1e94b090e7
The __END__ trick is no longer needed
2013-01-10 00:29:11 -06:00
acabc14ec3
This restores functionality across all rails 3.x
2013-01-10 00:28:12 -06:00
0e92de8f61
This works against a wider range of RoR 3.x targets
2013-01-10 00:10:26 -06:00
5e7a4f154e
Fix platform/arch
2013-01-09 23:24:37 -06:00
e15c731651
Clarify credit
2013-01-09 23:22:40 -06:00
4c1e501ed0
Exploit for CVE-2013-0156 and new ruby-platform modules
2013-01-09 23:10:13 -06:00
ad3ca3a6bb
regex to check version fixed
2013-01-09 23:48:55 +01:00
5901058a61
Merge branch 'ms11_081' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms11_081
2013-01-09 23:24:14 +01:00
fe8b9c24cf
Merge branch 'jvazquez-r7-honeywell_tema_exec'
2013-01-09 16:08:19 -06:00
f3b88d34c1
Add MS11-081
2013-01-09 15:52:33 -06:00
52157b9124
extplorer_upload_exec cleanup
2013-01-09 19:45:17 +01:00
8f91352c4a
Merge branch 'extplorer_upload_exec' of https://github.com/bcoles/metasploit-framework into bcoles-extplorer_upload_exec
2013-01-09 19:44:43 +01:00
7a1a9985d5
Merge branch 'mysql_login_exceptions' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mysql_login_exceptions
2013-01-09 18:21:03 +01:00
736f8db6c0
Deleting from browser autopwn
2013-01-09 09:58:20 +01:00
377905be7f
Avoid FileDropper in this case
2013-01-09 09:15:38 +01:00
52982c0785
Added BrowserAutopwn info
2013-01-08 19:53:34 +01:00
0e475dfce1
improvements and testing
2013-01-08 19:43:58 +01:00
b2575f0526
Added module for OSVDB 76681
2013-01-08 17:46:31 +01:00
2a1ab2c99a
Improve the module
2013-01-07 19:03:58 -06:00
1d3c1ec7fc
Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master
2013-01-07 19:03:35 -06:00
4e0fca6d0f
Adding DB error handling
...
As per sinn3r's suggestion, adding handling for the most common MySQL
errors.
Also adding HostNotPrivileged, which I encountered during my testing.
2013-01-07 23:52:13 +00:00
5bc1066c69
Change how modules use the mysql login functions
2013-01-07 16:12:10 -06:00
a59c474e3e
Merge branch 'jvazquez-r7-ibm_cognos_tm1admsd_bof'
2013-01-07 13:34:52 -06:00
36adf86184
Various and sundry fixes for normalize_uri
2013-01-07 12:02:08 -06:00
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
a8df3d71ff
Changes based on Sinn3r's feedback
...
A bucket-load of changes!
- Added a fallback for if there is no Set-Cookie header
- Added a check if the cookie we produce is simply empty, meaning we
failed something :(
- Removed use of flatten. Though I may look into making that extraction
better
- Changed cgi requests to use vars_(post|get)
- Clarified a few status prints
- A few EOL space fixes
2013-01-06 12:34:27 +00:00
a5113f0da4
Adding a check function
...
Because it makes sense. The non-vulnerable versions doesn't have
/libs/pdf.php.
So pretty simple.
2013-01-05 18:37:29 +00:00
ae72022777
Improvement for CVE 2012-4915
...
Made two tiny improvements based on Meatballs' points
- Added handling for 127.0.0.1 as DB_HOST
- Added a note in the description about it changing the pasword
2013-01-05 18:23:00 +00:00
25cadf8b87
Adding exploit for CVE 2012-4915
...
Initial commit.
Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00
883b3446f3
license text
2013-01-05 08:03:25 +01:00
0a13f01f23
Added module for ZDI-12-101
2013-01-05 07:40:32 +01:00
6654faf55e
Msftidy fixes
2013-01-04 09:29:34 +01:00
b50e040e69
Fix e-mail format, and the extra comma
2013-01-04 01:11:40 -06:00
6d4abe947d
Merge branch 'id_revision' of github.com:FireFart/metasploit-framework into FireFart-id_revision
2013-01-04 00:23:03 -06:00
38de5d63d8
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-01-03 17:49:24 -06:00
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
b061a0f9c1
Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof
2013-01-03 17:45:24 -06:00
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
a0b4045b4b
trying to fix the variable offset length
2013-01-04 00:25:34 +01:00
724fa62019
Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof
2013-01-03 15:35:29 -06:00
6fd35482cc
This exploit should be in browser auto pwn
2013-01-03 14:45:00 -06:00
9cea2d9af9
reference updated
2013-01-03 19:39:18 +01:00
45808a3a44
Added module for ZDI-11-350
2013-01-03 19:17:45 +01:00
06b937ec11
Implements WTFUzz's no-spray technique
...
Do not try to bend the spoon, that is impossible. Instead, only
try to realize the truth: there is no spoon.
2013-01-03 11:57:47 -06:00
c86c6f1ba0
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2013-01-02 17:26:42 -06:00
758edd7aed
make msftidy happy
2013-01-03 00:02:03 +01:00
97253d46a1
Multiple change for Juan
...
Incooperated changes as per Juan's suggestions.
- Removed redundant space option for the payload
- Doing the uri more intelligently
- Detecting allow_url_include being disabled and reporting it
- Moved to unix/webapp
- Removed redundant handler call
- Adding to description that this requires allow_url_include to be
enabled
2013-01-02 21:19:06 +00:00
78c6d04b31
Fixing from crlf to lf
...
By accident the line endings changed to crlf.
Mihi pointed out that the last diff was funky because the commit by
accident had crlf rather than the lf from the initial commits.
Also adding an email, as per the HACKING guide and since hdm pointed out
the usefulness of it.
2013-01-02 20:14:09 +00:00
ef3f15e881
Adding a PLUGINSPATH option
...
Adding a PUGINSPATH option as per FireFart's comment.
Because the path to plugins(and wp-content) can be changed, I've added a
PLUGINSPATH options.
This allows for targeting of sites where either folder has been moved,
by specifying the relative path to where all plugins are stored.
2013-01-02 18:56:49 +00:00
6fb2130265
Adding a damn space
...
It suddenly jumped at me that there was a missing space in the module
info. Couldn't unsee.
2013-01-01 23:40:01 +00:00
4ba5b45ad3
Fixed the check
...
Turns out the export returns a 500 by default. Fixing.
2013-01-01 23:15:10 +00:00
dd0482cb9d
Code style fix!
...
Now variable names are in-line with the coding guidelines!
2013-01-01 23:01:14 +00:00
2fe2d5d3dd
Adding exploit for OSVDB 87353
...
Adding an exploit for OSVDB 87353, which allows for a remote file
inclusion in the Advanced Custom Fields plugin for Wordpress. and shell
given that url include is enabled in the php installation.
2013-01-01 22:52:55 +00:00
38157b86a9
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-31 11:15:44 -06:00
f7543e18fe
Your def of commit apparently is a little different than mine, git.
2012-12-31 00:35:13 -06:00
2b3f7c4430
Module rename
...
Sorry, Tod, this must be done.
2012-12-31 00:29:19 -06:00
5703274bc4
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-30 20:34:57 -06:00
1084334d5e
Randomness
2012-12-30 20:34:14 -06:00
7cb42a5eb4
Add BID ref
2012-12-30 18:14:22 -06:00
cc52e2c533
Where's Juan's name?
2012-12-30 12:58:16 -06:00
14f21c0a29
using the rop as expected
2012-12-30 16:13:48 +01:00
eed5a74f32
description updated and reference added
2012-12-30 16:08:01 +01:00
8e543cf5f5
Add eXtplorer v2.1 auth bypass exploit module
2012-12-30 23:51:41 +10:30
f7d6594314
re-deleted comma
2012-12-30 13:39:14 +01:00
6be8ed6168
readd fix for #1219
2012-12-30 13:25:42 +01:00
cd58cc73d9
fixed rop chain for w2003
2012-12-30 13:12:55 +01:00
cab84b5c27
Fix for issue #1219
2012-12-30 13:02:13 +01:00
dcf018c339
Comma
2012-12-30 12:54:44 +01:00
14d197eeb2
Added Windows Server 2003
2012-12-30 11:35:29 +01:00
6cb9106218
Added module for CVE-2012-4792
2012-12-30 01:46:56 +01:00
eb2037bdba
Merge branch 'inotes_dwa85w_bof' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-inotes_dwa85w_bof
2012-12-28 12:16:06 -06:00
9ffb0dcf79
switch to some random data
2012-12-28 12:48:36 +01:00
8f62cd5561
swith to some random data
2012-12-28 12:47:20 +01:00
af61438b0b
added module for zdi-12-132
2012-12-28 11:45:32 +01:00
8ea5c993a2
added module for zdi-12-134
2012-12-28 11:44:30 +01:00
771460fa4c
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-26 11:35:52 -06:00
d2dc7ebc2d
Merge branch 'feature/windows-postgres-payload-dll' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/windows-postgres-payload-dll
2012-12-26 11:18:21 -06:00
8223df375d
Avoid making the title sound too generic.
2012-12-26 11:15:37 -06:00
0b2ea3e55e
Fix weird tabs vs spaces prob
2012-12-26 11:14:48 -06:00
e895ccb6b1
added random string functions
2012-12-25 18:13:02 +01:00
fec989026f
Added module for CVE-2012-5691
2012-12-25 18:05:10 +01:00
2682908ff2
Small corrections here and there
2012-12-24 18:20:46 -06:00
6a3bf6a2a6
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-24 17:57:02 -06:00
38f0886058
James has more modules that need to be updated.
...
e-mail update.
2012-12-24 17:51:58 -06:00
5b8492fc0d
module cleanup by juan
2012-12-24 23:26:40 +01:00
ac6f34dc09
module name renamed
2012-12-24 23:26:06 +01:00
bf036c97ad
added initial submission from james fitts
2012-12-24 23:25:25 +01:00
7173c9b598
update james email address
2012-12-24 22:46:47 +01:00
d69e506221
Final changes
2012-12-24 15:08:52 -06:00
3d27397429
This error will still show even if we get a shell
2012-12-24 15:06:15 -06:00
0950240d9a
module cleanup by juan
2012-12-24 18:59:45 +01:00
9020c96373
module renamed
2012-12-24 18:59:25 +01:00
09568f255e
Submission by James Fitts
2012-12-24 18:58:53 +01:00
076c8aa995
Merge branch 'nullbind-mssql_linkcrawler'
2012-12-24 11:14:28 -06:00
677b9718da
Finalizing module
2012-12-24 11:13:51 -06:00
4c897c5181
added module for ZDI-12-154
2012-12-24 16:23:19 +01:00
d2e3e5defb
Merge branch 'jlee-r7-cleanup/post-windows-services'
2012-12-22 13:29:48 -06:00
e15cf9f288
Merge branch 'netwin_surgeftp_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-netwin_surgeftp_exec
2012-12-22 15:50:07 +01:00
d97a63a94c
Make changes based on juan and egypt's feedback
2012-12-22 02:35:22 -06:00
20cc2fa38d
Make Windows postgres_payload more generic
...
* Adds Exploit::EXE to windows/postgres/postgres_payload. This gives us
the ability to use generate_payload_dll() which generates a generic dll
that spawns rundll32 and runs the shellcode in that process. This is
basically what the linux version accomplishes by compiling the .so on
the fly. On major advantage of this is that the resulting DLL will
work on pretty much any version of postgres
* Adds Exploit::FileDropper to windows version as well. This gives us
the ability to delete the dll via the resulting session, which works
because the template dll contains code to shove the shellcode into a
new rundll32 process and exit, thus leaving the file closed after
Postgres calls FreeLibrary.
* Adds pre-auth fingerprints for 9.1.5 and 9.1.6 on Ubuntu and 9.2.1 on
Windows
* Adds a check method to both Windows and Linux versions that simply
makes sure that the given credentials work against the target service.
* Replaces the version-specific lo_create method with a generic
technique that works on both 9.x and 8.x
* Fixes a bug when targeting 9.x; "language C" in the UDF creation query
gets downcased and subsequently causes postgres to error out before
opening the DLL
* Cleans up lots of rdoc in Exploit::Postgres
2012-12-22 00:30:09 -06:00
9b768a2c62
Merge branch 'cleanup/post-windows-services' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-cleanup/post-windows-services
2012-12-21 23:42:17 -06:00
49248c79d6
Oops, didn't mean to keep these lines
2012-12-21 22:22:58 -06:00
9af8c9b457
Small corrections
2012-12-21 18:52:40 -06:00
ca72132fc0
Add a check
2012-12-21 16:23:31 -06:00
1323081bce
msftidy cleanup
2012-12-21 16:11:16 -06:00
529a3c9a63
Add Netwin SurgeFTP module
2012-12-21 16:10:27 -06:00
d5f08a2405
Added module for CVE-2012-6329 for foswiki
2012-12-21 22:08:08 +01:00
02782258eb
fix eol for ms12_004_midi
2012-12-21 21:01:39 +01:00
ff4b959c04
Merge branch 'ms12_004_leaky_icky' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms12_004_leaky_icky
2012-12-21 21:01:05 +01:00
115ad9ae33
Small corrections
2012-12-21 12:56:44 -06:00
3c398d0e62
Final cleanup
2012-12-21 10:46:36 -06:00
4c58991c89
Cleanup ROP a little
2012-12-21 10:35:28 -06:00
e95f0267c6
Update for some leaky icky
2012-12-21 10:03:38 -06:00
76cad3dd4c
Added module for CVE-2012-6329
2012-12-21 11:30:04 +01:00
b3c0c6175d
FixRM #3398 by removing double user-agent headers
2012-12-20 14:45:18 -06:00
4595a96ece
updated CVE and OSVDB wikka_spam_exec references
2012-12-19 16:42:47 -05:00
f820ffb32d
update authors
2012-12-18 23:57:29 +01:00
8a07d2e53d
Added module for ZDI-12-168
2012-12-18 23:48:53 +01:00
0344c568fd
Merge branch 'smb_fixes' of git://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-smb_fixes
2012-12-18 11:38:14 -06:00
fa42d0c7fe
Fixed minor spelling errors
2012-12-17 15:18:08 -07:00
88f02e0016
Merge branch 'jvazquez-r7-crystal_reports_printcontrol'
2012-12-17 13:52:11 -06:00
9198e0dc05
Merge branch 'crystal_reports_printcontrol' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-crystal_reports_printcontrol
2012-12-17 13:40:41 -06:00
10511e8281
Merge remote branch 'origin/bug/fix-double-slashes'
...
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
3ed36bd66a
trying to fix stability issues on w7
2012-12-17 19:17:36 +01:00
37ce92afb1
Merge branch 'crystal_reports_printcontrol' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-crystal_reports_printcontrol
2012-12-16 16:15:24 -06:00
bce7d48931
comment updated
2012-12-14 23:55:12 +01:00
0a0b26dc2c
after study the crash after the overflow...
2012-12-14 23:54:44 +01:00
53a2fda608
Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler
2012-12-14 15:23:25 -06:00
12472756aa
Merge branch 'master' into bug/safari-metadata-version
2012-12-14 12:52:18 -06:00
3e3f35419b
Added module for CVE-2010-2590
2012-12-14 12:50:29 +01:00
eb972eaf0a
Add a maxver for the safari_metadata_archive exploit.
...
* Apple Security Update 2006-001 (http://support.apple.com/kb/TA23971 )
* Update applied to 10.4.5, where safari 2.0.3 is default browser.
* Because update did not bump Safari version, not all 2.0.3 browsers will be affected.
2012-12-14 02:17:25 -06:00
d2885d9045
Correct US Cert references
2012-12-13 14:19:53 -06:00
67829756f8
fixed errors
2012-12-12 17:45:02 -06:00
e762ca0d9b
Merge remote branch 'jlee-r7/midnitesnake-postgres_payload'
2012-12-12 15:30:56 -06:00
a69a4fbbce
Extra spaces, be gone.
2012-12-12 14:38:00 -06:00
3a481c8e42
Merge branch 'feature/winrm_compat_mode' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/winrm_compat_mode
2012-12-12 14:31:04 -06:00
5856874cea
Login check fixes for exploit
2012-12-12 14:18:41 -06:00
b465d20d61
Merge branch 'feature/winrm_compat_mode' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/winrm_compat_mode
2012-12-12 11:59:23 -06:00
5e8b9a20a4
Fix boneheaded mistake
2012-12-12 09:18:03 -06:00
3f4efea879
No twitter name, please.
2012-12-11 14:52:39 -06:00
343a785420
Add OSVDB references
2012-12-11 12:47:08 -06:00
2eb4de815d
added c# code by Nicolas Gregoire
2012-12-11 16:33:41 +01:00
44633c4f5b
deleted incorrect cve ref
2012-12-11 12:16:47 +01:00
fdb457d82b
Merge branch 'refs_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-refs_update
2012-12-11 12:16:06 +01:00
b315a4eee4
Grammar
2012-12-11 00:19:15 -06:00
e3a126aa75
Added module for ZDI-10-174
2012-12-11 01:37:44 +01:00
31e2a164a9
MySQL file priv gets a ref from OSVDB
2012-12-10 12:15:44 -06:00
f5193b595c
Update references
2012-12-10 11:42:21 -06:00
e448431c8a
Add 32bit comapt mode for 64 bit targets on wirnm
...
When a 32 bit payload is selected for an x64 target using the powershell
2.0 method,
it will try to invoke the 32bit version of pwoershell to sue instead
allowing us to still get a session even with the wrong payload arch
2012-12-10 11:39:24 -06:00
7ea188e02d
Merge pull request #1147 from wchen-r7/cve_text_consistency
...
Change CVE text format
2012-12-09 14:48:08 -08:00
HD Moore
jvazquez-r7
sinn3r
Charlie Eriksen
Tod Beardsley
Christian Mehlmauer
bcoles
James Lee
sput-nick
Garret Picchioni
joe
nullbind
David Maloney
Tod Beardsley