Commit Graph

12935 Commits (da50bf90d8eaa9f9e78f1515ec393f72711f1ed3)

Author SHA1 Message Date
Steven Seeley cdd49bf16a fixed references, describe target better 2012-04-13 11:23:28 +10:00
Steven Seeley c851722d50 fixed the description... 2012-04-13 11:18:24 +10:00
Steven Seeley 9b0c211160 exploit for cyberlinks Power2Go application. I find this software installed by default on alot of HP notebooks along with the CD installer. Not quite sure this was exploited earlier.. 2012-04-13 11:07:36 +10:00
Steven Seeley 762324e286 Merge remote-tracking branch 'upstream/master' 2012-04-13 10:26:12 +10:00
Tod Beardsley 18d83ee6c1 Permissions fix for modicon_ladder.apx 2012-04-12 14:26:27 -05:00
sinn3r d31771d7f9 Randomize as many nops as possible without making the exploit too unstable 2012-04-12 03:45:13 -05:00
sinn3r 0d739a1a51 Module rename. Cleanup whitespace. Fix typos. 2012-04-12 03:45:12 -05:00
Steven Seeley 14f85e406f exploit for Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution 2012-04-12 03:45:12 -05:00
HD Moore 91e8c713f2 The go faster button 2012-04-12 01:39:18 -05:00
sinn3r 835d8b209d clear whitespace 2012-04-12 01:08:22 -05:00
Steven Seeley 846be0e983 exploit for Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution 2012-04-12 13:10:18 +10:00
sinn3r 860add8dfe Code cleanup 2012-04-11 20:26:52 -05:00
James Lee 810d496ade Chmod the payload executable
Makes native payloads work on non-windows, thanks mihi!
2012-04-11 12:48:14 -06:00
James Lee 8ee0a5533c Fix a NoMethodError on nil when cat'ing a file in meterpreter
Thanks, mihi for the report.
2012-04-11 11:46:52 -06:00
James Lee 627ae308b3 Couple of small rdoc cleanups 2012-04-11 11:45:48 -06:00
sinn3r 443f19abcf Merge branch 'CVE-2008-5499_adobe_flashplayer_aslaunch' of https://github.com/0a2940/metasploit-framework into 0a2940-CVE-2008-5499_adobe_flashplayer_aslaunch 2012-04-11 10:04:01 -05:00
James Lee b077efb7f0 Missed one. 2012-04-11 00:30:18 -06:00
James Lee d0eb383655 Un-standardize printing in browser modules
This is now handled by the HttpServer mixin
2012-04-11 00:26:25 -06:00
James Lee a86bdf883e Add defaults to the print_* method arguments
Fixes breakage with modules that use print_line() or similar.

This commit also includes some RDoc additions and markup fixes
2012-04-11 00:14:03 -06:00
James Lee 3ad3caf450 Save the connecting client in thread-local storage
Allows print_* overrides to show it when it's available.
2012-04-10 23:21:55 -06:00
James Lee 090566610a Make sure @shares is initialized
Fixes a stack trace when the target isn't Windows
2012-04-10 15:00:47 -06:00
Tod Beardsley a8cd28d6d5 Merge pull request #325 from rapid7/persistence-option
ACTION on persistence.rb should be an OptEnum
2012-04-10 13:05:11 -07:00
Tod Beardsley 94cf69cdf8 Yank the ACTION option from persistence
Other problems with this module since commit
5ba5bbf077 but this should be enough to
get it working again.
2012-04-10 15:01:14 -05:00
0a2940 654701f1b2 new file: data/exploits/CVE-2008-5499.swf
new file:   external/source/exploits/CVE-2008-5499/Exploit.as
	new file:   modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb
2012-04-10 20:58:22 +01:00
Tod Beardsley 03c958a9b1 ACTION on persistence.rb should be an OptEnum
That way, upcase / downcase problems get caught on option validation,
rather than down in the module's guts.
2012-04-10 14:45:54 -05:00
Tod Beardsley cbc12560a5 Leading tabs, not spaces
There's a coding style in here that will make msftidy.rb cry, and
that's:

```
varfoo = %q|
    stuff
      thats
        html
|
```

Usually, you want something like

varfoo = ""
varfoo << %q|    stuff|
varfoo << %q|      thats|
varfoo << %q|        html|

That said, the Description field is usually written as tab-intended
multiline %q{} enclosures, so that's what I'll do here to make
msftidy.rb happy.
2012-04-10 14:25:00 -05:00
Tod Beardsley cdc020ba9f Trailing space on xpi bootstrap module 2012-04-10 14:24:08 -05:00
Tod Beardsley 3cb7cbe994 Adding another ref and a disclosuredate to mihi's XPI module
Calling the disclosure date 2007 since TippingPoint published a blog
post back then about this XPI confirm-and-install vector.
2012-04-10 13:59:21 -05:00
sinn3r 0e1fff2c4b Change the output style to comply with egyp7's expectations. 2012-04-10 13:42:52 -05:00
James Lee 28534d5f6e Merge branch 'rapid7' into bap-refactor 2012-04-10 12:42:27 -06:00
sinn3r 76c12fe7e6 Whitespace cleanup 2012-04-10 13:22:10 -05:00
sinn3r 7d8e1e5e8b Merge branch 'firefox_xpi' of https://github.com/schierlm/metasploit-framework into schierlm-firefox_xpi 2012-04-10 13:12:12 -05:00
James Lee e7809b1b3b Remove print_status line from db.rb
Not defined in that context, causes stack traces on db_import
2012-04-10 11:07:23 -06:00
Michael Schierl 705cf41858 Add firefox_xpi_bootstrapped_addon exploit
This is similar to java_signed_applet as it does not exploit a vulnerability, but
hope that the user will trust the addon.
2012-04-10 13:39:54 +02:00
HD Moore a9d733f9fe Fix pack order 2012-04-09 21:21:42 -05:00
Tod Beardsley 366cb2ff08 Merge branch 'egypt-packetwise'
Added in the upstream PacketFu changes and this all looks good for the
importer. Thanks!
2012-04-09 15:59:33 -05:00
Tod Beardsley b8129f9463 Updating PacketFu to match upstream 2012-04-09 15:47:21 -05:00
James Lee 2de0c801d9 Add vulnerable version numbers to the description 2012-04-09 14:41:42 -06:00
sinn3r 71d2ef71f8 Don't want to print vuln.info if it's nil 2012-04-09 15:38:02 -05:00
sinn3r ab5a4beb99 Merge branch 'andurin-5837' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-andurin-5837 2012-04-09 15:18:55 -05:00
James Lee c19a4d7a23 Put final detection results on window.os_detect object
Makes it easier to grab results from within a module without having to
run the detection again.  I thought I had committed something like this
before, I wonder what other code I've lost...
2012-04-09 14:08:35 -06:00
HD Moore 2c473e3cdd Fix up koyo login 2012-04-09 15:07:47 -05:00
juan 246ebca940 added module for CVE-2012-0198 2012-04-09 20:45:27 +02:00
sinn3r a26e844ce5 Merge pull request #318 from wchen-r7/dolibarr_login
Add an aux module to brute force Dolibarr's login interface
2012-04-09 09:20:48 -07:00
sinn3r 2971eb2fdf Merge pull request #315 from andurin/nessusplug
Fix broken nessus_safe - #6597 (freaky clown)
2012-04-09 08:03:06 -07:00
sinn3r bef12478fc Merge branch 'bap-refactor' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-bap-refactor 2012-04-09 09:58:22 -05:00
James Lee 037fbf655e Standardize the print format for modules used by browser autopwn 2012-04-09 01:57:50 -06:00
James Lee b38933328f Send exploits that are not assocated with any browser to all of them 2012-04-09 01:53:57 -06:00
James Lee 3ca440089e Add checks for .NET requisites
Also standardizes print_status format to look nicer with lots of cilents
2012-04-09 01:23:44 -06:00
James Lee a6b106e867 Remove autopwn support for enjoysapgui_comp_download
No automatic targeting, the payload doesn't execute immediately, and
requires the browser be running as Admin. Bascially just not a great
candidate for being run automatically.
2012-04-09 01:05:37 -06:00