Brandon Perry
8428b37e59
move file to .rb ext
2014-04-09 05:17:14 -07:00
Brandon Perry
82c9b539ac
Fix disclosure date, earlier than I thought
2014-04-08 21:43:49 -05:00
Brandon Perry
3013704c75
Create sophos_wpa_iface_exec
...
This module exploits both bugs in http://www.zerodayinitiative.com/advisories/ZDI-14-069/
2014-04-08 21:21:43 -05:00
Fabian Bräunlein
8dce80fd30
Added Big Endianess, improved check()-Function
...
Some Fritz!Box devices also run in Big Endianess mode. However, since
"uname -a" always returns "mips" and the "file"-command is not
available, autodetection is not an easy task.
The check()-function now checks, whether the device is really
vulnerable.
Furthemore, it's possible to send 92 bytes.
2014-04-08 21:32:36 +02:00
Jeff Jarmoc
21b220321f
Fix typo.
...
This isn't a Linksys exploit. Left over wording from a previous exploit?
2014-04-07 18:06:59 -05:00
Tod Beardsley
17ddbccc34
Remove the broken lorcon module set
...
None of the lorcon / lorcon2 modules have been functional for a long
time, due to the lack of a "Lorcon" gem. It's unclear where it went.
I'm happy to include it and get these working again, but until someone
comes up with some functional code (hint: 'gem install' doesn't work) I
don't see any reason to keep shipping these.
Is there some trick people are doing to make these work? As far as I can
see, they are broken by default.
````
msf auxiliary(wifun) > show options
Module options (auxiliary/dos/wifi/wifun):
Name Current Setting Required Description
---- --------------- -------- -----------
CHANNEL 11 yes The initial channel
DRIVER autodetect yes The name of the wireless driver
for lorcon
INTERFACE wlan0 yes The name of the wireless
interface
msf auxiliary(wifun) > run
[*] The Lorcon2 module is not available: cannot load such file --
Lorcon2
[-] Auxiliary failed: RuntimeError Lorcon2 not available
[-] Call stack:
[-]
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/lorcon2.rb:67:in
`open_wifi'
[-]
/home/todb/git/rapid7/metasploit-framework/modules/auxiliary/dos/wifi/wifun.rb:29:in
`run'
[*] Auxiliary module execution completed
````
2014-04-07 16:37:10 -05:00
jvazquez-r7
fb1318b91c
Land #3193 , @m-1-k-3's exploit for the Fritzbox RCE vuln
2014-04-07 16:13:31 -05:00
jvazquez-r7
ceaa99e64e
Minor final cleanup
2014-04-07 16:12:54 -05:00
Michael Messner
b1a6b28af9
fixed disclosure date
2014-04-07 19:29:37 +02:00
Michael Messner
003310f18a
feedback included
2014-04-07 19:25:26 +02:00
Tod Beardsley
7572d6612e
Spelling and grammar on new release modules
2014-04-07 12:18:13 -05:00
Michael Messner
85de6ed0c9
feedback included
2014-04-07 18:20:15 +02:00
Michael Messner
11bbb7f429
fritzbox echo exploit
2014-04-07 09:12:22 +02:00
jvazquez-r7
6d72860d58
Land #3004 , @m-1-k-3's linksys moon exploit
2014-04-04 14:04:48 -05:00
jvazquez-r7
0ae75860ea
Code clean up
2014-04-04 14:02:12 -05:00
Tod Beardsley
ffdca3bf42
Fixup on some modules for release
...
There may be more coming, but if not, this should cover
this week's minor style changes.
2014-03-31 12:42:19 -05:00
Michael Messner
4319885420
we do not need pieces ...
2014-03-26 20:45:30 +01:00
sinn3r
0c3a535434
Land #3133 - LifeSize UVC Authenticated RCE via Ping
2014-03-24 21:16:10 -05:00
sinn3r
53b25c8c93
Fix header & author e-mail format
2014-03-24 21:15:27 -05:00
Brandon Perry
d2a9a26bc8
real fix for sinn3r bug
2014-03-24 18:40:48 -05:00
Brandon Perry
ec35f4b13f
some bugs for sinn3r
2014-03-24 18:17:50 -05:00
Tod Beardsley
cfdd64d5b1
Title, description grammar and spelling
2014-03-24 12:16:59 -05:00
Brandon Perry
d6f397ab6d
whoops that isn't how you EDB
2014-03-22 11:48:41 -05:00
Brandon Perry
291692d6e0
Update lifesize_uvc_ping_rce.rb
2014-03-22 11:30:00 -05:00
Brandon Perry
67a3a7227b
Create lifesize_uvc_ping_rce.rb
2014-03-21 21:33:12 -05:00
jvazquez-r7
144b86fee3
Add reference
2014-03-19 12:17:53 -05:00
jvazquez-r7
27d142b387
Solve conflict by keeping file
2014-03-19 12:15:05 -05:00
jvazquez-r7
fb645b6692
Clean code
2014-03-19 12:06:20 -05:00
jvazquez-r7
38176ad67d
Land #3109 , @xistence's Loadbalancer.org Enterprise VA applicance exploit
2014-03-18 06:53:26 -05:00
jvazquez-r7
ddd923793a
Do minor clean up
2014-03-18 06:52:50 -05:00
jvazquez-r7
ad49df4301
Register RHOST
2014-03-18 06:17:41 -05:00
jvazquez-r7
600338bd29
Land #3108 , @xistence's exploit for Quantum vmPRO shell-escape
2014-03-18 06:12:18 -05:00
jvazquez-r7
f656e5fedb
Do minor clean up
2014-03-18 06:11:02 -05:00
xistence
9bb4e5cfc3
Loadbalancer.org Enterprise VA SSH privkey exposure
2014-03-17 14:22:51 +07:00
xistence
c116697c70
Quantum vmPRO backdoor command
2014-03-17 14:19:27 +07:00
xistence
ef4a019b20
Quantum DXi V1000 SSH private key exposure
2014-03-17 14:15:00 +07:00
William Vu
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
James Lee
d1ea74c5fa
Make the password hash stand out as more important
2014-03-04 15:08:47 -06:00
James Lee
9a403bf630
Also extract admin hash if password auth failed
2014-03-04 14:55:47 -06:00
James Lee
423477bc52
auth_succeeded? is a better name for this method
2014-03-04 14:55:47 -06:00
James Lee
917b09086b
Pull the copy-pasted verification into a method
2014-03-04 14:55:47 -06:00
James Lee
4cfda88bad
Pull the copy-pasted sqli into a method
2014-03-04 14:55:47 -06:00
James Lee
68205fa43c
Actually use the argument
2014-03-04 11:30:42 -06:00
Michael Messner
15345da9d8
remove the wget module, remove the cmd stuff, testing bind stuff ahead
2014-02-28 22:44:26 +01:00
Michael Messner
2935f4f562
CMD target
2014-02-24 18:12:23 +01:00
Michael Messner
0126e3fcc8
cleanup
2014-02-23 21:17:32 +01:00
Michael Messner
dbbd080fc1
a first try of the cmd stager, wget in a seperated module included
2014-02-23 20:59:17 +01:00
Michael Messner
3a8de6e124
replaced rhost by peer
2014-02-18 21:01:50 +01:00
Michael Messner
66e2148197
linksys themoon command execution exploit
2014-02-18 19:43:47 +01:00
Michael Messner
4dda7e6bad
linksys themoon command execution exploit
2014-02-18 19:42:50 +01:00
pyoor
faae51f39e
Implemented @jlee-r7 requested changes
2014-02-17 10:13:18 -05:00
pyoor
ca15d2d8e7
Added Pandora FMS RCE and SQLi module
2014-02-12 12:02:33 -05:00
jvazquez-r7
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
Tod Beardsley
1236a4eb07
Fixup on description and some option descrips
2014-02-10 14:41:59 -06:00
sinn3r
c96116b193
Land #2949 - Add module Kloxo SQLi
2014-02-08 13:45:11 -06:00
jvazquez-r7
c679b1001b
Make pring_warning verbose
2014-02-07 10:23:07 -06:00
James Lee
4236abe282
Better SIGHUP handling
2014-02-06 15:21:54 -06:00
jvazquez-r7
fdb954fdfb
Report credentials
2014-02-05 14:37:33 -06:00
jvazquez-r7
631559a2e8
Add module for Kloco SQLi
2014-02-05 14:18:56 -06:00
xistence
50f860757b
Changes made to pandora_fms_exec module as requested
2014-02-03 14:10:27 +07:00
xistence
9a929e75e4
Added Pandora FMS RCE
2014-01-29 12:46:23 +07:00
sinn3r
a7fa4e312b
This module fails to load due to the missing end
2014-01-24 17:56:47 -06:00
sinn3r
cdc425e4eb
Update some checks
2014-01-24 12:08:23 -06:00
sinn3r
0a10c1297c
Address nil
2014-01-23 11:00:28 -06:00
sinn3r
333229ea7e
Throw Unknown if connection times out
2014-01-23 10:54:45 -06:00
sinn3r
c83053ba9b
Progress
2014-01-22 11:20:10 -06:00
sinn3r
646f7835a3
Saving progress
2014-01-21 17:14:55 -06:00
jvazquez-r7
272fe5ddfd
Delete debug comments
2014-01-16 16:12:12 -06:00
jvazquez-r7
8213eed49f
Delete Netgear N150 target, ist's a Netgear DGN1000 model
2014-01-16 15:14:31 -06:00
jvazquez-r7
139119d32c
Add Manual targets to sercomm_exec
2014-01-16 12:44:26 -06:00
jvazquez-r7
0922aef8d1
Update module description
2014-01-16 11:16:11 -06:00
Matt Andreko
b7b1ddf1e8
Sercomm Exploit module fixes
...
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
2014-01-13 16:58:32 -05:00
jvazquez-r7
24c57b34a7
Have into account endianess
2014-01-13 15:04:23 -06:00
Tod Beardsley
671027a126
Pre-release title/desc fixes
2014-01-13 13:57:34 -06:00
jvazquez-r7
9d14dd59eb
Delete parentheses
2014-01-09 15:17:13 -06:00
jvazquez-r7
85203c2f2a
Land #2823 , @mandreko's exploit module for OSVDB 101653
2014-01-09 10:27:44 -06:00
Matt Andreko
40d2299ab4
Added tested device
2014-01-09 10:46:14 -05:00
Matt Andreko
c50f7697a5
Merge branch 'review_2823' of https://github.com/jvazquez-r7/metasploit-framework into sercomm_exec
2014-01-09 10:39:12 -05:00
jvazquez-r7
bbaaecd648
Delete commas
2014-01-09 08:01:11 -06:00
jvazquez-r7
5e510dc64c
Add minor fixes, mainly formatting
2014-01-09 07:51:42 -06:00
Matt Andreko
ed6723655d
Code Review Feedback
...
Fixed some handling of errors and invalid hosts
2014-01-09 08:44:01 -05:00
Matt Andreko
d2458bcd2a
Code Review Feedback
...
Migrated the Sercomm module to use the CmdStager mixin to provide
uploading of the ELF binary.
Modified the CmdStagerEcho mixin to allow bypass of the "-en " since in
this case, the device messed up when it was used, and would actually
write the "-en " to the file, from some flaky busybox version of "echo".
2014-01-08 22:21:32 -05:00
jvazquez-r7
590547ebc7
Modify title to avoid versions
2014-01-07 13:01:10 -06:00
Joe Vennix
c34af35230
Add wrt100 to the description and title.
...
* The wrt110 and wrt100 share the same firmware, and are both vulnerable to this
bug.
2014-01-07 10:26:15 -06:00
jvazquez-r7
7f9f4ba4db
Make gsubs compliant with the new indentation standard
2013-12-31 11:06:53 -06:00
Tod Beardsley
5ce862a5b5
Add OSVDB
2013-12-26 10:33:46 -06:00
jvazquez-r7
163a54f8b1
Do send_request_cgi final clean up
2013-12-20 17:00:57 -06:00
jvazquez-r7
af13334c84
Revert gsub!
2013-12-20 11:39:49 -06:00
jvazquez-r7
1da961343a
Do final (minor) cleanup
2013-12-20 11:20:29 -06:00
Markus Wulftange
929f3ea35c
Turn Auxiliary module into Exploit module
2013-12-20 16:45:38 +01:00
jvazquez-r7
ec64382efc
Fix cfme_manageiq_evm_upload_exec according to chat with @rcvalle
2013-12-18 11:53:30 -06:00
jvazquez-r7
a28ea18798
Clean pull request
2013-12-18 11:32:34 -06:00
Ramon de C Valle
21661b168b
Add cfme_manageiq_evm_upload_exec.rb
...
This module exploits a path traversal vulnerability in the "linuxpkgs"
action of "agent" controller of the Red Hat CloudForms Management Engine
5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier).
2013-12-09 16:18:12 -02:00
sinn3r
bf3489203a
I missed this one
2013-12-03 13:13:14 -06:00
sinn3r
230db6451b
Remove @peer for modules that use HttpClient
...
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
Tod Beardsley
55847ce074
Fixup for release
...
Notably, adds a description for the module landed in #2709 .
2013-12-02 16:19:05 -06:00
sinn3r
fc14a6c149
Land #2576 - NETGEAR ReadyNAS Perl Code Evaluation Vulnerability
2013-11-24 00:47:14 -06:00
sinn3r
b5fc0493a5
Land #2642 - Fix titles
2013-11-18 12:14:36 -06:00
jvazquez-r7
9e46975a95
Land #2643 , @ChrisJohnRiley SkipVersionCheck for exim4_dovecot_bannercheck
2013-11-18 11:28:07 -06:00
jvazquez-r7
540b85df3f
Set SkipVersionCheck as not required
2013-11-18 11:27:32 -06:00
Tod Beardsley
36db6a4d59
Land #2616 , SuperMicro close_window BOF
2013-11-15 11:34:53 -06:00
Chris John Riley
5bd5eacd77
Added option to ignore banner checks
2013-11-15 15:01:11 +01:00
William Vu
2c485c509e
Fix caps on module titles (first pass)
2013-11-15 00:03:42 -06:00
Tod Beardsley
2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
...
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints
[SeeRM #8498 ]
2013-11-11 21:23:35 -06:00
jvazquez-r7
40f8e80775
Fix jlee-r7's feedback
2013-11-08 14:28:19 -06:00
jvazquez-r7
b7e360922d
Update ranking
2013-11-07 15:10:26 -06:00
jvazquez-r7
decf6ff6a0
Add module for CVE-2013-3623
2013-11-07 14:59:40 -06:00
James Lee
9e30c58495
Blow away remnants of Local::Unix
2013-11-05 13:51:45 -06:00
James Lee
36f96d343e
Revert "Revert "Land #2505" to resolve new rspec fails"
...
This reverts commit e7d3206dc9
.
2013-11-05 13:45:00 -06:00
jvazquez-r7
c92e8ff98d
Delete extra space
2013-10-30 19:34:54 -05:00
Tod Beardsley
9045eb06b0
Various title and description updates
2013-10-28 14:00:19 -05:00
jvazquez-r7
dd094eee04
Use 443 by default with SSL
2013-10-24 16:30:26 -05:00
jvazquez-r7
72f686d99a
Add module for CVE-2013-2751
2013-10-24 16:10:32 -05:00
William Vu
2aed8a3aea
Update modules to use new ZDI reference
2013-10-21 15:13:46 -05:00
sinn3r
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
Tod Beardsley
e7d3206dc9
Revert "Land #2505" to resolve new rspec fails
...
This reverts commit 717dfefead
, reversing
changes made to 6430fa3354
.
2013-10-21 12:47:57 -05:00
sinn3r
cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow
2013-10-21 12:03:07 -05:00
sinn3r
9bfd98b001
Change plate
2013-10-21 11:54:42 -05:00
William Vu
717dfefead
Land #2505 , missing source fix for sock_sendpage
2013-10-21 11:47:55 -05:00
jvazquez-r7
7dd39ae5e6
Update ranking
2013-10-17 22:43:47 -05:00
jvazquez-r7
a00a813649
Add real device libraries base addresses
2013-10-17 22:34:54 -05:00
jvazquez-r7
3d3a7b3818
Add support for OSVDB 86824
2013-10-17 01:08:01 -05:00
Tod Beardsley
ba2c52c5de
Fixed up some more weird splat formatting.
2013-10-16 16:25:48 -05:00
Tod Beardsley
ed0b84b7f7
Another round of re-splatting.
2013-10-15 14:14:15 -05:00
Tod Beardsley
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
Tod Beardsley
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
Tod Beardsley
63e40f9fba
Release time fixes to modules
...
* Period at the end of a description.
* Methods shouldn't be meth_name! unless the method is destructive.
* "Setup" is a noun, "set up" is a verb.
* Use the clunky post module naming convention.
2013-10-14 15:17:39 -05:00
jvazquez-r7
75aaded842
Land #2471 , @pyoor's exploit for CVE-2013-5743
2013-10-14 14:03:28 -05:00
jvazquez-r7
a6f17c3ba0
Clean zabbix_sqli
2013-10-14 14:01:58 -05:00
Joe Barrett
d929bdfaab
Re-fixing 8419, consistency is important.
2013-10-12 08:09:19 -04:00
James Lee
dfe74ce36c
Factorize sock_sendpage
2013-10-11 13:40:01 -05:00
pyoor
171b70fa7c
Zabbix v2.0.8 SQLi and RCE Module
...
Conflicts:
modules/exploits/linux/http/zabbix_sqli.rb
Commit completed version of zabbix_sqli.rb
2013-10-10 22:50:02 -04:00
James Lee
b9b2c82023
Add some entropy
...
* Random filename
* Stop shipping debug strings to the exploit executable
Also makes the writable path configurable, so we don't always have to
use /tmp in case it is mounted noexec, etc.
2013-10-10 18:18:01 -05:00
Meatballs
9ca9b4ab29
Merge branch 'master' into data_dir
...
Conflicts:
lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
James Lee
947925e3a3
Use a proper main signature with arguments
...
Allows us to `unlink(argv[0])`
2013-10-09 17:22:01 -05:00
James Lee
c251596f0b
Fix some bugs in preparation for factorizing
...
* Stop removing \x0a characters with String#scan, which of course breaks
the shellcode
* Fork so the original session continues to work
2013-10-09 16:03:40 -05:00
Winterspite
0acb170ee8
Bug #8419 - Added platform info missing on exploits
2013-10-08 22:41:50 -04:00
joev
4ba001d6dd
Put my short name to prevent conflicts.
2013-10-07 14:10:47 -05:00
joev
ec6516d87c
Deprecate misnamed module.
...
* Renames to a linux linksys module.
2013-10-07 14:06:13 -05:00
Tod Beardsley
fcba424308
Kill off EOL spaces on astium_sqli_upload.
2013-10-03 11:01:27 -05:00
Meatballs
c460f943f7
Merge branch 'master' into data_dir
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
plugins/sounds.rb
scripts/meterpreter/powerdump.rb
scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
sinn3r
23b0c3b723
Add Metasploit blog references
...
These modules have blogs from the Rapid7 community, we should add them.
2013-10-01 20:50:16 -05:00
Meatballs
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
jvazquez-r7
813bd2c9a5
Land #2379 , @xistence's exploit for OSVDB 88860
2013-09-26 13:52:15 -05:00
xistence
c2ff5accee
stability fixes to astium_sqli_upload
2013-09-26 10:23:33 +07:00
Tod Beardsley
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
Tod Beardsley
8db1a389eb
Land #2304 fix post module require order
...
Incidentally resolve conflict on current_user_psexec to account for the
new powershell require.
2013-09-23 16:52:23 -05:00
Tod Beardsley
4bff8f2cdc
Update descriptions for clarity.
2013-09-23 13:48:23 -05:00
jvazquez-r7
1fc849bdd5
Land #2188 , @m-1-k-3's module for OSVDB 90221
2013-09-23 11:44:43 -05:00
jvazquez-r7
71d74655f9
Modify description
2013-09-23 11:44:04 -05:00
sinn3r
0eb838156b
Land #2390 - Use payload.encoded because BadChars are defined
2013-09-19 22:10:55 -05:00
jvazquez-r7
1a00cce8a9
Clean up
2013-09-19 11:51:07 -05:00
jvazquez-r7
926ddf35bc
Fix possible collisions on binding port and handle rex socket
2013-09-19 08:23:25 -05:00
jvazquez-r7
accad24f31
Use payload.encoded because BadChars are defined
2013-09-18 13:03:35 -05:00
jvazquez-r7
61ab0e245c
Add Context to rex sockets plus track them with add_socket
2013-09-18 12:39:08 -05:00
jvazquez-r7
1988085a94
Fix possible port conflict
2013-09-18 12:24:36 -05:00
xistence
adc1bd9c65
changes made to astium_sqli_upload based on suggestions
2013-09-18 16:52:31 +07:00
James Lee
9a555d8701
Fix the modules added since the branch
2013-09-17 18:25:12 -05:00
James Lee
150f0f644e
Merge branch 'rapid7' into bug/osx-mods-load-order
...
Conflicts:
modules/post/windows/gather/enum_dirperms.rb
2013-09-17 18:21:13 -05:00
xistence
82aa3f97b0
added Astium confweb 25399 RCE
2013-09-17 12:32:10 +07:00
Tod Beardsley
b4b7cecaf4
Various minor desc fixes, also killed some tabs.
2013-09-16 15:50:00 -05:00
Tod Beardsley
f89af79223
Correct OSVDB for sophos sblistpack exploit
2013-09-16 15:41:50 -05:00
jvazquez-r7
c18c41d8ea
Don't hidde exceptions
2013-09-16 09:26:13 -05:00
jvazquez-r7
86e5163cad
Fix Indentation and cleanup
2013-09-16 09:19:26 -05:00
jvazquez-r7
62cf9cb07c
Retab changes for PR #2188
2013-09-16 09:09:16 -05:00
jvazquez-r7
842dba20b9
Merge for retab
2013-09-16 09:08:36 -05:00
jvazquez-r7
c665f41cd6
Fix description
2013-09-13 09:09:14 -05:00
sinn3r
ac90cd1263
Land #2248 - Fix dlink upnp exec noauth
2013-09-12 15:10:20 -05:00
sinn3r
5aa6a0dd6b
Land #2346 - Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
2013-09-12 14:19:02 -05:00
sinn3r
8db66aeb98
Yes, clearly it is.
2013-09-12 14:16:34 -05:00
jvazquez-r7
bf40dc02ce
Add module for CVE-2013-4984
2013-09-09 23:27:24 -05:00
jvazquez-r7
c3ff9a03d8
Add module for CVE-2013-4983
2013-09-09 23:26:10 -05:00
Tab Assassin
f780a41f87
Retab changes for PR #2248
2013-09-05 14:12:24 -05:00
Tab Assassin
554d1868ce
Merge for retab
2013-09-05 14:12:18 -05:00
Tab Assassin
845bf7146b
Retab changes for PR #2304
2013-09-05 13:41:25 -05:00
Tab Assassin
adf9ff356c
Merge for retab
2013-09-05 13:41:23 -05:00
Tab Assassin
896bb129cd
Retab changes for PR #2325
2013-09-05 13:24:09 -05:00
Tab Assassin
5ff25d8b96
Merge for retab
2013-09-05 13:23:25 -05:00
James Lee
50c6f26329
Don't deregister PrependFork
2013-09-05 10:50:36 -05:00
James Lee
b913fcf1a7
Add a proper PrependFork for linux
...
Also fixes a typo bug for AppendExit
2013-09-04 00:15:07 -05:00
Tab Assassin
84aaf2334a
Retab new material
2013-09-03 11:47:26 -05:00
Tab Assassin
0c1e6546af
Update from master
2013-09-03 11:45:39 -05:00
sinn3r
c4aa557364
Land #2292 - Fix the way to get a session over a telnet connection
2013-08-31 00:29:25 -05:00
Tab Assassin
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
James Lee
63adde2429
Fix load order in posts, hopefully forever
2013-08-29 13:37:50 -05:00
James Lee
feae4a41e7
I don't like end-of-line comments
2013-08-28 12:42:26 -05:00
jvazquez-r7
0bfc12ada1
Fix the way to get a session over a telnet connection
2013-08-27 11:38:49 -05:00
jvazquez-r7
93c46c4be5
Complete the Author metadata
2013-08-26 23:29:16 -05:00
jvazquez-r7
e1e889131b
Add references and comments
2013-08-26 23:26:13 -05:00
James Lee
63786f9e86
Add local exploit for taviso's vmware privesc
2013-08-26 21:06:40 -05:00
jvazquez-r7
7b555679e6
Really delete the telnet target
2013-08-19 15:06:47 -05:00
jvazquez-r7
d64c8748e8
Fix descriptions and names
2013-08-19 15:05:27 -05:00
jvazquez-r7
232289d500
Add new module to exploit to through telnet dlink_upnp_exec_noauth
2013-08-19 15:01:29 -05:00
jvazquez-r7
846925e3ba
Delete telnet target from dlink_upnp_exec_noauth
2013-08-19 14:56:12 -05:00
m-1-k-3
c902b0ea4b
removed user and pass option
2013-08-19 18:07:11 +02:00
m-1-k-3
5fc806e3e0
little fixes
2013-08-18 16:18:27 +02:00
m-1-k-3
9ae977ec80
Merge branch 'raidsonic_telnet' of https://github.com/jvazquez-r7/metasploit-framework into raidsonic-ib5220-exec
...
Conflicts:
modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb
2013-08-18 15:56:39 +02:00
sinn3r
462ccc3d36
Missed these little devils
2013-08-15 16:50:13 -05:00
HD Moore
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
jvazquez-r7
7a8bafd82c
Beautify
2013-08-14 13:50:08 -05:00
jvazquez-r7
90aec6cff5
Fix telnet negotiation for the raidsonic case
2013-08-14 13:38:51 -05:00
jvazquez-r7
178a7b0dbb
Fix author's email format
2013-08-14 11:56:47 -05:00
jvazquez-r7
2a4b8e4a64
Add useful comment
2013-08-14 11:49:32 -05:00
jvazquez-r7
e6c36864c4
Fix telnet related stuff
2013-08-14 11:47:57 -05:00
m-1-k-3
6b87240323
thx to juan ... session stuff looks better
2013-08-14 16:51:09 +02:00
jvazquez-r7
f2e5092fd5
Add module for ZDI-13-179
2013-08-10 18:44:33 -05:00
sinn3r
5436ec7dd3
Title change for dlink_dir300_exec_telnet
...
Title change for dlink_dir300_exec_telnet. Also correct the email
format.
2013-08-09 15:41:50 -05:00
jvazquez-r7
74eeacf9f2
Fix regex
2013-08-08 08:40:45 -05:00
jvazquez-r7
821673c4d2
Try to fix a little description
2013-08-07 10:26:39 -05:00
jvazquez-r7
33ac0c5c3f
Make exploit more print friendly
2013-08-07 10:21:14 -05:00
jvazquez-r7
32436973e4
Land #2192 , @m-1-k-3's exploit for OSVDB-89861
2013-08-07 10:16:49 -05:00
jvazquez-r7
ae685ac41d
Beautify description
2013-08-07 09:52:29 -05:00
jvazquez-r7
afb8a95f0a
Land #2179 , @m-1-k-3's exploit for OSVDB-92698
2013-08-07 09:00:41 -05:00
m-1-k-3
885417c9d9
removing config file from target
2013-08-06 15:11:54 +02:00
m-1-k-3
dd35495fb8
dir 300 and 600 auxiliary module replacement
2013-08-05 22:28:59 +02:00
m-1-k-3
786f16fc91
feedback included
2013-08-05 21:55:30 +02:00
m-1-k-3
2efc2a79bf
fail with
2013-08-05 21:41:28 +02:00
Tod Beardsley
e7206af5b5
OSVDB and comment doc fixes
2013-08-05 09:08:17 -05:00
m-1-k-3
34134b2e11
feedback included
2013-08-04 14:45:55 +02:00
m-1-k-3
b8ed364cb8
telnet user working
2013-08-03 15:07:10 +02:00
m-1-k-3
62e3c01190
raidsonic nas - command execution
2013-08-02 21:04:19 +02:00
m-1-k-3
a19afd163a
feedback included
2013-08-02 17:30:39 +02:00
m-1-k-3
15906b76db
dir300 and 615 command injection
2013-07-31 14:36:51 +02:00
m-1-k-3
6b514bb44a
dir300 and 615 command injection telnet session
2013-07-31 14:34:03 +02:00
sinn3r
5efcbbd474
Land #2167 - PineApp Mail-SeCure livelog.html Exec
2013-07-29 13:18:18 -05:00
sinn3r
7967426db1
Land #2166 - PineApp Mail-SeCure ldapsyncnow.php EXEC
2013-07-29 13:16:42 -05:00
jvazquez-r7
a1d9ed300e
Add module for ZDI-13-184
2013-07-28 09:57:41 -05:00
jvazquez-r7
f4e35b62ac
Add module for ZDI-13-185
2013-07-27 12:12:06 -05:00
jvazquez-r7
fab9d33092
Fix disclosure date
2013-07-27 12:10:21 -05:00
jvazquez-r7
ac7bb1b07f
Add module for ZDI-13-188
2013-07-27 03:25:39 -05:00
Tod Beardsley
147d432b1d
Move from DLink to D-Link
2013-07-23 14:11:16 -05:00
jvazquez-r7
af1bd01b62
Change datastore options names for consistency
2013-07-22 16:57:32 -05:00
Tod Beardsley
5e55c506cd
Land #2140 , add CWS as a first-class reference.
2013-07-22 13:50:38 -05:00
Tod Beardsley
164153f1e6
Minor updates to titles and descriptions
2013-07-22 13:04:54 -05:00
jvazquez-r7
77e8250349
Add support for CWE
2013-07-22 12:13:56 -05:00
jvazquez-r7
6158415bd3
Clean CWE reference, will ad in new pr
2013-07-22 12:03:55 -05:00
jvazquez-r7
da4fda6cb1
Land #2110 , @rcvalle's exploit for Foreman Ruby Injection
2013-07-22 12:02:43 -05:00
Ramon de C Valle
04e9398ddd
Fix CSRF regular expressions as per review
2013-07-22 13:10:56 -03:00
jvazquez-r7
de6e2ef6f4
Final cleanup for dlink_upnp_exec_noauth
2013-07-22 10:53:09 -05:00
jvazquez-r7
c1c72dea38
Land @2127, @m-1-k-3's exploit for DLink UPNP SOAP Injection
2013-07-22 10:52:13 -05:00
Ramon de C Valle
11ef4263a4
Remove call to handler as per review
2013-07-22 12:49:42 -03:00
jvazquez-r7
4beea52449
Use instance variables
2013-07-19 14:46:17 -05:00
Ramon de C Valle
6761f95892
Change print_error/ret to fail_with as per review
2013-07-19 12:19:29 -03:00
m-1-k-3
e93eef4534
fixing server header check
2013-07-19 08:00:02 +02:00
m-1-k-3
f26b60a082
functions and some tweaking
2013-07-19 07:57:27 +02:00
jvazquez-r7
a1a6aac229
Delete debug code from mutiny_frontend_upload
2013-07-18 14:03:19 -05:00
Ramon de C Valle
8fd6dd50de
Check session and CSRF variables as per review
2013-07-16 14:30:55 -03:00
Ramon de C Valle
dc51c8a3a6
Change URIPATH option to TARGETURI as per review
2013-07-16 14:27:47 -03:00
Ramon de C Valle
3dbe8fab2c
Add foreman_openstack_satellite_code_exec.rb
...
This module exploits a code injection vulnerability in the 'create'
action of 'bookmarks' controller of Foreman and Red Hat
OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
2013-07-16 12:07:31 -03:00
m-1-k-3
f594c4b128
small cleanup
2013-07-15 08:48:18 +02:00