Steven Seeley
cdd49bf16a
fixed references, describe target better
2012-04-13 11:23:28 +10:00
Steven Seeley
c851722d50
fixed the description...
2012-04-13 11:18:24 +10:00
Steven Seeley
9b0c211160
exploit for cyberlinks Power2Go application. I find this software installed by default on alot of HP notebooks along with the CD installer. Not quite sure this was exploited earlier..
2012-04-13 11:07:36 +10:00
Steven Seeley
762324e286
Merge remote-tracking branch 'upstream/master'
2012-04-13 10:26:12 +10:00
Tod Beardsley
18d83ee6c1
Permissions fix for modicon_ladder.apx
2012-04-12 14:26:27 -05:00
sinn3r
d31771d7f9
Randomize as many nops as possible without making the exploit too unstable
2012-04-12 03:45:13 -05:00
sinn3r
0d739a1a51
Module rename. Cleanup whitespace. Fix typos.
2012-04-12 03:45:12 -05:00
Steven Seeley
14f85e406f
exploit for Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution
2012-04-12 03:45:12 -05:00
HD Moore
91e8c713f2
The go faster button
2012-04-12 01:39:18 -05:00
sinn3r
835d8b209d
clear whitespace
2012-04-12 01:08:22 -05:00
Steven Seeley
846be0e983
exploit for Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution
2012-04-12 13:10:18 +10:00
sinn3r
860add8dfe
Code cleanup
2012-04-11 20:26:52 -05:00
James Lee
810d496ade
Chmod the payload executable
...
Makes native payloads work on non-windows, thanks mihi!
2012-04-11 12:48:14 -06:00
James Lee
8ee0a5533c
Fix a NoMethodError on nil when cat'ing a file in meterpreter
...
Thanks, mihi for the report.
2012-04-11 11:46:52 -06:00
James Lee
627ae308b3
Couple of small rdoc cleanups
2012-04-11 11:45:48 -06:00
sinn3r
443f19abcf
Merge branch 'CVE-2008-5499_adobe_flashplayer_aslaunch' of https://github.com/0a2940/metasploit-framework into 0a2940-CVE-2008-5499_adobe_flashplayer_aslaunch
2012-04-11 10:04:01 -05:00
James Lee
b077efb7f0
Missed one.
2012-04-11 00:30:18 -06:00
James Lee
d0eb383655
Un-standardize printing in browser modules
...
This is now handled by the HttpServer mixin
2012-04-11 00:26:25 -06:00
James Lee
a86bdf883e
Add defaults to the print_* method arguments
...
Fixes breakage with modules that use print_line() or similar.
This commit also includes some RDoc additions and markup fixes
2012-04-11 00:14:03 -06:00
James Lee
3ad3caf450
Save the connecting client in thread-local storage
...
Allows print_* overrides to show it when it's available.
2012-04-10 23:21:55 -06:00
James Lee
090566610a
Make sure @shares is initialized
...
Fixes a stack trace when the target isn't Windows
2012-04-10 15:00:47 -06:00
Tod Beardsley
a8cd28d6d5
Merge pull request #325 from rapid7/persistence-option
...
ACTION on persistence.rb should be an OptEnum
2012-04-10 13:05:11 -07:00
Tod Beardsley
94cf69cdf8
Yank the ACTION option from persistence
...
Other problems with this module since commit
5ba5bbf077
but this should be enough to
get it working again.
2012-04-10 15:01:14 -05:00
0a2940
654701f1b2
new file: data/exploits/CVE-2008-5499.swf
...
new file: external/source/exploits/CVE-2008-5499/Exploit.as
new file: modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb
2012-04-10 20:58:22 +01:00
Tod Beardsley
03c958a9b1
ACTION on persistence.rb should be an OptEnum
...
That way, upcase / downcase problems get caught on option validation,
rather than down in the module's guts.
2012-04-10 14:45:54 -05:00
Tod Beardsley
cbc12560a5
Leading tabs, not spaces
...
There's a coding style in here that will make msftidy.rb cry, and
that's:
```
varfoo = %q|
stuff
thats
html
|
```
Usually, you want something like
varfoo = ""
varfoo << %q| stuff|
varfoo << %q| thats|
varfoo << %q| html|
That said, the Description field is usually written as tab-intended
multiline %q{} enclosures, so that's what I'll do here to make
msftidy.rb happy.
2012-04-10 14:25:00 -05:00
Tod Beardsley
cdc020ba9f
Trailing space on xpi bootstrap module
2012-04-10 14:24:08 -05:00
Tod Beardsley
3cb7cbe994
Adding another ref and a disclosuredate to mihi's XPI module
...
Calling the disclosure date 2007 since TippingPoint published a blog
post back then about this XPI confirm-and-install vector.
2012-04-10 13:59:21 -05:00
sinn3r
0e1fff2c4b
Change the output style to comply with egyp7's expectations.
2012-04-10 13:42:52 -05:00
James Lee
28534d5f6e
Merge branch 'rapid7' into bap-refactor
2012-04-10 12:42:27 -06:00
sinn3r
76c12fe7e6
Whitespace cleanup
2012-04-10 13:22:10 -05:00
sinn3r
7d8e1e5e8b
Merge branch 'firefox_xpi' of https://github.com/schierlm/metasploit-framework into schierlm-firefox_xpi
2012-04-10 13:12:12 -05:00
James Lee
e7809b1b3b
Remove print_status line from db.rb
...
Not defined in that context, causes stack traces on db_import
2012-04-10 11:07:23 -06:00
Michael Schierl
705cf41858
Add firefox_xpi_bootstrapped_addon exploit
...
This is similar to java_signed_applet as it does not exploit a vulnerability, but
hope that the user will trust the addon.
2012-04-10 13:39:54 +02:00
HD Moore
a9d733f9fe
Fix pack order
2012-04-09 21:21:42 -05:00
Tod Beardsley
366cb2ff08
Merge branch 'egypt-packetwise'
...
Added in the upstream PacketFu changes and this all looks good for the
importer. Thanks!
2012-04-09 15:59:33 -05:00
Tod Beardsley
b8129f9463
Updating PacketFu to match upstream
2012-04-09 15:47:21 -05:00
James Lee
2de0c801d9
Add vulnerable version numbers to the description
2012-04-09 14:41:42 -06:00
sinn3r
71d2ef71f8
Don't want to print vuln.info if it's nil
2012-04-09 15:38:02 -05:00
sinn3r
ab5a4beb99
Merge branch 'andurin-5837' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-andurin-5837
2012-04-09 15:18:55 -05:00
James Lee
c19a4d7a23
Put final detection results on window.os_detect object
...
Makes it easier to grab results from within a module without having to
run the detection again. I thought I had committed something like this
before, I wonder what other code I've lost...
2012-04-09 14:08:35 -06:00
HD Moore
2c473e3cdd
Fix up koyo login
2012-04-09 15:07:47 -05:00
juan
246ebca940
added module for CVE-2012-0198
2012-04-09 20:45:27 +02:00
sinn3r
a26e844ce5
Merge pull request #318 from wchen-r7/dolibarr_login
...
Add an aux module to brute force Dolibarr's login interface
2012-04-09 09:20:48 -07:00
sinn3r
2971eb2fdf
Merge pull request #315 from andurin/nessusplug
...
Fix broken nessus_safe - #6597 (freaky clown)
2012-04-09 08:03:06 -07:00
sinn3r
bef12478fc
Merge branch 'bap-refactor' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-bap-refactor
2012-04-09 09:58:22 -05:00
James Lee
037fbf655e
Standardize the print format for modules used by browser autopwn
2012-04-09 01:57:50 -06:00
James Lee
b38933328f
Send exploits that are not assocated with any browser to all of them
2012-04-09 01:53:57 -06:00
James Lee
3ca440089e
Add checks for .NET requisites
...
Also standardizes print_status format to look nicer with lots of cilents
2012-04-09 01:23:44 -06:00
James Lee
a6b106e867
Remove autopwn support for enjoysapgui_comp_download
...
No automatic targeting, the payload doesn't execute immediately, and
requires the browser be running as Admin. Bascially just not a great
candidate for being run automatically.
2012-04-09 01:05:37 -06:00