jvazquez-r7
81bca2c45a
cleanup for mongod_native_helper
2013-04-01 21:35:34 +02:00
m-1-k-3
c386d54445
check SRVHOST
2013-04-01 18:12:13 +02:00
agix
cc598bf977
Resolv a problem with mmap64 libc function and its unknown last argument
2013-04-01 17:38:09 +02:00
agix
6b639ad2ee
add memcpy to the ropchain due to the zeroed mmap function under ubuntu
2013-04-01 14:13:19 +02:00
agix
baf1ce22b3
increase mmap RWX size
2013-03-31 21:04:39 +02:00
sinn3r
6b896933dd
Merge branch 'fix_author_details' of github.com:m-1-k-3/metasploit-framework into m-1-k-3-fix_author_details
2013-03-31 13:14:47 -05:00
jvazquez-r7
0f965ddaa3
waiting for payload download on linksys_e1500_more_work
2013-03-31 16:07:14 +02:00
agix
30111e3d8b
hpsmh smhstart local exploit BOF
2013-03-31 13:04:34 +02:00
jvazquez-r7
315abd8839
fix Privileged field
2013-03-30 19:39:01 +01:00
jvazquez-r7
a46805d95d
description updated
2013-03-30 19:36:35 +01:00
jvazquez-r7
c880a63e75
Added module for ZDI-13-049
2013-03-30 19:35:04 +01:00
m-1-k-3
1d6184cd63
fixed author details
2013-03-30 12:41:31 +01:00
m-1-k-3
cd8bc2f87d
description, blind exploitation info on cmd payload
2013-03-30 12:03:14 +01:00
m-1-k-3
b0a61adc23
juans feedback included
2013-03-30 11:43:10 +01:00
jvazquez-r7
5fd996f775
added osvdb reference
2013-03-30 10:42:58 +01:00
jvazquez-r7
3bf0046e3e
Merge branch 'hp_system_management' of https://github.com/agix/metasploit-framework into agix-hp_system_management
2013-03-30 10:42:06 +01:00
m-1-k-3
7965f54890
juans feedback included
2013-03-30 08:40:42 +01:00
jvazquez-r7
607b1c5c14
little cleanup for e1500_up_exec
2013-03-29 23:16:13 +01:00
m-1-k-3
1b563ad915
stop_service
2013-03-29 22:38:06 +01:00
m-1-k-3
813ff1e61e
removed payload stuff
2013-03-29 22:32:57 +01:00
m-1-k-3
c5e358c9c3
compatible payloads
2013-03-29 20:54:35 +01:00
jvazquez-r7
714fc83cfe
Merge branch 'Ra1NX_pubcall' of https://github.com/bwall/metasploit-framework into bwall-Ra1NX_pubcall
2013-03-29 19:58:06 +01:00
m-1-k-3
0164cc34be
msftidy, generate exe, register_file_for_cleanup
2013-03-29 19:00:04 +01:00
bwall
21ea1c9ed4
Merge branch 'Ra1NX_pubcall' of https://github.com/bwall/metasploit-framework into Ra1NX_pubcall
2013-03-29 13:29:38 -04:00
bwall
10d9e86b42
Renamed file to be all lower case
2013-03-29 13:29:05 -04:00
jvazquez-r7
c55a3870a8
cleanup for hp_system_management
2013-03-29 18:02:23 +01:00
m-1-k-3
cfeddf3f34
cmd payload working, most feedback included
2013-03-29 14:43:48 +01:00
jvazquez-r7
cd1820d769
trying to solve irc comm issues
2013-03-29 12:54:57 +01:00
bwall
6cf44d9c85
added a 3 message window for recieving the check response
2013-03-28 21:14:52 -04:00
jvazquez-r7
29ad9939e1
cleanup for stunshell_eval
2013-03-28 15:11:20 +01:00
jvazquez-r7
514aed404c
Merge branch 'STUNSHELL_eval' of https://github.com/bwall/metasploit-framework into bwall-STUNSHELL_eval
2013-03-28 15:10:57 +01:00
jvazquez-r7
9b18eb858b
cleanup for stunshell_exec
2013-03-28 14:45:51 +01:00
jvazquez-r7
a7a5569725
Merge branch 'STUNSHELL_exec' of https://github.com/bwall/metasploit-framework into bwall-STUNSHELL_exec
2013-03-28 14:45:28 +01:00
agix
4a683ec9a4
Fix msftidy WARNING
2013-03-28 13:36:35 +01:00
agix
139926a25b
Fix msftidy Warning
2013-03-28 13:22:26 +01:00
agix
eec386de60
fail in git usage... sorry
2013-03-28 12:05:49 +01:00
agix
4bcadaabc1
hp system management homepage DataValidation?iprange buffer overflow
2013-03-28 12:00:17 +01:00
agix
69fb465293
Put gadgets in Target
2013-03-28 11:15:13 +01:00
agix
dee5835eab
Create mongod_native_helper.rb
...
metasploit exploit module for CVE-2013-1892
2013-03-28 03:10:38 +01:00
bwall
ce9f11aeb3
Changed the targets to be more specific
2013-03-27 17:22:29 -04:00
bwall
f14d5ba8ec
Removed extra comma
2013-03-27 17:15:34 -04:00
bwall
2a60ef2d60
Renamed and fixed some code issues
2013-03-27 17:14:41 -04:00
bwall
cc92b54e83
Moved module and cleaned code
2013-03-27 17:03:18 -04:00
bwall
76fb6ff48f
Updated ranking
2013-03-27 16:41:35 -04:00
jvazquez-r7
e25a06c649
delete comma
2013-03-27 21:33:58 +01:00
jvazquez-r7
276e8f647b
Merge branch 'v0pCr3w' of https://github.com/bwall/metasploit-framework into bwall-v0pCr3w
2013-03-27 21:33:34 +01:00
jvazquez-r7
5fc5a4f429
use target_uri
2013-03-27 20:45:34 +01:00
jvazquez-r7
f29cfbf393
cleanup for v0pCr3w_exec
2013-03-27 20:38:11 +01:00
bwall
fd302d62b8
Removed testing code
2013-03-27 12:50:42 -04:00
m-1-k-3
dfd451f875
make msftidy happy
2013-03-27 17:46:02 +01:00
jvazquez-r7
0109d81c95
fix typo
2013-03-27 17:39:18 +01:00
m-1-k-3
e042fd3697
first test of e1500 down and exec exploit
2013-03-27 17:09:17 +01:00
nmonkee
8fc67b5c4e
SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Execution
2013-03-27 15:01:46 +00:00
jvazquez-r7
c225d8244e
Added module for CVE-2013-1493
2013-03-26 22:30:18 +01:00
nmonkee
f16c8094f9
Rex::Text.rand_text_alphanumeric for file name
2013-03-26 13:53:16 +00:00
nmonkee
ff7096782f
SAP /sap/bc/soap/rfc SOAP Service SXPG_COMMAND_EXEC Function Command Injection
2013-03-26 12:16:50 +00:00
jvazquez-r7
1d95abc458
cleanup for joomla_comjce_imgmanager
2013-03-26 12:02:39 +01:00
jvazquez-r7
9b3bbd577f
module moved to unix webapps
2013-03-26 12:02:08 +01:00
jvazquez-r7
c4fcf85af2
Merge branch 'heyder-joomla' of https://github.com/heyder/metasploit-framework into heyder-heyder-joomla
2013-03-26 12:01:46 +01:00
bwall
a5346240de
Updated v0pCr3w_exec to use send_request_cgi
2013-03-26 01:33:30 -04:00
heyder
014c01099e
improve cleanup
2013-03-26 02:22:10 -03:00
sinn3r
56c07211a0
Merge branch 'actfax_raw_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-actfax_raw_bof
2013-03-25 11:56:15 -05:00
sinn3r
47e3d7de59
Merge branch 'bugs/RM7108-adobe_flash_mp4_cprt-add_resource_issue' of github.com:neinwechter/metasploit-framework into neinwechter-bugs/RM7108-adobe_flash_mp4_cprt-add_resource_issue
2013-03-25 11:46:37 -05:00
bwall
5218831167
Added license information and tidied up the code
2013-03-25 00:05:31 -04:00
bwall
e98a463de2
Added license information and tidied up code
2013-03-25 00:04:39 -04:00
bwall
e37fa3b40a
Added license information and tidied up code
2013-03-25 00:03:32 -04:00
bwall
6be88224bf
Added the license information and tidied up
2013-03-25 00:01:20 -04:00
heyder
0c169f94eb
correct some bad indent
2013-03-24 21:07:51 -03:00
jvazquez-r7
d54687cb37
fix typo
2013-03-25 00:58:47 +01:00
jvazquez-r7
26b43d9ed2
Added module for ZDI-13-050
2013-03-25 00:54:30 +01:00
heyder
50ac5cf247
Adjust payload size and others code adjustments
2013-03-24 20:25:29 -03:00
bwall
7e0b0ac092
Added STUNSHELL webshell remote command execution module
2013-03-24 15:18:08 -04:00
bwall
b23d259485
Added STUNSHELL webshell remote code evaluation[PHP] module
2013-03-24 15:16:45 -04:00
bwall
bbcf21ee24
Added v0pCr3w webshell remote command execution module
2013-03-24 15:13:42 -04:00
bwall
ca6ab7c8c2
Added Ra1NX pubcall authentication bypass exploit module
2013-03-24 14:59:27 -04:00
heyder
5bee1471df
many code adjustments
2013-03-22 23:07:08 -03:00
Nathan Einwechter
89c0e8c27e
Fix add_resource call in adobe_flas_mp5_cprt
2013-03-22 19:27:02 -04:00
jvazquez-r7
6eaf995642
cleaning exploiting string
2013-03-22 21:48:02 +01:00
jvazquez-r7
fd63283524
make msftidy happy
2013-03-22 21:46:12 +01:00
sinn3r
11754f271a
Merge branch 'mutiny_subnetmask_exec' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mutiny_subnetmask_exec
2013-03-22 13:05:16 -05:00
sinn3r
051e31c19f
Merge branch 'kingview_kingmess_kvl' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-kingview_kingmess_kvl
2013-03-22 13:00:38 -05:00
heyder
b5c65ad51b
add Joomla Component JCE File Upload Code Execution
2013-03-22 10:41:35 -03:00
jvazquez-r7
bbff20fd65
cleanup for struts_code_exec_parameters
2013-03-21 22:17:47 +01:00
jvazquez-r7
50c6a98530
Merge branch 'struts-param-rce' of https://github.com/Console/metasploit-framework into Console-struts-param-rce
2013-03-21 22:17:20 +01:00
Console
cbccda10ca
fixing issue raised by @meatballs1
2013-03-21 20:58:40 +00:00
Console
302193f98b
Various fixes and improvements
...
Chunk_length now varies according to targeturi and parameter
A few typographical inconsistences corrected
CMD option removed as its not being used
custom http request timeout removed
2013-03-21 19:03:39 +00:00
Console
8027615608
fixed comments left in by accident
2013-03-21 16:43:44 +00:00
Console
4edf5260f4
check function now tells user about delay
2013-03-21 16:40:45 +00:00
Console
a714b430ca
used normalize_uri
2013-03-21 14:05:08 +00:00
Console
5c9bec1552
commit fix branch for Console-struts-RCE
2013-03-21 13:40:16 +00:00
jvazquez-r7
cd58a6e1a1
cleanup for nagios_nrpe_arguments
2013-03-20 19:22:48 +01:00
jvazquez-r7
26dec4eb8f
last cleanup for sami_ftpd_list
2013-03-19 21:32:05 +01:00
jvazquez-r7
42efe5955b
Merge branch 'osvdb-90815' of https://github.com/dougsko/metasploit-framework into dougsko-osvdb-90815
2013-03-19 21:31:46 +01:00
jvazquez-r7
b19c51aa81
cleanup for sami_ftpd_list
2013-03-19 19:04:14 +01:00
dougsko
e2a9245b08
Changed target to Windows XP
2013-03-19 13:20:23 -03:00
sinn3r
0c0d15024a
No tabs for these
2013-03-19 08:39:47 -05:00
Joel Parish
21e9f7dbd2
Added module for CVE-2013-1362
...
Module exploits a shell code metacharacter escaping vulnerability in
poorly configured Nagios Remote Plugin Executor installations.
2013-03-19 01:43:46 -07:00
dougsko
fb90a1b497
Uses IP address length in offset calculation
2013-03-18 16:18:04 -03:00
jvazquez-r7
4aab1cc5df
delete debug code
2013-03-18 16:28:39 +01:00
jvazquez-r7
dffec1cd41
added module for cve-2012-4914
2013-03-17 21:12:40 +01:00
Doug P
3d92d6e977
removed the handler call
2013-03-15 16:48:53 -04:00
Doug P
a96283029e
made payload size a little smaller
2013-03-15 16:08:43 -04:00
Doug P
8b5c782b54
changed Platform from Windows to win
2013-03-15 15:13:52 -04:00
Doug P
8f4b3d073a
Explicitly set EXITFUNC to thread
2013-03-15 14:52:39 -04:00
Doug P
e9af05a178
made recommended changes
2013-03-15 11:35:12 -04:00
Doug P
4bb64a0f41
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-14 16:10:10 -04:00
Doug P
bbbf395659
got everything working and cleaned up
2013-03-14 16:02:41 -04:00
jvazquez-r7
d8f46e3df4
Merge branch 'module/fb_cnct_target_214' of https://github.com/zeroSteiner/metasploit-framework into zeroSteiner-module/fb_cnct_target_214
2013-03-14 16:27:58 +01:00
jvazquez-r7
6ccfa0ec18
cleanup for dreambox_openpli_shell
2013-03-14 15:02:21 +01:00
m-1-k-3
9366e3fcc5
last adjustment
2013-03-14 11:18:52 +01:00
m-1-k-3
0140caf1f0
Merge branch 'master' of git://github.com/rapid7/metasploit-framework into openpli-shell
2013-03-14 10:55:52 +01:00
Doug P
1f7b2a8e9f
minor edits
2013-03-13 17:48:37 -04:00
Doug P
fa5c988110
got sami_ftpd_list.rb working
2013-03-13 17:27:02 -04:00
jvazquez-r7
456e4449e5
definitely the free trial of 6.53 is also vulnerable
2013-03-13 20:29:07 +01:00
jvazquez-r7
5345af87f2
better description according to advisory
2013-03-13 20:25:13 +01:00
jvazquez-r7
5339c6f76e
better target description according to advisory
2013-03-13 20:23:22 +01:00
jvazquez-r7
50083996ff
better target description
2013-03-13 20:13:09 +01:00
jvazquez-r7
a2755820cb
Added module for CVE-2012-4711
2013-03-13 20:07:58 +01:00
Spencer McIntyre
458ffc1f19
Add a target for Firebird 2.1.4.18393
2013-03-13 13:44:28 -04:00
James Lee
6da4c53191
Merge remote-tracking branch 'jvazquez-r7/netcat_gaping' into rapid7
...
[Closes #1576 ]
2013-03-11 16:02:49 -05:00
Tod Beardsley
2f95d083e8
Updating URL for Honewell EBI exploit
2013-03-11 13:35:58 -05:00
Tod Beardsley
23972fbebc
Merge branch 'release'
2013-03-11 13:08:30 -05:00
Tod Beardsley
d81d9261e7
Adding Honeywell exploit.
2013-03-11 13:03:59 -05:00
jvazquez-r7
4852f1b9f7
modify exploits to be compatible with the new netcat payloads
2013-03-11 18:35:44 +01:00
Spencer McIntyre
8b5a83c7f5
Remove the DECODER option
2013-03-08 15:25:16 -05:00
James Lee
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
jvazquez-r7
64398d2b60
deleting some commas
2013-03-07 21:34:51 +01:00
jvazquez-r7
ab44e3e643
cleanup for fb_cnct_group
2013-03-07 21:34:07 +01:00
jvazquez-r7
25db782b03
change print location
2013-03-07 19:15:40 +01:00
jvazquez-r7
fdd7c375ad
added linux native target
2013-03-07 19:12:25 +01:00
Spencer McIntyre
398d13e053
Initial commit of the Firebird CNCT Group Number Buffer Overflow.
2013-03-07 09:51:05 -05:00
jvazquez-r7
03f3b06ccb
added module for cve-2012-3001
2013-03-07 14:23:13 +01:00
sinn3r
b65f410048
Updates the description
2013-03-06 16:37:41 -06:00
sinn3r
fee07678dd
Rename module to better describe the bug.
2013-03-06 16:33:41 -06:00
sinn3r
79d3597d31
That's not a real check...
2013-03-06 16:32:53 -06:00
sinn3r
16d7b625bc
Format cleanup
2013-03-06 16:31:39 -06:00
sinn3r
7219c7b4aa
Merge branch 'codesys_gateway_server_remote_execution.rb' of github.com:nahualito/metasploit-framework into nahualito-codesys_gateway_server_remote_execution.rb
2013-03-06 16:15:24 -06:00
Enrique A. Sanchez Montellano
aa5c9461ae
Fixed more styling issues, EOL, tabs and headers
2013-03-06 10:50:31 -08:00
Enrique A. Sanchez Montellano
437d6d6ba6
Fixed EOL, bad indent, added header, removed #!/usr/env/ruby
2013-03-06 10:44:29 -08:00
sinn3r
af9982e289
Merge branch 'codesys_gateway_server_remote_execution.rb' of github.com:nahualito/metasploit-framework into nahualito-codesys_gateway_server_remote_execution.rb
2013-03-06 12:11:58 -06:00
Enrique A. Sanchez Montellano
aa3a54fba0
Added CoDeSyS Gateway.exe Server remote execution via arbitrary file creation
2013-03-06 09:29:28 -08:00
James Lee
c0689a7d43
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-03-04 12:14:33 -06:00
sinn3r
7fa24d9060
Module rename
2013-03-04 10:54:33 -06:00
sinn3r
59b5e8e688
Merge branch 'setuid_tunnelblick' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-setuid_tunnelblick
2013-03-04 10:53:31 -06:00
sinn3r
12247d47ba
Rename module, sorry, no pull request.
2013-03-04 10:46:05 -06:00
jvazquez-r7
a980bf0ef6
minor fixes
2013-03-03 19:54:17 +01:00
jvazquez-r7
248481f195
fixed EOF
2013-03-03 19:52:31 +01:00
jvazquez-r7
81e2dbc71e
added module for CVE-2012-3485
2013-03-03 19:48:12 +01:00
jvazquez-r7
76180f22fc
added module for cve-2012-4284
2013-03-03 13:23:21 +01:00
David Maloney
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
David Maloney
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
Joe Rozner
abdcde06cd
Fix polarcms_upload_exec exploit
2013-02-25 22:58:26 -08:00
sinn3r
181e3c0496
Uses normalize_uri
2013-02-25 19:36:48 -06:00
sinn3r
1ed74b46be
Add CVE-2013-0803
...
From:
http://dev.metasploit.com/redmine/issues/7691
2013-02-25 14:14:57 -06:00
sinn3r
f3f913edc5
Correct bad naming style
2013-02-25 13:29:27 -06:00
sinn3r
690e7ec8a7
Uses normalize_uri
2013-02-25 13:28:00 -06:00
sinn3r
b930613653
Merge branch 'kordil-edms-upload-exec' of github.com:bcoles/metasploit-framework into bcoles-kordil-edms-upload-exec
2013-02-25 12:43:50 -06:00
sinn3r
5fe2c26d82
Merge branch 'bcoles-glossword_upload_exec'
2013-02-25 12:41:05 -06:00
sinn3r
52241b847a
Uses normalize_uri instead of manually adding a slash
2013-02-25 12:20:37 -06:00
Tod Beardsley
1446992253
Merge jvazquez-r7's java exploit
2013-02-25 07:19:12 -06:00
bcoles
d7c0ce4e4a
Fix 'check()' in glossword_upload_exec
2013-02-25 15:52:07 +10:30
bcoles
1f46b3aa02
Add Glossword Arbitrary File Upload Vulnerability exploit
2013-02-25 01:59:46 +10:30
sinn3r
2b65cfa5ab
Minor changes
2013-02-22 21:02:19 -06:00
sinn3r
1623877151
Merge branch 'MS13-009' of github.com:jjarmoc/metasploit-framework into jjarmoc-MS13-009
2013-02-22 20:58:42 -06:00
bcoles
002654317c
Add Kordil EDMS File Upload Vulnerability exploit
2013-02-22 23:32:17 +10:30
jvazquez-r7
5b16e26f82
change module filename
2013-02-21 20:05:13 +01:00
jvazquez-r7
b4f4cdabbc
cleanup for the module
2013-02-21 20:04:05 +01:00
jvazquez-r7
1913d60d65
multibrowser support
2013-02-21 01:13:25 +01:00
jvazquez-r7
bf216cca5c
description and references updated
2013-02-20 18:14:53 +01:00
jvazquez-r7
d7b89a2228
added security level bypass
2013-02-20 17:50:47 +01:00
jvazquez-r7
d88ad80116
Added first version of cve-2013-0431
2013-02-20 16:39:53 +01:00
David Maloney
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
James Lee
9d4a3ca729
Fix a typo that broke this module against x64
...
[SeeRM #7747 ]
2013-02-19 19:22:42 -06:00
sinn3r
37634a9e60
Merge branch 'hp_vsa_exec_9' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_vsa_exec_9
2013-02-19 12:36:39 -06:00
sinn3r
189558b862
Merge branch 'openemr_upload_exec' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-openemr_upload_exec
2013-02-19 12:25:00 -06:00
sinn3r
5108e8ef1c
Correct tab
2013-02-19 11:44:41 -06:00
sinn3r
b2664e04fb
Merge branch 'bigant_server_dupf_upload' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-bigant_server_dupf_upload
2013-02-19 11:42:04 -06:00
sinn3r
9813c815ef
Minor changes
2013-02-19 11:40:06 -06:00
sinn3r
553d7abe43
Merge branch 'bigant_server_sch_dupf_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-bigant_server_sch_dupf_bof
2013-02-19 11:26:47 -06:00
jvazquez-r7
416a7aeaa3
make msftidy happy for s4u_persistence
2013-02-18 15:23:06 +01:00
jvazquez-r7
be0feecf8f
Merge branch 's4u_persistence' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-s4u_persistence
2013-02-18 15:22:37 +01:00
Thomas McCarthy
25f8a7dcb9
Fix expire tag logic and slight clean up
...
Was a dumbass again and didn't fully understand how Optints worked when left blank at run time. If not 0 the expire tag will be inserted now. Also made it print the xpath if used because I believe it will be of value to the user for trouble shooting.
2013-02-17 22:35:52 -05:00
jvazquez-r7
322fa53d49
fix typo
2013-02-17 20:29:41 +01:00
jvazquez-r7
31a3a374c3
Added module for CVE-2012-6274
2013-02-17 20:25:39 +01:00
jvazquez-r7
1a2a0bc38e
Added module for CVE-2012-6275
2013-02-17 20:21:45 +01:00
Thomas McCarthy
a8d574e4ce
Updated one print_status
2013-02-17 14:08:33 -05:00
m-1-k-3
3ab5585107
make msftidy happy
2013-02-16 20:49:32 +01:00
m-1-k-3
121a736e28
initial commit
2013-02-16 20:42:02 +01:00
jvazquez-r7
6b1bb9e1e8
Added module for OSVDB 90222
2013-02-16 13:11:46 +01:00
jvazquez-r7
221ce22f53
make msftidy happy
2013-02-15 19:01:58 +01:00
Jeff Jarmoc
ade2c9ef56
msftidy - fix line endings.
2013-02-14 11:42:02 -06:00
Jeff Jarmoc
4c90cacffe
Send iframe when URIPATH isnt '/'
2013-02-14 11:23:08 -06:00
Jeff Jarmoc
947aa24d44
MS13-009 / CVE-2013-0025 ie_slayout_uaf.rb by Scott Bell
2013-02-14 11:18:19 -06:00
Thomas McCarthy
7b2c1afadb
I'm an idiot, fix logon xpath
2013-02-14 09:16:47 -05:00
smilingraccoon
e78cbdd14d
missed one line
2013-02-13 18:17:38 -05:00
smilingraccoon
bbf8fe0213
Use Post::File methods and fail_with
2013-02-13 18:10:05 -05:00
sinn3r
4074a12fd7
Randomize some gadgets
2013-02-13 14:12:52 -06:00
jvazquez-r7
f58cc6a2e0
more fix version info
2013-02-12 18:51:04 +01:00
jvazquez-r7
96b1cb3cfb
fix version info
2013-02-12 18:50:36 +01:00
jvazquez-r7
69267b82b0
Make stable #1318 foxit reader exploit
2013-02-12 18:44:19 +01:00
Tod Beardsley
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
jvazquez-r7
9040fcd5ae
Merge branch 'darkoperator-post2localexploit' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-post2localexploit
2013-02-12 01:52:05 +01:00
jvazquez-r7
42a6d96ff4
using Post::File methods plus little more cleanup
2013-02-12 01:33:07 +01:00
jvazquez-r7
97edbb7868
using always a vbs file to drop exe
2013-02-12 00:58:26 +01:00
Carlos Perez
5edb138a8f
fixed nil issue
2013-02-11 11:51:33 -04:00
smilingraccoon
3a499b1a6d
added s4u_persistence.rb
2013-02-10 14:22:36 -05:00
jvazquez-r7
17b349ab50
added crash to comments
2013-02-09 17:49:57 +01:00
jvazquez-r7
5b576c1ed0
fix ident and make happy msftidy
2013-02-09 17:40:45 +01:00
Carlos Perez
fea84cad10
Fix additional typos per recomendation
2013-02-08 14:47:16 -04:00
James Lee
5b3b0a8b6d
Merge branch 'dmaloney-r7-http/auth_methods' into rapid7
2013-02-08 12:45:35 -06:00
Carlos Perez
b8f0a94c3f
Fixed typos mentioned by Egypt
2013-02-08 14:42:10 -04:00
jvazquez-r7
98457c0a4d
Merge branch 'sonicwall_gms' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-sonicwall_gms
2013-02-08 19:18:57 +01:00
James Lee
9b6f2fcd1d
Use the install path to tell us the separator
...
Fixes the java target on windows victims
2013-02-08 12:10:42 -06:00
James Lee
5b398076ae
Couple of fixes for windows
...
* Catch IOError when chmod doesn't exist (i.e. Windows)
* Proper escaping for paths
2013-02-08 11:52:50 -06:00
James Lee
071df7241b
Merge branch 'rapid7' into sonicwall_gms
...
Conflicts:
modules/exploits/multi/http/sonicwall_gms_upload.rb
Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
James Lee
1f9a09d5dd
Add a method to upload and exec in one step
2013-02-07 21:09:32 -06:00
sinn3r
0ad548a777
I expect people to know what a share is.
2013-02-07 19:16:44 -06:00
sinn3r
9415e55211
Merge branch 'feature/rm5455-patch-smb_relay' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm5455-patch-smb_relay
2013-02-07 19:12:58 -06:00
Carlos Perez
c131b7ef0e
Added exception handing and return checking as requested by Sinn3r
2013-02-07 21:06:05 -04:00
Carlos Perez
19e989dff9
Initial commit fo the migrated module
2013-02-07 19:11:44 -04:00
James Lee
13d1045989
Works for java and native linux targets
2013-02-07 16:56:38 -06:00
James Lee
b6c6397da3
typo
2013-02-06 19:21:20 -06:00
James Lee
1095fe198b
Merge branch 'rapid7' into dmaloney-r7-http/auth_methods
2013-02-06 16:57:50 -06:00
sinn3r
0186e290d3
Merge branch 'ovftool_format_string_fileformat' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_fileformat
2013-02-05 15:13:51 -06:00
sinn3r
b706af54a0
Merge branch 'ovftool_format_string_browser' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_browser
2013-02-05 15:12:24 -06:00
HD Moore
80a8bab02f
Correct the CVE reference
2013-02-05 10:37:24 -06:00
sinn3r
42912bf286
Merge branch 'jjarmoc-rails_methods' of github.com:jjarmoc/metasploit-framework into jjarmoc-jjarmoc-rails_methods
2013-02-04 16:50:01 -06:00
David Maloney
44d4e298dc
Attempting to cleanup winrm auth
2013-02-04 15:48:31 -06:00
Jeff Jarmoc
9b30e354ea
Updates HTTP_METHOD option to use OptEnum.
2013-02-04 15:32:36 -06:00
sinn3r
45db43d2b3
Merge branch 'msftidy/no-twitter-handles' of github.com:todb-r7/metasploit-framework into todb-r7-msftidy/no-twitter-handles
2013-02-04 14:21:40 -06:00
David Maloney
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
David Maloney
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
David Maloney
2c3de43f4b
datastore opts cleanup
...
cleanuo digestauth datastore options in modules
2013-02-04 12:10:44 -06:00
jvazquez-r7
9ce5f39bc6
added migrate as initial script
2013-02-04 16:42:56 +01:00
jvazquez-r7
e0d4bb5799
Added module for cve-2012-3569, browser version
2013-02-04 16:37:42 +01:00
jvazquez-r7
135718a97b
Added module for cve-2012-3569, fileformat version
2013-02-04 16:36:33 +01:00
HD Moore
4c8811bb8a
Add a debug target
2013-02-03 23:24:44 -06:00
HD Moore
191eed88bc
Fix liberal matching expression on target
2013-02-03 21:50:03 -06:00
HD Moore
9379c68e51
Fix typo, auto-fingerprint, unconnected sockets
2013-02-03 21:23:05 -06:00
HD Moore
42c8a2d265
Add VU and blog references
2013-02-03 18:17:51 -06:00
HD Moore
c24da99104
Update authors, add Richard (thanks!)
2013-02-03 18:13:28 -06:00
HD Moore
9e491f0b1c
Add a fingerprint string and more comments
2013-02-03 18:03:32 -06:00
HD Moore
1f227243b8
Make it clear BadChars are ignored
2013-02-03 17:54:25 -06:00
HD Moore
214a60aa01
iFix spacing
2013-02-03 17:52:33 -06:00
HD Moore
94953d0450
Fix idents from copypasta
2013-02-03 17:48:13 -06:00
HD Moore
975230c9e7
Add the first module for unique_service_name()
2013-02-03 17:46:20 -06:00
RageLtMan
ffb88baf4a
initial module import from SV rev_ssl branch
2013-02-03 15:06:24 -05:00
Tod Beardsley
e8def29b4f
Dropping all twitter handles
...
Also adds "pbot" as an accepted lowercase word. This will come up pretty
routinley for functions and stuff.
2013-02-01 16:33:52 -06:00
sinn3r
027ba28e70
Merge branch 'jvazquez-r7-datalife_template'
2013-02-01 16:27:18 -06:00
HD Moore
a63cf6977c
Fix 1.8 support
2013-02-01 14:39:32 -06:00
jvazquez-r7
bf7bb9952e
added template stuff improve
2013-02-01 11:53:42 +01:00
sinn3r
de8572d934
Use normalize_uri for URI
2013-01-31 16:57:48 -06:00
jvazquez-r7
70b252dc7b
Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2
2013-01-31 22:32:50 +01:00
sinn3r
1a01d6d033
Fix scrutinizer checks
2013-01-31 14:48:54 -06:00
egypt
5332e80ae9
Fix errant use of .to_s instead of .path
2013-01-31 14:18:42 -06:00
jvazquez-r7
b2ce9302c6
uri normalization in the old way
2013-01-31 16:59:49 +01:00
jvazquez-r7
365e1b0557
added module for cve-2013-1412
2013-01-31 16:09:14 +01:00
sinn3r
4de5e475c3
Fix check
2013-01-31 02:15:50 -06:00
sinn3r
66ca906bfb
This is a string, not a variable
2013-01-31 01:56:05 -06:00
sinn3r
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
sinn3r
ec0db66fcb
Merge branch 'patch-2' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-2
2013-01-30 12:36:53 -06:00
sinn3r
09fd224763
Merge branch 'patch-1' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-1
2013-01-30 12:33:40 -06:00
Tod Beardsley
aaf18f0257
EOL whitespace, yo.
2013-01-29 14:22:30 -06:00
lmercer
deb9385181
Patch for smb_relay.rb to allow the share written to, to be defined in an option
...
As described in Redmine Feature #5455
2013-01-29 15:19:35 -05:00
Tod Beardsley
6002e35460
Merge pull request #1397 from wchen-r7/target_uri_fix
...
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
Jeff Jarmoc
55600ce276
Update modules/exploits/multi/http/rails_xml_yaml_code_exec.rb
...
Remove unecessary include. Tested against rails 3.2.10.
2013-01-29 11:46:02 -06:00
Jeff Jarmoc
929814dabf
Update modules/exploits/multi/http/rails_json_yaml_code_exec.rb
...
Removes unnecessary include. Tested on 3.0.19 and 2.3.15.
2013-01-29 11:04:20 -06:00
Tod Beardsley
38785015e1
Missing period in description
2013-01-28 23:08:53 -06:00
James Lee
464d048eca
Remove debugging print
2013-01-28 22:25:57 -06:00
James Lee
dc19968555
Minor cleanups
2013-01-28 22:21:03 -06:00
James Lee
c0757ce905
Add support for 2.x
2013-01-28 21:41:15 -06:00
James Lee
92c736a6a9
Move fork stuff out of exploit into payload mixin
...
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
James Lee
ee2579607a
Working against 3.0.19
2013-01-28 21:05:14 -06:00
sinn3r
690ef85ac1
Fix trailing slash problem
...
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.
Related to: [SeeRM: #7727 ]
2013-01-28 13:19:31 -06:00
James Lee
044fefd02a
Initial support for Java target
...
Still some debugging junk, needs some more love.
2013-01-28 00:02:26 -06:00
sinn3r
49aac302e6
normalize_uri() breaks URI parsing
...
Please see: http://dev.metasploit.com/redmine/issues/7727
2013-01-26 22:57:01 -06:00
jvazquez-r7
3faf4b3aca
adding sinn3r as author
2013-01-24 18:13:30 +01:00
jvazquez-r7
f1f8782a5d
Merge branch 'payload_inject.rb' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-payload_inject.rb
2013-01-24 18:13:00 +01:00
sinn3r
2cedcad810
Check PID
2013-01-24 10:46:23 -06:00
jvazquez-r7
1bccc410a3
Merge branch 'module-movabletype_upgrade_exec' of https://github.com/kacpern/metasploit-framework into kacpern-module-movabletype_upgrade_exec
2013-01-24 15:02:48 +01:00
Kacper Nowak
ba41ee9c83
- applied all the changes from #1363
...
- some extra escaping for the sake of it
- removed the timeout in http_send_raw
2013-01-24 13:15:42 +00:00
jvazquez-r7
96d0b13de2
Merge branch 'excellentrankings' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-excellentrankings
2013-01-24 13:00:01 +01:00
sinn3r
3146b7ce77
Change default target
...
ExcellentRanking requires the module to auto-target. If the payload
is universal, that works too.
2013-01-23 23:40:47 -06:00
sinn3r
0c0f4a3e66
Lower ranking because they cannot auto-target
...
In order to be qualified as ExcellentRanking, auto-target is a must,
or the module has to default to a payload that's universal for
multiple platforms. Otherwise you're wasting time in Pro.
2013-01-23 23:35:31 -06:00
sinn3r
75f3a62ac4
Explain why we need this empty on_new_session
2013-01-23 16:43:36 -06:00
sinn3r
9c3e9f798f
Lower the ranking, because it cannot auto-target.
...
When it's excellent, Pro will fire this first, and that will only
generate more traffic than actually popping a shell.
2013-01-23 16:39:24 -06:00
sinn3r
53599e4c45
It's better to have a version # in the title, easier to find
2013-01-23 16:32:57 -06:00
sinn3r
d1736b8880
Merge branch 'sonicwall_upload' of github.com:julianvilas/metasploit-framework into julianvilas-sonicwall_upload
2013-01-23 16:32:06 -06:00
sinn3r
ad108900d5
Why yes I know it's a module
2013-01-23 16:23:41 -06:00
sinn3r
22f7619892
Improve Carlos' payload injection module - See #1201
...
Lots of changes, mainly:
* Description update
* Avoid accessing protected methods
* More careful exception & return value handling
2013-01-23 16:15:14 -06:00
sinn3r
e93b7ffcaf
Add Carlos Perez's payload injection module
...
See #1201
2013-01-23 14:07:48 -06:00
sinn3r
f50c7ea551
A version number helps deciding which exploit to use
2013-01-23 11:43:39 -06:00
sinn3r
a1f8da9ff6
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-01-23 11:41:35 -06:00
sinn3r
ca144b9e84
msftidy fix
2013-01-23 11:40:12 -06:00
jvazquez-r7
dd0fdac73c
fix indent
2013-01-23 18:19:14 +01:00
Kacper Nowak
c47392f5d1
normalize_uri and path fix
2013-01-23 16:57:30 +00:00
Kacper Nowak
ff875d04e0
- RPATH changed to TARGETURI
...
- both CVE numbers referenced
- sightly changed exception handling
2013-01-23 16:50:35 +00:00
booboule
8bcf4a86ef
Update modules/exploits/multi/browser/java_jre17_method_handle.rb
...
Wrong reference type (URL instead of OSVDB)
2013-01-23 17:14:53 +01:00
Kacper Nowak
a3fa7cc6bc
adjusted disclosure date
2013-01-23 12:49:08 +00:00
jvazquez-r7
e78174297e
assuring stdapi loads on meterpreter
2013-01-23 12:44:55 +01:00
Kacper Nowak
5d6ca30422
removed spaces at EOL
2013-01-23 10:33:55 +00:00
Kacper Nowak
17d1c9f996
- expanded description
...
- updated references
2013-01-23 10:29:11 +00:00
jvazquez-r7
9c9a0d1664
Added module for cve-2012-0432
2013-01-23 10:51:29 +01:00
sinn3r
8819059499
Merge branch 'zoneminder_packagecontrol_exec' of github.com:bcoles/metasploit-framework into bcoles-zoneminder_packagecontrol_exec
2013-01-22 14:41:40 -06:00
jvazquez-r7
807bd6e88a
Merge branch 'java_jre17_glassfish_averagerangestatisticimpl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_glassfish_averagerangestatisticimpl
2013-01-22 15:33:39 +01:00
jvazquez-r7
c498930644
Merge branch 'java_jre17_method_handle' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_method_handle
2013-01-22 15:33:07 +01:00
Kacper Nowak
8a59c7b8fb
removed extra print_status() calls
2013-01-22 12:31:40 +00:00
bcoles
970591a85f
Add ZoneMinder arbitrary command execution exploit
2013-01-22 22:56:50 +10:30
Kacper Nowak
08a5f467b1
added URL for developer site
2013-01-22 12:14:38 +00:00
Kacper Nowak
cd29a88c18
added Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
2013-01-22 11:58:24 +00:00
Julian Vilas
eb92070df8
added module for CVE-2013-1359
2013-01-22 01:54:41 +01:00
jvazquez-r7
967c04e727
finally it doesn't use FileDropper atm
2013-01-20 19:54:24 +01:00
jvazquez-r7
76edbb9e1c
Merge branch 'module-jenkins-script-console' of https://github.com/zeroSteiner/metasploit-framework into zeroSteiner-module-jenkins-script-console
2013-01-20 19:53:44 +01:00
jvazquez-r7
9769efbf01
references and date updated
2013-01-20 17:38:37 +01:00
bcoles
dc318c5aed
update php_charts_exec metadata
2013-01-21 02:12:42 +10:30
bcoles
f975a42571
move and update php_charts_exec metadata
2013-01-21 02:10:48 +10:30
bcoles
6ae72e4d63
Add PHP-Charts v1.0 PHP Code Execution Exploit
2013-01-20 23:51:17 +10:30
jvazquez-r7
aed71f8446
linux stager plus little cleanup
2013-01-20 13:42:02 +01:00
Spencer McIntyre
6b40011a6f
use target_uri and normalize_uri as well as fix a cookie problem
2013-01-19 19:10:56 -05:00
Spencer McIntyre
9f7aafccdf
add module to execute commands via Jenkins Script Console
2013-01-18 14:56:52 -05:00
jvazquez-r7
3465aa00bd
title updated
2013-01-18 18:42:27 +01:00
jvazquez-r7
ef16a7fd24
cleanup
2013-01-17 21:45:13 +01:00
jvazquez-r7
670b4e8e06
cleanup
2013-01-17 21:39:41 +01:00
jvazquez-r7
78279a0397
Added new module for cve-2012-5076
2013-01-17 21:27:47 +01:00
jvazquez-r7
d0b9808fc7
Added module for CVE-2012-5088
2013-01-17 21:14:49 +01:00
jvazquez-r7
51ba500b9f
msftidy compliant
2013-01-16 12:28:09 +01:00
jvazquez-r7
49b36710c4
Merge branch 'freesshd_authbypass_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-freesshd_authbypass_update
2013-01-16 12:27:42 +01:00
jvazquez-r7
f6d34b52a5
Merge branch 'verb_auth_bypass_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-verb_auth_bypass_update
2013-01-16 12:19:49 +01:00
jvazquez-r7
2348a0b066
final cleanup and testing
2013-01-16 11:55:14 +01:00
jvazquez-r7
b43242d131
Merge branch 'module-nagios3_history_cgi' of https://github.com/jselvi/metasploit-framework into jselvi-module-nagios3_history_cgi
2013-01-16 11:54:51 +01:00
sinn3r
0f24671cf7
Changes how the usernames are loaded.
...
Allows usernames to be loaded as a file (wordlist), that way the
it's much easier to manage. It defaults to unix_users.txt,
because these usernames are common in any SSH hosts out there.
If the user only wants to try a specific user (which is better,
because you reduce traffic noise that way), then he/she can set
the USERNAME option, and that should be the only one tried --
similar to how AuthBrute behaves.
I also fixed the regex in check().
2013-01-16 02:14:52 -06:00
Jose Selvi
064ea63a72
Fixes
2013-01-16 05:22:43 +01:00
sinn3r
b3291c0329
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2013-01-15 14:10:47 -06:00
sinn3r
b5167e7695
Merge branch 'add_bap_to_itms_overflow' of github.com:jvennix-r7/metasploit-framework into jvennix-r7-add_bap_to_itms_overflow
2013-01-15 12:25:07 -06:00
Jose Selvi
18f81fd6f4
Nagios3 history.cgi exploit
2013-01-15 15:32:32 +01:00
sinn3r
04b35a38ff
Update MSB ref
2013-01-14 14:59:32 -06:00
jvazquez-r7
c6c59ace46
final cleanup
2013-01-14 20:53:19 +01:00
jvazquez-r7
5ecb0701ea
Merge branch 'freesshd_authbypass' of https://github.com/danielemartini/metasploit-framework into danielemartini-freesshd_authbypass
2013-01-14 20:52:45 +01:00
joe
771fc07264
Change :vuln_test to :os_name for checking OS.
2013-01-14 02:17:40 -06:00
joe
efcdb1097c
Add BAP options to itms_overflow module.
2013-01-14 01:42:58 -06:00
Daniele Martini
04fe1dae11
Added module for Freesshd Authentication Bypass (CVE-2012-6066)
...
This module works against FreeSSHD <= 1.2.6. Tested against
password and public key authentication methods. It will generate
a random key and password.
To use it you need to know a valid username. The module contains
a basic bruteforce methods, so you can specify more than one to try.
2013-01-13 17:08:04 +01:00
Spencer McIntyre
b178ce1895
allow the mixin to auto detect an available decoder binary
2013-01-12 17:31:11 -05:00
kernelsmith
0b130e49e7
Squashed commit of the following:
...
commit 1beebe758c32a277e0a77f7d1011a56fda707732
Author: kernelsmith <kernelsmith@kernelsmith>
Date: Fri Jan 11 17:55:27 2013 -0600
fixes missing word in descript. of rails exploit
simple omission fix in description
[Closes #1295 ]
2013-01-11 19:02:06 -06:00
sinn3r
4adf429c31
Adds one more ref
2013-01-11 01:33:26 -06:00
sinn3r
23ef8280be
Merge branch 'java_0day_refs' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-java_0day_refs
...
Conflicts:
modules/exploits/multi/browser/java_jre17_jmxbean.rb
2013-01-11 01:33:11 -06:00
HD Moore
6471a70053
Pass the X-HTTP-Method-Override parameter for compat
2013-01-10 20:27:13 -06:00
sinn3r
e709811c5a
CVE update
2013-01-10 19:51:04 -06:00
jvazquez-r7
2c05af721c
module also updated with refs
2013-01-11 00:57:05 +01:00
HD Moore
9c652d1d55
Add a note about ruby 1.9 requirements
2013-01-10 17:10:03 -06:00
jvazquez-r7
ea000d6ee0
updated authors
2013-01-10 20:48:54 +01:00
jvazquez-r7
876d889d82
added exploit for j7u10 0day
2013-01-10 20:30:43 +01:00
Bouke van der Bijl
3b491ab998
Change charlisome in the list of authors to charliesome
2013-01-10 16:12:07 +01:00
HD Moore
42ea64c21b
Merge in Rails2 support now that its in master
2013-01-10 02:14:08 -06:00
HD Moore
0b74f98946
Rescue errors and update credits
2013-01-10 01:06:46 -06:00
HD Moore
1e94b090e7
The __END__ trick is no longer needed
2013-01-10 00:29:11 -06:00
HD Moore
acabc14ec3
This restores functionality across all rails 3.x
2013-01-10 00:28:12 -06:00
HD Moore
0e92de8f61
This works against a wider range of RoR 3.x targets
2013-01-10 00:10:26 -06:00
HD Moore
5e7a4f154e
Fix platform/arch
2013-01-09 23:24:37 -06:00
HD Moore
e15c731651
Clarify credit
2013-01-09 23:22:40 -06:00
HD Moore
4c1e501ed0
Exploit for CVE-2013-0156 and new ruby-platform modules
2013-01-09 23:10:13 -06:00
jvazquez-r7
ad3ca3a6bb
regex to check version fixed
2013-01-09 23:48:55 +01:00
jvazquez-r7
5901058a61
Merge branch 'ms11_081' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms11_081
2013-01-09 23:24:14 +01:00
sinn3r
fe8b9c24cf
Merge branch 'jvazquez-r7-honeywell_tema_exec'
2013-01-09 16:08:19 -06:00
sinn3r
f3b88d34c1
Add MS11-081
2013-01-09 15:52:33 -06:00
jvazquez-r7
52157b9124
extplorer_upload_exec cleanup
2013-01-09 19:45:17 +01:00
jvazquez-r7
8f91352c4a
Merge branch 'extplorer_upload_exec' of https://github.com/bcoles/metasploit-framework into bcoles-extplorer_upload_exec
2013-01-09 19:44:43 +01:00
jvazquez-r7
7a1a9985d5
Merge branch 'mysql_login_exceptions' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mysql_login_exceptions
2013-01-09 18:21:03 +01:00
Spencer McIntyre
d79a3c8e6b
list valid DECODER values and add the sshexec module
2013-01-09 10:27:22 -05:00
jvazquez-r7
736f8db6c0
Deleting from browser autopwn
2013-01-09 09:58:20 +01:00
jvazquez-r7
377905be7f
Avoid FileDropper in this case
2013-01-09 09:15:38 +01:00
jvazquez-r7
52982c0785
Added BrowserAutopwn info
2013-01-08 19:53:34 +01:00
jvazquez-r7
0e475dfce1
improvements and testing
2013-01-08 19:43:58 +01:00
jvazquez-r7
b2575f0526
Added module for OSVDB 76681
2013-01-08 17:46:31 +01:00
sinn3r
2a1ab2c99a
Improve the module
2013-01-07 19:03:58 -06:00
sinn3r
1d3c1ec7fc
Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master
2013-01-07 19:03:35 -06:00
Charlie Eriksen
4e0fca6d0f
Adding DB error handling
...
As per sinn3r's suggestion, adding handling for the most common MySQL
errors.
Also adding HostNotPrivileged, which I encountered during my testing.
2013-01-07 23:52:13 +00:00
sinn3r
5bc1066c69
Change how modules use the mysql login functions
2013-01-07 16:12:10 -06:00
sinn3r
a59c474e3e
Merge branch 'jvazquez-r7-ibm_cognos_tm1admsd_bof'
2013-01-07 13:34:52 -06:00
Tod Beardsley
36adf86184
Various and sundry fixes for normalize_uri
2013-01-07 12:02:08 -06:00
Tod Beardsley
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Charlie Eriksen
a8df3d71ff
Changes based on Sinn3r's feedback
...
A bucket-load of changes!
- Added a fallback for if there is no Set-Cookie header
- Added a check if the cookie we produce is simply empty, meaning we
failed something :(
- Removed use of flatten. Though I may look into making that extraction
better
- Changed cgi requests to use vars_(post|get)
- Clarified a few status prints
- A few EOL space fixes
2013-01-06 12:34:27 +00:00
Charlie Eriksen
a5113f0da4
Adding a check function
...
Because it makes sense. The non-vulnerable versions doesn't have
/libs/pdf.php.
So pretty simple.
2013-01-05 18:37:29 +00:00
Charlie Eriksen
ae72022777
Improvement for CVE 2012-4915
...
Made two tiny improvements based on Meatballs' points
- Added handling for 127.0.0.1 as DB_HOST
- Added a note in the description about it changing the pasword
2013-01-05 18:23:00 +00:00
Charlie Eriksen
25cadf8b87
Adding exploit for CVE 2012-4915
...
Initial commit.
Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00
jvazquez-r7
883b3446f3
license text
2013-01-05 08:03:25 +01:00
jvazquez-r7
0a13f01f23
Added module for ZDI-12-101
2013-01-05 07:40:32 +01:00
Christian Mehlmauer
6654faf55e
Msftidy fixes
2013-01-04 09:29:34 +01:00
sinn3r
b50e040e69
Fix e-mail format, and the extra comma
2013-01-04 01:11:40 -06:00
sinn3r
6d4abe947d
Merge branch 'id_revision' of github.com:FireFart/metasploit-framework into FireFart-id_revision
2013-01-04 00:23:03 -06:00
sinn3r
38de5d63d8
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-01-03 17:49:24 -06:00
Christian Mehlmauer
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
sinn3r
b061a0f9c1
Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof
2013-01-03 17:45:24 -06:00
Christian Mehlmauer
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
jvazquez-r7
a0b4045b4b
trying to fix the variable offset length
2013-01-04 00:25:34 +01:00
sinn3r
724fa62019
Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof
2013-01-03 15:35:29 -06:00
sinn3r
6fd35482cc
This exploit should be in browser auto pwn
2013-01-03 14:45:00 -06:00
jvazquez-r7
9cea2d9af9
reference updated
2013-01-03 19:39:18 +01:00
jvazquez-r7
45808a3a44
Added module for ZDI-11-350
2013-01-03 19:17:45 +01:00
sinn3r
06b937ec11
Implements WTFUzz's no-spray technique
...
Do not try to bend the spoon, that is impossible. Instead, only
try to realize the truth: there is no spoon.
2013-01-03 11:57:47 -06:00
sinn3r
c86c6f1ba0
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2013-01-02 17:26:42 -06:00