Commit Graph

7097 Commits (d4fc99e40cdb7cd0a000d5be8a2d358ca5a6f724)

Author SHA1 Message Date
jvazquez-r7 37dc19951b Added module for ZDI-12-169 2012-10-10 19:14:54 +02:00
Borja Merino 21d1a5857a Adding Iterations options 2012-10-10 12:32:30 +02:00
Borja Merino 7b45ef6038 Applying changes. Blocks -Begin .. End- deleted 2012-10-09 21:52:49 +02:00
HD Moore 22f7c42b85 Merge branch 'master' into feature/updated-mobile 2012-10-09 12:58:19 -05:00
jvazquez-r7 4fa3631e34 avoiding the python support on the barracuda one if cannot be tested 2012-10-09 18:01:23 +02:00
jvazquez-r7 f33411abd1 Merge branch 'python_payload_support' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-python_payload_support 2012-10-09 18:00:44 +02:00
sinn3r a12aed7ffc Don't really need these keywords 2012-10-09 00:49:05 -05:00
sinn3r b657fd31cc Merge branch 'php_include' of https://github.com/ethicalhack3r/metasploit-framework into ethicalhack3r-php_include 2012-10-09 00:45:46 -05:00
sinn3r c094508119 Support Python payload
Pretty sure if the app is run on Unix/Apache, or supports perl and
ruby, chances are python works too.
2012-10-08 22:17:11 -05:00
jvazquez-r7 b356b403b0 Merge branch 'phptax' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-phptax 2012-10-09 00:10:31 +02:00
HD Moore 286b86949b Prefix with host:port for readability 2012-10-08 15:23:26 -05:00
sinn3r 06e2994b7e connectiontype to find and python payload support 2012-10-08 15:13:27 -05:00
sinn3r abb4bdd408 metadata formatting, and a little res gotcha 2012-10-08 15:00:51 -05:00
sinn3r 04aa69192d Dang typo 2012-10-08 13:35:13 -05:00
jvazquez-r7 ef9d627e13 Added module for ZDI-12-106 2012-10-08 20:04:01 +02:00
sinn3r 8ff4442f9e Add PhpTax pfilez exec module
This module exploits a vuln found in PhpTax.  When generating a
PDF, the icondrawpng() function in drawimage.php does not
properly handle the pfilez parameter, which will be used in a
exec() statement, and results in arbitrary code execution.
2012-10-08 12:46:56 -05:00
sinn3r e9b70a3a4f Merge branch 'avaya_winpmd_unihostrouter' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-avaya_winpmd_unihostrouter 2012-10-07 15:35:30 -05:00
jvazquez-r7 0acd9e4eec Merge branch 'ms10_002_ropdb_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms10_002_ropdb_update 2012-10-07 17:49:45 +02:00
jvazquez-r7 40983460bf added module for avaya winpmd bof, osvdb 73269 2012-10-07 12:05:13 +02:00
sinn3r bdb9b75e1e Use RopDb, and print what target the module has selected. 2012-10-07 01:42:29 -05:00
HD Moore 64f29952dc Merge branch 'master' into feature/updated-mobile 2012-10-07 00:32:02 -05:00
sinn3r 5b656087b5 Use RopDb in adobe_flash_otf_font, also cleaner code & output 2012-10-06 21:03:41 -05:00
jvazquez-r7 874fe64343 Merge branch 'ms11_050_ropdb_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms11_050_ropdb_update 2012-10-06 14:10:36 +02:00
sinn3r e02adc1f35 Merge branch 'mubix-bypassuac_uac_check' 2012-10-06 02:09:16 -05:00
sinn3r 33429c37fd Change print_error to print_debug as a warning 2012-10-06 02:08:19 -05:00
sinn3r 94d5eb7a8c Use RopDb in MS11-050, and correct autopwninfo 2012-10-06 01:45:40 -05:00
Rob Fuller 55474dd8bf add simple UAC checks to bypassuac 2012-10-06 00:59:54 -04:00
Rob Fuller b984d33996 add RunAs ask module 2012-10-06 00:51:44 -04:00
sinn3r 769fa3743e Explain why the user cannot modify the URIPATH 2012-10-05 17:24:06 -05:00
ethicalhack3r f4e442bcbd Added headers support to php_include module 2012-10-05 23:00:38 +02:00
sinn3r 2aa59623d1 Merge branch 'ropdb_for_browsers' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ropdb_for_browsers 2012-10-05 15:43:18 -05:00
sinn3r 21ea77ff8b Fix spaces 2012-10-05 15:40:37 -05:00
sinn3r a60851e9d1 Merge branch 'mubix-bypassuac_localport' 2012-10-05 14:28:12 -05:00
sinn3r 6342c270f4 Merge branch 'bypassuac_localport' of https://github.com/mubix/metasploit-framework into mubix-bypassuac_localport 2012-10-05 14:16:16 -05:00
sinn3r 33db3d9610 RopDb for ntr_activex_check_bof.rb 2012-10-05 14:09:59 -05:00
sinn3r f92843c96e RopDb for ie_execcommand_uaf.rb 2012-10-05 13:49:17 -05:00
jvazquez-r7 aba69d8438 fix indentation 2012-10-05 20:18:40 +02:00
jvazquez-r7 4c646762a5 Added target debian squeeze 2012-10-05 20:12:09 +02:00
sinn3r 9a53a49625 RopDb for vlc_amv.rb 2012-10-05 12:54:16 -05:00
sinn3r d9278d82f8 Adopt RopDb for msxml_get_definition_code_exec.rb 2012-10-05 12:20:41 -05:00
sinn3r 6fc8790dd7 Adopt RopDb for ms12_037_same_id.rb 2012-10-05 12:17:19 -05:00
sinn3r 1268614d54 Adopt RopDb for adobe_flash_mp4_cprt.rb 2012-10-05 11:15:53 -05:00
sinn3r 98931e339a Adopt RopDb for adobe_flash_rtmp.rb 2012-10-05 11:05:19 -05:00
sinn3r 631a06f3bb Adopt RopDb for adobe_flashplayer_flash10o.rb 2012-10-05 10:55:55 -05:00
Rob Fuller 0ae7756d26 fixed missing > on author 2012-10-05 11:13:40 -04:00
jvazquez-r7 8b8bfec6b8 Merge branch 'gpg' of https://github.com/kholia/metasploit-framework into kholia-gpg 2012-10-05 09:23:54 +02:00
sinn3r bcc56cb7cc Merge branch 'bypassuac_localport' of https://github.com/mubix/metasploit-framework into mubix-bypassuac_localport 2012-10-05 01:05:30 -05:00
sinn3r 77438d2fc7 Make URI modification more obvious, and let the user know why 2012-10-04 17:52:04 -05:00
Rob Fuller 8520cbf218 fixes spotted by @jlee-r7 2012-10-04 17:34:35 -04:00
Rob Fuller f3e94d2ee2 extend dep to 3 months and use print_error 2012-10-04 16:42:08 -04:00
Rob Fuller cf8501775a re-add bypassuac post mod w/ deprication warning 2012-10-04 16:31:20 -04:00
James Lee ae11c2ffc0 Merge branch 'rapid7' into kernelsmith-update-ms10_042-info
[Closes #860]
2012-10-04 15:29:32 -05:00
Tod Beardsley 4400cb94b5 Removing trailing spaces 2012-10-04 14:58:53 -05:00
kernelsmith 6ef87d1695 update info to reflect use of webdav
ms10_042_helpctr_xss_cmd_exec.rb doesn't tell you that it's going to
use webdav, and it's options dont' have the (Don't change) warning for
SRVPORT and URIPATH.  This update fixes all that
2012-10-04 14:09:53 -05:00
Rob Fuller 3f2fe8d5b4 port bypassuac from post module to local exploit 2012-10-04 14:31:23 -04:00
James Lee dc9907da98 Fix load order issue with multi/gather/ssh_creds
Make sure Post::Unix exists before including
2012-10-04 11:19:14 -05:00
Dhiru Kholia d63b5fb9e3 fixes: author format, remove meterpreter support, fix ltype 2012-10-04 21:29:00 +05:30
sinn3r 02617a6f3a Merge branch 'feature/redmine-7224-shellcode-cleanup' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/redmine-7224-shellcode-cleanup 2012-10-04 00:43:34 -05:00
sinn3r d515b3274d Apply wfsdelay and apply egypt's suggestions 2012-10-04 00:40:52 -05:00
sinn3r 9dad8b28ee Merge branch 'qnx_qconn_exec' of https://github.com/bcoles/metasploit-framework into bcoles-qnx_qconn_exec 2012-10-03 22:09:14 -05:00
sinn3r 6de50b7cb5 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-10-03 12:30:34 -05:00
sinn3r fbc3709774 Change the title and regex a bit 2012-10-03 12:16:25 -05:00
jvazquez-r7 51e70c44e3 fix error message after cleanup 2012-10-03 18:44:33 +02:00
jvazquez-r7 0755cbe411 cleanup: clear strings, delete unused variables, author email foramt, use of unpack 2012-10-03 18:28:03 +02:00
jvazquez-r7 09c4c8172d Merge branch 'PostgreSQL' of https://github.com/kholia/metasploit-framework into kholia-PostgreSQL 2012-10-03 18:26:34 +02:00
jvazquez-r7 30846f4190 fix typo in comment 2012-10-03 16:06:00 +02:00
jvazquez-r7 24037ac79a Added module for CVE-2011-4051 2012-10-03 16:03:36 +02:00
Dhiru Kholia a0422fe500 Make failing username dynamic 2012-10-03 19:17:32 +05:30
sinn3r e39472f7d4 Merge branch 'zeroSteiner-module-ms11-080' 2012-10-02 12:01:01 -05:00
sinn3r e36507fc05 Code cleanup and make msftidy happy 2012-10-02 12:00:23 -05:00
Dhiru Kholia 80bcf930e3 GnuPG Information Gather Module, tested against Linux 2012-10-02 17:46:57 +05:30
Dhiru Kholia e33da009ea add PostgreSQL password capturing module 2012-10-02 15:16:37 +05:30
Borja Merino 8473aafdd5 added sdel post meterpreter module 2012-10-02 01:35:53 +02:00
Spencer McIntyre 21e832ac1c add call to memory protect to fix DEP environments 2012-10-01 18:49:18 -04:00
Tod Beardsley e6e25544ec Merge branch 'handler-requires-race' 2012-10-01 16:32:15 -05:00
Tod Beardsley 2ca134a2c3 Merge branch 'printjob_capture'
This lands #811, and also brings in my changes from
ChrisJohnRiley/metasploit-framework#2

Thanks Chris!
2012-10-01 15:55:14 -05:00
Tod Beardsley 1e4f8591fd Sneaking in an author credit 2012-10-01 11:42:56 -05:00
Tod Beardsley c0bc764fd4 Retabbing for tabs, not spaces
I'm not a fan of the tabs either, any more. But, until we switch over
for real, let's stick with the project's whitespace conventions?
2012-10-01 11:26:58 -05:00
Tod Beardsley 802924d67a Getting rid of continuation slashes. Plz don't.
Continuation slashes are the devil when it comes to reading Ruby,
especially if you're reading something like:

def hello

puts "Hello world!" \
  if true

end

This looks like a syntax error and hurts my eyeballs.

Please avoid this convention in the future.
2012-10-01 11:23:06 -05:00
Tod Beardsley a38724f53b Adds an apparently spurious require
SeeRM #7276

Sticking this in a branch for now while I ask Egypt and limhoff for a
second opinion.
2012-10-01 07:49:58 -05:00
bcoles e2276bfedb Add QNX QCOMM command execution module 2012-09-30 17:21:08 +09:30
jvazquez-r7 c5f863b0b9 minor fixes and msftidy compliant 2012-09-29 23:35:53 +02:00
jvazquez-r7 3e97cb2d85 Merge branch 'module-enumtomcat' of https://github.com/sectorix/metasploit-framework into sectorix-module-enumtomcat 2012-09-29 23:34:46 +02:00
Barry Shteiman 19675b3bea changed report to be more verbose 2012-09-28 19:02:15 +01:00
Tod Beardsley 489c9b701e Whitespace 2012-09-28 12:47:15 -05:00
Tod Beardsley 1b2240d9bd Commenting about IPP 2012-09-28 12:38:36 -05:00
Tod Beardsley a15a2b522c Removing IPP as a selectable mode 2012-09-28 12:38:17 -05:00
Tod Beardsley 6944aab46c Removing Id SVN splat 2012-09-28 12:37:00 -05:00
Barry Shteiman fa03eddbdc extended identification technique 2012-09-28 16:44:03 +01:00
Tod Beardsley db4b19a2df Adding Juan's fix for peerhost 2012-09-28 10:26:35 -05:00
jvazquez-r7 6679ff765a remove extra commas 2012-09-28 12:21:59 +02:00
Barry Shteiman ddb3f27035 added Tomacat Server Enumeration Module 2012-09-28 00:40:17 +01:00
sinn3r 4087790cf7 Oops, forgot to update the check() function 2012-09-27 18:22:57 -05:00
sinn3r 0300576436 Merge branch 'setinfopolicy_heap' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-setinfopolicy_heap 2012-09-27 18:22:22 -05:00
jvazquez-r7 9d3a1871a6 Added module for Samba CVE-2012-1182 2012-09-28 01:18:52 +02:00
jvazquez-r7 6aefa40ec1 fix my english 2012-09-28 00:32:02 +02:00
jvazquez-r7 12177b0ed2 Added module for 2011-1900 2012-09-28 00:29:12 +02:00
Tod Beardsley 60b4190e4a Avoids a race on requires
Applies Raphael's patch.

[FixRM #7261]
2012-09-27 13:18:50 -05:00
Spencer McIntyre c93692b06d add a check to verify session is not already system for MS11-080 2012-09-27 08:36:13 -04:00
sinn3r f6baf824b6 The USER_FILE path is wrong. 2012-09-27 01:33:11 -05:00
sinn3r 75d40d4d82 Make msftidy happy 2012-09-27 01:33:11 -05:00
Cristiano Maruti 99ec988485 Updated with wordlist path registered options 2012-09-27 01:33:11 -05:00
Cristiano Maruti 75f5e24178 Dell iDrac login aux scanner 2012-09-27 01:33:11 -05:00
Tod Beardsley 594669cbff Merge remote branch 'sectorix/module-enumdb' 2012-09-26 12:53:30 -05:00
David Maloney aa8a713a30 Fix added datastore item in BAP 2012-09-26 11:55:12 -05:00
Spencer McIntyre 8648953747 added MS11-080 AFD JoinLeaf Windows Local Exploit 2012-09-26 11:01:30 -04:00
Tod Beardsley e7281e0085 Merge branch 'master' into module-enumdb
Fixing up the merge conflicts caused mostly by the CRLF's (fixed in the
parent commit to this one), and probably by failing to merge from
master on sectorix's side.

Conflicts:
	modules/post/windows/gather/enum_db.rb
2012-09-26 08:42:24 -05:00
Tod Beardsley 5bd39536a2 Reformatting with Unix linefeeds.
For the curious, I like this procedure a lot, it's my new favorite:

http://vim.wikia.com/wiki/File_Format#Converting_the_current_file
2012-09-26 08:40:50 -05:00
Barry Shteiman 3efe9ac761 removed dev comments 2012-09-26 13:37:17 +01:00
Barry Shteiman f51f4c1e6a added support for oracle 11g XE 2012-09-26 13:28:16 +01:00
HD Moore 3ade5a07e7 Add exploit for phpmyadmin backdoor 2012-09-25 10:47:53 -05:00
jvazquez-r7 93dd96d4d3 fixing variable name 2012-09-25 15:40:12 +02:00
sinn3r 1111de0197 Add OSVDB reference 2012-09-25 01:19:58 -05:00
sinn3r 6939df8d98 Support Spanish thx to Adrian Pulido
See redmine feature: #7006
2012-09-24 22:42:17 -05:00
sinn3r 67c5c24f67 Fix multiple bugs
Bug fixes including:
* Unnecessary headers being manually added. Sometimes may cause
  a 400 Bad Request against specific web servers.  See issue 7165
  on Redmine for details.
* Regex fix
* URI path fix
2012-09-24 22:32:59 -05:00
sinn3r 4cd244693f Tabs 2012-09-24 19:13:44 -05:00
sinn3r 6c28e054f0 Merge branch 'enum_db' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-enum_db 2012-09-24 19:11:21 -05:00
sinn3r 54ed60e24e Forgot to remove the second require 2012-09-24 18:50:53 -05:00
sinn3r 6bd450e114 Make Ruby 1.8 happy 2012-09-24 18:49:41 -05:00
sinn3r 6ed5f4a99b Merge branch 'dcbz-osxpayloads' 2012-09-24 18:37:07 -05:00
sinn3r c0387f1441 Have a matching option like the post module
And make sure nemo won't get harassed by people because they
think he hacked into everyone's mac.
2012-09-24 18:33:13 -05:00
sinn3r 2769a88f9e Code cleanup 2012-09-24 17:47:14 -05:00
sinn3r 2db2c780d6 Additional changes
Updated get_target function, comment for original author, possible
bug in handling page redirection.
2012-09-24 17:38:19 -05:00
sinn3r 03815b47f8 Merge branch 'ie_uaf_js_spray_obfuscate' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ie_uaf_js_spray_obfuscate 2012-09-24 17:14:26 -05:00
jvazquez-r7 25e6990dc7 added osvdb reference 2012-09-24 21:49:32 +02:00
jvazquez-r7 2784a5ea2d added js obfuscation for heap spray 2012-09-24 21:28:34 +02:00
jvazquez-r7 cb099d3431 fixing and cleanup for pull #802 2012-09-24 20:34:26 +02:00
sinn3r 938b612827 Merge branch 'osxpayloads' of https://github.com/dcbz/metasploit-framework into dcbz-osxpayloads 2012-09-24 10:23:55 -05:00
sinn3r 0e94340967 Merge branch 'auxilium' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-auxilium 2012-09-24 10:22:18 -05:00
sinn3r 57b3aae9c0 Only JRE ROP is used 2012-09-24 10:21:02 -05:00
sinn3r 98f4190288 Add Auxilium RateMyPet module 2012-09-24 10:16:11 -05:00
jvazquez-r7 d476ab75cc fix comment 2012-09-24 10:03:31 +02:00
jvazquez-r7 f3a64432e9 Added module for ZDI-12-170 2012-09-24 10:00:38 +02:00
James Lee 91bc573fe8 Remove debug print 2012-09-24 01:26:39 -05:00
James Lee 77a0cf18da Fix errors when pivoting
Printing stack traces is rude.

Also removes Capture which isn't necessary for this module
2012-09-23 22:59:44 -05:00
sinn3r 7ebe1a4d55 Merge branch 'browtopwn' of https://github.com/scriptjunkie/metasploit-framework into scriptjunkie-browtopwn 2012-09-23 12:03:04 -05:00
scriptjunkie e89dcc5ab0 While 1337 is fun and funny, it is easy to spot and the correct port is 137. 2012-09-22 17:00:51 -05:00
scriptjunkie 0158312615 Java meterpreter can run scripts too! 2012-09-22 16:49:16 -05:00
dcbz 202a78dd3f Added say.rb: uses /usr/bin/say to output a string 2012-09-22 09:13:29 -05:00
dcbz 09b8a6d87f Added reverse_tcp stager payload, and updated bind 2012-09-22 08:31:42 -05:00
dcbz 81ceff7370 Added a tcp stager, and a small exec for testing 2012-09-22 07:24:51 -05:00
sinn3r cade078203 Update author info 2012-09-22 02:29:20 -05:00
dcbz dccb8d235d Adding OSX 64-bit find-tag module. 2012-09-21 15:39:35 -05:00
Chris John Riley ce441e95a6 Corrected typo, missing \ and minor regex match 2012-09-21 22:04:19 +03:00
Barry Shteiman b1226ab87c mysql search config + less verbose 2012-09-21 20:01:32 +01:00
sinn3r d3611c3f99 Correct the tab 2012-09-21 12:29:24 -05:00
sinn3r 25f4e3ee1f Update patch information for MS12-063 2012-09-21 12:28:41 -05:00
Chris John Riley 9753494cba Corrected regex scan vs. match issues
Altered PS and PCL to elsif to avoid
double detection of printjobs.
2012-09-21 13:20:14 +02:00
jvazquez-r7 ed24154915 minor fixes 2012-09-21 11:36:58 +02:00
Chris John Riley f7aaae614e Reduced instances of #{name} to client
connections and disconnections. All other
output should be self explanatory and
doesn't need #{name}
2012-09-21 11:08:47 +02:00
Chris John Riley 78f77a3df2 Replaced if @verbose with vprint_status
Corrected bug in non-detected print types
2012-09-21 10:59:39 +02:00
bcoles 6ee2c32f08 add ZEN Load Balancer module 2012-09-21 17:25:20 +09:30
jvazquez-r7 0032713198 description modified 2012-09-21 10:09:42 +02:00
jvazquez-r7 f6baf7fe34 Merge branch 'MySQL-JtR' of https://github.com/halfie/metasploit-framework into halfie-MySQL-JtR 2012-09-21 10:08:34 +02:00
sinn3r 54b98b4175 Merge branch 'ntr_activex_check_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_check_bof 2012-09-20 16:43:20 -05:00
sinn3r 4ead0643a0 Correct target parameters 2012-09-20 16:41:54 -05:00
sinn3r 41449d8379 Merge branch 'ntr_activex_stopmodule' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_stopmodule 2012-09-20 16:33:12 -05:00
sinn3r 1534c4af6f Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-09-20 16:20:34 -05:00
sinn3r 776d24d8a9 cleanup 2012-09-20 16:16:30 -05:00
sinn3r 311c01be46 Cleanup, improve option handlingg 2012-09-20 16:14:15 -05:00
David Maloney 7fcc34766a Added datastore items to BAP handlers
Added two datastore items to handlers created by BAP
2012-09-20 15:21:08 -05:00
Tod Beardsley a5ffe7297f Touching up Kernelsmith's wording.
It is merely the ROP chain, not the vuln, that requires Java.
2012-09-20 14:52:52 -05:00
Tod Beardsley 883dc26d73 Merge remote branch 'kernelsmith/ie_execcommand_uaf_info' 2012-09-20 14:48:36 -05:00
sinn3r 57fd9b8c18 Merge branch 'master' of https://github.com/dcbz/metasploit-framework into dcbz-master 2012-09-20 13:37:31 -05:00
jvazquez-r7 e98e3a1a28 added module for cve-2012-0266 2012-09-20 19:03:46 +02:00
jvazquez-r7 b61c8b85b8 Added module for CVE-2012-02672 2012-09-20 19:02:20 +02:00
Chris John Riley 3d254b69fd Applied all requirements from pull/715
Reworked PCL regex to match PCL 6/XL
msftidy is still complaining about
an indent. Can't find why however!

New PULL created as per request from
jvazquez-r7
2012-09-20 18:04:36 +02:00
Dhiru Kholia 17f7e94f4d Add support for dumping MySQL challenge-response pairs in JtR format 2012-09-20 13:54:12 +05:30
David Maloney f75ff8987c updated all my authour refs to use an alias 2012-09-19 21:46:14 -05:00
dcbz f5df7e0e8a Added 2 payload modules (reverse and bind tcp shells) 2012-09-19 16:59:26 -05:00
kernelsmith f1a39c76ed update to ie_execcommand_uaf's info to add ROP info
This module requires the following dependencies on the target for the
ROP chain to function.  For WinXP SP3 with IE8, msvcrt must be present
(which it is on default installs).  For Vista/Win7 with IE8 or Win7
with IE9, ire 1.6.x or below must be installed.
2012-09-19 14:10:02 -05:00
Ramon de C Valle 11f82de098 Update author information 2012-09-19 14:00:51 -03:00
sinn3r cc8102434a CVE assigned for the IE '0day' 2012-09-18 16:13:27 -05:00
Tod Beardsley 25475ffc93 Msftidy fixes.
Whitespace on ie_execcommand_uaf, and skipping a known-weird caps check
on a particular software name.
2012-09-18 11:25:00 -05:00
jvazquez-r7 8b251b053e initializing msghdr a little better 2012-09-18 12:12:27 +02:00
jvazquez-r7 16c5df46fc fix while testing ubuntu intrepid 2012-09-18 11:52:50 +02:00
sinn3r 5fbc4b836a Add Microsoft advisory 2012-09-17 22:13:57 -05:00
Tod Beardsley 75bbd1c48d Being slightly more clear on Browser Not Supported
With this and the rest of sinn3r's fixes, it looks like we can close the
Redmine bug.

[FixRM #7242]
2012-09-17 11:16:19 -05:00
sinn3r d77ab9d8bd Fix URIPATH and nil target
Allow random and '/' as URIPATh, also refuse serving the exploit
when the browser is unknown.
2012-09-17 10:54:12 -05:00
Tod Beardsley 48a46f3b94 Pack / Unpack should be V not L
Packing or unpacking to/from L, I, or S as pack types will cause
problems on big-endian builds of Metasloit, and are best avoided.
2012-09-17 09:52:43 -05:00
Tod Beardsley d77efd587a Merge remote branch 'wchen-r7/ie_0day_execcommand' 2012-09-17 08:48:22 -05:00
sinn3r 5eaefcf4c7 This is the right one, I promise 2012-09-17 08:41:25 -05:00
sinn3r 8f50a167bd This is the right module 2012-09-17 08:36:04 -05:00
sinn3r e43cae70a7 Add IE 0day exploiting the execcommand uaf 2012-09-17 08:28:33 -05:00
Tod Beardsley c83b49ad58 Unix linefeeds, not windows
That's what I get for just committing willy-nilly with a fresh install
of Gvim for Windows.

Also, this is an experiment to see if linefeeds are being respected in
this editor Window. I doubt it will be, given GitHub's resistence to
50/72 as a sensible default.
2012-09-16 18:10:35 -05:00
Tod Beardsley 2fc34e0073 Auth successful, not successfully
Just fixing up some adverb versus adjective grammar.
2012-09-16 17:51:00 -05:00
sinn3r b07b30839e Merge branch 'webmin_edit_html_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-webmin_edit_html_fileaccess 2012-09-16 03:17:09 -05:00
jvazquez-r7 63d2d60c68 delete don't needed line 2012-09-15 23:56:38 +02:00
jvazquez-r7 ff2e9fc157 add changes proposed by sinn3r 2012-09-15 23:55:55 +02:00
jvazquez-r7 cbc778cb47 add changes proposed by sinn3r 2012-09-15 23:53:09 +02:00
jvazquez-r7 0708ec72fc module moved to a more correct location 2012-09-15 15:31:21 +02:00
jvazquez-r7 0f67f8d08a target modified 2012-09-15 15:14:33 +02:00
jvazquez-r7 70ff7621d6 added module for CVE-2012-2983 2012-09-15 15:11:12 +02:00
jvazquez-r7 0061d23b37 Added module for CVE-2012-2982 2012-09-15 15:09:19 +02:00
jvazquez-r7 9a83c7c338 changes according to egypt review 2012-09-14 18:47:50 +02:00
jvazquez-r7 eae571592c Added rgod email 2012-09-14 17:45:16 +02:00
jvazquez-r7 a2649dc8d1 fix typo 2012-09-14 17:10:41 +02:00
jvazquez-r7 e27d5e2eb7 Description improved 2012-09-14 17:08:59 +02:00
jvazquez-r7 9c77c15cf5 Added module for osvdb 85087 2012-09-14 16:54:28 +02:00
James Lee 3c6319b75f Add nonx stagers for linux
[See #784]
2012-09-13 15:15:38 -05:00
James Lee caf7619b86 Remove extra comma, fixes syntax errors in 1.8
Thanks, Kanedaaa, for reporting
2012-09-13 12:07:34 -05:00
sinn3r 1f58458073 Merge branch 'udev_netlink' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-udev_netlink 2012-09-13 10:37:52 -05:00
sinn3r b31e8fd080 Merge branch 'qdpm_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-qdpm_upload_exec 2012-09-13 10:37:10 -05:00
sinn3r 71a0db9ae5 Make sure the user has a 'myAccount' page 2012-09-13 10:33:43 -05:00
jvazquez-r7 6771466cb7 Added module for CVE-2011-2750 2012-09-13 17:24:16 +02:00
sinn3r 658502d5ad Add OSVDB-82978
This module exploits a vuln in qdPM - a web-based project
management software. The user profile's photo upload feature can
be abused to upload any arbitrary file onto the victim server
machine, which allows remote code execution. However, note in
order to use this module, the attacker must have a valid cred
to sign.
2012-09-13 10:01:08 -05:00
jvazquez-r7 12f3ef9c7c added osvdb numbers 2012-09-13 14:00:12 +02:00
0a2940 733f656b00 code style improvement - start counter at 0 2012-09-13 11:32:10 +02:00
0a2940 f48f77c0d7 compatibility improvement - backticks not $()
For the comments above, and the fact we're using backticks later in the line also (uniformity++)
2012-09-13 11:19:00 +02:00
0a2940 f728d32f60 code style improvement - remove 'then' from 'if's 2012-09-13 11:14:45 +02:00
James Lee f38ac954b8 Update linux stagers for NX compatibility
- Adds a call to mprotect(2) to the reverse and bind stagers

- Adds accurate source for some other linux shellcode, including some
  comments to make it more maintainable

- Adds tools/module_payload.rb for listing all payloads for each exploit
  in a greppable format. Makes it easy to find out if a payload change
  causes a payload to no longer be compatible with a given exploit.

- Missing from this commit is source for reverse_ipv6_tcp
2012-09-12 18:44:00 -05:00
Tod Beardsley 39f2cbfc3c Older targets confirmed for CoolType SING 2012-09-12 16:51:51 -05:00
Tod Beardsley fba219532c Updating BID for openfiler 2012-09-12 14:13:21 -05:00
Tod Beardsley 32e2232de3 Disambiguating hkm from hdm
Having an author name of "hkm" really looks like a typo for "hdm," but
it's not.
2012-09-11 11:13:20 -05:00
HD Moore c901002e75 Add ssh login module for cydia / ios defaults 2012-09-10 19:36:20 -05:00
HD Moore fbbed2262b Updated iOS modules 2012-09-10 17:42:17 -05:00
sinn3r 83f4b38609 Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof 2012-09-10 16:19:14 -05:00
jvazquez-r7 61bf15114a deregistering FILENAME option 2012-09-10 23:14:14 +02:00
sinn3r 2259de3130 Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof 2012-09-10 16:10:22 -05:00
jvazquez-r7 199fbaf33d use a static filename 2012-09-10 23:08:21 +02:00
sinn3r 1c14c270bc Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof 2012-09-10 15:53:16 -05:00
jvazquez-r7 cb975ce0a2 cleanup plus documentation for the maki template 2012-09-10 22:48:04 +02:00
sinn3r f5a0f74d27 Merge branch 'wanem_exec_improve' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-wanem_exec_improve 2012-09-10 13:35:48 -05:00
James Lee bbeb6cc97a Add a privilege escalation exploit for udev < 1.4.1
Also includes a new ```rm_f``` method for Post::File for deleting remote
files in a platform-independent way.
2012-09-10 12:32:14 -05:00
jvazquez-r7 607c0f023a added edb references 2012-09-10 17:30:31 +02:00
jvazquez-r7 b813e4e650 Added module for CVE-2009-1831 2012-09-10 16:46:16 +02:00
sinn3r 64b8696e3c Extra condition that's not actually needed
Don't actually need to check nil res, because no code will
actually try to access res when it's nil anyway. And the 'return'
at the of the function will catch it when the response times out.
2012-09-09 04:06:48 -05:00
bcoles cb95a7b520 Add openfiler_networkcard_exec exploit 2012-09-09 17:28:09 +09:30
jvazquez-r7 37c7f366f2 check function test vulnerability + minor improvements 2012-09-09 00:42:02 +02:00
bcoles f02659184a Add WANem v2.3 command execution 2012-09-08 16:01:45 +09:30
jvazquez-r7 caae54a7ca added osvdb reference 2012-09-07 16:56:37 +02:00
Tod Beardsley aaf7fcd5e9 Closing bracket doh 2012-09-07 08:57:27 -05:00
Tod Beardsley 53e4818c2e Humble-desser, not humble-dresser 2012-09-07 08:49:27 -05:00
jvazquez-r7 c572c20831 Description updated to explain conditions 2012-09-07 11:18:54 +02:00
sinn3r bd596a3f39 Merge branch 'sflog_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sflog_upload_exec 2012-09-06 18:40:19 -05:00
sinn3r 86036737ca Apparently this app has two different names
People may either call the app "ActiveFax", or "ActFax". Include
both names in there to allow the module to be more searchable.
2012-09-06 18:38:03 -05:00
sinn3r 6a484cdbc5 Merge branch 'actfax_local_exploit' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-actfax_local_exploit 2012-09-06 18:35:08 -05:00
sinn3r b4270bb480 Add OSVDB-83767: SFlog Upload Exec Module
This module exploits multiiple flaws in SFlog!. By default, the
CMS has a default admin cred of "admin:secret", which can be
abused to access admin features such as blog management.  Through
the management interface, we can upload a backdoor that's accessible
by any remote user, and then we gain code execution.
2012-09-06 18:30:45 -05:00
jvazquez-r7 fc1c1c93ba ZDI references fixed 2012-09-07 00:50:07 +02:00
jvazquez-r7 4985cb0982 Added module for ActFac SYSTEM Local bof 2012-09-07 00:45:08 +02:00
jvazquez-r7 65681dc3b6 added osvdb reference 2012-09-06 13:56:52 +02:00
jvazquez-r7 b4113a2a38 hp_site_scope_uploadfileshandler is now multiplatform 2012-09-06 12:54:51 +02:00
jvazquez-r7 270fa1b87b updated descriptions for hp sitescope modules tested over linux 2012-09-05 23:25:08 +02:00
Tod Beardsley 9531c95627 Adding BID 2012-09-05 15:04:05 -05:00
Tod Beardsley ff97b1da00 Whitespace EOL 2012-09-05 14:04:20 -05:00
sinn3r 43041e3a0a Merge branch 'hp_sitescope_uploadfileshandler' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_uploadfileshandler 2012-09-05 14:03:24 -05:00
sinn3r 6705f5405e Merge branch 'symantec_smg_ssh_pass' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-symantec_smg_ssh_pass 2012-09-05 14:00:55 -05:00
sinn3r bed3c7bbac Merge branch 'hp_sitescope_loadfilecontent_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_loadfilecontent_fileaccess 2012-09-05 13:59:49 -05:00
jvazquez-r7 2f87af1c3a add some checks while parsing the java serialization config file 2012-09-05 20:58:55 +02:00
sinn3r 598fdb5c50 Merge branch 'hp_sitescope_getsitescopeconfiguration' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_getsitescopeconfiguration 2012-09-05 13:58:39 -05:00