Commit Graph

582 Commits (e9203060b0e16b2ab4c68a1bc526217b53907347)

Author SHA1 Message Date
Joe Vennix c34af35230 Add wrt100 to the description and title.
* The wrt110 and wrt100 share the same firmware, and are both vulnerable to this
bug.
2014-01-07 10:26:15 -06:00
jvazquez-r7 7f9f4ba4db Make gsubs compliant with the new indentation standard 2013-12-31 11:06:53 -06:00
Tod Beardsley 5ce862a5b5
Add OSVDB 2013-12-26 10:33:46 -06:00
jvazquez-r7 163a54f8b1 Do send_request_cgi final clean up 2013-12-20 17:00:57 -06:00
jvazquez-r7 af13334c84 Revert gsub! 2013-12-20 11:39:49 -06:00
jvazquez-r7 1da961343a Do final (minor) cleanup 2013-12-20 11:20:29 -06:00
Markus Wulftange 929f3ea35c Turn Auxiliary module into Exploit module 2013-12-20 16:45:38 +01:00
jvazquez-r7 ec64382efc Fix cfme_manageiq_evm_upload_exec according to chat with @rcvalle 2013-12-18 11:53:30 -06:00
jvazquez-r7 a28ea18798 Clean pull request 2013-12-18 11:32:34 -06:00
Ramon de C Valle 21661b168b Add cfme_manageiq_evm_upload_exec.rb
This module exploits a path traversal vulnerability in the "linuxpkgs"
action of "agent" controller of the Red Hat CloudForms Management Engine
5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier).
2013-12-09 16:18:12 -02:00
sinn3r bf3489203a I missed this one 2013-12-03 13:13:14 -06:00
sinn3r 230db6451b Remove @peer for modules that use HttpClient
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
Tod Beardsley 55847ce074
Fixup for release
Notably, adds a description for the module landed in #2709.
2013-12-02 16:19:05 -06:00
sinn3r fc14a6c149
Land #2576 - NETGEAR ReadyNAS Perl Code Evaluation Vulnerability 2013-11-24 00:47:14 -06:00
Tod Beardsley 36db6a4d59
Land #2616, SuperMicro close_window BOF 2013-11-15 11:34:53 -06:00
Tod Beardsley 2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints

[SeeRM #8498]
2013-11-11 21:23:35 -06:00
jvazquez-r7 40f8e80775 Fix jlee-r7's feedback 2013-11-08 14:28:19 -06:00
jvazquez-r7 b7e360922d Update ranking 2013-11-07 15:10:26 -06:00
jvazquez-r7 decf6ff6a0 Add module for CVE-2013-3623 2013-11-07 14:59:40 -06:00
jvazquez-r7 c92e8ff98d Delete extra space 2013-10-30 19:34:54 -05:00
Tod Beardsley 9045eb06b0
Various title and description updates 2013-10-28 14:00:19 -05:00
jvazquez-r7 dd094eee04 Use 443 by default with SSL 2013-10-24 16:30:26 -05:00
jvazquez-r7 72f686d99a Add module for CVE-2013-2751 2013-10-24 16:10:32 -05:00
William Vu 2aed8a3aea Update modules to use new ZDI reference 2013-10-21 15:13:46 -05:00
sinn3r cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow 2013-10-21 12:03:07 -05:00
sinn3r 9bfd98b001 Change plate 2013-10-21 11:54:42 -05:00
jvazquez-r7 7dd39ae5e6 Update ranking 2013-10-17 22:43:47 -05:00
jvazquez-r7 a00a813649 Add real device libraries base addresses 2013-10-17 22:34:54 -05:00
jvazquez-r7 3d3a7b3818 Add support for OSVDB 86824 2013-10-17 01:08:01 -05:00
Tod Beardsley ba2c52c5de
Fixed up some more weird splat formatting. 2013-10-16 16:25:48 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat
[SeeRM #8496]
2013-10-15 13:51:57 -05:00
Tod Beardsley 63e40f9fba
Release time fixes to modules
* Period at the end of a description.
  * Methods shouldn't be meth_name! unless the method is destructive.
  * "Setup" is a noun, "set up" is a verb.
  * Use the clunky post module naming convention.
2013-10-14 15:17:39 -05:00
jvazquez-r7 a6f17c3ba0 Clean zabbix_sqli 2013-10-14 14:01:58 -05:00
pyoor 171b70fa7c Zabbix v2.0.8 SQLi and RCE Module
Conflicts:
	modules/exploits/linux/http/zabbix_sqli.rb

Commit completed version of zabbix_sqli.rb
2013-10-10 22:50:02 -04:00
joev 4ba001d6dd Put my short name to prevent conflicts. 2013-10-07 14:10:47 -05:00
joev ec6516d87c Deprecate misnamed module.
* Renames to a linux linksys module.
2013-10-07 14:06:13 -05:00
Tod Beardsley fcba424308
Kill off EOL spaces on astium_sqli_upload. 2013-10-03 11:01:27 -05:00
jvazquez-r7 813bd2c9a5
Land #2379, @xistence's exploit for OSVDB 88860 2013-09-26 13:52:15 -05:00
xistence c2ff5accee stability fixes to astium_sqli_upload 2013-09-26 10:23:33 +07:00
Tod Beardsley c547e84fa7 Prefer Ruby style for single word collections
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.

This change converts all Payloads to this format if there is more than
one payload to choose from.

It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.

See:
  https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
Tod Beardsley 4bff8f2cdc Update descriptions for clarity. 2013-09-23 13:48:23 -05:00
jvazquez-r7 1fc849bdd5 Land #2188, @m-1-k-3's module for OSVDB 90221 2013-09-23 11:44:43 -05:00
jvazquez-r7 71d74655f9 Modify description 2013-09-23 11:44:04 -05:00
sinn3r 0eb838156b Land #2390 - Use payload.encoded because BadChars are defined 2013-09-19 22:10:55 -05:00
jvazquez-r7 1a00cce8a9 Clean up 2013-09-19 11:51:07 -05:00
jvazquez-r7 926ddf35bc Fix possible collisions on binding port and handle rex socket 2013-09-19 08:23:25 -05:00
jvazquez-r7 accad24f31 Use payload.encoded because BadChars are defined 2013-09-18 13:03:35 -05:00
jvazquez-r7 61ab0e245c Add Context to rex sockets plus track them with add_socket 2013-09-18 12:39:08 -05:00
jvazquez-r7 1988085a94 Fix possible port conflict 2013-09-18 12:24:36 -05:00
xistence adc1bd9c65 changes made to astium_sqli_upload based on suggestions 2013-09-18 16:52:31 +07:00
xistence 82aa3f97b0 added Astium confweb 25399 RCE 2013-09-17 12:32:10 +07:00
Tod Beardsley b4b7cecaf4 Various minor desc fixes, also killed some tabs. 2013-09-16 15:50:00 -05:00
Tod Beardsley f89af79223 Correct OSVDB for sophos sblistpack exploit 2013-09-16 15:41:50 -05:00
jvazquez-r7 c18c41d8ea Don't hidde exceptions 2013-09-16 09:26:13 -05:00
jvazquez-r7 86e5163cad Fix Indentation and cleanup 2013-09-16 09:19:26 -05:00
jvazquez-r7 62cf9cb07c Retab changes for PR #2188 2013-09-16 09:09:16 -05:00
jvazquez-r7 842dba20b9 Merge for retab 2013-09-16 09:08:36 -05:00
sinn3r ac90cd1263 Land #2248 - Fix dlink upnp exec noauth 2013-09-12 15:10:20 -05:00
jvazquez-r7 c3ff9a03d8 Add module for CVE-2013-4983 2013-09-09 23:26:10 -05:00
Tab Assassin f780a41f87 Retab changes for PR #2248 2013-09-05 14:12:24 -05:00
Tab Assassin 554d1868ce Merge for retab 2013-09-05 14:12:18 -05:00
Tab Assassin 84aaf2334a Retab new material 2013-09-03 11:47:26 -05:00
Tab Assassin 0c1e6546af Update from master 2013-09-03 11:45:39 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
jvazquez-r7 0bfc12ada1 Fix the way to get a session over a telnet connection 2013-08-27 11:38:49 -05:00
jvazquez-r7 7b555679e6 Really delete the telnet target 2013-08-19 15:06:47 -05:00
jvazquez-r7 d64c8748e8 Fix descriptions and names 2013-08-19 15:05:27 -05:00
jvazquez-r7 232289d500 Add new module to exploit to through telnet dlink_upnp_exec_noauth 2013-08-19 15:01:29 -05:00
jvazquez-r7 846925e3ba Delete telnet target from dlink_upnp_exec_noauth 2013-08-19 14:56:12 -05:00
m-1-k-3 c902b0ea4b removed user and pass option 2013-08-19 18:07:11 +02:00
m-1-k-3 5fc806e3e0 little fixes 2013-08-18 16:18:27 +02:00
m-1-k-3 9ae977ec80 Merge branch 'raidsonic_telnet' of https://github.com/jvazquez-r7/metasploit-framework into raidsonic-ib5220-exec
Conflicts:
	modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb
2013-08-18 15:56:39 +02:00
sinn3r 462ccc3d36 Missed these little devils 2013-08-15 16:50:13 -05:00
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
jvazquez-r7 7a8bafd82c Beautify 2013-08-14 13:50:08 -05:00
jvazquez-r7 90aec6cff5 Fix telnet negotiation for the raidsonic case 2013-08-14 13:38:51 -05:00
jvazquez-r7 178a7b0dbb Fix author's email format 2013-08-14 11:56:47 -05:00
jvazquez-r7 2a4b8e4a64 Add useful comment 2013-08-14 11:49:32 -05:00
jvazquez-r7 e6c36864c4 Fix telnet related stuff 2013-08-14 11:47:57 -05:00
m-1-k-3 6b87240323 thx to juan ... session stuff looks better 2013-08-14 16:51:09 +02:00
sinn3r 5436ec7dd3 Title change for dlink_dir300_exec_telnet
Title change for dlink_dir300_exec_telnet. Also correct the email
format.
2013-08-09 15:41:50 -05:00
jvazquez-r7 74eeacf9f2 Fix regex 2013-08-08 08:40:45 -05:00
jvazquez-r7 821673c4d2 Try to fix a little description 2013-08-07 10:26:39 -05:00
jvazquez-r7 33ac0c5c3f Make exploit more print friendly 2013-08-07 10:21:14 -05:00
jvazquez-r7 32436973e4 Land #2192, @m-1-k-3's exploit for OSVDB-89861 2013-08-07 10:16:49 -05:00
jvazquez-r7 ae685ac41d Beautify description 2013-08-07 09:52:29 -05:00
jvazquez-r7 afb8a95f0a Land #2179, @m-1-k-3's exploit for OSVDB-92698 2013-08-07 09:00:41 -05:00
m-1-k-3 885417c9d9 removing config file from target 2013-08-06 15:11:54 +02:00
m-1-k-3 dd35495fb8 dir 300 and 600 auxiliary module replacement 2013-08-05 22:28:59 +02:00
m-1-k-3 786f16fc91 feedback included 2013-08-05 21:55:30 +02:00
m-1-k-3 2efc2a79bf fail with 2013-08-05 21:41:28 +02:00
Tod Beardsley e7206af5b5 OSVDB and comment doc fixes 2013-08-05 09:08:17 -05:00
m-1-k-3 34134b2e11 feedback included 2013-08-04 14:45:55 +02:00
m-1-k-3 b8ed364cb8 telnet user working 2013-08-03 15:07:10 +02:00
m-1-k-3 62e3c01190 raidsonic nas - command execution 2013-08-02 21:04:19 +02:00
m-1-k-3 a19afd163a feedback included 2013-08-02 17:30:39 +02:00
m-1-k-3 15906b76db dir300 and 615 command injection 2013-07-31 14:36:51 +02:00
m-1-k-3 6b514bb44a dir300 and 615 command injection telnet session 2013-07-31 14:34:03 +02:00
sinn3r 5efcbbd474 Land #2167 - PineApp Mail-SeCure livelog.html Exec 2013-07-29 13:18:18 -05:00
sinn3r 7967426db1 Land #2166 - PineApp Mail-SeCure ldapsyncnow.php EXEC 2013-07-29 13:16:42 -05:00
jvazquez-r7 a1d9ed300e Add module for ZDI-13-184 2013-07-28 09:57:41 -05:00
jvazquez-r7 f4e35b62ac Add module for ZDI-13-185 2013-07-27 12:12:06 -05:00
jvazquez-r7 fab9d33092 Fix disclosure date 2013-07-27 12:10:21 -05:00
jvazquez-r7 ac7bb1b07f Add module for ZDI-13-188 2013-07-27 03:25:39 -05:00
Tod Beardsley 147d432b1d Move from DLink to D-Link 2013-07-23 14:11:16 -05:00
jvazquez-r7 af1bd01b62 Change datastore options names for consistency 2013-07-22 16:57:32 -05:00
Tod Beardsley 5e55c506cd Land #2140, add CWS as a first-class reference. 2013-07-22 13:50:38 -05:00
Tod Beardsley 164153f1e6 Minor updates to titles and descriptions 2013-07-22 13:04:54 -05:00
jvazquez-r7 77e8250349 Add support for CWE 2013-07-22 12:13:56 -05:00
jvazquez-r7 6158415bd3 Clean CWE reference, will ad in new pr 2013-07-22 12:03:55 -05:00
jvazquez-r7 da4fda6cb1 Land #2110, @rcvalle's exploit for Foreman Ruby Injection 2013-07-22 12:02:43 -05:00
Ramon de C Valle 04e9398ddd Fix CSRF regular expressions as per review 2013-07-22 13:10:56 -03:00
jvazquez-r7 de6e2ef6f4 Final cleanup for dlink_upnp_exec_noauth 2013-07-22 10:53:09 -05:00
jvazquez-r7 c1c72dea38 Land @2127, @m-1-k-3's exploit for DLink UPNP SOAP Injection 2013-07-22 10:52:13 -05:00
Ramon de C Valle 11ef4263a4 Remove call to handler as per review 2013-07-22 12:49:42 -03:00
jvazquez-r7 4beea52449 Use instance variables 2013-07-19 14:46:17 -05:00
Ramon de C Valle 6761f95892 Change print_error/ret to fail_with as per review 2013-07-19 12:19:29 -03:00
m-1-k-3 e93eef4534 fixing server header check 2013-07-19 08:00:02 +02:00
m-1-k-3 f26b60a082 functions and some tweaking 2013-07-19 07:57:27 +02:00
jvazquez-r7 a1a6aac229 Delete debug code from mutiny_frontend_upload 2013-07-18 14:03:19 -05:00
Ramon de C Valle 8fd6dd50de Check session and CSRF variables as per review 2013-07-16 14:30:55 -03:00
Ramon de C Valle dc51c8a3a6 Change URIPATH option to TARGETURI as per review 2013-07-16 14:27:47 -03:00
Ramon de C Valle 3dbe8fab2c Add foreman_openstack_satellite_code_exec.rb
This module exploits a code injection vulnerability in the 'create'
action of 'bookmarks' controller of Foreman and Red Hat
OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
2013-07-16 12:07:31 -03:00
m-1-k-3 f594c4b128 small cleanup 2013-07-15 08:48:18 +02:00
m-1-k-3 393c1b2a99 session stuff 2013-07-15 07:57:30 +02:00
m-1-k-3 a6b48f3082 HTTP GET 2013-07-14 19:02:53 +02:00
m-1-k-3 9f65264af4 make msftidy happy 2013-07-14 15:45:14 +02:00
m-1-k-3 47ca4fd48f session now working 2013-07-14 15:42:41 +02:00
m-1-k-3 9133dbac4a some feedback included and some playing 2013-07-14 14:14:06 +02:00
m-1-k-3 49c70911be dlink upnp command injection 2013-07-09 13:24:12 +02:00
sinn3r 4df943d1a2 CVE and OSVDB update 2013-06-25 02:06:20 -05:00
James Lee 81b4efcdb8 Fix requires for PhpEXE
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
Steve Tornio 4d26299de3 add osvdb ref 93881 and edb ref 21191 2013-06-05 18:57:33 -05:00
sinn3r c705928052 Landing #1899 - Add OSVDB ref 85462 for esva_exec.rb 2013-06-03 10:40:31 -05:00
Steve Tornio 76faba60b7 add osvdb ref 85462 2013-06-03 06:16:43 -05:00
Steve Tornio e612a3d017 add osvdb ref 77183 2013-06-03 05:42:56 -05:00
sinn3r e74c1d957f Landing #1897 - Add OSVDB ref 93444 for mutiny_frontend_upload.rb 2013-06-03 02:15:35 -05:00
Steve Tornio c2c630c338 add osvdb ref 93444 2013-06-02 21:03:44 -05:00
Steve Tornio bc993b76fc add osvdb ref 82925 2013-06-02 20:43:16 -05:00
Tod Beardsley e7a1f06fbc Modules shouldn't be +x 2013-05-29 15:11:35 -05:00
Tod Beardsley 75d6c8079a Spelling, whitespace
Please be sure to run msftidy.rb on new modules. Thanks!
2013-05-28 10:03:37 -05:00
jvazquez-r7 bfcd86022d Add code cleanup for nginx_chunked_size. 2013-05-22 14:37:42 -05:00
LinuxGeek247 81b690ae4b Initial check in of nginx module 2013-05-22 13:52:00 -04:00
jvazquez-r7 94bc3bf8eb Fix msftidy warning 2013-05-20 10:35:59 -05:00
jvazquez-r7 395aac90c2 Do minor cleanup for linksys_wrt160nv2_apply_exec 2013-05-20 10:34:39 -05:00
jvazquez-r7 08b2c9db1e Land #1801, @m-1-k-3's linksys wrt160n exploit 2013-05-20 10:33:44 -05:00
m-1-k-3 1a904ccf7d tftp download 2013-05-19 20:37:46 +02:00
jvazquez-r7 dfa19cb46d Do minor cleanup for dlink_dir615_up_exec 2013-05-19 12:43:01 -05:00
jvazquez-r7 348705ad46 Land #1800, @m-1-k-3's exploit for DLINK DIR615 2013-05-19 12:42:02 -05:00
m-1-k-3 f3a2859bed removed user,pass in request 2013-05-19 18:50:12 +02:00
m-1-k-3 aee5b02f65 tftp download check 2013-05-19 18:45:01 +02:00
m-1-k-3 4816925f83 feeback included 2013-05-19 16:19:45 +02:00
jvazquez-r7 649a8829d3 Add modules for Mutiny vulnerabilities 2013-05-15 09:02:25 -05:00
m-1-k-3 981cc891bc description 2013-05-12 20:07:32 +02:00
m-1-k-3 09bf23f4d6 linksys wrt160n tftp download module 2013-05-06 16:18:15 +02:00
m-1-k-3 22d850533a dir615 down and exec exploit 2013-05-06 15:33:45 +02:00
Tod Beardsley 60e0cfb17b Trivial description cleanup 2013-04-29 14:11:20 -05:00
jvazquez-r7 2b4144f20f Add module for US-CERT-VU 345260 2013-04-24 10:47:16 -05:00
Antoine 0115833724 SyntaxError fixes 2013-04-21 20:22:41 +00:00
jvazquez-r7 19a158dce9 Do final cleanup for netgear_dgn2200b_pppoe_exec 2013-04-19 15:50:23 -05:00
jvazquez-r7 c1819e6ecc Land #1700, @m-1-k-3's exploit for Netgear DGN2200B 2013-04-19 15:49:30 -05:00
m-1-k-3 2713991c64 timeout and HTTP_Delay 2013-04-17 20:25:59 +02:00
m-1-k-3 59045f97fb more testing, reworking of config restore, rework of execution 2013-04-17 18:10:27 +02:00
Tod Beardsley 513b3b1455 Minor cleanup on DLink module 2013-04-15 13:27:47 -05:00
jvazquez-r7 a1605184ed Landing #1719, @m-1-k-3 dlink_diagnostic_exec_noauth exploit module 2013-04-10 11:17:29 +02:00
jvazquez-r7 4f2e3f0339 final cleanup for dlink_diagnostic_exec_noauth 2013-04-10 11:15:32 +02:00
m-1-k-3 8fbade4cbd OSVDB 2013-04-10 10:45:30 +02:00
jvazquez-r7 157f25788b final cleanup for linksys_wrt54gl_apply_exec 2013-04-09 12:39:57 +02:00
jvazquez-r7 b090495ffb Landing pr #1703, m-1-k-3's linksys_wrt54gl_apply_exec exploit 2013-04-09 12:38:49 +02:00
m-1-k-3 b93ba58d79 EDB, BID 2013-04-09 11:56:53 +02:00
m-1-k-3 cbefc44a45 correct waiting 2013-04-08 21:40:50 +02:00
m-1-k-3 955efc7009 final cleanup 2013-04-07 17:59:57 +02:00
m-1-k-3 9f89a996b2 final regex, dhcp check and feedback from juan 2013-04-07 17:57:18 +02:00
jvazquez-r7 0e69edc89e fixing use of regex 2013-04-07 11:39:29 +02:00
jvazquez-r7 6a410d984d adding get_config where I forgot 2013-04-06 19:13:42 +02:00
jvazquez-r7 9a2f409974 first cleanup for linksys_wrt54gl_apply_exec 2013-04-06 01:05:09 +02:00
m-1-k-3 ecaaaa34bf dlink diagnostic - initial commit 2013-04-05 19:56:15 +02:00
m-1-k-3 96b444c79e ManualRanking 2013-04-04 17:40:53 +02:00
m-1-k-3 67f0b1b6ee little cleanump 2013-04-04 17:33:46 +02:00
m-1-k-3 f07117fe7d replacement of wrt54gl auxiliary module - initial commit 2013-04-04 17:30:36 +02:00
jvazquez-r7 ce88d8473a cleanup for netgear_dgn1000b_setup_exec 2013-04-03 12:44:04 +02:00
jvazquez-r7 3c27678168 Merge branch 'netgear-dgn1000b-exec-exploit' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-netgear-dgn1000b-exec-exploit 2013-04-03 12:43:42 +02:00
m-1-k-3 a93ec3aea3 fix name 2013-04-03 10:40:52 +02:00
m-1-k-3 2ceecabede make msftidy happy 2013-04-03 10:34:28 +02:00
m-1-k-3 91b0e5f800 netgear dgn2200b pppoe exec exploit - initial commit 2013-04-03 10:32:52 +02:00
m-1-k-3 642d8b846f netgear_dgn1000b_setup_exec - initial commit 2013-04-02 14:41:50 +02:00
m-1-k-3 7f3c6f7629 netgear_dgn1000b_setup_exec - initial commit 2013-04-02 14:39:04 +02:00
m-1-k-3 1b27d39591 netgear dgn1000b mipsbe exploit 2013-04-02 14:34:09 +02:00
jvazquez-r7 6a6fa5b39e module filename changed 2013-04-02 10:50:50 +02:00
jvazquez-r7 b3feb51c49 cleanup for linksys_e1500_up_exec 2013-04-02 10:49:09 +02:00
jvazquez-r7 5e42b8472b Merge branch 'linksys_e1500_exploit' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys_e1500_exploit 2013-04-02 10:48:28 +02:00
m-1-k-3 579c499f43 Juans SRVHOST check included 2013-04-02 07:50:51 +02:00
m-1-k-3 c386d54445 check SRVHOST 2013-04-01 18:12:13 +02:00
jvazquez-r7 0f965ddaa3 waiting for payload download on linksys_e1500_more_work 2013-03-31 16:07:14 +02:00
m-1-k-3 1d6184cd63 fixed author details 2013-03-30 12:41:31 +01:00
m-1-k-3 cd8bc2f87d description, blind exploitation info on cmd payload 2013-03-30 12:03:14 +01:00
m-1-k-3 b0a61adc23 juans feedback included 2013-03-30 11:43:10 +01:00
jvazquez-r7 5fd996f775 added osvdb reference 2013-03-30 10:42:58 +01:00
jvazquez-r7 3bf0046e3e Merge branch 'hp_system_management' of https://github.com/agix/metasploit-framework into agix-hp_system_management 2013-03-30 10:42:06 +01:00
m-1-k-3 7965f54890 juans feedback included 2013-03-30 08:40:42 +01:00
jvazquez-r7 607b1c5c14 little cleanup for e1500_up_exec 2013-03-29 23:16:13 +01:00
m-1-k-3 1b563ad915 stop_service 2013-03-29 22:38:06 +01:00
m-1-k-3 813ff1e61e removed payload stuff 2013-03-29 22:32:57 +01:00
m-1-k-3 c5e358c9c3 compatible payloads 2013-03-29 20:54:35 +01:00
m-1-k-3 0164cc34be msftidy, generate exe, register_file_for_cleanup 2013-03-29 19:00:04 +01:00
jvazquez-r7 c55a3870a8 cleanup for hp_system_management 2013-03-29 18:02:23 +01:00
m-1-k-3 cfeddf3f34 cmd payload working, most feedback included 2013-03-29 14:43:48 +01:00
agix 139926a25b Fix msftidy Warning 2013-03-28 13:22:26 +01:00
agix 4bcadaabc1 hp system management homepage DataValidation?iprange buffer overflow 2013-03-28 12:00:17 +01:00
m-1-k-3 dfd451f875 make msftidy happy 2013-03-27 17:46:02 +01:00
jvazquez-r7 6ccfa0ec18 cleanup for dreambox_openpli_shell 2013-03-14 15:02:21 +01:00
m-1-k-3 9366e3fcc5 last adjustment 2013-03-14 11:18:52 +01:00
m-1-k-3 0140caf1f0 Merge branch 'master' of git://github.com/rapid7/metasploit-framework into openpli-shell 2013-03-14 10:55:52 +01:00
jvazquez-r7 4852f1b9f7 modify exploits to be compatible with the new netcat payloads 2013-03-11 18:35:44 +01:00
James Lee 2160718250 Fix file header comment
[See #1555]
2013-03-07 17:53:19 -06:00
David Maloney 0ae489b37b last of revert-merge snaffu 2013-02-19 23:16:46 -06:00
m-1-k-3 3ab5585107 make msftidy happy 2013-02-16 20:49:32 +01:00
m-1-k-3 121a736e28 initial commit 2013-02-16 20:42:02 +01:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
2013-02-11 20:49:55 -06:00
David Maloney 4c1e630bf3 BasicAuth datastore cleanup
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
sinn3r c174e6a208 Correctly use normalize_uri()
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
sinn3r 690ef85ac1 Fix trailing slash problem
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.

Related to: [SeeRM: #7727]
2013-01-28 13:19:31 -06:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Christian Mehlmauer 8f2dd8e2ce msftidy: Remove $Revision$ 2013-01-04 00:48:10 +01:00
Christian Mehlmauer 25aaf7a676 msftidy: Remove $Id$ 2013-01-04 00:41:44 +01:00
sinn3r f5193b595c Update references 2012-12-10 11:42:21 -06:00
Chris John Riley f88ec5cbc8 Add normalize_uri to modules that may have
been missed by PULL 1045.

Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)

ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
sinn3r 799c22554e Warn user if a file/permission is being modified during new session 2012-10-24 00:54:17 -05:00
Michael Schierl e9f7873afc Version cleanup
Remove all values that are neither 0 nor $Revision$.
2012-10-22 20:57:02 +02:00
James Lee 52feae2dcd Add missing require
[FixRM #7345]
2012-10-15 17:18:04 -05:00
James Lee db12413b09 Convert vcms_upload to use PhpEXE
Incidentally adds a Linux x86 target
2012-10-12 04:29:57 -05:00
jvazquez-r7 25e6990dc7 added osvdb reference 2012-09-24 21:49:32 +02:00
jvazquez-r7 ed24154915 minor fixes 2012-09-21 11:36:58 +02:00
bcoles 6ee2c32f08 add ZEN Load Balancer module 2012-09-21 17:25:20 +09:30
jvazquez-r7 0708ec72fc module moved to a more correct location 2012-09-15 15:31:21 +02:00
jvazquez-r7 0f67f8d08a target modified 2012-09-15 15:14:33 +02:00
jvazquez-r7 0061d23b37 Added module for CVE-2012-2982 2012-09-15 15:09:19 +02:00
jvazquez-r7 12f3ef9c7c added osvdb numbers 2012-09-13 14:00:12 +02:00
Tod Beardsley fba219532c Updating BID for openfiler 2012-09-12 14:13:21 -05:00
sinn3r f5a0f74d27 Merge branch 'wanem_exec_improve' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-wanem_exec_improve 2012-09-10 13:35:48 -05:00
sinn3r 64b8696e3c Extra condition that's not actually needed
Don't actually need to check nil res, because no code will
actually try to access res when it's nil anyway. And the 'return'
at the of the function will catch it when the response times out.
2012-09-09 04:06:48 -05:00
bcoles cb95a7b520 Add openfiler_networkcard_exec exploit 2012-09-09 17:28:09 +09:30
jvazquez-r7 37c7f366f2 check function test vulnerability + minor improvements 2012-09-09 00:42:02 +02:00
bcoles f02659184a Add WANem v2.3 command execution 2012-09-08 16:01:45 +09:30
jvazquez-r7 8f748d833a Added BID reference 2012-08-24 17:30:52 +02:00
jvazquez-r7 3106f87687 badchars fixed 2012-08-21 13:30:15 +02:00
jvazquez-r7 e21ea6999c added module for ESVA Command Injection Vulnerability 2012-08-21 13:25:03 +02:00
Tod Beardsley 955a5af8cf Adding OSVDB ref 2012-08-07 12:56:29 -05:00
Steve Tornio 54ed27c1b3 add osvdb ref 2012-08-05 09:02:54 -05:00
bcoles 2bf0899d09 minor improvements to Zenoss showdaemonxmlconfig exploit 2012-08-01 20:15:45 +09:30
bcoles bdf8f1a543 Clean up Zenoss exploit + minor improvements
Changed send_request_raw() to send_request_cgi()
 - Removed redundant request headers 'Content-Length'

Added rescue error message for connection failures

Changed username to the default 'admin' account
2012-07-30 18:04:14 +09:30
bcoles 8d3700cc3c Add Zenoss <= 3.2.1 exploit and Python payload
- modules/exploits/linux/http/zenoss_3.2.1_showdaemonxmlconfig_exec.rb
 - modules/payloads/singles/cmd/unix/reverse_python.rb
2012-07-30 01:24:27 +09:30
sinn3r e483af64e4 Random text 2012-07-26 15:14:02 -05:00
sinn3r 6c3b05f1c4 Add CVE-2012-2953 Symantec Web Gateway proxy_file() cmd exec bug 2012-07-26 13:11:05 -05:00
sinn3r b662881613 Enforce a check before firing the exploit 2012-07-19 16:43:52 -05:00
sinn3r e5dd6fc672 Update milw0rm references.
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links.  Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
Tod Beardsley ae59f03ac9 Fixing print message in snort module 2012-06-13 14:04:05 -05:00
jvazquez-r7 b908ccff0f Added module for CVE-2012-0297 2012-06-10 22:38:58 +02:00
sinn3r 8f6457661d Change description 2012-06-10 01:52:26 -05:00
jvazquez-r7 f0082ba38f Added module for CVE-2012-0299 2012-06-09 22:27:27 +02:00
Christian Mehlmauer 3752c10ccf Adding FireFart's RPORT(80) cleanup
This was tested by creating a resource script to load every changed
module and displaying the options, like so:

````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````

...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.

Thanks FireFart!

Squashed commit of the following:

commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Fri May 25 22:09:42 2012 +0200

    Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
2012-06-02 09:53:19 -05:00
James Lee 4681ed1c1e Whitespace, thanks msftidy.rb! 2012-05-31 18:18:27 -06:00
Steve Tornio fe86ab9914 =Add osvdb ref 2012-05-29 13:31:20 -05:00
sinn3r d615e3bcb8 Print target IP/Port when restoring currencies.php 2012-05-28 01:33:45 -05:00
sinn3r 712a21717a Totally forgot about disclosure date, damn it 2012-05-28 01:31:13 -05:00
sinn3r 7c1442c4b4 Merge pull request #421 from wchen-r7/symantec_web_gateway
Add CVE-2012-0297 Symantec Web Gateway
2012-05-27 23:28:59 -07:00
sinn3r 34c93d8e44 Fix check 2012-05-28 00:51:46 -05:00
sinn3r 96d70e5fb6 Add CVE-2012-0297 Symantec Web Gateway 2012-05-27 22:47:39 -05:00
jvazquez-r7 e774df5c32 target info plus relocation 2012-05-25 20:16:13 +02:00
sinn3r f9bcb95952 Correct EDB references 2012-05-19 02:24:29 -05:00
HD Moore f6c88377f4 Fixes #362 by changing the exitfunction arguments to be the correct type 2012-05-07 02:41:08 -05:00
Steve Tornio 92e07aab12 Add osvdb ref 2012-05-05 10:13:18 -05:00
Tod Beardsley 43d730d564 Squashed commit of minor cosmetic fixes:
commit eed15ea9ecc88683c8d922fe155d4777a7ce1286
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed May 2 21:55:56 2012 -0500

    Whitespace at EOL. Dangit.

commit 8159b27728d1a4fd0ad94ff56c4b4f2b995646f8
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed May 2 16:38:01 2012 -0500

    Disambiguating 'WebCalendar'
2012-05-02 21:57:41 -05:00
sinn3r 46ad599673 Add CVE-2012-1495 WebCalendar settings.php code injection 2012-04-28 02:32:04 -05:00
sinn3r 1065111817 Correct TARGETURI description 2012-04-18 18:57:37 -05:00
Tod Beardsley 4bcbdc54c9 Cutting over rails3 to master.
This switches the Metasploit Framework to a Rails 3 backend. If you run
into new problems (especially around Active Record or your postgresql
gem) you should try first updating your Ruby installation to 1.9.3 and
use a more recent 'pg' gem.

If that fails, we'd love to see your bug report (just drop all the
detail you can into an issue on GitHub). In the meantime, you can
checkout the rails2 branch, which was branched from master immediately
before this cutover.

Squashed commit of the following:

commit 5802ec851580341c6717dfea529027c12678d35f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 23:30:12 2012 -0500

    Enable MSF_BUNDLE_GEMS mode by default (set to N/F/0 to disable)

commit 8102f98dce9eb0c73c4374e40dce09af7b51d060
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 23:30:03 2012 -0500

    Add a method to expand win32 file paths

commit bda6479d154cf75572dd5de8b66bfde661a55de9
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:53:44 2012 -0500

    Fix 1.8.x compatibility

commit 101ce4eb17bfdf755ef8c0a5198174668b6cd6fd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:40:59 2012 -0500

    Use verbose instead of stringio

commit 5db467ffb593488285576d183b1662093e454b3e
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:30:06 2012 -0500

    Hide the iconv warning, were stuck with it due to EBCDIC support

commit 63b9cb20eb6a61daf4effb4c8d2761c16ff0c4e0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:29:58 2012 -0500

    Dont use GEM_HOME by default

commit ca49271c22c314a4465fff934334df18c704cbc0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:23:34 2012 -0500

    Move Gemfile to root (there be dragons, lets find them) and catch failed bundler loads

commit 34af04076a068e9f60c5526045ddbba5fca359fd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:18:29 2012 -0500

    Fallback to bundler when not running inside of a installer env

commit ed1066a4f3f12fae7d4afc03eb1ab70ffe2f9cf3
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 16:26:55 2012 -0500

    Remove a mess of gems that were not actually required

commit 21290a73926809e9049a59359449168f740d13d2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:59:10 2012 -0500

    Hack around a gem() call that is well-intentioned but an obstacle in this case

commit 8e414a8bfab9641c81088d22f73033be5b37a700
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 15:06:08 2012 -0500

    Ruby, come on. Ducktype this. Please.

    Use interpolated strings to get the to_s behavior you don't get with
    just plussing.

commit 0fa92c58750f8f84edbecfaab72cd2da5062743f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:05:42 2012 -0500

    Add new eventmachine/thin gems

commit 819d5e7d45e0a16741d3852df3ed110b4d7abc44
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:01:18 2012 -0500

    Purge (reimport in a second)

commit ea6f3f6c434537ca15b6c6674e31081e27ce7f86
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:54:42 2012 -0500

    Cleanup uncessary .so files (ext vs lib)

commit d219330a3cc563e9da9f01fade016c9ed8cda21c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:53:02 2012 -0500

    PG gems built against the older installation environment

commit d6e590cfa331ae7b25313ff1471c6148a6b36f3b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:06:35 2012 -0500

    Rename to include the version

commit a893de222b97ce1222a55324f1811b0262aae2d0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 13:56:47 2012 -0500

    Detect older installation environments and load the arch-lib directories into the search path

commit 6444bba0a421921e2ebe2df2323277a586f9736f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 13:49:25 2012 -0500

    Merge in windows gems

commit 95efbcfde220917bc7ee08e6083d7b383240d185
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 13:49:33 2012 -0500

    Report_vuln shouldn't use :include in finder

    find_or_create_by doesn't take :include as a param.

commit c5f99eb87f0874ef7d32fa42828841c9a714b787
Author: David Maloney <DMaloney@rapid7.com>
Date:   Sun Apr 15 12:44:09 2012 -0500

    One more msised Mdm namespace issue

commit 2184e2bbc3dd9b0993e8f21d2811a65a0c694d68
Author: David Maloney <DMaloney@rapid7.com>
Date:   Sun Apr 15 12:33:41 2012 -0500

    Fixes some mroe Mdm namespace confusion
    Fixes #6626

commit 10cee17f391f398bb2be3409137ff7348c7a66ee
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 03:40:44 2012 -0500

    Add robots gem (required by webscan)

commit 327e674c83850101364c9cca8f8d16da1de3dfb5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 03:39:05 2012 -0500

    Fix missing error checks

commit a5a24641866e47e611d7636a3f19ba3b3ed10ac5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 01:15:37 2012 -0500

    Reorder requires and add a method for injecting a new migration path

commit 250a5fa5ae8cb05807af022aa4168907772c15f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:56:09 2012 -0500

    Remove missing constant (use string) and add gemcache cleaner

commit 37ad6063fce0a41dddedb857fa49aa2c4834a508
Merge: d47ee82 4be0361
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 00:40:16 2012 -0500

    Merge branch 'master-clone' into rails3-clone

commit d47ee82ad7e66de53dd3d3a65649cc37299a2479
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:30:03 2012 -0500

    cleanup leftovers from gems

commit 6d883b5aa8a3a7ddbcde5bfd4521d57c5b30d3c2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:25:47 2012 -0500

    MDM update with purged DBSave module

commit 71e4f2d81f6da221b76150562a16c730888f5925
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 23:19:37 2012 -0500

    Add new mdm

commit 651cd5adac8211d65e0c8079371d8264e549533a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 23:19:13 2012 -0500

    Update mdm

commit 0191a8bd0acec30ddb2a9e9c291111a12378537f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 22:30:40 2012 -0500

    This fixes numerous cases of missed Mdm:: prefixes on db objects

commit a2a9bb3f2148622c135663dead80b3367b6f7695
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 18:30:18 2012 -0500

    Add eventmachine

commit 301ddeb12b906ed3c508613ca894347bedc3b499
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 18:18:12 2012 -0500

    A nicer error for folks who need to upgrade pg

commit fa6bde1e67b12e2d3d9978f59bbc98e0c1a1a707
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:54:55 2012 -0500

    Remove bundler requirements

commit 2e3ab9ed211303f1116e602b9a450141b71e56a4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:35:38 2012 -0500

    Pull in eventmachine with actual .so's this time

commit 901fb33ff6b754ce2c2cfd51e3b0b669f6ec600b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:19:12 2012 -0500

    Update deps, still need to add eventmachine

commit 6b0e17068e8caa0601f3ef81e8dbdb672758fcbe
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 13:07:06 2012 -0500

    Handle older installer environments and only allow binary gems when the
    environment specifically asks for it

commit b98eb7873a6342834840424699caa414a5cb172a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 04:05:13 2012 -0500

    Bump version to -testing

commit 6ac508c4ba3fdc278aaf8cfe2c58d01de3395431
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:25:09 2012 -0500

    Remove msf3 subdir

commit a27dac5067635a95b4cbb773df1985f2a2dc2c5a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:24:39 2012 -0500

    Remove the old busted external

commit 5fb5a0fc642b6c301934c319db854cc3145427a1
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:03:10 2012 -0500

    Add the gemcache loader

commit 09e2d89dfd09b9ac0c123fcc4e19816c86725627
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:02:23 2012 -0500

    Purge gemfile/bundler configure in exchange for new gemcache setup

commit 3cc0264e1cfb027b515d7f24b95a74b023bd905c
Author: Tod Beardsley <todb@metasploit.com>
Date:   Thu Apr 12 14:11:45 2012 -0500

    Mode change on modicon_ladder.apx

commit c18b3d56efd639e461137acdc76b4b283fe978d4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Thu Apr 12 01:38:56 2012 -0500

    The go faster button

commit ca2a67d51d6d4c7c3ca2e745f8b018279aef668a
Merge: 674ee09 b8129f9
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Apr 9 15:50:33 2012 -0500

    Merge branch 'master-clone' into rails3-clone

    Picking up Packetfu upstream changes, all pretty minor

commit 674ee097ab8a6bc9608bf377479ccd0b87e7302b
Merge: e9513e5 a26e844
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Apr 9 13:57:26 2012 -0500

    Merge branch 'master-clone' into rails3-clone

    Conflicts:
    	lib/msf/core/handler/reverse_http.rb
    	lib/msf/core/handler/reverse_https.rb
    	modules/auxiliary/scanner/discovery/udp_probe.rb
    	modules/auxiliary/scanner/discovery/udp_sweep.rb

    Resolved conflicts with the reverse_http handlers and the udp probe /
    scanners byt favoring the more recent changes (which happened to be the
    intent anyway). The reverse_http and reverse_https changes were mine so
    I know what the intent was, and @dmaloney-r7 changed udp_probe and
    udp_sweep to use pcAnywhere_stat instead of merely pcAnywhere, so the
    intent is clear there as well.

commit e9513e54f984fdb100c13b44a1724246779ccb76
Author: David Maloney <dmaloney@melodie.gateway.2wire.net>
Date:   Fri Apr 6 18:21:46 2012 -0500

    Some fixes to how services get reported to prevent issues with the web interface

commit adeb44e9aaf1a329a0e587d2b26e678398730422
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Mon Apr 2 15:39:46 2012 -0500

    Some corrections to pcAnywhere discovery modules to distinguish between the two services

commit b13900176484fea8f5217a2ef925ae2ad9b7af47
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 31 12:03:21 2012 -0500

    Enable additional migration-path parameters, use a temporary directory to bring the database online

commit 526b4c56883f461417f71269404faef38639917c
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Wed Mar 28 23:24:56 2012 -0500

    A bunch of Mdsm fixes for .kind_of? calls, to make sure we ponit to the right place

commit 2cf3143370af808637d164ce59400605300f922c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 16:22:09 2012 -0500

    Check for ruby 2.0 as well as 1.9 for encoding override

commit 4d0f51b76d89f00f7acbce6b1f00dc6e4c4545ee
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 15:36:04 2012 -0500

    Remove debug statement

commit f5d2335e7745aa1a354f4d6c8fc9d0b3876c472a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 15:01:55 2012 -0500

    Be explicit about the Mdm namespace

commit bc8be225606d6ea38dd2a85ab4310c1c181a94ee
Author: hdm <hdm@hypo.(none)>
Date:   Mon Mar 26 11:49:51 2012 -0500

    Precalculate some uri strings in case the 1000-round generation fails

commit 4254f419723349ffb93e4aebdaeabbd7d66bf8c0
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Sat Mar 24 14:03:44 2012 -0500

    Removed some non-namespaced calls to Host

commit c8190e1bb8ad365fb0d7a1c4a9173e6c739be85c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Mar 20 00:37:00 2012 -0500

    Purge the rvmrc, this is causing major headaches

commit 76df18588917b7150a3bedf2569710a80bab51f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Mar 20 00:31:52 2012 -0500

    Switch .rvmrc to the shipping 1.9.3 version

commit 7124971d0032b268f4ddf89aca125f15e284f345
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Mon Mar 12 16:56:40 2012 -0500

    Adds mixin for looking up Mime Types by extension

commit b7ca8353164c43db6bacb2f3f16afa1269f66e43
Merge: a0b0c75 6b9a219
Author: Matt Buck <techpeace@gmail.com>
Date:   Tue Mar 6 19:38:53 2012 -0600

    Merge from develop.

commit a0b0c7528d2b8fabb76b2246a15004bc89239cf0
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Mar 6 11:08:59 2012 -0600

    Somehow migration file is new?

commit 84d2b3cb1ad6290413c3ea3222ddf9932270b105
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Wed Feb 29 16:38:55 2012 -0600

    Added ability to specify headers to redirects in http server

commit e50d27cda83872c616722adb03dc1a6a5e685405
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Feb 4 04:44:50 2012 -0600

    Tweak the event dispatcher to enable customer events without a category
    and trigger http request events from the main exploit mixin.
    Experimental

commit 0e4fd2040df49df2e6cb0e8d2c6240a03d108033
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Thu Feb 2 22:09:05 2012 -0600

    Change Msm -> Mdm in migrations. This is what was preventing migrations from finishing on first boot.

commit c94a2961d04eee84adfd42bb01ed7a3e3846b83a
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Wed Feb 1 12:48:48 2012 -0600

    Changed Gemfile to use new gem name

commit 245c2063f06b4fddbfc607d243796669ef236136
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Wed Feb 1 12:47:42 2012 -0600

    Did find/replace for final namespace of Mdm

commit 6ed9bf8430b555dcbe62daeddb2f33bd400ab5bc
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 24 10:47:44 2012 -0600

    Fix a bunch of namespace issues

commit 2fe08d9e4226c27e78d07a00178c58f528cbc72e
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Fri Jan 20 14:37:37 2012 -0600

    Update Msm contstants in migrations for initial DB builds.

commit 4cc6b8fb0440c6258bf70de77a9153468fea4ea5
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Fri Jan 20 14:37:25 2012 -0600

    Update Gemfile.lock.

commit 1cc655b678f0a054a9a783da119237fe3f67faa4
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Thu Jan 19 11:48:29 2012 -0600

    Errant Workspaces needed namespace

commit 607a78285582c530a68985add33ccf4d899c467a
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 17 15:44:02 2012 -0600

    Refactored all models to use the new namespace

    * Every model using DBManager::* namespace is now Msm namespace
    * Almost all of this in msf/base/core
    * Some in modules

commit a690cd959b3560fa2284975ca7ecca10c228fb05
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 17 13:41:44 2012 -0600

    Move bundler setup

commit dae115cc8f7619ca7a827123079cb67fb4d9354b
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Mon Jan 9 15:51:07 2012 -0600

    Moved ActiveSupport dep to gem

commit d32f8edb6e7f82079b775ffbc2b9a405d1f32b3b
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Mon Jan 9 14:40:05 2012 -0600

    Removed model require file

commit d0c74cff8c44771e566ec63b03eda10d03b25c42
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 3 16:06:10 2012 -0600

    Update some more finds

commit 4eb79ea6b58b74c309ab1f1bb0bd35fe9041de46
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 3 14:21:15 2012 -0600

    Yet another dumb commit

commit a75febcb593d52fdfe930306b4275829759d81d1
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Thu Dec 29 19:20:51 2011 -0600

    Fixing deletion

commit dc139ff2fdfc4e7cdee3901dfb863e70913d6b92
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Wed Dec 7 17:06:45 2011 -0600

    Fixed erroneous commit

commit 531c1e611cf4d23aeb9c48350dabf7630d662d25
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Mon Nov 21 16:11:35 2011 -0600

    Remove AR patch stuff; attempting to debug non-connection between MSF and Pro

commit 458611224189c7aa27e500aabd373d85dc2dc5c0
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Fri Nov 18 16:17:27 2011 -0600

    Drop ActiveRecord/ActiveSupport in preparation for upgrade
2012-04-15 23:35:38 -05:00
sinn3r 2d069f8013 Add CVE-2011-4828 module 2012-04-13 18:12:16 -05:00
sinn3r 51bdfe14fd 2012, not 2011, oops 2012-04-08 13:21:37 -05:00
sinn3r 24478e9eb5 Add Dolibarr ERP & CRM Command Injection Exploit 2012-04-08 13:20:22 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
Tod Beardsley 829040d527 A bunch of msftidy fixes, no functional changes. 2012-02-10 19:44:03 -06:00
HD Moore 86b3409d47 Actually return 2011-12-13 20:01:13 -06:00
HD Moore cb456337a0 Handle invalid http responses better, see #6113 2011-12-13 19:54:10 -06:00
David Rude a8b6c43636 reverting the disclosure dates for now need to clean up the patch
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 20:43:19 +00:00
David Rude 3b7ea08f6a Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:17:31 +00:00
James Lee 1096d1c076 add a combined module for exploiting DRb. thanks joernchen!
git-svn-id: file:///home/svn/framework3/trunk@12161 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-27 20:00:06 +00:00
David Rude e5ff1b030a fixed Platform and Arch to be compatible with command payloads
git-svn-id: file:///home/svn/framework3/trunk@12125 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-24 15:53:20 +00:00
James Lee e866eafb06 add keywords
git-svn-id: file:///home/svn/framework3/trunk@12106 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 16:59:19 +00:00
David Rude ea47253814 Changed title for consistency
git-svn-id: file:///home/svn/framework3/trunk@12093 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 14:24:48 +00:00
David Rude 139102de80 Removed testing file extension
git-svn-id: file:///home/svn/framework3/trunk@12068 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-22 17:24:16 +00:00
David Rude 23d89cd137 Added drb syscall exploit
git-svn-id: file:///home/svn/framework3/trunk@12067 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-22 16:09:03 +00:00
Joshua Drake 2d6b995623 rename/clarify PrintfUtil encoder, fixes #2308
git-svn-id: file:///home/svn/framework3/trunk@10729 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-18 15:41:13 +00:00
Joshua Drake 7a04ce32ca demote due to interaction requirement
git-svn-id: file:///home/svn/framework3/trunk@10556 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-05 23:13:04 +00:00
HD Moore 748f2d3acd Make the title consistent with other modules
git-svn-id: file:///home/svn/framework3/trunk@10457 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-24 16:55:38 +00:00
Joshua Drake 4590844871 tons of indentation fixes, some other style tweaks
git-svn-id: file:///home/svn/framework3/trunk@10394 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 08:06:27 +00:00
Joshua Drake 663b863b6d http fingerprint checking update
git-svn-id: file:///home/svn/framework3/trunk@9719 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-07 17:38:59 +00:00
Joshua Drake d84c519678 switch to HttpClient, check fingerprint first
git-svn-id: file:///home/svn/framework3/trunk@9702 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-07 01:33:38 +00:00
Joshua Drake a3d901a6b9 various minor fixes, some added fingerprinting
git-svn-id: file:///home/svn/framework3/trunk@9671 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 06:21:31 +00:00