Commit Graph

938 Commits (cf8008ed38bc9c8230716735a325202e6e962164)

Author SHA1 Message Date
m-1-k-3 c8123c147f upnp vs hnap 2015-05-05 20:57:05 +02:00
Christian Mehlmauer 73f7885eea
add comment 2015-05-29 23:08:55 +02:00
jvazquez-r7 1be04a9e7e
Land #5182, @m-1-k-3's exploit for Dlink UPnP SOAP-Header Injection 2015-05-29 14:49:09 -05:00
jvazquez-r7 8b2e49eabc
Do code cleanup 2015-05-29 14:45:47 -05:00
jvazquez-r7 9ccf04a63b
Land #5420, @m-1-k-3's miniigd command injection module (ZDI-15-155) 2015-05-29 13:29:03 -05:00
jvazquez-r7 9ebd6e5d6e
Use REXML 2015-05-29 13:27:19 -05:00
jvazquez-r7 294fa78c1f
Land #5430, @m-1-k-3's adding specific endianess Arch to some exploits 2015-05-29 11:43:25 -05:00
jvazquez-r7 dd39d196f5
Land #5226, @m-1-k-3's Airties login Buffer Overflow exploit 2015-05-29 10:51:32 -05:00
jvazquez-r7 952f391fb4
Do minor code cleanup 2015-05-29 10:49:51 -05:00
Michael Messner 666b0bc34a MIPSBE vs MIPS 2015-05-28 18:50:48 +02:00
Michael Messner 43f505b462 fix contact details 2015-05-25 19:31:50 +02:00
jvazquez-r7 f953dc08d9
Land #5280, @m-1-k-3's support for Airties devices to miniupnpd_soap_bof 2015-05-24 15:17:38 -05:00
Michael Messner 10baf1ebb6 echo stager 2015-05-23 15:50:35 +02:00
Tod Beardsley f423306b6f
Various post-commit fixups
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150, @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys

Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192, @joevennix's module for Safari CVE-2015-1126

Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in

Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016,
add SSL Labs scanner

Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101, Add Directory Traversal for GoAhead Web Server

Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158, OWA internal IP disclosure scanner

Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159, WordPress Mobile Edition Plugin File Read Vuln

Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924, @m-1-k-3's DLink CVE-2015-1187 exploit

Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131, WordPress Slideshow Upload

Edited modules/exploits/windows/local/run_as.rb first landed in #4649,
improve post/windows/manage/run_as and as an exploit

(These results courtesy of a delightful git alias, here:

```
  cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"

```

So that's kind of fun.
2015-05-06 11:39:15 -05:00
m-1-k-3 c7e05448e7 various MIPS vs MIPSBE fixes 2015-05-04 12:55:21 +02:00
m-1-k-3 53043dcbbc make msftidy happy 2015-05-03 18:14:51 +02:00
m-1-k-3 6fbce56a52 realtek upnp command injection 2015-05-03 18:09:22 +02:00
jvazquez-r7 1bc6822811
Delete Airties module 2015-05-22 11:57:45 -05:00
jvazquez-r7 70d0bb1b1a
Merge Airties target inside miniupnpd_soap_bof 2015-05-22 11:57:19 -05:00
m-1-k-3 d8b8017e0b remove debugging 2015-04-27 06:36:34 +02:00
m-1-k-3 8db88994ac fingerprint, title 2015-04-27 06:34:46 +02:00
m-1-k-3 285d767e20 initial commit of UPnP exploit for Airties devices 2015-04-27 05:34:30 +02:00
m-1-k-3 f5b0a7e082 include rop gadget description 2015-04-23 00:11:02 +02:00
m-1-k-3 1ec0e09a43 msftidy 2015-04-22 10:32:47 +02:00
m-1-k-3 58099d0469 airties login bof module 2015-04-22 10:21:58 +02:00
jvazquez-r7 3f40342ac5
Fix sock_sendpage 2015-04-21 14:17:19 -05:00
jvazquez-r7 ab94f15a60
Take care of modules using the 'DEBUG' option 2015-04-21 12:13:40 -05:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
Michael Messner b991dec0f9 Dlink UPnP SOAP-Header Injection 2015-04-17 22:54:32 +02:00
wchen-r7 4f903a604c Fix #5103, Revert unwanted URI encoding
Fix #5103. By default, Httpclient will encode the URI but
we don't necessarily want that. These modules originally
didn't use URI encoding when they were written so we should
just keep them that way.
2015-04-17 13:59:49 -05:00
Christian Mehlmauer 153344a1dd
fix Unkown typo 2015-04-16 23:59:28 +02:00
Christian Mehlmauer 352e170624
more failure reasons 2015-04-16 22:04:11 +02:00
Christian Mehlmauer ba6548db75
be consistent about naming 2015-04-16 21:44:56 +02:00
Christian Mehlmauer a193ae42b0
moar fail_with's 2015-04-16 21:25:05 +02:00
Christian Mehlmauer 4dc402fd3c
moar fail_with's 2015-04-16 21:16:52 +02:00
Christian Mehlmauer 0e186fa617
first fail_with fixes 2015-04-16 21:08:33 +02:00
jvazquez-r7 ef6bf54e2f
Fix metadata 2015-04-15 09:22:59 -05:00
jvazquez-r7 1da6b32df7
Land #4924, @m-1-k-3's DLink CVE-2015-1187 exploit
* ncc service ping.cpp command injection
2015-04-15 09:17:10 -05:00
jvazquez-r7 6019bbe0d2
Add ranking comment 2015-04-15 09:12:03 -05:00
jvazquez-r7 ad465c4d5b
Do code cleanup 2015-04-15 09:10:18 -05:00
Tod Beardsley 11057e5b3b
Fix up the last couple from Tenable, missed last
[See #5012]
2015-04-02 15:27:46 -05:00
Tod Beardsley 4bbec88882
Various other one-off nonhuman author credits
[See #5012]
2015-04-02 15:25:47 -05:00
Tod Beardsley b17727d244
Switching to privileged => false 2015-04-01 14:35:45 -05:00
Tod Beardsley 0825534d2c
Fix reference 2015-04-01 14:16:45 -05:00
Tod Beardsley 8ec71e9daf
Add a module for R7-2015-05 2015-04-01 14:05:41 -05:00
m-1-k-3 d81a246660 target_uri 2015-03-26 12:16:20 +01:00
m-1-k-3 b7f469b747 feedback 2015-03-26 07:39:36 +01:00
Tod Beardsley 49a6057f74
Grammaring harder 2015-03-24 11:10:36 -05:00
jvazquez-r7 2d1adf6ef4
Land #4923, @m-1-k-3's exploit for overflow on belkin routers 2015-03-22 02:05:35 -05:00
jvazquez-r7 ee74bb3c5b
The default concat operator should be ok 2015-03-22 02:05:02 -05:00