41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
0037ccceed
add osvdb ref for openx backdoor
2013-08-18 06:34:50 -05:00
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
6c0b067d7c
Land #2163 , known secret session cookie for RoR
...
From @joernchen, leverages an infoleak to gain a shell on rails
applications. There is no patch, since you are expected to keep your
secrets, well, secret.
2013-08-09 12:30:37 -05:00
969b380d71
More explicit title, grammar check on description
2013-08-09 12:27:45 -05:00
13ea8aaaad
VALIDATE_COOKIE better grammar on fail message
2013-08-09 12:26:12 -05:00
94e7164b01
Allow user to choose to validate the cookie or not
2013-08-09 12:22:28 -05:00
376c37d4cc
Two more fixes, Arch and unneeded include.
2013-08-09 09:23:50 +02:00
155c121cbb
More spacing between ends
2013-08-08 16:35:38 -05:00
f4fc0ef3fb
Moved classes into the Metasploit3 space
...
I'm just worried about all those naked classes just hanging around in
the top namespace. This shouldn't impact functionality at all.
While most modules don't define their own classes (this is usually the
job of Msf::Exploit and Rex), I can't think of a reason why you
shouldn't (well, aside from reusability). And yet, very rarely do
modules do it. It's not unknown, though -- the drda.rb capture module
defines a bunch of Constants, and the
post/windows/gather/credentials/bulletproof_ftp.rb module defines some
more interesting things.
So, this should be okay, as long as things are defined in the context of
the Metasploit module proper.
2013-08-08 16:22:34 -05:00
4e166f3da4
Adding more blank lines between methods
...
For readability
2013-08-08 16:20:38 -05:00
4a609504e3
Land #2199 , @jlee-r7's exploit for CVE-2013-4211
2013-08-08 14:57:28 -05:00
a03d71d60e
Land #2181 - More targets for hp_sys_mgmt_exec
...
Thanks mwulftange!
2013-08-08 13:35:33 -05:00
a73f87eaa5
No autodetect. Allow the user to manually select.
2013-08-08 13:34:25 -05:00
080ca0b1b1
Use fail_with when failing instead of print_error
2013-08-08 13:12:39 -05:00
ca7c0defe1
No need to rescue if we're just re-raising
2013-08-07 17:36:07 -05:00
c808930f15
Add module for CVE-2013-4211, openx backdoor
2013-08-07 17:24:47 -05:00
e7206af5b5
OSVDB and comment doc fixes
2013-08-05 09:08:17 -05:00
9955899d9a
Minor formal fixes
2013-08-04 08:03:02 +02:00
8cc07cc571
Merge Linux and Windows exploit in multi platform exploit
2013-08-02 18:49:03 +02:00
7e539332db
Reverting disaster merge to 593363c5f with diff
...
There was a disaster of a merge at 6f37cf22eb593363c5f9
2013-07-29 21:47:52 -05:00
ac28dbe734
Minor typo fix
2013-07-28 19:44:44 +02:00
8cdd163150
Module polishing, thanks @todb-r7.
...
Two test-apps (Rails 3/4) are available for this module. Ping me if you want to use them.
2013-07-28 13:52:27 +02:00
7f3eccd644
Rails 3/4 RCE w/ token
2013-07-26 20:23:18 +02:00
5014919198
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 09:02:20 -05:00
7641aa3e63
Delete stop_service calls
2013-07-24 16:35:15 -05:00
8dd7a664b4
Give a chance to FileDropper too
2013-07-24 08:57:43 -05:00
04b9e3a3e6
Add module for CVE-2013-2251
2013-07-24 08:52:02 -05:00
458ac5f289
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-17 15:02:33 -05:00
73fd14a500
Fix [SeeRM #8239 ] NoMethodError undefined method
2013-07-16 15:59:52 -05:00
c4485b127c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-04 19:43:38 -05:00
8772cfa998
Add support for PLESK on php_cgi_arg_injection
2013-07-04 08:24:25 -05:00
db00599d44
Move carberp_backdoor_exec to unix webapp exploits foler
2013-06-30 10:00:14 -05:00
d990c7f21f
Dat line
2013-06-29 09:46:36 -07:00
ec7c9b039a
Further refactoring requested
2013-06-29 09:45:22 -07:00
8542342ff6
Merge branch 'carberp_backdoor_exec' of git@github.com:bwall/metasploit-framework.git into carberp_backdoor_exec
2013-06-28 22:45:03 -07:00
b8cada9ab0
Applied some refactoring to decrease line count
2013-06-28 22:44:23 -07:00
9486364cc4
Added Steven K's email
2013-06-28 15:31:17 -07:00
fe0e16183c
Carberp backdoor eval PoC
2013-06-28 14:47:13 -07:00
0c306260be
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:13:01 -05:00
4df943d1a2
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
98fddb6ce1
up to date
2013-06-24 11:57:11 -05:00
f7650a4b18
Fix wrong local variable
2013-06-24 11:35:26 -05:00
785639148c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-20 17:18:42 -05:00
4cc1f2440d
Land #1996 , references for several modules
2013-06-20 11:32:55 -05:00
322ba27f0f
re-order refs
2013-06-20 11:17:23 -05:00
22026352e6
Land #1995 , OSVDB reference for Gitorious
2013-06-20 10:51:51 -05:00
66f4424202
fix formatting
2013-06-20 10:41:14 -05:00
a3a5dec369
add osvdb ref 94441
2013-06-20 08:03:34 -05:00
89f649ab99
add osvdb ref 89026
2013-06-20 07:28:29 -05:00
Tab Assassin
Steve Tornio
HD Moore
Tod Beardsley
joernchen of Phenoelit
jvazquez-r7
sinn3r
James Lee
Markus Wulftange
Brian Wallace
(B)rian (Wall)ace
William Vu