:21:10 -05:00
jvazquez-r7 e8b914a62f Download rankings for reliable exploit, but depending on a specific version without autodetection 2014-06-20 14:33:02 -05:00
jvazquez-r7 191c871e9b [SeeRM #8815] Dont try to exploit when generate_payload_exe fails 2014-06-20 14:07:49 -05:00
jvazquez-r7 f0d04fe77e Do some randomizations 2014-06-20 11:38:10 -05:00
jvazquez-r7 f26f8ae5db Change module filename 2014-06-20 11:27:49 -05:00
jvazquez-r7 33eaf643aa Fix usage of :concat_operator operator 2014-06-20 11:27:23 -05:00
jvazquez-r7 5542f846d6 Merge to solve conflicts 2014-06-20 11:24:08 -05:00
jvazquez-r7 4203e75777
Land #3408, @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950 2014-06-20 10:27:32 -05:00
jvazquez-r7 f74594c324 Order metadata 2014-06-20 10:26:50 -05:00
jvazquez-r7 a081beacc2 Use Gem::Version for string versions comparison 2014-06-20 09:44:29 -05:00
Tod Beardsley 5d6b582adc
Update modules to use new path. 2014-06-19 18:44:19 -05:00
Joshua Smith 45dc197827
Lands 3454, exploits/linux/ids/alienvault_centerd_soap_exec 2014-06-19 15:58:33 -05:00
jvazquez-r7 d28ced5b7b change module filename 2014-06-19 15:56:55 -05:00
jvazquez-r7 a0386f0797 Fix cmd_concat_operator 2014-06-19 15:52:55 -05:00
HD Moore fa5fc724eb Fix the disclosure date 2014-06-19 15:36:17 -05:00
HD Moore f7fd17106a Add the final cari.net URL 2014-06-19 15:33:06 -05:00
Michael Messner 86f523f00c concator handling 2014-06-18 18:15:58 +02:00
William Vu 075eec39e1
Add Chromecast factory reset module 2014-06-18 10:04:17 -05:00
jvazquez-r7 45ea59050c Fix the if cleanup 2014-06-17 23:40:00 -05:00
Joshua Smith 288430d813 wraps some long lines 2014-06-17 22:30:28 -05:00
Spencer McIntyre c685e0d06e
Land #3444, chromecast wifi enumeration 2014-06-17 22:09:58 -04:00
OJ 5879ca3340
Merge branch 'upstream/master' into meatballs x64_injection 2014-06-18 10:24:33 +10:00
Joshua Smith bab1e30557
Land #3460, Ericom AccessNow Server BOF exploit 2014-06-17 19:10:34 -05:00
Joshua Smith 9af9d2f5c2 slight cleanup 2014-06-17 19:08:31 -05:00
jvazquez-r7 1133332702 Finish module 2014-06-17 15:01:35 -05:00
William Vu 1394ad1431
Break my double quote habit
Doesn't it feel better? C doesn't love me anymore.
2014-06-17 14:22:55 -05:00
jvazquez-r7 8f8af0e93a Add draft version 2014-06-17 14:21:49 -05:00
Christian Mehlmauer 03fa858089
Added newline at EOF 2014-06-17 21:05:00 +02:00
Christian Mehlmauer 8e1949f3c8
Added newline at EOF 2014-06-17 21:03:18 +02:00
William Vu 8376b4aa2b
Map constants to readable values
Thanks, @zeroSteiner and @kernelsmith. :)
2014-06-17 13:10:08 -05:00
OJ b710014ece
Land #3435 -- Rocket Servergraph ZDI-14-161/162 2014-06-17 18:06:03 +10:00
Michael Messner 508998263b removed wrong module file 2014-06-17 08:57:46 +02:00
Michael Messner 6f45eb13c7 moved module file 2014-06-17 08:56:07 +02:00
Michael Messner a5eed71d50 renamed and other module removed 2014-06-17 08:50:09 +02:00
Michael Messner e908b7bc25 renamed and other module removed 2014-06-17 08:49:46 +02:00
jvazquez-r7 d44d409ff2
Land #3407, @julianvilas's exploit for Java JDWP RCE 2014-06-16 13:38:51 -05:00
jvazquez-r7 6a780987d5 Do minor cleanup 2014-06-16 13:37:44 -05:00
jvazquez-r7 f7b892e55b Add module for AlienVault's ZDI-14-202 2014-06-16 12:10:30 -05:00
Tod Beardsley 19da7d551e
Kill newline (race @wvu-r7 on this)
See PR #3453
2014-06-16 11:46:08 -05:00
Tod Beardsley 2aa26fa290
Minor spacing and word choice fixups 2014-06-16 11:40:21 -05:00
joev 461fba97d7
Update forgotten call to js() in webview exploit. 2014-06-15 23:43:05 -05:00
scriptjunkie 5fe8814af6
Land #3330 adding admin check to smb_login 2014-06-15 14:42:26 -05:00
Julian Vilas caa1e10370 Add feature for disabling Java Security Manager 2014-06-15 20:35:19 +02:00
Michael Messner 12ec785bdb clean up, echo stager, concator handling 2014-06-14 17:37:09 +02:00
Michael Messner 8eb21ded97 clean up 2014-06-14 17:02:55 +02:00
Tim Wright 9b43749916
Land #3418 - android adobe reader addjisf pdf exploit
Merge branch 'landing-3418' into upstream-master
2014-06-14 11:25:29 +01:00
jvazquez-r7 2fe7593559
Land #3433, @TecR0c's exploit for Easy File Management Web Server 2014-06-13 09:54:12 -05:00
joev eddac55c37
Remove spaces at EOL. 2014-06-13 08:37:44 -05:00
Michael Messner a3ae177347 echo stager, arch_cmd, echo module 2014-06-13 11:42:47 +02:00
Michael Messner 894af92b22 echo stager, arch_cmd 2014-06-13 11:40:50 +02:00
Tod Beardsley 1ab379a0fe
Land #3448, ident =! indent 2014-06-12 14:15:06 -05:00
Tod Beardsley e9783200f2
Land #3447, fix variable typo 2014-06-12 14:07:34 -05:00
William Vu cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key) 2014-06-12 13:41:44 -05:00
Jon Cave a647246148 Use correct variable name 2014-06-12 19:38:41 +01:00
William Vu 62a4991508
Land #3446, some code cleanup from @todb-r7 2014-06-12 13:35:36 -05:00
Tod Beardsley 3f5e50d18f
Aux modules don't have ranking.
msftidy should have defintely caught this. That it didn't catch on
Travis-CI concerns me. Need to research this.
2014-06-12 13:21:59 -05:00
Tod Beardsley 1aa029dbed
Avoid double quotes in the initialize/elewhere
There is no need to have double quotes there for uninterpolated strings,
and every other module uses single quotes.
2014-06-12 13:20:59 -05:00
jvazquez-r7 e85f829ee4 modules living inside scanner should include the Scanner mixin 2014-06-12 12:20:44 -05:00
HD Moore fa4e835804 Fix up scanner mixin usage, actual test/bug fix 2014-06-12 11:52:34 -05:00
jvazquez-r7 67d4097e1d
Land #3271, @claudijd's Cisco ASA SSL VPN Bruteforce Aux Module 2014-06-12 11:27:23 -05:00
HD Moore 487bf219f0 Rename to match the title 2014-06-12 11:23:34 -05:00
jvazquez-r7 7650067b41 Fix metadata 2014-06-12 11:22:52 -05:00
jvazquez-r7 e76c85c5d1 Fix usage of print_* 2014-06-12 11:13:45 -05:00
sinn3r 2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX 2014-06-11 22:27:25 -05:00
joev 56efd82112
Correct the disclosure date. 2014-06-11 21:53:42 -05:00
joev 6bc37cca0c
Land #3430, @brandonprry's generic MongoDB injection enum. 2014-06-11 21:41:23 -05:00
William Vu 23f7fe45ed
Add Chromecast wifi enumeration module 2014-06-11 21:00:47 -05:00
Julian Vilas 2296dea5ad Clean and fix 2014-06-12 01:55:27 +02:00
Julian Vilas 4f67db60ed Modify breakpoint approach by step into 2014-06-12 01:23:20 +02:00
Spencer McIntyre e6aba3ee35
Land #3438, chromecast youtube video aux module 2014-06-11 18:21:12 -04:00
Brandon Perry cca91dd7c5 Update mongodb_js_inject_collection_enum.rb
some @jvennix-r7 fixes
2014-06-11 17:07:57 -05:00
HD Moore 0bac24778e Fix the case statements to match platform 2014-06-11 15:22:55 -05:00
HD Moore d5b32e31f8 Fix a typo where platform was 'windows' not 'win'
This was reported by dracu on freenode
2014-06-11 15:10:33 -05:00
joev 8b35815ead
Move module to post/firefox/manage. 2014-06-11 15:10:22 -05:00
joev bdd86bf863 Add check for windows bug (RM#8810). 2014-06-11 15:09:52 -05:00
HD Moore 81019ed850 Supermicro work 2014-06-11 15:03:54 -05:00
jvazquez-r7 34f98ddc50 Do minor cleanup 2014-06-11 09:20:22 -05:00
TecR0c b27b00afbb Added target 4.0 and cleaned up exploit 2014-06-11 06:22:47 -07:00
TecR0c f1382af018 Added target 4.0 and cleaned up exploit 2014-06-11 06:20:49 -07:00
William Vu 6ca5cf6c26
Add Chromecast YouTube remote control 2014-06-11 00:08:08 -05:00
Tod Beardsley 44540e6d00
Land #3437, CSS Injection MITM scanner 2014-06-10 13:36:35 -05:00
jvazquez-r7 4aa1fee398 Land #3326, @FireFart's Heartbleed - server response parsing 2014-06-10 13:27:28 -05:00
Tod Beardsley 521284253f
Be more clear about the vuln and impact 2014-06-10 10:29:23 -05:00
jvazquez-r7 2c8a99143b
Land #3426, @Meatballs1's Python v2.3.3 Compatible Command Shell payloads 2014-06-10 09:55:58 -05:00
jvazquez-r7 3ec15b6512
Land #3431, @bcoles's new targets for efs_easychatserver_username 2014-06-10 09:52:16 -05:00
jvazquez-r7 a554b25855 Use EXITFUNC 2014-06-10 09:51:06 -05:00
jvazquez-r7 9b55f5143a Add module for CVE-2014-0224 2014-06-09 17:38:11 -05:00
Meatballs dc69afebb1
License and Require 2014-06-09 21:41:38 +01:00
Tod Beardsley 4103f2295b
Missing comma 2014-06-09 13:44:46 -05:00
Tod Beardsley 0e14d77dba
Minor fixup on DTLS module 2014-06-09 13:42:30 -05:00
jvazquez-r7 0e611b5d64
Land #3429, @jhart-r7's auxiliary module for CVE-2014-0195 2014-06-09 13:34:38 -05:00
jvazquez-r7 ed5d83a41b Add vulnerability discoverer 2014-06-09 13:25:33 -05:00
jvazquez-r7 daf662b3c0 Do minor cleanup 2014-06-09 13:23:56 -05:00
jvazquez-r7 1f33566033
Land #3432, @Meatballs1 sap_soap_rfc_brute_login's clean up 2014-06-09 11:39:52 -05:00
TecR0c 3d33a82c1c Changed to unless 2014-06-09 09:31:14 -07:00
TecR0c 1252eea4b9 Changed to unless 2014-06-09 09:26:03 -07:00
jvazquez-r7 b39b41e29f
Land #3371, @Meatballs1 fix for sap_mgmt_con_getprocessparameter 2014-06-09 11:25:01 -05:00
Jon Hart 06e45e8253 Clean up TLS fragment building 2014-06-09 08:39:30 -07:00
TecR0c 52d26f290f Added check in exploit func 2014-06-09 03:23:14 -07:00
jvazquez-r7 e4d14194bb Add module for Rocket Servergraph ZDI-14-161 and ZDI-14-162 2014-06-08 11:07:10 -05:00
Meatballs 25ed68af6e
Land #3017, Windows x86 Shell Hidden Bind
A bind shellcode that responds as 'closed' unless the client matches the
AHOST ip.
2014-06-08 13:49:49 +01:00
TecR0c 8ecafbc49e Easy File Management Web Server v5.3 Stack Buffer Overflow 2014-06-08 04:21:14 -07:00
Christian Mehlmauer 099003708c
Land #3422, SAP Bruterforcer datastore cleanup 2014-06-08 08:42:27 +02:00
Brandon Perry 4367e8ef0c Update mongodb_js_inject_collection_enum.rb
Fix some logic bugs that caused incorrect results.
2014-06-07 21:03:28 -05:00
Brandon Perry dc89621d5c Update mongodb_js_inject_collection_enum.rb
No need to make extra requests. Off by one.
2014-06-07 20:09:00 -05:00
Brandon Perry 2663af986b Update mongodb_js_inject_collection_enum.rb
This adds a bit more error handling, and better decision making in regards to false responses.
2014-06-07 19:58:12 -05:00
Julian Vilas 73536f2ac0 Add support Java 8 2014-06-07 22:43:14 +02:00
Brendan Coles 6bef6edb81 Update efs_easychatserver_username.rb
Add targets for versions 2.0 to 3.1.
Add install path detection for junk size calculation.
Add version detection for auto targeting.
2014-06-08 06:36:18 +10:00
Jon Hart a7a1a2bf3b Move dtls_fragment_overflow.rb under ssl where it belongs 2014-06-07 12:56:34 -07:00
Brandon Perry 4071fb332b Create mongodb_js_inject_collection_enum.rb
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7

https://gist.github.com/brandonprry/c2de8ac2be825007c4de
2014-06-07 11:20:34 -05:00
Meatballs 2be6b8befe
Remove bind hidden handler 2014-06-07 14:34:20 +01:00
Meatballs bf1a665259
Land #2657, Dynamic generation of windows service executable functions
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
Jon Hart 8637a1fff1 OpenSSL DTLS CVE-2014-0195 POC 2014-06-06 19:24:47 -07:00
Meatballs fe20e6e1c4
Merge remote-tracking branch 'upstream/master' into soap_brute_fix
Conflicts:
	modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb
2014-06-07 02:44:16 +01:00
Meatballs 8624ddfc3e
Clean up SAP SOAP RFC Brute Login
Honour the user supplied settings
Abort a host on connection error
Check a 200 response for some appropriate data
Let datastore validation handle things like options being present
Be more verbose if needed
Use the HTTPClient more appropriately
2014-06-07 02:34:49 +01:00
Meatballs b997c2ac1f
Further tidies 2014-06-07 02:00:35 +01:00
joev a33de66da4 Fix transparent background, add VISIBLE option. 2014-06-06 16:52:00 -05:00
joev a45a5631f5 Make window invisible. 2014-06-06 16:40:55 -05:00
joev 496be5c336 Ensure command_shell_options is present. 2014-06-06 16:26:45 -05:00
joev d990fb4999
Remove a number of stray edits and bs. 2014-06-06 16:24:45 -05:00
joev 4a9f50bb60 Clean up some dead code. 2014-06-06 16:20:40 -05:00
joev 7c762ad42c Fix some minor bugs in webrtc stuff, inline API code. 2014-06-06 16:18:39 -05:00
Julian Vilas e7957bf999 Change GET request by random text 2014-06-05 01:33:00 +02:00
jvazquez-r7 c9bd0ca995 Add minor changes 2014-06-04 15:56:14 -05:00
jvazquez-r7 bb77327b09 Warn the user if the detected platform doesnt match target 2014-06-04 14:50:18 -05:00
jvazquez-r7 b76253f9ff Add context to the socket 2014-06-04 14:25:01 -05:00
jvazquez-r7 77eeb5209a Do small cleanups 2014-06-04 14:23:21 -05:00
jvazquez-r7 6c643f8837 Fix usage of Rex::Sockket::Tcp 2014-06-04 14:14:23 -05:00
jvazquez-r7 837668d083 use optiona argument for read_reply 2014-06-04 13:48:53 -05:00
jvazquez-r7 d184717e55 delete blank lines 2014-06-04 13:24:34 -05:00
jvazquez-r7 33a7bc64fa Do some easy cleaning 2014-06-04 13:18:59 -05:00
jvazquez-r7 1ff539fc73 No sense to check two times 2014-06-04 12:48:20 -05:00
jvazquez-r7 7a5b5d31f9 Avoid messages inside check 2014-06-04 12:43:39 -05:00
jvazquez-r7 3869fcb438 common http breakpoint event 2014-06-04 12:41:23 -05:00
jvazquez-r7 9ffe8d80b4 Do some metadata cleaning 2014-06-04 12:33:57 -05:00
jvazquez-r7 079fe8622a Add module for ZDI-14-136 2014-06-04 10:29:33 -05:00
Meatballs c032b8ce8e
Compat 2014-06-04 02:27:06 +01:00
Julian Vilas b9d8f75f59 Add breakpoint autohitting 2014-06-03 23:34:40 +02:00
Julian Vilas 6061e5e713 Fix suggestions 2014-06-03 23:13:14 +02:00
William Vu 6c7fd3642a
Land #3411, Python 3.[34] Meterpreter support 2014-06-03 11:34:22 -05:00
Meatballs 0e3549ebc4
mc brute tidy 2014-06-03 17:27:46 +01:00
Spencer McIntyre 0e4177fb75 Pymeterpreter shorten stagers by 3 bytes 2014-06-03 12:03:20 -04:00
jvazquez-r7 43699b1dfb Don't clean env variable before using it 2014-06-03 09:56:19 -05:00