infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,306 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

9194 Commits (cb24d3ddae35ab7543cf06d50180d80a4d7e8036)

Author SHA1 Message Date
sinn3r eb23b5feeb Forgot to remove function ie8_smil. Don't need this anymore. 2013-05-02 14:04:15 -05:00
sinn3r 329e8228d1 Uses js_mstime_malloc to do the no-spray technique 2013-05-02 14:00:15 -05:00
Tod Beardsley 26da7a6ee7 Removing this from master due to test problems 
This module was moved over to the unstable branch in commit
7106afdf7d , working up a fix now. Stay
tuned.
 2013-05-02 13:43:02 -05:00
jvazquez-r7 132c09af82 Add BID reference 2013-05-02 10:21:09 -05:00
jvazquez-r7 6e68f3cf34 Clean up sap_soap_rfc_pfl_check_os_file_existence 2013-05-02 10:19:15 -05:00
jvazquez-r7 244bf71d4a Change module filename 2013-05-02 10:15:50 -05:00
jvazquez-r7 29d4e378aa Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-02 09:27:51 -05:00
jvazquez-r7 d9cdb6a138 Fix more feedback provided by @nmonkee: CMD vs COMMAND 2013-05-02 09:08:48 -05:00
jvazquez-r7 c6c7998e3b Fix feedback provided by @nmonkee 2013-05-02 09:06:51 -05:00
jvazquez-r7 4db81923bf Update description 2013-05-02 08:45:01 -05:00
jvazquez-r7 4054d91955 Land #1657, @nmonkee's RZL_READ_DIR_LOCAL SAP dir listing module 2013-05-02 08:38:50 -05:00
jvazquez-r7 e25057b64a Fix indent level 2013-05-01 22:01:36 -05:00
jvazquez-r7 c406271921 Cleanup sap_soap_rfc_rzl_read_dir 2013-05-01 21:51:06 -05:00
jvazquez-r7 98dd96c57d Change module filename 2013-05-01 21:50:24 -05:00
jvazquez-r7 6b6b53240b Fix SAP modules, mainly to make a better use of send_request_cgi 2013-05-01 14:06:53 -05:00
jvazquez-r7 ec34544299 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-01 11:47:36 -05:00
jvazquez-r7 567d2bb14b Land #1687, @bmerinofe's forensic file recovery post module 2013-05-01 08:13:08 -05:00
jvazquez-r7 a201391ee6 Clean recovery_files 2013-04-30 13:18:32 -05:00
jvazquez-r7 a7e4ba5015 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-30 08:32:24 -05:00
Tod Beardsley 60e0cfb17b Trivial description cleanup 2013-04-29 14:11:20 -05:00
Tod Beardsley 4227c23133 Add a reference for Safari module 2013-04-29 14:07:55 -05:00
Joe Vennix 431cba8f36 Update print_status labels. 2013-04-29 11:13:53 -05:00
Joe Vennix c2a1d296a2 Rename DOWNLOAD_URI -> DOWNLOAD_PATH. 
Conflicts:
	modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
 2013-04-29 11:11:06 -05:00
Joe Vennix 55e0ec3187 Add support for DOWNLOAD_URI option. 
* Fixes some comments that were no longer accurate.

Conflicts:
	modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
 2013-04-29 11:10:19 -05:00
jvazquez-r7 a4632b773a Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-28 12:59:16 -05:00
sinn3r 1d9a695d2b Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238) 
[Closes #1772]
 2013-04-28 12:17:16 -05:00
Meatballs ccb630eca2 Whitespace and change default user 2013-04-27 10:39:27 +01:00
Meatballs 209188bc22 Add refs and use targeturi 2013-04-27 10:35:49 +01:00
Meatballs 3ac041386b Add php version to check 2013-04-26 23:59:49 +01:00
Meatballs e25fdebd8d Add php version to check 2013-04-26 23:58:08 +01:00
Meatballs cd842df3e2 Correct phpMyAdmin 2013-04-26 23:38:27 +01:00
Meatballs 6bb2af7cee Add pma url 2013-04-26 23:37:26 +01:00
sinn3r 6821c360b6 Landing #1761 - Adds Wordpress Total Cache module 
[Closes #1761]
 2013-04-26 16:08:04 -05:00
sinn3r 6c76bee02f Trying to make the description sound smoother 2013-04-26 16:02:28 -05:00
James Lee 9c8b93f1b7 Make sure LPORT is a string when subbing 
* Gets rid of conversion errors like this:
    [-] Exploit failed: can't convert Fixnum into String
* also removes comments from php meterp. Works for me with the
  phpmyadmin_preg_replace bug, so seems legit.
 2013-04-26 15:26:31 -05:00
James Lee a0c1b6d1ce Clear out PMA's error handler 
* Add an error_handler function that just returns true. This prevents eventual
  ENOMEM errors and segfaults like these:
    [Fri Apr 26 15:01:00 2013] [error] [client 127.0.0.1] PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 44659282 bytes) in /home/egypt/repo/phpmyadmin/libraries/Error.class.php on line 156
    [Fri Apr 26 15:01:16 2013] [notice] child pid 7347 exit signal Segmentation fault (11)
* clean up some whitespace
 2013-04-26 15:25:09 -05:00
Meatballs 1f2cab7aef Tidyup and getcookies 2013-04-26 20:26:04 +01:00
Meatballs 0901d00da5 Remove redundant pay opts 2013-04-26 19:26:29 +01:00
Meatballs a17d61897d Change to send_rq_cgi 2013-04-26 19:19:11 +01:00
Tod Beardsley bf6b1b4fbf Land #1773, fixes for Safari UXSS 
Makes the module more user-friendly, doesn't barf on malformed paths for
keystroke logger catching.
 2013-04-26 13:11:55 -05:00
Tod Beardsley c27245e092 Touch descriptions for module and options 2013-04-26 13:05:16 -05:00
Joe Vennix b4606ba60a Remove unnecessary puts call. 2013-04-26 12:55:02 -05:00
Tod Beardsley ca6d6fbc84 msftidy for whitespace 2013-04-26 12:44:11 -05:00
Tod Beardsley 16769a9260 Fixing path normalization 2013-04-26 12:40:24 -05:00
Meatballs 54233e9fba Better entropy 2013-04-26 17:46:43 +01:00
Meatballs c8da13cfa0 Add some entropy in request 2013-04-26 17:34:17 +01:00
Joe Vennix 2fa16f4d36 Rewrite relative script URLs to be absolute. 
* Adds rescue clauses around URI parsing/pulling
* Actually use the URI_PATH datastore option.
 2013-04-26 11:25:20 -05:00
Meatballs a043d3b456 Fix auth check and cookie handling 2013-04-26 17:10:24 +01:00
Meatballs 025315e4e4 Move to http 2013-04-26 15:42:26 +01:00
Meatballs 9ad19ed2bf Final tidyup 2013-04-26 15:41:28 +01:00
jvazquez-r7 99b46202b9 Do final cleanup for sap_configservlet_exec_noauth 2013-04-26 08:45:34 -05:00
jvazquez-r7 308b880d79 Land #1759, @andrewkabai's exploit for SAP Portal Command Execution 2013-04-26 08:44:11 -05:00
Meatballs c7ac647e4e Initial attempt lfi 2013-04-26 14:32:18 +01:00
Andras Kabai 5839e7bb16 simplify code 2013-04-26 12:14:42 +02:00
Andras Kabai 4aadd9363d improve description 2013-04-26 12:13:45 +02:00
jvazquez-r7 2a41422276 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-25 20:24:17 -05:00
sinn3r f3f60f3e02 Fixes P/P/R for target 0 (BadBlue 2.72b) 
Target 1, which covers 2.72b, uses an invalid P/P/R from some unknown
DLL, and appears to be broken.  Because 2.72b actually uses the same
ext.dll as BadBlue EE 2.7 (and that target 0 actually also works
against 2.72b), we might as well just use the same P/P/R again.

[FixRM #7875]
 2013-04-25 20:20:24 -05:00
jvazquez-r7 bf0375f0e9 Fix @jlee-r7's feedback 2013-04-25 18:43:21 -05:00
jvazquez-r7 8eea476cb8 Build the jnlp uri when resource is available 2013-04-25 18:43:21 -05:00
jvazquez-r7 cc961977a2 Add bypass for click2play 2013-04-25 18:43:21 -05:00
jvazquez-r7 9b5e96b66f Fix @jlee-r7's feedback 2013-04-25 14:53:09 -05:00
jvazquez-r7 52b721c334 Update description 2013-04-25 14:47:35 -05:00
jvazquez-r7 84e9f80ffa Add check for WP-Super-Cache 2013-04-25 14:43:16 -05:00
Andras Kabai 9dd9b2d1ba implement cleanup functionality 
register DELETE_FILES advanced option to take control of the cleanup
functionality of CmdStagerVBS and FileDropper, implement the necessary
changes
 2013-04-25 20:02:24 +02:00
jvazquez-r7 15c8d92148 Fix version checked and add reference 2013-04-25 12:48:36 -05:00
Andras Kabai a28ef1847b update references 2013-04-25 18:26:13 +02:00
Joe Vennix 993356c73e Add safari webarchive uxss to framework as an aux module. 2013-04-25 11:14:16 -05:00
jvazquez-r7 7bf4aa317f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-25 10:31:51 -05:00
jvazquez-r7 b67fcd3219 Add OSVDB ref to sap_configservlet_exec_noauth 2013-04-25 08:13:32 -05:00
jvazquez-r7 7d317e5933 Switch from post to get on check 2013-04-25 07:51:28 -05:00
jvazquez-r7 d55faa14d3 Add check function 2013-04-25 07:44:37 -05:00
Andras Kabai 676f2f5f4a implement "check" functionality 2013-04-25 07:47:30 +02:00
Andras Kabai 3b46d5d4cd fix typos 2013-04-25 07:22:16 +02:00
Andras Kabai 2759ef073e correction on error handling 2013-04-25 07:19:27 +02:00
Andras Kabai 6b14ac5e71 add rank to module 2013-04-25 07:07:35 +02:00
jvazquez-r7 51fd07a145 Add BID reference 2013-04-24 21:48:05 -05:00
jvazquez-r7 378c2079a2 Add hdm also as author 2013-04-24 17:37:29 -05:00
jvazquez-r7 b816dd569c Update description 2013-04-24 17:34:25 -05:00
jvazquez-r7 573e880a62 Use the correct post id when posting 2013-04-24 17:30:24 -05:00
jvazquez-r7 ded0269ba0 Add POST ID bruteforcing capabality 2013-04-24 17:21:36 -05:00
jvazquez-r7 fca4c3b8b2 Add sha1 sum check to allow execution 2013-04-24 16:10:49 -05:00
jvazquez-r7 d2e29b846c Add module for Wordpress Total Cache PHP Injection 2013-04-24 15:29:40 -05:00
Andras Kabai f22d19a10c remove unused code block 
ARCH_CMD was implemented in previous version of this code.
 2013-04-24 21:51:35 +02:00
jvazquez-r7 38e41f20fe Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-24 13:24:13 -05:00
Andras Kabai 0339be229a implement dynamic timeout handling 2013-04-24 18:22:37 +02:00
Andras Kabai 6f8fc81497 improve error handling 2013-04-24 17:59:11 +02:00
jvazquez-r7 2b4144f20f Add module for US-CERT-VU 345260 2013-04-24 10:47:16 -05:00
Andras Kabai 57113bee80 fine correction 
add license
remove one unnecessary tab to make msftidy happy
 2013-04-24 15:07:32 +02:00
Andras Kabai 6485124cdf fix module name 2013-04-24 10:54:52 +02:00
Andras Kabai 358b8934bf clarify description 2013-04-24 10:31:40 +02:00
Andras Kabai 00e6eeca54 implement command line magick to prevent bad char usage 
commas in the HTTP queries are not allowed but the VBS stager contains
some, therefore it was necessary to find a way to echo out commas
without directly use them.
thanks to Laszlo Toth to help me figure out this windows command line
trick.
 2013-04-24 09:46:36 +02:00
Andras Kabai 783cca6c17 allow only ARCH_X86 payloads 2013-04-24 09:29:47 +02:00
sinn3r cae30bec23 Clean up all the whitespace found 2013-04-23 18:27:11 -05:00
jvazquez-r7 1761b1ad7b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-23 17:35:35 -05:00
jvazquez-r7 ece36c0610 Update references for the las Java exploit 2013-04-22 21:55:04 -05:00
jvazquez-r7 96b66d3856 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-22 21:49:59 -05:00
jvazquez-r7 1529dff3f3 Do final cleanup for sap_configservlet_exec_noauth 2013-04-22 21:43:41 -05:00
jvazquez-r7 8c9715c2ed Land #1751, @andrewkabai's SAP Portal remote OS command exec 2013-04-22 21:41:53 -05:00
jvazquez-r7 5f5e772f7c Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-22 21:31:16 -05:00
sinn3r a09b3b8023 Lands #1169 - Adds a check 
[Closes #1169]

Conflicts:
	modules/auxiliary/dos/http/apache_range_dos.rb
 2013-04-22 15:50:15 -05:00
sinn3r 882b084cba Changes the default action 2013-04-22 15:47:38 -05:00
sinn3r 7e28a4ddb0 Uses "ACTIONS" keys instead of datastore options 
It's better to use ACTIONS instead of datastore in this case. Also,
did some cleanup.
 2013-04-22 15:41:47 -05:00
sinn3r dfff20a3fc Landing #1692 - Handles OSQL banners and responses 
[Close #1692]
 2013-04-22 13:58:44 -05:00
Andras Kabai 79eb2ff62d add EDB ID to references 2013-04-22 18:37:28 +02:00
Andras Kabai 15b06c43aa sap_configservlet_exec_noauth auxiliary module 
the final module was moved from my master branch to here because of the
pull request needs
 2013-04-22 17:40:27 +02:00
Andras Kabai b4f1f3efbb remove aux module from master branch 2013-04-22 17:34:01 +02:00
Andras Kabai 750638e4d6 note on bad characters 2013-04-22 17:24:08 +02:00
jvazquez-r7 b6365db0b5 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-22 09:38:32 -05:00
Andras Kabai a1e52b5b27 command execution needs cmd /c 2013-04-22 10:20:45 +02:00
Antoine 0115833724 SyntaxError fixes 2013-04-21 20:22:41 +00:00
Andras Kabai d26289e05a proper output handling in case of CMD payloads 2013-04-20 17:38:58 +02:00
Andras Kabai d59ba37e6d resize linemax 2013-04-20 17:37:50 +02:00
Andras Kabai e36b58169b implement CmbStagerVBS payload execution 2013-04-20 16:37:47 +02:00
Andras Kabai 8244c4dcac multiple payload types, different paths to execute payloads 2013-04-20 14:20:30 +02:00
Andras Kabai 7b6a784a84 basic payload execution through OS command execution 2013-04-20 13:02:22 +02:00
Andras Kabai 223556a4e6 switch to exploit module environment 
switch to Msf::Exploit, change the necessary declarations, start to
change the exploitation process
 2013-04-20 12:30:44 +02:00
Andras Kabai cff47771a2 initial commit 
the original aux module will be the base of the exploit module
 2013-04-20 11:32:05 +02:00
jvazquez-r7 1365dfe68c Add Oracle url 2013-04-20 01:43:14 -05:00
jvazquez-r7 b99fc06b6f description updated 2013-04-20 01:43:14 -05:00
jvazquez-r7 19f2e72dbb Added module for Java 7u17 sandboxy bypass 2013-04-20 01:43:13 -05:00
jvazquez-r7 d1c5179b83 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-19 17:48:12 -05:00
Andras Kabai 49b055e5fd make msftidy happy 2013-04-20 00:26:04 +02:00
Andras Kabai e4d9c45ce9 remove unnecessary rank rating 2013-04-20 00:23:55 +02:00
jvazquez-r7 c7fcd6931a Use vprint_error 2013-04-19 16:22:07 -05:00
jvazquez-r7 4ef33197dc Land #1745 - @FireFart's improvement for MediaWiki aux module 2013-04-19 16:20:33 -05:00
jvazquez-r7 ffb71ff61b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-19 16:03:55 -05:00
jvazquez-r7 19a158dce9 Do final cleanup for netgear_dgn2200b_pppoe_exec 2013-04-19 15:50:23 -05:00
jvazquez-r7 c1819e6ecc Land #1700, @m-1-k-3's exploit for Netgear DGN2200B 2013-04-19 15:49:30 -05:00
Christian Mehlmauer eaff87879e added text 2013-04-19 22:03:05 +02:00
Christian Mehlmauer a6be72b019 fixes for mediawiki aux module 2013-04-19 21:43:12 +02:00
Andras Kabai 763d1ac2f1 remove unnecessary option declaration 2013-04-19 21:42:28 +02:00
Andras Kabai 85932a2445 improve URI path and parameter handling 
switch from PATH to TARGETURI datastore;
use normalize_uri to build uri;
use query in send_request_cgi to to prepare query string (instead of
vars_get that escapes the necessary semicolons)
 2013-04-19 21:37:39 +02:00
jvazquez-r7 d4fa2ba96d Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-19 14:14:36 -05:00
Andras Kabai c52588f579 remove Scanner mixin 
remove Scanner mixin because this module is not a scanner modul
 2013-04-19 20:28:44 +02:00
sinn3r 7fdf84ac45 Landing #1744 - Checks nil before using resp.headers['Server'] 
[Closes #1744]
 2013-04-19 10:37:05 -05:00
jvazquez-r7 31586770a0 Added module for OSVDB 92490 2013-04-18 14:34:02 -05:00
Andras Kabai 8f76c436d6 SAP ConfigServlet OS Command Execution module 
This module allows execution of operating system commands throug the
SAP ConfigServlet without any authentication.
 2013-04-18 20:26:48 +02:00
RageLtMan 15c6df1482 Check for nil before calling on value 2013-04-18 00:32:37 -04:00
m-1-k-3 2713991c64 timeout and HTTP_Delay 2013-04-17 20:25:59 +02:00
jvazquez-r7 bbf7cc4394 up to date 2013-04-17 11:54:12 -05:00
m-1-k-3 59045f97fb more testing, reworking of config restore, rework of execution 2013-04-17 18:10:27 +02:00
jvazquez-r7 48def7dbdb up to date 2013-04-17 06:36:44 -05:00
jvazquez-r7 088eb8618d Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-16 21:11:55 -05:00
Jon Hart 83ec9757ec Addressed feedback from PR#1717 2013-04-16 19:00:26 -07:00
jvazquez-r7 4e8d32a89a cleanup for freefloatftp_user 2013-04-16 20:43:38 -05:00
jvazquez-r7 eedeb37047 Landing #1731, @dougsko's freefloat ftp server bof exploit 2013-04-16 20:42:01 -05:00
jvazquez-r7 cc35591723 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-15 17:43:15 -05:00
root 830715dc07 Applying changes 2013-04-16 00:28:39 +02:00
Tod Beardsley a36c6d2434 Lands #1730, adds a VERBOSE option checker 
Also removes VERBOSE options from extant modules. There were only 5 of
them, and one was a commented option.
 2013-04-15 15:32:56 -05:00
Tod Beardsley 29101bad41 Removing VERBOSE offenders 2013-04-15 15:29:56 -05:00