Commit Graph

6036 Commits (e8ad66b7997bdc26722c5eee8b73f64765312b0d)

Author SHA1 Message Date
HD Moore d668e2321d Rename this to a more suitable location 2012-05-04 09:59:40 -05:00
HD Moore 6cf6a9548d Fix up the PHP CGI exploit, remove debug lines 2012-05-04 09:58:10 -05:00
sinn3r d5d35551ab Add EDB reference 2012-05-04 00:11:29 -05:00
sinn3r 6d5ceb07b6 Merge pull request #359 from wchen-r7/solarwinds_storage_manager_sql
Add Solarwinds Storage Manager 5.1.0 SQL Injection (code execution)
2012-05-03 22:02:12 -07:00
sinn3r 9a36017271 no unicode 2012-05-04 00:01:03 -05:00
sinn3r 25b11a02b5 Update the comment for check() 2012-05-03 20:37:36 -05:00
sinn3r 4bf674ece6 Pff, and of course, I had to make a typo on that one 2012-05-03 20:34:52 -05:00
sinn3r 1a4d3f849c A little change to the description 2012-05-03 20:33:28 -05:00
sinn3r 1cdc376f2b Merge branch 'msfvenom_nomethoderror' of https://github.com/silviupopescu/metasploit-framework into silviupopescu-msfvenom_nomethoderror 2012-05-03 20:29:06 -05:00
sinn3r 7ca69f00b0 Add Solarwinds Storage Manager 5.1.0 SQL Injection (code execution) 2012-05-03 20:24:42 -05:00
James Lee 2d1f4d4f3e Add hdm's better check method 2012-05-03 19:00:40 -06:00
James Lee 40ec3d9d40 Add an exploit module for the recent php cgi bug (CVE-2012-1823) 2012-05-03 18:51:54 -06:00
Silviu-Mihai Popescu 605e1929e4 Fixed msfvenom NoMethodError with alpha_mixed encoder.
The issue was reported on Github[1] and Redmine[2].

The error consisted of trying to use the supports?() method
on an Array instead of a PlatformList.

[1] https://github.com/rapid7/metasploit-framework/issues/357
[2] http://dev.metasploit.com/redmine/issues/6826

Reported by: Brandon Perry
Signed off by: Silviu Popescu <silviupopescu1990@gmail.com>
2012-05-03 17:47:25 +03:00
HD Moore 5151a4c530 Cosmetic 2012-05-03 00:33:09 -05:00
HD Moore 99d7b2601c Cosmetic 2012-05-03 00:31:50 -05:00
Tod Beardsley 43d730d564 Squashed commit of minor cosmetic fixes:
commit eed15ea9ecc88683c8d922fe155d4777a7ce1286
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed May 2 21:55:56 2012 -0500

    Whitespace at EOL. Dangit.

commit 8159b27728d1a4fd0ad94ff56c4b4f2b995646f8
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed May 2 16:38:01 2012 -0500

    Disambiguating 'WebCalendar'
2012-05-02 21:57:41 -05:00
James Lee dd7bc23d16 Whitespace 2012-05-02 18:06:39 -06:00
sinn3r c26dff4cff Clear whitespace 2012-05-01 17:29:27 -05:00
James Lee 1c03c2b157 Fix indentation 2012-05-01 15:21:42 -06:00
James Lee 194c0906c2 Fix a stack trace when SMBUser is nil 2012-05-01 15:21:42 -06:00
James Lee 6ab66dc59e Fix a stack trace when the SMBUser isn't set
For some reason an invalid user/pass don't seem to trigger
STATUS_ACCESS_DENIED responses, but an empty user does.
2012-05-01 15:21:42 -06:00
Alexandre Maloteaux d68d832c9d Squashed commit of the following:
commit a0b50c394962fc90afc8d6232e1875588ed7ecb3
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date:   Fri Apr 20 01:45:06 2012 +0100

    enumshare: add srvsvc netshareenum request for compatibility with win 7 / 2008r2

[Closes #346]
2012-05-01 15:21:42 -06:00
sinn3r 3e72f555ae Forgot... I don't need to print the client's IP manually anymore 2012-05-01 12:56:03 -05:00
sinn3r 3099236059 We no longer have to print the client's IP, because it's now a built-in feature. 2012-05-01 12:47:55 -05:00
juan 01b0d85526 module for cve-2012-1775 added 2012-05-01 16:39:30 +02:00
HD Moore 9988d6a430 Tabs. Sweet sweet tabs 2012-05-01 00:35:01 -05:00
sinn3r 5fec29e6b7 Add McAfee Virtual Technician ActiveX MVTControl vulnerability 2012-04-30 16:23:52 -05:00
sinn3r fd2e4c12a2 Fix possible "can't convert Fixnum into String" error 2012-04-30 13:49:53 -05:00
David Maloney 348da8e5a6 Fixes an issue with mysql probes not timing out properly. 2012-04-30 12:22:49 -05:00
HD Moore e12c29a5dc Fix up the check so it doesn't throw a marshal exception 2012-04-29 18:40:01 -05:00
HD Moore ffd91793b9 Make RMI easier to correlate, add a vulnerability check to the scanner module 2012-04-29 18:11:28 -05:00
sinn3r 46ad599673 Add CVE-2012-1495 WebCalendar settings.php code injection 2012-04-28 02:32:04 -05:00
Tod Beardsley 7904fe5bba Fixes load error for post/multi/general/execute.rb
Need to require 'msf/core/post/common' before including
Msf::Post::Common
2012-04-27 20:16:24 -05:00
David Maloney f1cd488f19 Overrirdes the autofilter results from the HTTPServer mixin for the rmi
exploit
2012-04-27 15:22:40 -05:00
HD Moore 67fe5b775a Bump this up 2012-04-27 01:23:40 -05:00
HD Moore ec831a1658 Smarter RMI class loader logic 2012-04-27 01:02:18 -05:00
HD Moore 4c2e1c2859 Small updates to the rmi modules 2012-04-27 00:07:00 -05:00
sinn3r 63ed7fcc8f Whitespace, be gone! 2012-04-26 02:38:29 -05:00
sinn3r d985ba5e5d Clean up whitespace 2012-04-26 02:36:29 -05:00
sinn3r 91763dd063 Fix 1.8 compatibility 2012-04-25 15:54:42 -05:00
sinn3r cc76438a75 Merge branch 'jlee-r7-http-print-standardization' 2012-04-25 15:38:46 -05:00
sinn3r 711fb73048 Fix more print_* 2012-04-25 15:01:50 -05:00
sinn3r f77efbf89e Change the rest of print_* 2012-04-25 14:24:17 -05:00
sinn3r 9189dea4e4 Merge branch 'http-print-standardization' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-http-print-standardization 2012-04-25 13:53:30 -05:00
HD Moore 4a8068905f Add a generic execute module and update migrate to handle a process name too 2012-04-25 12:40:20 -05:00
HD Moore 2a5a80a485 Rename and updates 2012-04-25 12:09:23 -05:00
HD Moore 03117ffa95 Add a version scanner for RMI 2012-04-25 11:24:28 -05:00
sinn3r 5bebd01eb0 Tabs vs spaces war round 2 2012-04-24 16:06:08 -05:00
sinn3r bc42375565 Fix spaces to proper hard tabs. Not very fun to do. 2012-04-24 16:03:41 -05:00
sinn3r 0671fc9ea1 Merge branch 'axis2_mods' of https://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-axis2_mods 2012-04-24 15:49:34 -05:00
sinn3r 9c9b74cae2 Small change with the description 2012-04-24 15:47:31 -05:00
sinn3r ecd7762df9 Merge branch 'shadow-exploit-module' of https://github.com/b0telh0/metasploit-framework into b0telh0-shadow-exploit-module 2012-04-24 15:30:09 -05:00
sinn3r c27195b189 Merge pull request #347 from wchen-r7/wol
Add wake-on-lan module
2012-04-24 11:50:05 -07:00
sinn3r 5bf5e8888d Minor changes 2012-04-24 13:48:45 -05:00
sinn3r e57ba79402 Merge branch 'cve-2012-0158_mscomctl_bof' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-cve-2012-0158_mscomctl_bof 2012-04-24 13:46:24 -05:00
HD Moore ac6247963c Fix a missing require 2012-04-24 11:54:07 -05:00
sinn3r 4c72193922 Fix undefined method `[something]' for nil:NilClass 2012-04-24 01:46:03 -05:00
HD Moore bfbfc19116 Cosmetic 2012-04-23 21:59:44 -05:00
HD Moore e8ac6521d1 Cosmetic 2012-04-23 21:59:09 -05:00
HD Moore 86a1a58d2c Fixes #6689 by moving to 7za which is included in the installer 2012-04-23 16:25:24 -05:00
juan cca97f2989 added module for CVE-2012-0158 2012-04-23 22:59:25 +02:00
sinn3r 90a7458b56 Lower the rank a little to favor other modules in BAP 2012-04-23 15:15:08 -05:00
HD Moore a1f9d2c27a Bump up the wait_timeout (works with the recent AR patch) and fix a typo in the http_version commit 2012-04-23 02:44:56 -05:00
HD Moore 59ecc8584d Force http_version to always make a new request, even if the information is in the DB 2012-04-23 02:39:02 -05:00
Leonardo Botelho 66ecf28451 Shadow stream recorder exploit. 2012-04-22 19:19:40 -03:00
HD Moore 1d2581ebf4 Cosmetic 2012-04-21 14:51:20 -05:00
sinn3r b0a76a1aa1 Add wake-on-lan module 2012-04-21 03:29:49 -05:00
James Lee 9cdd8912c5 Remove spurious cli.peerhost in output 2012-04-20 13:31:42 -06:00
sinn3r 37e75dc644 Make this description a little more sense 2012-04-20 12:25:51 -05:00
sinn3r b955569b10 Update the use of get2() in order to support ruby 1.9.3 2012-04-20 01:37:24 -05:00
sinn3r c68a775106 Fix EDB references 2012-04-19 23:53:32 -05:00
sinn3r 12bf301d2b Correct file name 2012-04-19 21:17:19 -05:00
sinn3r 05459ca3ff Change module description 2012-04-19 21:17:19 -05:00
sinn3r 072faa65ec Massive code cleanup 2012-04-19 21:17:19 -05:00
sinn3r 93134e6fd2 Change default target 2012-04-19 21:17:19 -05:00
unknown 47ecd36805 Implemented Changes suggested by wchen-r7 (sinn3r) 2012-04-19 21:17:19 -05:00
unknown feb625cab0 Updated module 2012-04-19 21:17:19 -05:00
unknown 8caec4777f TFTPserverST addition 2012-04-19 21:17:18 -05:00
sinn3r 93390fa6e2 Fix metadata and some cosmetic stuff 2012-04-19 19:12:27 -05:00
sinn3r bce6c9abcf Verify checksum to avoid jumping to a corrupt payload 2012-04-19 18:52:43 -05:00
sinn3r ae7c2acf9d Merge branch 'xradio-exploit-module' of https://github.com/b0telh0/metasploit-framework into b0telh0-xradio-exploit-module 2012-04-19 18:09:20 -05:00
sinn3r 9a00823828 Merge branch '0a2940-CVE-2008-5499_adobe_flashplayer_aslaunch' 2012-04-19 18:08:22 -05:00
sinn3r f5e8f57497 Minor fixes 2012-04-19 18:07:35 -05:00
sinn3r 8d1d63dda8 Correct OSVDB reference, thanks modpr0be 2012-04-19 12:04:11 -05:00
sinn3r 45997b8dd4 Fix typos 2012-04-19 10:54:05 -05:00
Tod Beardsley ce3d98bc88 vcms_login.rb description 2012-04-19 07:44:28 -05:00
sinn3r 5fde6b759f Add VCMS brute-force module 2012-04-19 02:25:03 -05:00
sinn3r 81b6e76619 Correct CVE/OSVDB/BID references, thanks Chad. 2012-04-19 00:24:56 -05:00
sinn3r 946ab1514e Correct module naming style 2012-04-18 20:45:25 -05:00
sinn3r 1065111817 Correct TARGETURI description 2012-04-18 18:57:37 -05:00
sinn3r 7071c30b4b These modules don't really print anything out with print_status(), which makes it weird to look now that we've implemented egypt's output style changes 2012-04-18 16:07:41 -05:00
sinn3r 0e45b6c06c Avoid printing ip:port twice 2012-04-18 16:01:10 -05:00
James Lee 1f577b24b2 Merge branch 'rapid7' into http-print-standardization 2012-04-18 08:51:42 -06:00
sinn3r f3ebe284ca Minor cosmetic changes 2012-04-18 02:38:25 -05:00
sinn3r 15539c633b Merge branch 'chap0-gsm' of https://github.com/chap0/metasploit-framework into chap0-chap0-gsm 2012-04-18 02:32:42 -05:00
sinn3r e52f40daf1 Cosmetic changes 2012-04-18 02:25:43 -05:00
sinn3r 01beddc609 Merge branch 'cyberlink' of https://github.com/mrmee/metasploit-framework into mrmee-cyberlink
Conflicts:
	modules/exploits/windows/fileformat/cyberlink_p2g_bof.rb
2012-04-18 02:03:59 -05:00
sinn3r 862869e4f2 Strip ms03_020_ie_objecttype from Browser AutoPwn because:
1. We have newer browser modules that can replace it, and already do.
2. It uses an egghunter that we don't favor in BAP
3. It uses system addresses, which we no longer favor.
2012-04-17 22:26:14 -05:00
James Lee a2dc890cfa Don't puke if the connection came from localhost 2012-04-17 19:49:42 -06:00
James Lee f9b2fe89b2 Merge branch 'rapid7' into http-print-standardization
Conflicts:
	modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb
	modules/exploits/windows/browser/apple_quicktime_rtsp.rb
	modules/exploits/windows/browser/apple_quicktime_smil_debug.rb
2012-04-17 19:15:06 -06:00
James Lee afe28523f3 Puts testAXO() on window so we can access it from anywhere
Also uses the new :method property which allows an array syntax.  See
ie_createobject for a usage example.
2012-04-17 18:54:26 -06:00
James Lee f9a48ace48 Switch to using :method, see previous commit 2012-04-17 18:48:14 -06:00
James Lee eedf4520be Merge branch 'rapid7' into bap-refactor 2012-04-17 16:20:11 -06:00
sinn3r 0fccc67774 Add MS12-004 to BAP 2012-04-17 16:40:32 -05:00
sinn3r 02c3b7df7a 'cli' should be 'client' 2012-04-17 07:13:17 -05:00
sinn3r 1a0c8e5d42 'cli' should be 'client' 2012-04-17 07:12:08 -05:00
sinn3r dd7caa5186 'cli' should be 'client' 2012-04-17 07:10:32 -05:00
sinn3r a8eada6016 This module should be able to support more payloads 2012-04-16 14:43:36 -05:00
sinn3r edadc19757 This module should be able to support more payloads than it should be 2012-04-16 14:41:11 -05:00
sinn3r 1e2203867c Repair 'no encoders encoded the buffer successfully' issues 2012-04-16 13:43:25 -05:00
James Lee 3e0747f5d2 Randomize guid and payload filename 2012-04-16 12:09:25 -06:00
Tod Beardsley 4bcbdc54c9 Cutting over rails3 to master.
This switches the Metasploit Framework to a Rails 3 backend. If you run
into new problems (especially around Active Record or your postgresql
gem) you should try first updating your Ruby installation to 1.9.3 and
use a more recent 'pg' gem.

If that fails, we'd love to see your bug report (just drop all the
detail you can into an issue on GitHub). In the meantime, you can
checkout the rails2 branch, which was branched from master immediately
before this cutover.

Squashed commit of the following:

commit 5802ec851580341c6717dfea529027c12678d35f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 23:30:12 2012 -0500

    Enable MSF_BUNDLE_GEMS mode by default (set to N/F/0 to disable)

commit 8102f98dce9eb0c73c4374e40dce09af7b51d060
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 23:30:03 2012 -0500

    Add a method to expand win32 file paths

commit bda6479d154cf75572dd5de8b66bfde661a55de9
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:53:44 2012 -0500

    Fix 1.8.x compatibility

commit 101ce4eb17bfdf755ef8c0a5198174668b6cd6fd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:40:59 2012 -0500

    Use verbose instead of stringio

commit 5db467ffb593488285576d183b1662093e454b3e
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:30:06 2012 -0500

    Hide the iconv warning, were stuck with it due to EBCDIC support

commit 63b9cb20eb6a61daf4effb4c8d2761c16ff0c4e0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:29:58 2012 -0500

    Dont use GEM_HOME by default

commit ca49271c22c314a4465fff934334df18c704cbc0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:23:34 2012 -0500

    Move Gemfile to root (there be dragons, lets find them) and catch failed bundler loads

commit 34af04076a068e9f60c5526045ddbba5fca359fd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:18:29 2012 -0500

    Fallback to bundler when not running inside of a installer env

commit ed1066a4f3f12fae7d4afc03eb1ab70ffe2f9cf3
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 16:26:55 2012 -0500

    Remove a mess of gems that were not actually required

commit 21290a73926809e9049a59359449168f740d13d2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:59:10 2012 -0500

    Hack around a gem() call that is well-intentioned but an obstacle in this case

commit 8e414a8bfab9641c81088d22f73033be5b37a700
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 15:06:08 2012 -0500

    Ruby, come on. Ducktype this. Please.

    Use interpolated strings to get the to_s behavior you don't get with
    just plussing.

commit 0fa92c58750f8f84edbecfaab72cd2da5062743f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:05:42 2012 -0500

    Add new eventmachine/thin gems

commit 819d5e7d45e0a16741d3852df3ed110b4d7abc44
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:01:18 2012 -0500

    Purge (reimport in a second)

commit ea6f3f6c434537ca15b6c6674e31081e27ce7f86
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:54:42 2012 -0500

    Cleanup uncessary .so files (ext vs lib)

commit d219330a3cc563e9da9f01fade016c9ed8cda21c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:53:02 2012 -0500

    PG gems built against the older installation environment

commit d6e590cfa331ae7b25313ff1471c6148a6b36f3b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:06:35 2012 -0500

    Rename to include the version

commit a893de222b97ce1222a55324f1811b0262aae2d0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 13:56:47 2012 -0500

    Detect older installation environments and load the arch-lib directories into the search path

commit 6444bba0a421921e2ebe2df2323277a586f9736f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 13:49:25 2012 -0500

    Merge in windows gems

commit 95efbcfde220917bc7ee08e6083d7b383240d185
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 13:49:33 2012 -0500

    Report_vuln shouldn't use :include in finder

    find_or_create_by doesn't take :include as a param.

commit c5f99eb87f0874ef7d32fa42828841c9a714b787
Author: David Maloney <DMaloney@rapid7.com>
Date:   Sun Apr 15 12:44:09 2012 -0500

    One more msised Mdm namespace issue

commit 2184e2bbc3dd9b0993e8f21d2811a65a0c694d68
Author: David Maloney <DMaloney@rapid7.com>
Date:   Sun Apr 15 12:33:41 2012 -0500

    Fixes some mroe Mdm namespace confusion
    Fixes #6626

commit 10cee17f391f398bb2be3409137ff7348c7a66ee
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 03:40:44 2012 -0500

    Add robots gem (required by webscan)

commit 327e674c83850101364c9cca8f8d16da1de3dfb5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 03:39:05 2012 -0500

    Fix missing error checks

commit a5a24641866e47e611d7636a3f19ba3b3ed10ac5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 01:15:37 2012 -0500

    Reorder requires and add a method for injecting a new migration path

commit 250a5fa5ae8cb05807af022aa4168907772c15f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:56:09 2012 -0500

    Remove missing constant (use string) and add gemcache cleaner

commit 37ad6063fce0a41dddedb857fa49aa2c4834a508
Merge: d47ee82 4be0361
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 00:40:16 2012 -0500

    Merge branch 'master-clone' into rails3-clone

commit d47ee82ad7e66de53dd3d3a65649cc37299a2479
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:30:03 2012 -0500

    cleanup leftovers from gems

commit 6d883b5aa8a3a7ddbcde5bfd4521d57c5b30d3c2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:25:47 2012 -0500

    MDM update with purged DBSave module

commit 71e4f2d81f6da221b76150562a16c730888f5925
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 23:19:37 2012 -0500

    Add new mdm

commit 651cd5adac8211d65e0c8079371d8264e549533a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 23:19:13 2012 -0500

    Update mdm

commit 0191a8bd0acec30ddb2a9e9c291111a12378537f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 22:30:40 2012 -0500

    This fixes numerous cases of missed Mdm:: prefixes on db objects

commit a2a9bb3f2148622c135663dead80b3367b6f7695
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 18:30:18 2012 -0500

    Add eventmachine

commit 301ddeb12b906ed3c508613ca894347bedc3b499
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 18:18:12 2012 -0500

    A nicer error for folks who need to upgrade pg

commit fa6bde1e67b12e2d3d9978f59bbc98e0c1a1a707
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:54:55 2012 -0500

    Remove bundler requirements

commit 2e3ab9ed211303f1116e602b9a450141b71e56a4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:35:38 2012 -0500

    Pull in eventmachine with actual .so's this time

commit 901fb33ff6b754ce2c2cfd51e3b0b669f6ec600b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:19:12 2012 -0500

    Update deps, still need to add eventmachine

commit 6b0e17068e8caa0601f3ef81e8dbdb672758fcbe
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 13:07:06 2012 -0500

    Handle older installer environments and only allow binary gems when the
    environment specifically asks for it

commit b98eb7873a6342834840424699caa414a5cb172a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 04:05:13 2012 -0500

    Bump version to -testing

commit 6ac508c4ba3fdc278aaf8cfe2c58d01de3395431
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:25:09 2012 -0500

    Remove msf3 subdir

commit a27dac5067635a95b4cbb773df1985f2a2dc2c5a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:24:39 2012 -0500

    Remove the old busted external

commit 5fb5a0fc642b6c301934c319db854cc3145427a1
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:03:10 2012 -0500

    Add the gemcache loader

commit 09e2d89dfd09b9ac0c123fcc4e19816c86725627
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:02:23 2012 -0500

    Purge gemfile/bundler configure in exchange for new gemcache setup

commit 3cc0264e1cfb027b515d7f24b95a74b023bd905c
Author: Tod Beardsley <todb@metasploit.com>
Date:   Thu Apr 12 14:11:45 2012 -0500

    Mode change on modicon_ladder.apx

commit c18b3d56efd639e461137acdc76b4b283fe978d4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Thu Apr 12 01:38:56 2012 -0500

    The go faster button

commit ca2a67d51d6d4c7c3ca2e745f8b018279aef668a
Merge: 674ee09 b8129f9
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Apr 9 15:50:33 2012 -0500

    Merge branch 'master-clone' into rails3-clone

    Picking up Packetfu upstream changes, all pretty minor

commit 674ee097ab8a6bc9608bf377479ccd0b87e7302b
Merge: e9513e5 a26e844
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Apr 9 13:57:26 2012 -0500

    Merge branch 'master-clone' into rails3-clone

    Conflicts:
    	lib/msf/core/handler/reverse_http.rb
    	lib/msf/core/handler/reverse_https.rb
    	modules/auxiliary/scanner/discovery/udp_probe.rb
    	modules/auxiliary/scanner/discovery/udp_sweep.rb

    Resolved conflicts with the reverse_http handlers and the udp probe /
    scanners byt favoring the more recent changes (which happened to be the
    intent anyway). The reverse_http and reverse_https changes were mine so
    I know what the intent was, and @dmaloney-r7 changed udp_probe and
    udp_sweep to use pcAnywhere_stat instead of merely pcAnywhere, so the
    intent is clear there as well.

commit e9513e54f984fdb100c13b44a1724246779ccb76
Author: David Maloney <dmaloney@melodie.gateway.2wire.net>
Date:   Fri Apr 6 18:21:46 2012 -0500

    Some fixes to how services get reported to prevent issues with the web interface

commit adeb44e9aaf1a329a0e587d2b26e678398730422
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Mon Apr 2 15:39:46 2012 -0500

    Some corrections to pcAnywhere discovery modules to distinguish between the two services

commit b13900176484fea8f5217a2ef925ae2ad9b7af47
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 31 12:03:21 2012 -0500

    Enable additional migration-path parameters, use a temporary directory to bring the database online

commit 526b4c56883f461417f71269404faef38639917c
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Wed Mar 28 23:24:56 2012 -0500

    A bunch of Mdsm fixes for .kind_of? calls, to make sure we ponit to the right place

commit 2cf3143370af808637d164ce59400605300f922c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 16:22:09 2012 -0500

    Check for ruby 2.0 as well as 1.9 for encoding override

commit 4d0f51b76d89f00f7acbce6b1f00dc6e4c4545ee
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 15:36:04 2012 -0500

    Remove debug statement

commit f5d2335e7745aa1a354f4d6c8fc9d0b3876c472a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 15:01:55 2012 -0500

    Be explicit about the Mdm namespace

commit bc8be225606d6ea38dd2a85ab4310c1c181a94ee
Author: hdm <hdm@hypo.(none)>
Date:   Mon Mar 26 11:49:51 2012 -0500

    Precalculate some uri strings in case the 1000-round generation fails

commit 4254f419723349ffb93e4aebdaeabbd7d66bf8c0
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Sat Mar 24 14:03:44 2012 -0500

    Removed some non-namespaced calls to Host

commit c8190e1bb8ad365fb0d7a1c4a9173e6c739be85c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Mar 20 00:37:00 2012 -0500

    Purge the rvmrc, this is causing major headaches

commit 76df18588917b7150a3bedf2569710a80bab51f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Mar 20 00:31:52 2012 -0500

    Switch .rvmrc to the shipping 1.9.3 version

commit 7124971d0032b268f4ddf89aca125f15e284f345
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Mon Mar 12 16:56:40 2012 -0500

    Adds mixin for looking up Mime Types by extension

commit b7ca8353164c43db6bacb2f3f16afa1269f66e43
Merge: a0b0c75 6b9a219
Author: Matt Buck <techpeace@gmail.com>
Date:   Tue Mar 6 19:38:53 2012 -0600

    Merge from develop.

commit a0b0c7528d2b8fabb76b2246a15004bc89239cf0
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Mar 6 11:08:59 2012 -0600

    Somehow migration file is new?

commit 84d2b3cb1ad6290413c3ea3222ddf9932270b105
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Wed Feb 29 16:38:55 2012 -0600

    Added ability to specify headers to redirects in http server

commit e50d27cda83872c616722adb03dc1a6a5e685405
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Feb 4 04:44:50 2012 -0600

    Tweak the event dispatcher to enable customer events without a category
    and trigger http request events from the main exploit mixin.
    Experimental

commit 0e4fd2040df49df2e6cb0e8d2c6240a03d108033
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Thu Feb 2 22:09:05 2012 -0600

    Change Msm -> Mdm in migrations. This is what was preventing migrations from finishing on first boot.

commit c94a2961d04eee84adfd42bb01ed7a3e3846b83a
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Wed Feb 1 12:48:48 2012 -0600

    Changed Gemfile to use new gem name

commit 245c2063f06b4fddbfc607d243796669ef236136
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Wed Feb 1 12:47:42 2012 -0600

    Did find/replace for final namespace of Mdm

commit 6ed9bf8430b555dcbe62daeddb2f33bd400ab5bc
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 24 10:47:44 2012 -0600

    Fix a bunch of namespace issues

commit 2fe08d9e4226c27e78d07a00178c58f528cbc72e
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Fri Jan 20 14:37:37 2012 -0600

    Update Msm contstants in migrations for initial DB builds.

commit 4cc6b8fb0440c6258bf70de77a9153468fea4ea5
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Fri Jan 20 14:37:25 2012 -0600

    Update Gemfile.lock.

commit 1cc655b678f0a054a9a783da119237fe3f67faa4
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Thu Jan 19 11:48:29 2012 -0600

    Errant Workspaces needed namespace

commit 607a78285582c530a68985add33ccf4d899c467a
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 17 15:44:02 2012 -0600

    Refactored all models to use the new namespace

    * Every model using DBManager::* namespace is now Msm namespace
    * Almost all of this in msf/base/core
    * Some in modules

commit a690cd959b3560fa2284975ca7ecca10c228fb05
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 17 13:41:44 2012 -0600

    Move bundler setup

commit dae115cc8f7619ca7a827123079cb67fb4d9354b
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Mon Jan 9 15:51:07 2012 -0600

    Moved ActiveSupport dep to gem

commit d32f8edb6e7f82079b775ffbc2b9a405d1f32b3b
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Mon Jan 9 14:40:05 2012 -0600

    Removed model require file

commit d0c74cff8c44771e566ec63b03eda10d03b25c42
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 3 16:06:10 2012 -0600

    Update some more finds

commit 4eb79ea6b58b74c309ab1f1bb0bd35fe9041de46
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 3 14:21:15 2012 -0600

    Yet another dumb commit

commit a75febcb593d52fdfe930306b4275829759d81d1
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Thu Dec 29 19:20:51 2011 -0600

    Fixing deletion

commit dc139ff2fdfc4e7cdee3901dfb863e70913d6b92
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Wed Dec 7 17:06:45 2011 -0600

    Fixed erroneous commit

commit 531c1e611cf4d23aeb9c48350dabf7630d662d25
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Mon Nov 21 16:11:35 2011 -0600

    Remove AR patch stuff; attempting to debug non-connection between MSF and Pro

commit 458611224189c7aa27e500aabd373d85dc2dc5c0
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Fri Nov 18 16:17:27 2011 -0600

    Drop ActiveRecord/ActiveSupport in preparation for upgrade
2012-04-15 23:35:38 -05:00
Leonardo Botelho fdd8afea88 minor changes 2012-04-15 22:58:58 -03:00
Leonardo Botelho 5bb087d9a7 Exploit module for xRadio Buffer Overflow. 2012-04-15 19:16:11 -03:00
Chris John Riley f4f1ec70bc Altered regex to detect Jetty hosts
Added in detection for 401 Authentication responses
Added alternative REST based run method (seen in Axis2 1.1.1)
Added check to prevent // from appearing at the start of the URI (causes issues on Jetty hosts)

There should be a default method for URI to prevent double / from appearing at the start of the path (can cause unknown issues).
2012-04-15 15:13:21 +02:00
Steven Seeley 9b2797f707 better randomization 2012-04-15 12:16:51 +10:00
Steven Seeley 50e36d3fb0 cyberlink Power2Go name attribute stack buffer overflow 2012-04-14 17:57:22 +10:00
sinn3r 4be0361f69 These modules shouldn't be here, sorry 2012-04-14 02:12:45 -05:00
chap0 c6a6b79c23 gsm sim 5.15 module, can get the download to test here >
download.cnet.com/GSM-SIM-Utility/3000-18508_4-10396246.html
2012-04-13 22:12:48 -07:00
sinn3r 5cbf447a13 Correct OSVDB reference, thanks Daniel 2012-04-13 23:34:44 -05:00
sinn3r 1927feb9c3 Merge branch 'master' of https://github.com/mrmee/metasploit-framework 2012-04-13 18:17:38 -05:00
sinn3r 2d069f8013 Add CVE-2011-4828 module 2012-04-13 18:12:16 -05:00
Steven Seeley cdd49bf16a fixed references, describe target better 2012-04-13 11:23:28 +10:00
Steven Seeley c851722d50 fixed the description... 2012-04-13 11:18:24 +10:00
Steven Seeley 9b0c211160 exploit for cyberlinks Power2Go application. I find this software installed by default on alot of HP notebooks along with the CD installer. Not quite sure this was exploited earlier.. 2012-04-13 11:07:36 +10:00
Steven Seeley 762324e286 Merge remote-tracking branch 'upstream/master' 2012-04-13 10:26:12 +10:00
sinn3r d31771d7f9 Randomize as many nops as possible without making the exploit too unstable 2012-04-12 03:45:13 -05:00
sinn3r 0d739a1a51 Module rename. Cleanup whitespace. Fix typos. 2012-04-12 03:45:12 -05:00
Steven Seeley 14f85e406f exploit for Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution 2012-04-12 03:45:12 -05:00
Steven Seeley 846be0e983 exploit for Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution 2012-04-12 13:10:18 +10:00
sinn3r 860add8dfe Code cleanup 2012-04-11 20:26:52 -05:00
James Lee 810d496ade Chmod the payload executable
Makes native payloads work on non-windows, thanks mihi!
2012-04-11 12:48:14 -06:00
sinn3r 443f19abcf Merge branch 'CVE-2008-5499_adobe_flashplayer_aslaunch' of https://github.com/0a2940/metasploit-framework into 0a2940-CVE-2008-5499_adobe_flashplayer_aslaunch 2012-04-11 10:04:01 -05:00
James Lee b077efb7f0 Missed one. 2012-04-11 00:30:18 -06:00
James Lee d0eb383655 Un-standardize printing in browser modules
This is now handled by the HttpServer mixin
2012-04-11 00:26:25 -06:00
James Lee 090566610a Make sure @shares is initialized
Fixes a stack trace when the target isn't Windows
2012-04-10 15:00:47 -06:00
Tod Beardsley 94cf69cdf8 Yank the ACTION option from persistence
Other problems with this module since commit
5ba5bbf077 but this should be enough to
get it working again.
2012-04-10 15:01:14 -05:00
0a2940 654701f1b2 new file: data/exploits/CVE-2008-5499.swf
new file:   external/source/exploits/CVE-2008-5499/Exploit.as
	new file:   modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb
2012-04-10 20:58:22 +01:00
Tod Beardsley 03c958a9b1 ACTION on persistence.rb should be an OptEnum
That way, upcase / downcase problems get caught on option validation,
rather than down in the module's guts.
2012-04-10 14:45:54 -05:00
Tod Beardsley cbc12560a5 Leading tabs, not spaces
There's a coding style in here that will make msftidy.rb cry, and
that's:

```
varfoo = %q|
    stuff
      thats
        html
|
```

Usually, you want something like

varfoo = ""
varfoo << %q|    stuff|
varfoo << %q|      thats|
varfoo << %q|        html|

That said, the Description field is usually written as tab-intended
multiline %q{} enclosures, so that's what I'll do here to make
msftidy.rb happy.
2012-04-10 14:25:00 -05:00
Tod Beardsley cdc020ba9f Trailing space on xpi bootstrap module 2012-04-10 14:24:08 -05:00
Tod Beardsley 3cb7cbe994 Adding another ref and a disclosuredate to mihi's XPI module
Calling the disclosure date 2007 since TippingPoint published a blog
post back then about this XPI confirm-and-install vector.
2012-04-10 13:59:21 -05:00
sinn3r 0e1fff2c4b Change the output style to comply with egyp7's expectations. 2012-04-10 13:42:52 -05:00
James Lee 28534d5f6e Merge branch 'rapid7' into bap-refactor 2012-04-10 12:42:27 -06:00
sinn3r 76c12fe7e6 Whitespace cleanup 2012-04-10 13:22:10 -05:00
Michael Schierl 705cf41858 Add firefox_xpi_bootstrapped_addon exploit
This is similar to java_signed_applet as it does not exploit a vulnerability, but
hope that the user will trust the addon.
2012-04-10 13:39:54 +02:00
HD Moore a9d733f9fe Fix pack order 2012-04-09 21:21:42 -05:00
James Lee 2de0c801d9 Add vulnerable version numbers to the description 2012-04-09 14:41:42 -06:00
HD Moore 2c473e3cdd Fix up koyo login 2012-04-09 15:07:47 -05:00
juan 246ebca940 added module for CVE-2012-0198 2012-04-09 20:45:27 +02:00
sinn3r a26e844ce5 Merge pull request #318 from wchen-r7/dolibarr_login
Add an aux module to brute force Dolibarr's login interface
2012-04-09 09:20:48 -07:00
sinn3r bef12478fc Merge branch 'bap-refactor' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-bap-refactor 2012-04-09 09:58:22 -05:00
James Lee 037fbf655e Standardize the print format for modules used by browser autopwn 2012-04-09 01:57:50 -06:00
James Lee b38933328f Send exploits that are not assocated with any browser to all of them 2012-04-09 01:53:57 -06:00
James Lee 3ca440089e Add checks for .NET requisites
Also standardizes print_status format to look nicer with lots of cilents
2012-04-09 01:23:44 -06:00
James Lee a6b106e867 Remove autopwn support for enjoysapgui_comp_download
No automatic targeting, the payload doesn't execute immediately, and
requires the browser be running as Admin. Bascially just not a great
candidate for being run automatically.
2012-04-09 01:05:37 -06:00
James Lee 409ba3139b Add bap checks for blackice exploit 2012-04-09 00:50:04 -06:00
sinn3r 5fefb47b7f Some cosmetic changes 2012-04-09 01:43:20 -05:00
sinn3r 95dbb8a818 Merge branch 'snort-dce-rpc' of https://github.com/carmaa/metasploit-framework into carmaa-snort-dce-rpc 2012-04-09 00:17:44 -05:00
James Lee da1cb2b81d ActiveX controls require IE 2012-04-08 22:07:09 -06:00
sinn3r 9cec9639c7 Add an aux module to brute force Dolibarr's login interface 2012-04-08 18:16:38 -05:00
James Lee f520af036f Move next_exploit() onto window object so it's accessible everywhere
I swear I committed this before, not sure what happened.
2012-04-08 17:11:15 -06:00
Carsten Maartmann-Moe ce0de02a2a Modified for 8-space tabs 2012-04-08 16:09:28 -04:00
Carsten Maartmann-Moe 89c1894e07 Minor formatting changes, tabs etc. and comments for clarity 2012-04-08 15:45:23 -04:00
sinn3r 51bdfe14fd 2012, not 2011, oops 2012-04-08 13:21:37 -05:00
sinn3r 24478e9eb5 Add Dolibarr ERP & CRM Command Injection Exploit 2012-04-08 13:20:22 -05:00
sinn3r 05eba0ab4c Cosmetic changes, mostly :-) 2012-04-07 14:47:23 -05:00
sinn3r 00ff2e3dc1 Merge branch 'CVE-2012-1195_thinkmanagement' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2012-1195_thinkmanagement 2012-04-07 14:41:19 -05:00
juan 938d5d0a75 added references for cve-2012-1196 2012-04-07 20:22:59 +02:00
juan ee7bce5995 deletion of the ASP script 2012-04-07 20:19:45 +02:00
Tod Beardsley dfe2bbc958 Use rport for modicon_password recovery, not 21. 2012-04-07 13:03:43 -05:00
juan 8761d39190 exploit module added for CVE-2012-1195 2012-04-07 19:04:17 +02:00
Carsten Maartmann-Moe b2e0acd92a Tidied up the exploit 2012-04-06 20:41:54 -04:00
andurin 4e955e5870 replace spaces with tabs 2012-04-06 10:45:10 -05:00
andurin 67e6c7b850 tomcat_mgr_deploy may report successful creds
Using following code for 'check' as 'exploit':
               report_auth_info(
                       :host   => rhost,
                       :port   => rport,
                       :sname  => (ssl ? "https" : "http"),
                       :user   => datastore['BasicAuthUser'],
                       :pass   => datastore['BasicAuthPass'],
                       :proof  => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
                       :active => true
               )

Resulting in:

Credentials
===========

host           port  user    pass    type      active?
----           ----  ----    ----    ----      -------
192.168.x.xxx  8080  tomcat  s3cret  password  true
2012-04-06 10:45:10 -05:00
Tod Beardsley 461352f24f Don't need to require net/ftp anymore
Nothing actually used it anyway.
2012-04-06 10:35:28 -05:00
sinn3r 56b10d4d23 Merge branch 'CVE-2012-0270_csound_getnum_bof' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2012-0270_csound_getnum_bof 2012-04-06 02:28:26 -05:00
sinn3r 68c81e3ae0 Add OSVDB-80661 TRENDnet SecurView ActiveX BoF 2012-04-06 02:26:04 -05:00
Carsten Maartmann-Moe b184a6dc5c Exploit for Snort CVE-2006-5276 on Windows 2012-04-05 19:46:56 -04:00
Tod Beardsley 9c8e6ac9da Ruby 1.8 compat for the SCADA modules.
But really, you should be using Ruby 1.9 by now.
2012-04-05 17:05:03 -05:00
Tod Beardsley 14e3cd75dc Revert "tomcat_mgr_deploy may report successful creds"
This reverts commit 937f8f035a.
2012-04-05 16:17:06 -05:00
juan 5c6856539e .idea dir deleted 2012-04-05 22:46:43 +02:00
juan 955de5a68c comment fixed 2012-04-05 22:46:13 +02:00
juan c5f73d3d7a added module for CVE-2012-0270_csound_getnum_bof 2012-04-05 22:35:42 +02:00
James Lee 0c3f1aab77 Tell the user what actually went wrong when migrate.rb fails 2012-04-05 11:49:03 -06:00
Tod Beardsley 14d9953634 Adding DigitalBond SCADA modules 2012-04-05 12:35:48 -05:00
Tod Beardsley eb39b5f6aa Msftidy on netop 2012-04-05 10:33:57 -05:00
sinn3r 8628991b1d Merge pull request #305 from jlee-r7/bap-refactor
Bap refactor
2012-04-05 08:02:43 -07:00
andurin 937f8f035a tomcat_mgr_deploy may report successful creds 2012-04-05 11:09:56 +02:00
James Lee 40ab362e1c Store host details in the target cache
This allows us to maintain a connection between the client and the
operating system/host where it's running.

Also fixes a counting problem for modules actually started.
2012-04-05 01:33:07 -06:00
James Lee 0ddfa79a34 Move javascriptosdetect out to its own file
Allows editors to easily highlight correctly which makes editing a
little nicer. Also makes it easier to debug because line numbers are
only off by the length of the custom_js argument.
2012-04-04 17:07:17 -06:00
James Lee 6ad0f41479 Add the client to output 2012-04-03 18:27:16 -06:00
James Lee 974d95b175 Both of these are obsoleted by java_atomicreferencearray 2012-04-03 18:23:42 -06:00
James Lee 893430894e Tell the user how many sploits we've picked 2012-04-03 18:22:56 -06:00
sinn3r c79060915a Add Chap0's netop exploit 2012-04-03 11:51:58 -05:00
chap0 48d6157d6e New NetOp Guest msf module http://www.netop.com/ 2012-04-02 16:53:51 -07:00
Tod Beardsley 9cf896ffa1 Pre-release fixups on titles and grammar
Fixing squid_pivot_scanning and enum_xchat
2012-04-02 11:24:49 -05:00
Tod Beardsley 7b0ee58d9f Fixing bug spotted by troulouliou in ipv6_neighbor
Just check for nilness, not the :symbol.
2012-04-02 10:02:59 -05:00
sinn3r bd5f43c918 Add another good reference by @mihi42 2012-04-01 01:30:50 -05:00
sinn3r bab4cddd83 Add Jeroen Frijters for finding/reporting the bug 2012-03-31 03:01:09 -05:00
sinn3r 1853f8b0c2 Merge pull request #291 from wchen-r7/enum_xchat
Add post module enum_xchat.rb
2012-03-31 00:42:15 -07:00
sinn3r 543f5ebfe2 Only display the retry message when necessary 2012-03-31 02:40:24 -05:00
sinn3r 4215030eb3 Set a limit to how many times we can retry 2012-03-31 02:38:46 -05:00
sinn3r 6e4ccaae6b Add post module to collect xchat's configs and chat logs 2012-03-31 00:15:21 -05:00
James Lee cc54a260f5 Merge remote branch 'upstream/master' 2012-03-30 14:31:12 -06:00
James Lee 0547369966 Add bap support for flash mp4 and new java bug
Also fixes a silly issue where adobe_flash_mp4_cprt was adding the
/test.mp4 resource after every request instead of just once at startup.
2012-03-30 12:59:07 -06:00
sinn3r e723704a32 Merge pull request #289 from wchen-r7/enum_colloquy
Add post module enum_colloquy.rb to collect chatlogs and the plist
2012-03-30 09:24:32 -07:00
sinn3r 18a13a4bfb Correct description 2012-03-30 11:22:55 -05:00
Steve Tornio ae21c05e69 add osvdb ref 2012-03-30 07:26:07 -05:00
sinn3r e018c6604f Modify CVE-2012-0507 2012-03-30 02:06:56 -05:00
sinn3r 8d2a58dfd8 Add post module enum_colloquy.rb to collect chatlogs and the preferences list 2012-03-29 16:24:43 -05:00
Tod Beardsley f069a32223 Merge pull request #288 from wchen-r7/cve_2012_0507
Adding sinn3r and juan's exploit for CVE-2012-0507. Blog post coming soon.
2012-03-29 08:46:49 -07:00
sinn3r 791ebdb679 Add CVE-2012-0507 (Java) 2012-03-29 10:31:14 -05:00
Tod Beardsley bd4819e8f2 Merge pull request #238 from mak/linux-x64-find-port
linux/x64/shell_find_port payload
2012-03-29 05:54:54 -07:00
Tod Beardsley 220ad7875f Merge pull request #285 from wvandevanter-r7/squid_pivot_scanning
Squid pivot scanning
2012-03-29 05:02:05 -07:00
Willis Vandevanter f5e05461f6 changed the false positive check IP to a user set variable 2012-03-28 22:18:56 -04:00
Willis Vandevanter 0fcab521d2 fixed print_bad 2012-03-28 02:32:03 -04:00
Tod Beardsley 5248ec87b5 Fixing EDB reference 2012-03-27 16:49:47 -05:00
Tod Beardsley b1683c94ef Merge pull request #281 from jlee-r7/module-tests
Module tests
2012-03-27 10:23:20 -07:00
James Lee 812457fed0 Rename enum_user_dirs 2012-03-27 10:52:16 -06:00
Tod Beardsley 5f9000efb3 Merge pull request #280 from wchen-r7/osx_airport
Add OSX Gather Airport post module
2012-03-27 05:48:26 -07:00
sinn3r e44f9d06ec Remove the extra 'require' 2012-03-27 01:24:12 -05:00
sinn3r 670e15b40f Add OSX Gather Airport post module 2012-03-27 01:18:38 -05:00
Tod Beardsley fb9163caf9 Merge pull request #278 from wchen-r7/manageengine_deviceexpert
Add OSVDB-80262 ManageEngine DeviceExpert
2012-03-26 14:42:36 -07:00
Tod Beardsley 7a74cc7694 Quoting "Chicken of the VNC"
Otherwise, this looks like a nonsense string to people not familiar with
this application.
2012-03-26 16:26:40 -05:00
Tod Beardsley 8fbf4cf6d9 Grammar on dns_txt_query_exec payload name and desc 2012-03-26 16:23:54 -05:00
Tod Beardsley d95d60670e Fix up desc again on enum_dns 2012-03-26 16:20:00 -05:00
Tod Beardsley 14b45f9fb1 More fixes to enum_dns.rb
* Should use 'and', not & (bitwise AND)
  * Made capitalization sane for Anglophones. See: http://owl.english.purdue.edu/owl/resource/592/1/
2012-03-26 16:14:04 -05:00
Tod Beardsley dc6f76eb20 Style fixes for enum_dns.rb
* Use a dotted.notation for note types
  * Changed title to something more descriptive
  * Expanded description
  * Other trivial changes
2012-03-26 16:08:39 -05:00
sinn3r 79d74b8768 ADD OSVDB-80262 2012-03-26 12:58:18 -05:00
sinn3r 19fc8d9883 Add OSVDB-80262 2012-03-26 12:42:24 -05:00
Tod Beardsley 507dd423ce Rogue period, DELETED. 2012-03-26 10:54:26 -05:00
sinn3r 182f3744de Cosmetic cleanup 2012-03-26 09:23:14 -05:00
corelanc0d3r ad32911b1a probably safer to use regex 2012-03-26 09:01:40 -05:00
Kurtis Miller e2606764cb forgot to add renamed module 2012-03-25 09:08:38 -07:00
Kurtis Miller 7ea37253a0 modifications recommended by sinn3r 2012-03-25 09:04:35 -07:00
Kurtis Miller d8ddb19b56 cve-2008-0610 windows exploit module 2012-03-25 00:14:19 -07:00
Jonathan Cran 135cf7ba04 remove trailing comma, thanks troulouliou 2012-03-23 17:00:04 -05:00
Tod Beardsley e1783acd6f Adding newline to end of ricoh_dl_bof.rb 2012-03-23 16:31:11 -05:00
Tod Beardsley 2bcf259301 Setting correct LFs on freepbx_callmenum.rb 2012-03-23 16:29:42 -05:00
wchen-r7 71462bc73d Merging in freepbx_callmenum.rb and ricoh_dl_bof.rb
[Closes #266]
2012-03-23 16:23:36 -05:00
sinn3r fbfd308d79 This actually shouldn't go it now because it's still being code reviewed 2012-03-23 15:32:24 -05:00
Tod Beardsley 47493af103 Merge pull request #259 from todb-r7/edb-2
Convert Exploit-DB references to first-tier "EDB-12345" references
2012-03-23 12:09:07 -07:00
sinn3r 6f0f9041c8 Merge pull request #267 from wchen-r7/hp_data_protector_win_cmd
Add HP Data Protector aux module for executing commands on Windows
2012-03-23 11:06:52 -07:00
sinn3r 10733f6a1c Update description 2012-03-23 13:05:40 -05:00
sinn3r fef1e31e2a Merge branch 'olliwolli-3cdaemonsp3' 2012-03-23 08:52:19 -05:00
Tod Beardsley e30623a2c9 Merge pull request #264 from wchen-r7/ricoh_dc_exploit
Add Ricoh DC DL-10 FTP Buffer Overflow
2012-03-23 06:45:02 -07:00
sinn3r 20f0a58c6a Minor fixes 2012-03-23 08:23:30 -05:00
sinn3r 41bc8ded3d Add HP Data Protector aux module for executing commands on Windows 2012-03-23 07:57:13 -05:00
Oliver-Tobias Ripka 30a3d8bb96 Add Windows SP3 to targets. 2012-03-23 13:52:18 +01:00
James Lee 17a044db89 Print the full URI
Makes everything obvious from output alone, don't need to show options
to see what RHOST is.
2012-03-22 18:44:55 -06:00
sinn3r 6625d97599 Add Ricoh DC DL-10 FTP Buffer Overflow 2012-03-22 15:30:00 -05:00
Patrick Webster 3dc0e97998 Updating description and refs to Patrick's module
There was some weirdness with the commit log on this module but it
should all be kosher now.

[Closes #260]
2012-03-22 10:30:25 -05:00
James Lee 2d29184adc Use interpolation to ensure LPORT is a string for gsub
[Fixes #6542]
2012-03-21 21:05:05 -06:00
sinn3r ddacf1dde8 Merge pull request #258 from wchen-r7/ms10_002_ie
Add CVE-2010-0248 Internet Explorer Object Handling Use After Free
2012-03-21 17:20:27 -07:00
sinn3r 0a24c354db Update ms10-002 with dyphens 2012-03-21 19:19:20 -05:00
Tod Beardsley 7d12a3ad3a Manual fixup on remaining exploit-db references 2012-03-21 16:43:21 -05:00
Tod Beardsley 2f3bbdc00c Sed replacement of exploit-db links with EDB refs
This is the result of:

find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/\([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
sinn3r 2c16eb29b6 Add CVE-2010-0248 Internet Explorer Object Handling Use After Free exploit 2012-03-21 16:11:26 -05:00
Tod Beardsley 31228ed65a Comment indentation 2012-03-21 15:21:10 -05:00
Tod Beardsley 482a1a8511 Merge pull request #253 from corelanc0d3r/dnspayload
rewrote DNS TXT query out-of-band payload delivery shellcode
2012-03-21 13:19:55 -07:00
Tod Beardsley 8f17cc3f5c MS12-020 not MS12-002 2012-03-21 13:58:18 -05:00
Tod Beardsley 23c9c51014 Fixing CVE format on sit_file_upload. 2012-03-21 09:59:20 -05:00
Tod Beardsley b09d91d1c7 Removing enum_bing_url
Moving this over to unstable until the described http request problem
gets resolved.
2012-03-21 09:33:31 -05:00
Peter Van Eeckhoutte 89d7363a8f fixed crash 2012-03-21 10:39:05 +01:00
sinn3r c64226f4b8 Fix regex 2012-03-21 04:31:49 -05:00
sinn3r 056985625d damn comma 2012-03-21 04:06:54 -05:00
sinn3r e973da7c6d Add Chicken of the VNC client profile collector module 2012-03-21 04:04:35 -05:00
Peter Van Eeckhoutte f81730a7e1 changes to the way jmp to payload is done 2012-03-21 09:52:22 +01:00
corelanc0d3r 45ef7fc35d reset author 2012-03-20 20:43:56 +01:00
sinn3r ed542e2b6c Change dns_enum to enum_dns for naming style consistency 2012-03-20 14:11:04 -05:00
sinn3r b8b5c79957 No need for net/http 2012-03-20 14:09:40 -05:00
sinn3r 777e221232 Add Bing URL enumerator by Royce (Feature #6499) 2012-03-20 14:07:42 -05:00
Tod Beardsley da963fc8b2 Adding OSVDB for dell_webcam_crazytalk.rb 2012-03-20 07:52:50 -05:00
Tod Beardsley e325469f6e Grammar fix for dell_webcam_crazytalk module 2012-03-20 07:43:02 -05:00
sinn3r f4dac59894 Add Dell Webcam CrazyTalk component BackImage overflow exploit 2012-03-20 03:46:37 -05:00
Peter Van Eeckhoutte a3035dc6d0 Adding corelandc0d3r's http/https/ftp payload
Picks up the one http/https/ftp payload, but not the other two DNS
payloads listed as part of the original pull request.

[Closes #173]
2012-03-19 16:50:59 -05:00
Tod Beardsley bff860c62d s/brute force/bruteforce
This is the preferred spelling in Metasploit, at least, according to
grep consensus:

./metasploit-framework$ grep -ri "brute force" . | wc -l
111
./metasploit-framework$ grep -ri "bruteforce" .  | wc -l
183
2012-03-19 16:14:00 -05:00
Tod Beardsley 4391c24d2f Trivial touchups on RDP DoS module.
Dropping a line about what it can't do, adding freenode comment.
2012-03-19 14:27:27 -05:00
sinn3r 3a851ef2c2 Fix typo 2012-03-19 13:20:59 -05:00
sinn3r 3d72d52625 Add reporting to MS12-020 2012-03-19 13:18:51 -05:00
sinn3r fa4504e1f6 Let's make this clear, it's just a DoS 2012-03-19 13:00:29 -05:00
sinn3r 13f16daca7 Actually, that date is way off. Corrected. 2012-03-19 12:58:52 -05:00
sinn3r d8be328b89 Ported Daniel/Alex/jduck's MS12-020 PoC as a Metasploit module 2012-03-19 12:53:34 -05:00
sinn3r cdd7a16603 Apply egypt's fix for "\n" 2012-03-19 10:19:10 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
sinn3r 7c77fe20cc Some variables don't need to be in a double-quote. 2012-03-17 20:37:42 -05:00
sinn3r acac3fa38d Add back enum_protections with some new changes 2012-03-17 16:00:20 -05:00
ohdae 14d427fa87 Added fix for enum_protections 2012-03-17 13:28:31 -04:00
sinn3r 78331bb4c1 A bunch of fixes 2012-03-17 03:14:26 -05:00
sinn3r 4a0c75f4b3 Merge branch 'post-mods' of https://github.com/ohdae/metasploit-framework 2012-03-17 02:38:35 -05:00
sinn3r ff093c3f93 The comments in get_chatlogs need an update 2012-03-17 00:28:05 -05:00
sinn3r 39cfa43250 Correct license format 2012-03-17 00:25:41 -05:00
sinn3r 3479a314e3 Add enum_adium.rb post module 2012-03-17 00:22:03 -05:00
ohdae c3f98fe284 Changed store_note to store_loot. Fixed local/remote file retrieval 2012-03-16 16:54:36 -03:00
sinn3r d3a87b59aa This module is not ready, yanked. 2012-03-16 11:49:31 -05:00
Gregory Man ba6928cbf1 sockso_traversal 1.8 compatibility fix 2012-03-16 18:12:09 +02:00
ohdae c5a4dc39c3 fix 2012-03-16 09:17:35 -04:00
ohdae 9b4ecc2777 Merge branch 'post-mods' of github.com:ohdae/metasploit-framework into post-mods 2012-03-16 09:15:47 -04:00
ohdae b635019d56 saves each config to loot instead of notes 2012-03-16 09:14:48 -04:00
sinn3r 9f0a293a53 Correct variable name 2012-03-16 01:17:39 -05:00
ohdae 13b92b97e9 Fixed incorrect variable within get_sql_history 2012-03-16 01:40:12 -03:00
ohdae f6a2e2b890 Enumerate important and interesting configuration files 2012-03-15 22:59:42 -04:00
David Maloney 6011da7db8 More Virtualisation SSL fixes 2012-03-15 19:06:48 -05:00
David Maloney e4778c2ba4 Default SSL to true for esx_fingerprint module 2012-03-15 18:15:29 -05:00
Tod Beardsley e3f2610985 Msftidy run through on the easy stuff.
Still have some hits, but that requires a little more code contortion to
fix.
2012-03-15 17:06:20 -05:00
Tod Beardsley 9144c33345 MSFTidy check for capitalization in modules
And also fixes up a dozen or so failing modules.
2012-03-15 16:38:12 -05:00
sinn3r 46dbaf8283 Fix typos and output 2012-03-15 16:10:05 -05:00
sinn3r 81b3eaa482 Fix typo 2012-03-15 15:56:24 -05:00
sinn3r db4538389c Add sockso dir traversal 2012-03-15 15:55:54 -05:00
James Lee 74e40763d6 Fix syntax error in 1.8, thanks Jun Koi for the patch 2012-03-15 14:32:16 -06:00
sinn3r e53938b9d7 Merge branch 'ohdae-post-mods' 2012-03-15 14:30:23 -05:00
sinn3r 2770199d28 enum_protections is now find_apps 2012-03-15 14:27:40 -05:00
sinn3r e5c420b676 File rename, as well as design and cosmetic changes 2012-03-15 14:22:23 -05:00
sinn3r 8b91cc54c3 Merge branch 'post-mods' of https://github.com/ohdae/metasploit-framework into ohdae-post-mods 2012-03-15 13:50:43 -05:00
ohdae 7e7b220b70 added report_note, removed store_loot function, cleaned up info/author 2012-03-15 15:29:52 -03:00
sinn3r d5f83be2d0 Cosmetic changes 2012-03-15 11:21:41 -05:00
Maciej Kotowicz 0389e47dfe fix little mistake 2012-03-15 16:21:00 +01:00
ohdae b88af39f74 fixed output newline issue 2012-03-15 12:18:29 -03:00
Gregory Man 9928b102b5 Added rails_mass_assignment module. 2012-03-15 16:56:38 +02:00
sinn3r 5250b179c8 Add CVE and OSVDB ref 2012-03-15 04:40:27 -05:00
ohdae 32002c595d fixed save line 2012-03-15 01:05:35 -03:00
ohdae c165b7b7c2 removed unneeded comments 2012-03-15 01:02:07 -03:00
ohdae 58b2d570c9 fixed output issue 2012-03-15 01:00:55 -03:00
sinn3r 65bde7ec99 Add OSVDB-79863 NetDecision Directory Traversal 2012-03-14 16:50:54 -05:00
Maciej Kotowicz f91b894375 added posibilities for generating payload from asm to more arch's
added linux/x64/shell_find_port payload
2012-03-14 22:39:56 +01:00
ohdae ffc41bf265 removed unneeded dependency 2012-03-14 18:26:53 -03:00
Jonathan Cran c38aaede03 duplicate of enum_users_history.rb 2012-03-14 16:07:49 -05:00
ohdae 5c74b7741b locates installed 3rd part av, fws, etc 2012-03-14 13:30:16 -04:00
sinn3r d1efb40d2d Fix bad path for Windows (bug #6523) - Thanks Francesco 2012-03-14 12:27:40 -05:00
sinn3r 3b880359fe Change module name to better describe the purpose of it. Also some cosmetic corrections. 2012-03-14 11:44:03 -05:00
sinn3r 704f8e391d Remove the line that's commented out 2012-03-14 11:37:43 -05:00
ohdae 60b3ee7b16 Added user specific tasks to enum_users, removed bash_hist from enum_sys, added disk space info to enum_system 2012-03-14 09:06:51 -04:00
sinn3r 50f8b6088b Fix cosmetic problems 2012-03-14 05:20:19 -05:00
sinn3r 4872e80385 Cleanup whitespace and author format 2012-03-14 05:18:00 -05:00
sinn3r 9d7e22876c Merge branch 'my-branch' of https://github.com/ohdae/metasploit-framework 2012-03-14 05:14:33 -05:00
sinn3r ecb1fda682 Add OSVDB-79651: NetDecision 4.5 HTTP Server Buffer Overflow 2012-03-14 05:13:22 -05:00
ohdae fbd076e749 removed old/ folder 2012-03-13 22:49:01 -04:00
ohdae b86fa5c85b Combined network tasks into enum_network.rb, Combined user/system tasks into enum_system.rb 2012-03-13 22:24:49 -04:00
ohdae 0fe26780b9 Merge branch 'my-branch' of github.com:ohdae/metasploit-framework into my-branch 2012-03-13 22:20:59 -04:00
ohdae 96fb9fd458 Combined network tasks into one module, Combined system/user tasks into one module 2012-03-13 22:18:24 -04:00
ohdae f79bda2dc7 Update modules/post/linux/gather/enum_linux.rb 2012-03-13 21:15:47 -03:00
ohdae 3260bc6b65 Update modules/post/linux/gather/enum_linux.rb 2012-03-13 21:14:49 -03:00
ohdae bd5950ea52 added active connections, iwconfig, if-up/down, open ports 2012-03-13 20:09:41 -04:00
ohdae 4b7e380581 Linux post ssh enum, Linux post network info 2012-03-13 17:27:21 -04:00
Tod Beardsley 81248f35c4 Changing H.323 constant for H323_STATUS_FACILITY
However, it's not actually being used in the module anywhere, so this
change appears cosmetic more than anything right now. However, I'm
inclined to believe Ricky's suggestions when it comes to H.323.

Corroborated by this 2003 post to the Ethereal mailing list:

http://www.ethereal.com/lists/ethereal-users/200311/msg00001.html

[See #6521]
2012-03-13 12:26:03 -05:00
Gregory Man b0ba10f79c Added afp_login module. 2012-03-13 10:01:42 +02:00
Gregory Man 5b13b7d1d9 Extracted common AFP functionality to mixin 2012-03-13 09:56:03 +02:00
Jonathan Cran 1cf25e58d5 merge description change 2012-03-12 17:22:01 -05:00
sinn3r 7d95132eab Use a cleaner way to calculate JRE ROP's NEG value 2012-03-11 17:27:47 -05:00
sinn3r 6c19466de8 Change output style 2012-03-11 13:59:18 -05:00
sinn3r 25a1552fbd Dynamic VirtualProtect dwSize. Change output style. 2012-03-11 13:49:46 -05:00
sinn3r b0e7c048c9 This module fits the GoodRanking description 2012-03-10 00:50:41 -06:00
sinn3r 1d5bad469c Add Windows 7 SP1 target 2012-03-10 00:11:25 -06:00
sinn3r 1ae779157d Disable Nops so we don't get an ugly crash after getting a shell 2012-03-08 18:56:58 -06:00
Tod Beardsley 1e4d4a5ba0 Removing EncoderType from flash module
Also not very useful
2012-03-08 16:57:41 -06:00
Tod Beardsley 302a42a495 Fixing up print statements
Dropping the ROP prints since they're not all that useful.
2012-03-08 16:56:44 -06:00
Tod Beardsley 1396fc19bd Fixup bad merge on flash mp4 2012-03-08 16:52:53 -06:00
sinn3r cb04e47304 Attempt #2: there's no cli in get_payload 2012-03-08 16:47:49 -06:00
sinn3r 3563fe1b36 The encoder "issue" was just a misconfig on my side. Also there's no cli in get_payload. 2012-03-08 16:41:32 -06:00
sinn3r fee2e1eff9 Minor spray size change 2012-03-08 16:19:51 -06:00
HD Moore 12395c719f Remove debugging code 2012-03-08 16:16:42 -06:00
HD Moore 87274987c1 Remove the now obsolete text about SWF_PLAYER 2012-03-08 16:16:13 -06:00
sinn3r 181fdb7365 A small title change 2012-03-08 16:10:16 -06:00
HD Moore 1271368b6f Redirect to a trailing slash to make sure relative resources load
properly
2012-03-08 15:37:06 -06:00
HD Moore b0db18674c Test out new player code 2012-03-08 15:05:12 -06:00
HD Moore eb847a3dfb Add a nicer prefix to the target selection message 2012-03-08 13:46:14 -06:00
Tod Beardsley 5b566b43b4 Catching an update from @hdmoore-r7
wrt the nuclear option.
2012-03-08 12:08:39 -06:00
sinn3r edb3f19c12 A little more padding for Win Vista target 2012-03-08 12:04:04 -06:00
Tod Beardsley 18962e1180 Checking in the new Flash exploit to the release
Using the checkout master directly:

 git checkout master external/source/exploits/CVE-2012-0754/Exploit.as
 git checkout master
modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
2012-03-08 11:55:01 -06:00
HD Moore 86fc45810b Remove the resource during cleanup 2012-03-07 23:04:53 -06:00
HD Moore b4e0daf3ca Small tweaks to the adobe mp4 exploit 2012-03-07 22:53:47 -06:00
James Lee 8d93e3ad44 Actually use the password we were given... 2012-03-08 10:17:39 -07:00
sinn3r 9ece7b08fc Add vendor's advisory as a reference 2012-03-08 00:46:34 -06:00
sinn3r 5f92bff697 Make sure no encoder will break the exploit again 2012-03-08 00:44:57 -06:00
sinn3r 2e94b97c82 Fix description 2012-03-07 23:59:51 -06:00
Tod Beardsley 57376a976d Fixes descriptions on new modules.
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:18:47 -06:00
sinn3r d9788db7bb Merge pull request #222 from jduck/master
Fixes #6483
2012-03-07 18:11:48 -08:00
sinn3r 0550b77522 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-03-07 20:04:04 -06:00
sinn3r 3b4ed13aee Fix typo 2012-03-07 20:03:46 -06:00
Tod Beardsley 33460b6bf4 Fixups on the Adobe Flash exploit description
Massaged the lines about the phishing campagin use in the wild.
2012-03-07 19:37:49 -06:00
sinn3r c76f43c066 Add CVE-2012-0754: Adobe Flash Player MP4 cprt overflow 2012-03-07 19:24:00 -06:00
Tod Beardsley f97dc8dee7 Fix spelling of the IBM product iSeries
Was I-Series.
2012-03-07 15:24:15 -06:00
sinn3r 7dfba9c00d Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-03-07 14:51:39 -06:00
sinn3r 0ee7788028 Add a check to detect the vulnerable version of Sysax SSH 2012-03-07 14:51:21 -06:00
Joshua J. Drake ab01a19f92 Fixes #6483: Correct the include for the handler (was copypasta) 2012-03-07 11:23:44 -06:00
Tod Beardsley ba2bf194fd Fixes descriptions on new modules.
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:17:22 -06:00
James Lee 02ea38516f Add a check method for tomcat_mgr_deploy 2012-03-06 23:22:44 -07:00
James Lee 2b9acb61ad Clean up some incosistent verbosity
Modules should use `vprint_*` instead of `print... if
datastore["VERBOSE"]` or similar constructs
2012-03-06 12:01:20 -07:00
sinn3r 003fa3e22c Apply patch for #6495 2012-03-06 11:43:28 -06:00
sinn3r 22a12a6dfc Add Lotus CMS exploit (OSVDB-75095) 2012-03-06 11:36:28 -06:00
HD Moore 99177e9d5e Small commit to fix bad reference and old comment 2012-03-06 01:44:26 -06:00
Willis Vandevanter 461a59e28d modified description and lowered the number of required requests 2012-03-06 00:48:54 -05:00
Willis Vandevanter 0f17bbdfdd squid pivot scanning module 2012-03-06 00:30:30 -05:00
James Lee 70162fde73 A few more author typos 2012-03-05 13:28:46 -07:00
James Lee 82c23e95d3 Module author typo 2012-03-05 13:28:46 -07:00
James Lee 3a33434867 Fix a couple of typos that throw off module authors 2012-03-05 13:28:46 -07:00
sinn3r afd1af6377 Merge branch 'apf-info' of https://github.com/gregory-m/metasploit-framework into gregory-m-apf-info 2012-03-05 11:18:23 -06:00
sinn3r 1005de0523 Port should not contain a non-numeric value or even empty when assigned to :port 2012-03-05 11:10:16 -06:00
Gregory Man 6726f07dbc afp_server_info fixes and improvements
1.9 compatibility, timeouts, reporting
2012-03-05 14:57:59 +02:00