ae72022777
Improvement for CVE 2012-4915
...
Made two tiny improvements based on Meatballs' points
- Added handling for 127.0.0.1 as DB_HOST
- Added a note in the description about it changing the pasword
2013-01-05 18:23:00 +00:00
25cadf8b87
Adding exploit for CVE 2012-4915
...
Initial commit.
Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00
b50e040e69
Fix e-mail format, and the extra comma
2013-01-04 01:11:40 -06:00
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
758edd7aed
make msftidy happy
2013-01-03 00:02:03 +01:00
97253d46a1
Multiple change for Juan
...
Incooperated changes as per Juan's suggestions.
- Removed redundant space option for the payload
- Doing the uri more intelligently
- Detecting allow_url_include being disabled and reporting it
- Moved to unix/webapp
- Removed redundant handler call
- Adding to description that this requires allow_url_include to be
enabled
2013-01-02 21:19:06 +00:00
2682908ff2
Small corrections here and there
2012-12-24 18:20:46 -06:00
5b8492fc0d
module cleanup by juan
2012-12-24 23:26:40 +01:00
ac6f34dc09
module name renamed
2012-12-24 23:26:06 +01:00
bf036c97ad
added initial submission from james fitts
2012-12-24 23:25:25 +01:00
7173c9b598
update james email address
2012-12-24 22:46:47 +01:00
d69e506221
Final changes
2012-12-24 15:08:52 -06:00
3d27397429
This error will still show even if we get a shell
2012-12-24 15:06:15 -06:00
0950240d9a
module cleanup by juan
2012-12-24 18:59:45 +01:00
9020c96373
module renamed
2012-12-24 18:59:25 +01:00
09568f255e
Submission by James Fitts
2012-12-24 18:58:53 +01:00
9af8c9b457
Small corrections
2012-12-21 18:52:40 -06:00
d5f08a2405
Added module for CVE-2012-6329 for foswiki
2012-12-21 22:08:08 +01:00
115ad9ae33
Small corrections
2012-12-21 12:56:44 -06:00
76cad3dd4c
Added module for CVE-2012-6329
2012-12-21 11:30:04 +01:00
b3c0c6175d
FixRM #3398 by removing double user-agent headers
2012-12-20 14:45:18 -06:00
f5193b595c
Update references
2012-12-10 11:42:21 -06:00
d921c6f6e9
bid reference added
2012-12-08 15:09:32 +01:00
60feba164d
Add OSVDB
2012-12-07 23:18:02 -06:00
15661b82bc
Add Nagios Network Monitor Graph Explorer module
2012-12-07 23:16:25 -06:00
06927345e5
If message becomes nil, we should force a to_s for the regex
...
next_message can be nil sometimes if packet is nil (see net/ssh's
poll_message source)
2012-12-06 10:44:16 -06:00
530332b176
Apply evil-e's fix when port isn't 22
...
See #1130
2012-12-05 21:42:53 -06:00
32c5f12912
Hmm, I should change the target name
2012-12-05 21:38:31 -06:00
d3c1fa842a
Lots of improvements
...
Keyboard-interactive method isn't required to exploit Tectia SSH.
So this update will just go straight to password method. There's
also improvements for the check() method: Not only does it check
the SSH version (banner), it will also check and see if the server
is using password method to auth.
2012-12-05 21:34:33 -06:00
49999a56ea
Added CVE & vendor advisory information
2012-12-05 10:13:44 -06:00
e6c6133c90
must be password authentication
2012-12-04 09:56:51 -06:00
2467183c4f
"Appears" is better
...
"Appears" is a more accureate way describing how much we think the
host is vulnerable.
2012-12-04 09:28:05 -06:00
b5e7009283
Since we have included Tcp for check(), we don't need to reg rhost
2012-12-04 09:25:24 -06:00
3c59c2d5c0
This extra space must die.
2012-12-03 21:09:07 -06:00
211a1674f5
Add kingcope's Tectia SSH 0day
2012-12-03 21:07:32 -06:00
8b3d200986
Add a check for nil
2012-11-28 23:50:29 -06:00
d4e873df07
Fix bad reference (thanks Daniel Moeller)
2012-11-22 23:51:57 -06:00
959ea1f0c5
final cleanup
2012-11-20 12:52:00 +01:00
a93fbfea32
Add Narcissus module (OSVDB-87410)
2012-11-19 15:12:57 -06:00
09ec7dea95
fix check function after speak with egix
2012-11-15 01:34:17 +01:00
3ba3e906d7
added improvements by egix
2012-11-15 01:20:32 +01:00
af8ac2fbf6
There's a bug here, can you tell?
...
Need to be aware of what happens when no version is captured.
2012-11-14 11:54:59 -06:00
88ea347e40
added cookie prefix check
2012-11-14 16:20:40 +01:00
bbb2f69b55
Add missing require for PhpExe
2012-11-13 10:17:42 -06:00
7d317e7863
Use PhpEXE, and a check() function
...
Uses the PhpEXE mixin for the payload. And then in the future
we can modify PhpEXE again to allow it to be space-free (problem
being a space is required when you use a function). Also, this
commit has a new check function.
2012-11-13 01:41:26 -06:00
42dd1ee3ff
added module for CVE-2012-5692
2012-11-10 11:35:21 +01:00
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
2c4273e478
Correct some modules with res nil
2012-10-29 04:41:30 -05:00
799c22554e
Warn user if a file/permission is being modified during new session
2012-10-24 00:54:17 -05:00
f1423bf0b4
If a message is clearly a warning, then use print_warning
2012-10-24 00:44:53 -05:00
be9a954405
Merge remote branch 'jlee-r7/cleanup/post-requires'
2012-10-23 15:08:25 -05:00
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
9c95c7992b
Require's for all the include's
2012-10-23 13:24:05 -05:00
13a5892e95
Add a mixin for uploading/executing bins with PHP
...
And use it in three modules that had copy-paste versions of the same
idea.
2012-10-12 02:57:41 -05:00
9ea208d129
Oops, overwrote egypt's changes by accident
2012-10-11 16:40:52 -05:00
82eaa322fe
Make cleanup work better
2012-10-11 16:39:54 -05:00
3a66a07844
Proposed re-wording of description
...
[See #889 ]
2012-10-11 15:48:04 -05:00
24980e735b
I found an OSVDB ID
2012-10-11 15:28:07 -05:00
55128f5bb3
Make sure res has value before passing it on to exec_php
2012-10-11 14:43:38 -05:00
033a11eff5
Add Project Pier File Upload Vulnerability
2012-10-11 13:47:40 -05:00
4fa3631e34
avoiding the python support on the barracuda one if cannot be tested
2012-10-09 18:01:23 +02:00
f33411abd1
Merge branch 'python_payload_support' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-python_payload_support
2012-10-09 18:00:44 +02:00
a12aed7ffc
Don't really need these keywords
2012-10-09 00:49:05 -05:00
c094508119
Support Python payload
...
Pretty sure if the app is run on Unix/Apache, or supports perl and
ruby, chances are python works too.
2012-10-08 22:17:11 -05:00
f4e442bcbd
Added headers support to php_include module
2012-10-05 23:00:38 +02:00
d515b3274d
Apply wfsdelay and apply egypt's suggestions
2012-10-04 00:40:52 -05:00
e2276bfedb
Add QNX QCOMM command execution module
2012-09-30 17:21:08 +09:30
c83b49ad58
Unix linefeeds, not windows
...
That's what I get for just committing willy-nilly with a fresh install
of Gvim for Windows.
Also, this is an experiment to see if linefeeds are being respected in
this editor Window. I doubt it will be, given GitHub's resistence to
50/72 as a sensible default.
2012-09-16 18:10:35 -05:00
2fc34e0073
Auth successful, not successfully
...
Just fixing up some adverb versus adjective grammar.
2012-09-16 17:51:00 -05:00
cbc778cb47
add changes proposed by sinn3r
2012-09-15 23:53:09 +02:00
0708ec72fc
module moved to a more correct location
2012-09-15 15:31:21 +02:00
e27f736e95
BID reference added
2012-08-24 17:29:12 +02:00
0e535e6485
added module for XODA file upload RCE
2012-08-22 00:54:13 +02:00
c2cc4b3b15
juan author name updated
2012-08-06 18:59:16 +02:00
d5b165abbb
Msftidy.rb cleanup on recent modules.
...
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
31510167e6
Make setuid_nmap more robust
...
Squashed commit of the following:
commit e1a1f84f9b1ce6466e82c72e39070c34607d6769
Author: James Lee <egypt@metasploit.com>
Date: Fri Aug 3 14:13:33 2012 -0600
Fix 1.8 compat
commit 26533219896b6e874b2f2113e7cbc6d5d7d1ac79
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Thu Aug 2 09:50:38 2012 -0500
Handle early Nmap versions that don't take absolute paths
commit 00db80131deba1f4a3bcc289b394feb5057fbbe9
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Fri Jul 27 11:58:36 2012 -0500
Add compatibility args to setuid_nmap command
Nmap before 4.75 would not run a script without a port scan being
performed. Example: 4.53 installed on Metasploitable would not work.
Added "-p80 localhost" to the command to ensure it works with these
older versions.
[Closes #649 ]
2012-08-03 14:15:09 -06:00
2f66aa7c4f
Added module for OSVDB 83891
2012-07-21 12:14:29 +02:00
efe478f847
Merge branch 'master' into omg-post-exploits
2012-07-16 09:20:23 -06:00
a57e712630
Be less verbose
2012-07-15 22:19:12 -05:00
b133428bc1
Better error handling in two web app modules
2012-07-15 21:56:00 -05:00
4af75ff7ed
Added module for CVE-2011-4542
2012-07-10 18:40:18 +02:00
6d6b4bfa92
Merge remote branch 'rapid7/master' into omg-post-exploits
2012-07-08 17:32:39 -06:00
44290c2c89
add osvdb ref
2012-07-07 08:40:25 -05:00
1e6c4301b6
We worked on it, so we got credit
2012-07-06 02:12:10 -05:00
f8123ef316
Add a "#" in the end after the payload
2012-07-06 02:09:31 -05:00
187731f2cb
Add a check function to detect the vuln
2012-07-06 01:58:01 -05:00
dcddc712d2
Missing a "&"
2012-07-06 01:50:18 -05:00
3c8a836091
Add lcashdol's module from #568
...
Initial version being worked on by sinn3r & juan
2012-07-06 01:41:34 -05:00
850242e733
Remove the extra comma and a tab char
2012-07-05 14:05:23 -05:00
aee7d1a966
Added module for CVE-2012-0911
2012-07-05 20:58:27 +02:00
e5dd6fc672
Update milw0rm references.
...
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links. Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
f63a3959e0
Update web app module references
2012-06-28 00:37:37 -05:00
8927c8ae57
Make it more verbose, and do some exception handling for cleanup
2012-06-25 17:27:33 -05:00
7b0f3383d2
delete default credentials
2012-06-25 23:53:56 +02:00
7dc1a572e5
trying to fix serialization issues
2012-06-25 23:25:38 +02:00
4c453f9b87
Added module for CVE-2012-0694
2012-06-25 17:21:03 +02:00
815d80a2cc
Merge branch 'rapid7' into omg-post-exploits
2012-06-21 17:02:55 -06:00
d40e39b71b
Additional exploit fail_with() changes to remove raise calls
2012-06-19 19:43:41 -05:00
fb7f6b49f0
This mega-diff adds better error classification to existing modules
2012-06-19 12:59:15 -05:00
96c16a498a
Add a check for distcc_exec
...
Just executes the exploit with an "echo <random>" payload to see if it
works.
2012-06-18 14:34:02 -06:00
c39a42da3d
No need to alter time out
2012-06-12 23:58:20 -06:00
0e8fb0fe98
Add a post-exploitation exploit for suid nmap
...
Tested on Ubuntu with nmap 6.00 and nmap 5.00
2012-06-12 23:58:20 -06:00
4ae786590a
php_wordpress_foxypress from patrick updated. Related to Pull Request #475
2012-06-12 17:39:05 +02:00
3752c10ccf
Adding FireFart's RPORT(80) cleanup
...
This was tested by creating a resource script to load every changed
module and displaying the options, like so:
````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````
...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.
Thanks FireFart!
Squashed commit of the following:
commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Fri May 25 22:09:42 2012 +0200
Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
2012-06-02 09:53:19 -05:00
54fb6d2f7a
Fixes unreal ircd race condition
...
Handler would exit before finishing staging
2012-05-29 17:16:07 -05:00
e774df5c32
target info plus relocation
2012-05-25 20:16:13 +02:00
c4fad0dea5
module added for OSVDB-73609
2012-05-25 17:18:09 +02:00
d668e2321d
Rename this to a more suitable location
2012-05-04 09:59:40 -05:00
6cf6a9548d
Fix up the PHP CGI exploit, remove debug lines
2012-05-04 09:58:10 -05:00
9a36017271
no unicode
2012-05-04 00:01:03 -05:00
2d1f4d4f3e
Add hdm's better check method
2012-05-03 19:00:40 -06:00
40ec3d9d40
Add an exploit module for the recent php cgi bug (CVE-2012-1823)
2012-05-03 18:51:54 -06:00
a8eada6016
This module should be able to support more payloads
2012-04-16 14:43:36 -05:00
edadc19757
This module should be able to support more payloads than it should be
2012-04-16 14:41:11 -05:00
56404f5edd
Fixing EDB reference
2012-03-28 14:33:25 -06:00
2bcf259301
Setting correct LFs on freepbx_callmenum.rb
2012-03-23 16:29:42 -05:00
71462bc73d
Merging in freepbx_callmenum.rb and ricoh_dl_bof.rb
...
[Closes #266 ]
2012-03-23 16:23:36 -05:00
47493af103
Merge pull request #259 from todb-r7/edb-2
...
Convert Exploit-DB references to first-tier "EDB-12345" references
2012-03-23 12:09:07 -07:00
17a044db89
Print the full URI
...
Makes everything obvious from output alone, don't need to show options
to see what RHOST is.
2012-03-22 18:44:55 -06:00
7d12a3ad3a
Manual fixup on remaining exploit-db references
2012-03-21 16:43:21 -05:00
2f3bbdc00c
Sed replacement of exploit-db links with EDB refs
...
This is the result of:
find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/ \([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
aeb691bbee
Massive whitespace cleanup
2012-03-18 00:07:27 -05:00
70162fde73
A few more author typos
2012-03-05 13:28:46 -07:00
5e6c40edfd
Remove unnecessary space restrictions.
...
This allows using the full range of PHP payloads
2012-02-21 23:21:07 -07:00
7ca573a1b4
Give these two old modules a chance to work by setting a proper arch
...
These must have been broken for quite some time. =/ They should
probably both be ARCH_PHP but I'm reluctant to make that big of a change
without having the target software to test.
2012-02-21 22:59:20 -07:00
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00
7e25f9a6cc
Death to unicode
...
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
e7ab48693c
Repair dead milw0rm link to exploit-db
2011-12-13 16:12:57 -06:00
94b736c76c
Repair dead milw0rm link to exploit-db
2011-12-13 16:12:38 -06:00
97b74101fb
Repair dead milw0rm link to exploit-db
2011-12-13 16:12:11 -06:00
6f5d64f6de
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-11-29 03:31:15 -06:00
34a933d499
Feature #5610
2011-11-29 03:30:49 -06:00
c411c216c0
Solved most of msftidy issues with the /modules directory
2011-11-28 17:10:29 -06:00
e767214411
Fix: whitespaces, svn propset, author e-mail format
...
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 22:02:26 +00:00
7a07e069da
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@14156 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 14:15:00 +00:00
3722a5c3c1
Add LifeSize room command injection (feature #5333 )
...
git-svn-id: file:///home/svn/framework3/trunk@14143 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-02 19:40:05 +00:00
62c8c6ea9f
big msftidy pass, ping me if there are issues
...
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
5916a4afe3
Cosmetic
...
git-svn-id: file:///home/svn/framework3/trunk@13991 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:56:33 +00:00
f2469fc23f
Drop phpi to normal ranking, it eats too much time
...
git-svn-id: file:///home/svn/framework3/trunk@13990 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:10:45 +00:00
975cc52bac
Fix spelling errors
...
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 00:54:05 +00:00
d204f4027b
Catch nil first before do .empty?
...
git-svn-id: file:///home/svn/framework3/trunk@13978 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 15:59:57 +00:00
30ac88694f
More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster.
...
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:58:53 +00:00
cf8524b1b4
Fixes #5414 by applying Joshua Taylor's patch that corrects bad reference types
...
git-svn-id: file:///home/svn/framework3/trunk@13949 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:53:53 +00:00
14d7db1641
Add disclosure dates to all the exploit modules that didn't have one
...
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 21:09:17 +00:00
1a02a2199b
These are considered as cmd exec and do not cause crashes, therefore received an ExcellentRanking
...
git-svn-id: file:///home/svn/framework3/trunk@13937 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:42:20 +00:00
4b9346e40e
Switching my BSD modules to MSF_LICENSE to make life easier. Resistance is Futile! Assimilate!
...
git-svn-id: file:///home/svn/framework3/trunk@13925 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 23:29:52 +00:00
0ff7f17cba
Cosmetic module and service name fixes
...
git-svn-id: file:///home/svn/framework3/trunk@13917 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 00:52:15 +00:00
643223ff11
Fixes #5651 by applying patch
...
git-svn-id: file:///home/svn/framework3/trunk@13850 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 15:40:59 +00:00
9ddfc122af
Fix indentation, white spaces, add patch URL to reference
...
git-svn-id: file:///home/svn/framework3/trunk@13847 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 20:39:02 +00:00
921549fc3d
Adding OSVDB ref that just popped up for me.
...
git-svn-id: file:///home/svn/framework3/trunk@13844 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 15:49:02 +00:00
3d9c94633d
Adding MyBB backdoor exploit submitted by tdz. Thanks!
...
git-svn-id: file:///home/svn/framework3/trunk@13838 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 03:22:07 +00:00
37069a252c
Support POST. Feature #5571
...
git-svn-id: file:///home/svn/framework3/trunk@13814 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-04 16:02:52 +00:00
81cb99c7ab
A better fix
...
git-svn-id: file:///home/svn/framework3/trunk@13605 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-21 19:26:41 +00:00
b39ed220ca
remove the .strip call in banner check causes stack traces in some cases
...
git-svn-id: file:///home/svn/framework3/trunk@13604 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-21 06:50:51 +00:00
1fb64f099d
Typo
...
git-svn-id: file:///home/svn/framework3/trunk@13427 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-30 18:23:52 +00:00
f47a2c7565
Format dictatorship round 2: Fix author e-mail format for all exploit modules
...
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 20:17:58 +00:00
94640b6bc4
add osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@13115 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-07 11:54:54 +00:00
ab4961bfa9
Timeline
...
git-svn-id: file:///home/svn/framework3/trunk@13099 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-05 05:20:47 +00:00
e678bb0a8e
Update the description to match the latest information
...
git-svn-id: file:///home/svn/framework3/trunk@13098 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-05 05:11:00 +00:00
c82063d708
Update based on feedback from mc, indicating this backdoor was in place since February 15th 2011 and likely even earlier
...
git-svn-id: file:///home/svn/framework3/trunk@13097 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-05 01:49:05 +00:00
5482a59910
Exit cleanly if the shell as not valid
...
git-svn-id: file:///home/svn/framework3/trunk@13095 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 21:18:44 +00:00
bd12c8c6a9
Fix a couple small typos
...
git-svn-id: file:///home/svn/framework3/trunk@13094 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 21:10:30 +00:00
e6968c202a
A couple bug fixes to enable cmd_interact and a new module for the VSFTPD backdoor
...
git-svn-id: file:///home/svn/framework3/trunk@13093 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 20:09:32 +00:00
bf20ace73e
totally noobd out on that one, thx
...
git-svn-id: file:///home/svn/framework3/trunk@13035 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 18:09:21 +00:00
a29002ee2e
handle a few corner cases
...
git-svn-id: file:///home/svn/framework3/trunk@13032 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 06:03:23 +00:00
5617d23635
Removed erroneous awstatstotals_multisort print_status.
...
git-svn-id: file:///home/svn/framework3/trunk@12715 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-25 10:45:36 +00:00
51ce0dba58
Added awstatstotals_multisort exploit module.
...
git-svn-id: file:///home/svn/framework3/trunk@12714 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-25 10:42:37 +00:00
486c0556d0
don't leave unnecessary evil-looking logs
...
git-svn-id: file:///home/svn/framework3/trunk@12604 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-12 22:46:43 +00:00
a8b6c43636
reverting the disclosure dates for now need to clean up the patch
...
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 20:43:19 +00:00
3b7ea08f6a
Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy
...
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:17:31 +00:00
cacac970e1
Added privilege escalation to contentkeeperweb_mimencode exploit module.
...
git-svn-id: file:///home/svn/framework3/trunk@12265 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-07 11:02:48 +00:00
d682069aec
add cve-2010-4566 exploit from Erwin Paternotte
...
git-svn-id: file:///home/svn/framework3/trunk@11873 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-03 20:51:12 +00:00
2dbbdc18dd
Explicitly yield to other threads after each request, reducing the chance that this module will eat all cycles.
...
git-svn-id: file:///home/svn/framework3/trunk@11857 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-02 05:03:20 +00:00
b6b9b83dd7
add CVE reference
...
git-svn-id: file:///home/svn/framework3/trunk@11579 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-14 16:25:37 +00:00
287f4c87fe
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@11516 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 01:13:26 +00:00
860e29228b
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@11414 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-25 14:43:13 +00:00
e7f3c63e1c
Exploit for a recent Redmine command injection vulnerability, provided as a holiday gift by Joernchen of Phenoelit.
...
git-svn-id: file:///home/svn/framework3/trunk@11406 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-25 05:46:29 +00:00
3662fb4bc6
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@11389 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-21 19:16:18 +00:00
4708d5b159
Add coverage for the mitel audio web conferencing web interface command injection.
...
git-svn-id: file:///home/svn/framework3/trunk@11388 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-21 19:02:13 +00:00
c46be9d387
better error for non-exim servers
...
git-svn-id: file:///home/svn/framework3/trunk@11352 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-16 17:30:24 +00:00
843b121ea1
fix typo
...
git-svn-id: file:///home/svn/framework3/trunk@11350 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-16 16:38:31 +00:00
d69cff2b34
add bid reference
...
git-svn-id: file:///home/svn/framework3/trunk@11318 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-13 16:16:29 +00:00
573c639c85
remove debug prints
...
git-svn-id: file:///home/svn/framework3/trunk@11299 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 22:00:34 +00:00
7c6eadc24b
check more responses, account for corner case in initial headers
...
git-svn-id: file:///home/svn/framework3/trunk@11298 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 21:58:25 +00:00
ea4e8c29d3
add hdm to authors, minor cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@11289 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 10:55:24 +00:00
c1a3364ea9
Update the privileged flag
...
git-svn-id: file:///home/svn/framework3/trunk@11285 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 03:31:45 +00:00
8ad08ec535
Update the description/refs
...
git-svn-id: file:///home/svn/framework3/trunk@11284 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 03:31:04 +00:00
61e8ab1432
This module will now automatically gain root if Perl is installed
...
git-svn-id: file:///home/svn/framework3/trunk@11283 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 03:21:52 +00:00
c1f37b3c8a
minor adjustment to output printing
...
git-svn-id: file:///home/svn/framework3/trunk@11281 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 23:29:26 +00:00
5624c55599
add EHLO_NAME advanced option, remove debug print, fix version regex
...
git-svn-id: file:///home/svn/framework3/trunk@11280 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 22:51:05 +00:00
b5d44d1684
handle hosts that reverse properly, whitespace
...
git-svn-id: file:///home/svn/framework3/trunk@11279 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 22:32:39 +00:00
cc81d3bbc0
Automagic updates to jduck's exim module
...
git-svn-id: file:///home/svn/framework3/trunk@11278 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 22:17:47 +00:00
a683f7b7d4
Automagic updates to jduck's exim module
...
git-svn-id: file:///home/svn/framework3/trunk@11277 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 22:16:34 +00:00
d5fc9df054
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@11276 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 21:43:12 +00:00
5cc8407748
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@11275 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 19:50:16 +00:00
9f5df90e60
add exploit for cve-2010-4344
...
git-svn-id: file:///home/svn/framework3/trunk@11274 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 19:34:23 +00:00
add6955501
add disclosure date, fix parse error on 1.8.7
...
git-svn-id: file:///home/svn/framework3/trunk@11253 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-08 16:17:16 +00:00
9c1576b20e
update the title
...
git-svn-id: file:///home/svn/framework3/trunk@11246 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 17:46:24 +00:00
bbab0e3fd9
add cve-2008-6825 exploit from Larry Wert, fixes #3145
...
git-svn-id: file:///home/svn/framework3/trunk@11245 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 17:44:47 +00:00
5dad5e2ee5
consistency
...
git-svn-id: file:///home/svn/framework3/trunk@11227 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-05 15:08:22 +00:00
e93c196363
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@11214 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-03 12:34:38 +00:00
50d6c9659a
added coverage for the proftpd backdoor.
...
git-svn-id: file:///home/svn/framework3/trunk@11210 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-02 22:33:37 +00:00
26a9fe6fc7
add some missing CVE references
...
git-svn-id: file:///home/svn/framework3/trunk@11180 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 20:19:18 +00:00
e9faf75503
fix some more titles with periods
...
git-svn-id: file:///home/svn/framework3/trunk@11127 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-24 19:35:38 +00:00
eab8c24b8b
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@11074 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 20:43:56 +00:00
b42a04a7aa
add cakephp exploit from tdz
...
git-svn-id: file:///home/svn/framework3/trunk@11070 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 18:30:07 +00:00
3992eb7ef8
Mass RE-update: fix all framework URL references
...
git-svn-id: file:///home/svn/framework3/trunk@10998 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:43:22 +00:00
9fc6f2f3a3
Mass update: fix all framework URL references
...
git-svn-id: file:///home/svn/framework3/trunk@10996 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:25:13 +00:00
e78aa83021
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@10821 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-25 20:58:49 +00:00
672fc87055
fixed typo, thx rmkml
...
git-svn-id: file:///home/svn/framework3/trunk@10803 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-23 23:35:44 +00:00
ddf8294beb
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@10783 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 12:09:10 +00:00
7a9fe2c4d7
add exploit module for cve-2010-3585
...
git-svn-id: file:///home/svn/framework3/trunk@10780 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 06:16:31 +00:00
865b711b5c
Fixes #2974 . Adds an "Unknown" level to Exploit::CheckCode, fixes the URI check for exploit/unix/webapp/php_include (which was relying on Unknown).
...
git-svn-id: file:///home/svn/framework3/trunk@10694 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-15 12:24:17 +00:00
7e4f4b3791
silly whitespace tweak
...
git-svn-id: file:///home/svn/framework3/trunk@10642 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-11 19:30:57 +00:00
8230bb6edf
update disclosure date
...
git-svn-id: file:///home/svn/framework3/trunk@10637 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-11 03:59:19 +00:00
a3ad8f5061
Add a quick module for exploiting basic web cmd injection
...
git-svn-id: file:///home/svn/framework3/trunk@10624 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-09 21:32:19 +00:00
ae04e34cf7
fix some non-full-namespace includes
...
git-svn-id: file:///home/svn/framework3/trunk@10617 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-09 06:55:52 +00:00
c1f934dbb4
jduck the grammar checker strikes again (thanks!)
...
git-svn-id: file:///home/svn/framework3/trunk@10476 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-25 04:54:10 +00:00
25d18f1f1b
Quit when we get an SSL exception
...
git-svn-id: file:///home/svn/framework3/trunk@10470 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-25 03:14:21 +00:00
048b21e3b9
Ensure that errors in the PHPInclude mixin lead to the service being stopped. Handle unreachable services in the php_include module better. Fix database-enabled tab completion to be workspace friendly
...
git-svn-id: file:///home/svn/framework3/trunk@10410 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 02:52:49 +00:00
4590844871
tons of indentation fixes, some other style tweaks
...
git-svn-id: file:///home/svn/framework3/trunk@10394 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 08:06:27 +00:00
330281eadd
see #684 , adds checksum support, updates modules to use it, fixes some wfs_delay/WfsDelay issues
...
git-svn-id: file:///home/svn/framework3/trunk@10150 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-25 20:55:37 +00:00
34eb75af73
overhaul smtp to add support for authentication and STARTTLS. can now send email through a gmail account
...
git-svn-id: file:///home/svn/framework3/trunk@10148 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-25 20:31:46 +00:00
f6033b9bd6
change some print_status to print_error, rename a few msft modules using msb convention
...
git-svn-id: file:///home/svn/framework3/trunk@9929 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-25 21:37:54 +00:00
fb57dde60c
Do not spew HTML to the screen
...
git-svn-id: file:///home/svn/framework3/trunk@9829 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-14 18:23:47 +00:00
663b863b6d
http fingerprint checking update
...
git-svn-id: file:///home/svn/framework3/trunk@9719 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-07 17:38:59 +00:00
a3d901a6b9
various minor fixes, some added fingerprinting
...
git-svn-id: file:///home/svn/framework3/trunk@9671 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 06:21:31 +00:00
7d945ed9dc
add lots of disclosure dates from OSVDB
...
git-svn-id: file:///home/svn/framework3/trunk@9669 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 03:13:45 +00:00
f6f954a18c
add missing CVE/OSVDB references, plenty still missing *wink wink*
...
git-svn-id: file:///home/svn/framework3/trunk@9659 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-02 00:10:51 +00:00
0882838491
ensure binary mode when opening files, whitespace fixes
...
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 23:33:07 +00:00
571aeb119c
make this much less verbose.
...
git-svn-id: file:///home/svn/framework3/trunk@9634 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-28 23:42:50 +00:00
12fbdcd878
add http_fingerprint calls to modules that use various headers
...
git-svn-id: file:///home/svn/framework3/trunk@9627 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-25 20:53:12 +00:00
73c680eeff
reduce the timeout. it's annoying to have to wait 25 seconds for my shell
...
git-svn-id: file:///home/svn/framework3/trunk@9621 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-25 05:45:15 +00:00
e47f38365d
make the description a little more descriptive.
...
git-svn-id: file:///home/svn/framework3/trunk@9611 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-24 18:34:37 +00:00
43799f505b
not a command execution anymore.
...
git-svn-id: file:///home/svn/framework3/trunk@9601 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-23 23:12:59 +00:00
1f957891fb
ARCH_CMD -> ARCH_PHP. tested with php/reverse_php and php/meterpreter[/_]reverse_tcp. see #2105
...
git-svn-id: file:///home/svn/framework3/trunk@9598 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-23 22:51:50 +00:00
9d46383040
Fixes #2134 . Subs select for sleep in exploit modules.
...
git-svn-id: file:///home/svn/framework3/trunk@9583 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-22 19:11:05 +00:00
fa505a4069
various fixes, mostly consistency changes to disclosure dates
...
git-svn-id: file:///home/svn/framework3/trunk@9525 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-15 07:18:08 +00:00
fcb05df3d8
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@9510 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-13 12:41:48 +00:00
843d632d55
Change the advisory link
...
git-svn-id: file:///home/svn/framework3/trunk@9504 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-12 19:33:42 +00:00
cb9a3211ee
Exploit for the UnrealIRCD backdoor
...
git-svn-id: file:///home/svn/framework3/trunk@9503 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-12 19:25:48 +00:00
ce8a9e9318
update space requirements
...
git-svn-id: file:///home/svn/framework3/trunk@9392 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-02 05:04:24 +00:00
365f13551b
added refs. I think all the auxiliary and exploit modules should now be covered.
...
git-svn-id: file:///home/svn/framework3/trunk@9298 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-13 16:53:50 +00:00
7a32c8add2
add exploit for cve-2009-4098
...
git-svn-id: file:///home/svn/framework3/trunk@9247 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-08 03:07:51 +00:00
0e72894e58
more cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@9212 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-03 17:13:09 +00:00
0ea6eca4bc
big module whitespace/formatting cleanup pass
...
git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-30 08:40:19 +00:00
5f7d3cd0d1
fix final "end" statement -- wow almost 3 years like that
...
git-svn-id: file:///home/svn/framework3/trunk@9175 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-30 06:08:08 +00:00
5b629c8dc7
fix copy pasta error
...
git-svn-id: file:///home/svn/framework3/trunk@9174 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-30 02:12:29 +00:00
8923de2d8d
change squirrelmail_pgp_plugin to manual rank because it requires an email address
...
git-svn-id: file:///home/svn/framework3/trunk@9171 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-29 18:29:22 +00:00
fda05bfe16
update check functionality
...
git-svn-id: file:///home/svn/framework3/trunk@9111 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-20 01:55:21 +00:00
ef7aef50db
correct BID reference
...
git-svn-id: file:///home/svn/framework3/trunk@9110 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-20 00:09:11 +00:00
9a5c1ccf68
minor whitespace tweaks
...
git-svn-id: file:///home/svn/framework3/trunk@9108 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-19 23:53:27 +00:00
6a794fc25a
better url generation (more random and more reliable)
...
git-svn-id: file:///home/svn/framework3/trunk@9106 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-19 22:55:08 +00:00
78d1338171
clean up extra slashes in uris
...
git-svn-id: file:///home/svn/framework3/trunk@9036 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-07 20:25:34 +00:00
61b4500ffd
remove svn:executable from various files
...
git-svn-id: file:///home/svn/framework3/trunk@8974 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-01 16:20:34 +00:00
40dd65494e
add notes about vulnerable versions
...
git-svn-id: file:///home/svn/framework3/trunk@8811 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-13 18:15:06 +00:00
aaea62bb92
Report the correct local/peer names for the session information. Fix a return value check
...
git-svn-id: file:///home/svn/framework3/trunk@8765 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 07:13:18 +00:00
b419a40c45
finished periodic missing CVE reference check (hint vulns w/o CVEs here!)
...
also some minor cleanups here and there
git-svn-id: file:///home/svn/framework3/trunk@8762 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 05:58:01 +00:00
6414821ea8
add exploit modules for CVEs 2005-2877 and 2004-1037
...
git-svn-id: file:///home/svn/framework3/trunk@8578 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-21 20:31:09 +00:00
6e8eddcf5e
add exploit module for cve-2008-0506
...
git-svn-id: file:///home/svn/framework3/trunk@8562 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-19 07:31:12 +00:00
cf29ff333e
Added a path to prepend
...
git-svn-id: file:///home/svn/framework3/trunk@8514 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 05:24:31 +00:00
1857268af8
Uber-fast-get-me-a-php-shell mode :)
...
git-svn-id: file:///home/svn/framework3/trunk@8505 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 17:59:54 +00:00
4751d83cb8
some cleanups, added some CVE references
...
git-svn-id: file:///home/svn/framework3/trunk@8304 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 20:15:32 +00:00
310be42bfa
try not to repeatedly load static files - see #694
...
git-svn-id: file:///home/svn/framework3/trunk@8166 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 19:12:42 +00:00
d0969746a4
Mostly cosmetic changes from local tree
...
git-svn-id: file:///home/svn/framework3/trunk@7970 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-26 03:31:20 +00:00
5ef4545a1b
fd.read -> fd.read(fd.stat.size)
...
git-svn-id: file:///home/svn/framework3/trunk@7903 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:22:40 +00:00
2570fcee15
get rid of some more ^Ms
...
git-svn-id: file:///home/svn/framework3/trunk@7880 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:47:29 +00:00
837c70715d
Reference updates from Steve Tornio
...
git-svn-id: file:///home/svn/framework3/trunk@7854 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 20:09:46 +00:00
0efbe3baf9
Remove the debug print
...
git-svn-id: file:///home/svn/framework3/trunk@7852 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 18:56:19 +00:00
97757c37a0
Adds an exploit module for the zabbix agent command execution flaw (no cve/bid/osvdb)
...
git-svn-id: file:///home/svn/framework3/trunk@7851 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 18:24:24 +00:00
4fcdceccb7
No ruby access on the common target
...
git-svn-id: file:///home/svn/framework3/trunk@7776 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-09 15:13:35 +00:00
8a784339c4
Remove a debug print
...
git-svn-id: file:///home/svn/framework3/trunk@7774 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-09 14:00:21 +00:00
ba1b032207
Adds coverage for the QTSS metachar injection bug
...
git-svn-id: file:///home/svn/framework3/trunk@7772 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-09 13:23:59 +00:00
ff83f1cd2f
add ranking to every exploit module, pfew!
...
git-svn-id: file:///home/svn/framework3/trunk@7724 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 05:50:37 +00:00
61e233df91
Keywords on all modules, plugins, and scripts
...
git-svn-id: file:///home/svn/framework3/trunk@7550 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-17 00:05:19 +00:00
9f134512c2
give up if we can't get the password hash. see #519
...
git-svn-id: file:///home/svn/framework3/trunk@7539 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 18:51:51 +00:00
dd323e2a7b
don't try to run methods on an object we just confirmed was nil
...
git-svn-id: file:///home/svn/framework3/trunk@7538 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 18:48:34 +00:00
94729103b4
added osvdb ref and keywords
...
git-svn-id: file:///home/svn/framework3/trunk@7532 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 16:18:51 +00:00
7fb9c4a791
add coverage for cve-2009-1151
...
git-svn-id: file:///home/svn/framework3/trunk@7528 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 08:42:32 +00:00
53640065da
license
...
git-svn-id: file:///home/svn/framework3/trunk@7522 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-15 19:53:03 +00:00
bbfc195735
added patch from Steve Tornio.
...
git-svn-id: file:///home/svn/framework3/trunk@7514 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 13:26:27 +00:00
8b9238e33b
Cosmetic/reference cleanups.
...
git-svn-id: file:///home/svn/framework3/trunk@7506 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:31:00 +00:00
d90b932383
add a bit more entropy
...
git-svn-id: file:///home/svn/framework3/trunk@7504 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 02:09:32 +00:00
38c0a3bd1b
302 is not the same as 200...
...
git-svn-id: file:///home/svn/framework3/trunk@7503 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 02:03:16 +00:00
d2451547d6
add exploit module for osCommerce file upload
...
git-svn-id: file:///home/svn/framework3/trunk@7502 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 01:56:21 +00:00
5eed9deb2d
Adds the joomla TinyMCE file upload exploit from spinbad.
...
git-svn-id: file:///home/svn/framework3/trunk@7283 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 20:00:39 +00:00
e3f68f2639
Another large number of warnings fixed by Yoann Guillot
...
git-svn-id: file:///home/svn/framework3/trunk@7248 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 17:18:23 +00:00
a0fbc2914f
Remove the milw0rm references, as the links are no longer valid.
...
git-svn-id: file:///home/svn/framework3/trunk@7237 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-24 18:13:07 +00:00
2b85ceb4c1
added exploit modules base_qry_common.rb and mambo_cache_lite.rb
...
git-svn-id: file:///home/svn/framework3/trunk@7210 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-20 15:01:10 +00:00
26db223636
OSVDB reference update from Steve Tornio
...
git-svn-id: file:///home/svn/framework3/trunk@7149 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-12 14:39:51 +00:00
9ace8f33eb
OSVDB references from Steve Tornio
...
git-svn-id: file:///home/svn/framework3/trunk@7030 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-12 04:22:58 +00:00
85a4f1b9db
add a simple check for the generic php exploits
...
git-svn-id: file:///home/svn/framework3/trunk@7025 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-10 05:24:03 +00:00
7fb18d6e11
Add coverage for the new nagios3 cmd execution bug
...
git-svn-id: file:///home/svn/framework3/trunk@6936 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-04 19:27:50 +00:00
876a80f601
Updated osvdb references from Steve Tornio, updated capture/eth_spoof modules
...
git-svn-id: file:///home/svn/framework3/trunk@6907 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-27 14:05:23 +00:00
7262621d35
switch 'Version' Rev to Revision since msf doesn't handle it correctly
...
git-svn-id: file:///home/svn/framework3/trunk@6877 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-23 03:06:01 +00:00
e70ac6cc19
Added a new set of match flags for cmd injection exploits (RequiredCmds). This reduces the number of 'bad' payloads listed for explot modules. A good example is disabling the netcat -e payloads for old Solaris exploits
...
git-svn-id: file:///home/svn/framework3/trunk@6854 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-21 15:20:35 +00:00
f8c2a203fd
OSVDB references updates from Steve Tornio
...
git-svn-id: file:///home/svn/framework3/trunk@6812 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-16 16:02:24 +00:00
bc037bbbac
make php findsock work again for php_eval and php_include
...
git-svn-id: file:///home/svn/framework3/trunk@6678 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-20 05:50:52 +00:00
a5f567e76e
Massive OSVDB reference update from Steve Tornio.
...
git-svn-id: file:///home/svn/framework3/trunk@6629 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-07 20:20:42 +00:00
92d242cc2f
osvdb references from Steve Tornio
...
git-svn-id: file:///home/svn/framework3/trunk@6568 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-19 13:20:32 +00:00
6c8a93035f
make the new random header stuff work with magic_quotes
...
git-svn-id: file:///home/svn/framework3/trunk@6559 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-17 00:35:56 +00:00
9d8581a17e
More osvdb references from Steve Tornio
...
git-svn-id: file:///home/svn/framework3/trunk@6550 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-13 17:39:42 +00:00
0981295879
More osvdb references from Steve Tornio
...
git-svn-id: file:///home/svn/framework3/trunk@6547 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-12 19:56:54 +00:00
b31abbc6f9
move the payload into a random X- header so it doesn't show up in access logs
...
git-svn-id: file:///home/svn/framework3/trunk@6493 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-19 15:47:14 +00:00
37c2e301ed
replacing defunct framework URL in header comments in most modules and pcap_log
...
git-svn-id: file:///home/svn/framework3/trunk@6479 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-13 14:33:26 +00:00
eccfcdfced
Sets svn keywords on modules missing it, tweaks the emailer module
...
git-svn-id: file:///home/svn/framework3/trunk@6407 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-28 06:03:35 +00:00
46351557bc
Added dogfood_spell_exec exploit module from LSO.
...
git-svn-id: file:///home/svn/framework3/trunk@6282 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-03 03:32:36 +00:00
92c45abf2d
Added contentkeeperweb_mimencode exploit module.
...
git-svn-id: file:///home/svn/framework3/trunk@6250 4d416f70-5f16-0410-b530-b9f4589650da
2009-02-25 03:41:25 +00:00
ff8323e6d2
added modules from Matteo Cantoni.
...
git-svn-id: file:///home/svn/framework3/trunk@6170 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-21 12:51:30 +00:00
33ba28346d
Added exploit module awstats_migrate_exec.
...
git-svn-id: file:///home/svn/framework3/trunk@6155 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-15 07:09:56 +00:00
97ffd10f89
Updated to support Windows targets.
...
git-svn-id: file:///home/svn/framework3/trunk@5912 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-13 09:01:24 +00:00
c66d6c4e46
Set property 'svn:keywords'
...
git-svn-id: file:///home/svn/framework3/trunk@5783 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-23 02:43:21 +00:00
f124597a56
Code cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@5773 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 21:03:39 +00:00
4c091edac1
fixes #198 ; generic php eval exploit
...
git-svn-id: file:///home/svn/framework3/trunk@5746 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-13 05:55:10 +00:00
fd256ec4a1
This massive commit changes the metasploit 3 module format. The new syntax allows for greater scalability and future improvements to the metasploit module loader. This change also makes it easier for users to add new modules, since the class name no longer needs to match the directory structure.
...
git-svn-id: file:///home/svn/framework3/trunk@5709 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-02 05:23:59 +00:00
647118f333
remove debug statements, add disabled_functions evasion in php findsock stuff
...
git-svn-id: file:///home/svn/framework3/trunk@5700 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-30 19:56:16 +00:00
36a06e7576
initial commit of php findsock. This patch makes all http connections global and removes the "close if (!pipelining)" checks, so beware of bugs.
...
git-svn-id: file:///home/svn/framework3/trunk@5678 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-24 04:41:51 +00:00
3effb133cc
Added spamassassin_exec module.
...
git-svn-id: file:///home/svn/framework3/trunk@5560 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-19 15:40:30 +00:00
405637297f
Added guestbook_ssi_exec.rb module.
...
git-svn-id: file:///home/svn/framework3/trunk@5517 4d416f70-5f16-0410-b530-b9f4589650da
2008-06-04 12:19:43 +00:00
6a329ea831
Update title to match code
...
git-svn-id: file:///home/svn/framework3/trunk@5474 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-14 18:24:06 +00:00
66d8f7e8b6
Added clamav_milter_blackhole.rb exploit module
...
git-svn-id: file:///home/svn/framework3/trunk@5447 4d416f70-5f16-0410-b530-b9f4589650da
2008-03-17 11:51:30 +00:00
1f7eb2147f
phpBB2_highlight module port
...
git-svn-id: file:///home/svn/framework3/trunk@5432 4d416f70-5f16-0410-b530-b9f4589650da
2008-03-05 09:42:57 +00:00
dfa0f6c0c4
More reliable reverse shell
...
git-svn-id: file:///home/svn/framework3/trunk@5429 4d416f70-5f16-0410-b530-b9f4589650da
2008-03-04 07:34:26 +00:00
e15dd5a7dc
Added SPHPBlog exploit module.
...
git-svn-id: file:///home/svn/framework3/trunk@5193 4d416f70-5f16-0410-b530-b9f4589650da
2007-11-11 09:17:49 +00:00
0ebb7c95bd
Updated module by Matteo Cantoni
...
git-svn-id: file:///home/svn/framework3/trunk@5187 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-30 13:22:46 +00:00
5b3768ef29
added exploit module squirrelmail_pgp_plugin from Nicob
...
git-svn-id: file:///home/svn/framework3/trunk@5047 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-14 17:59:53 +00:00
f915504cfa
Fix #53 , use Author, not Authors
...
git-svn-id: file:///home/svn/framework3/trunk@4529 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-12 01:08:18 +00:00
d42194e14a
updated modules to use base class rand_xxx methods
...
git-svn-id: file:///home/svn/framework3/trunk@4498 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-01 08:21:36 +00:00
abbeb2e87e
Adding an Id tag and a standard header to all modules
...
git-svn-id: file:///home/svn/framework3/trunk@4419 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-18 00:10:39 +00:00
b278bef22d
Reference updates
...
git-svn-id: file:///home/svn/framework3/trunk@4266 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 14:44:09 +00:00
9dc2148eb9
Moved the other web app bugs into the right place, added php_wordpress_lastpost
...
git-svn-id: file:///home/svn/framework3/trunk@4262 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 05:58:13 +00:00
752cc9f978
Added the PAJAX exploit
...
git-svn-id: file:///home/svn/framework3/trunk@4261 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 05:38:28 +00:00
d09046a5b9
Accessing res['header'] is now case insensitive for HTTP responses
...
Added the Google Appliance exploit
git-svn-id: file:///home/svn/framework3/trunk@4259 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 05:22:39 +00:00
de5c27e39f
Exploit ports
...
git-svn-id: file:///home/svn/framework3/trunk@4257 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 04:28:32 +00:00
8fd09e3880
Renamed
...
git-svn-id: file:///home/svn/framework3/trunk@4256 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 03:48:16 +00:00
b221af7791
Integration of the new HTTP Client API
...
git-svn-id: file:///home/svn/framework3/trunk@4241 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-28 23:42:36 +00:00
810f80612b
Reference updates
...
git-svn-id: file:///home/svn/framework3/trunk@4154 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-28 17:18:43 +00:00
d0bc17f17a
Minor updates
...
git-svn-id: file:///home/svn/framework3/trunk@3778 4d416f70-5f16-0410-b530-b9f4589650da
2006-07-30 21:31:02 +00:00
d086a1bedf
BSD license the default for non-msfdev created modules.
...
git-svn-id: file:///home/svn/incoming/trunk@3636 4d416f70-5f16-0410-b530-b9f4589650da
2006-05-06 16:34:39 +00:00
9eaa03d43b
* uniq exploit class name
...
git-svn-id: file:///home/svn/incoming/trunk@3540 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-22 20:34:43 +00:00
e249d9ebe5
Massive update to tab indentation (used ./dev/tabify.rb)
...
git-svn-id: file:///home/svn/incoming/trunk@3450 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 05:00:35 +00:00
6ab42be37d
* wee, more php bullshit
...
git-svn-id: file:///home/svn/incoming/trunk@3448 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-26 02:07:59 +00:00
1bffccf605
New licensing terms, revision bump to v3
...
git-svn-id: file:///home/svn/incoming/trunk@3425 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-21 22:10:20 +00:00
c18e5a10a9
distcc
...
git-svn-id: file:///home/svn/incoming/trunk@3423 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-21 05:05:19 +00:00
164520753c
* kill the debugging info
...
git-svn-id: file:///home/svn/incoming/trunk@3415 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-20 20:25:07 +00:00
d6608d4dd5
* xmlrpc vuln
...
git-svn-id: file:///home/svn/incoming/trunk@3414 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-20 20:18:55 +00:00
Charlie Eriksen
sinn3r
Christian Mehlmauer
jvazquez-r7
HD Moore
James Lee
Chris John Riley
Tod Beardsley
Michael Schierl
ethicalhack3r
bcoles
Daniel Miller
Steve Tornio
David Maloney
wchen-r7
Tod Beardsley
Rob Fuller
Joshua Drake
Chao Mu
David Rude
Patrick Webster
James Lee
Mario Ceballos
et
Ramon de C Valle
Matt Miller