m-1-k-3
2b4d6eb455
feedback included, server header check
2013-03-29 21:30:45 +01:00
m-1-k-3
b6a50da394
feedback included, server header check
2013-03-29 21:20:51 +01:00
m-1-k-3
c5e358c9c3
compatible payloads
2013-03-29 20:54:35 +01:00
jvazquez-r7
714fc83cfe
Merge branch 'Ra1NX_pubcall' of https://github.com/bwall/metasploit-framework into bwall-Ra1NX_pubcall
2013-03-29 19:58:06 +01:00
m-1-k-3
0164cc34be
msftidy, generate exe, register_file_for_cleanup
2013-03-29 19:00:04 +01:00
bwall
21ea1c9ed4
Merge branch 'Ra1NX_pubcall' of https://github.com/bwall/metasploit-framework into Ra1NX_pubcall
2013-03-29 13:29:38 -04:00
bwall
10d9e86b42
Renamed file to be all lower case
2013-03-29 13:29:05 -04:00
jvazquez-r7
c55a3870a8
cleanup for hp_system_management
2013-03-29 18:02:23 +01:00
m-1-k-3
cfeddf3f34
cmd payload working, most feedback included
2013-03-29 14:43:48 +01:00
jvazquez-r7
cd1820d769
trying to solve irc comm issues
2013-03-29 12:54:57 +01:00
bwall
6cf44d9c85
added a 3 message window for recieving the check response
2013-03-28 21:14:52 -04:00
James Lee
9086c53751
Not an HttpClient, so doesn't have normalize_uri
...
[FixRM #7851 ]
2013-03-28 13:16:21 -05:00
nmonkee
eee702a329
vprint_status changed to vprint_error as requested
2013-03-28 14:23:21 +00:00
nmonkee
e2212ca8c9
vprint_status changed to vprint_error as requested
2013-03-28 14:22:01 +00:00
jvazquez-r7
29ad9939e1
cleanup for stunshell_eval
2013-03-28 15:11:20 +01:00
jvazquez-r7
514aed404c
Merge branch 'STUNSHELL_eval' of https://github.com/bwall/metasploit-framework into bwall-STUNSHELL_eval
2013-03-28 15:10:57 +01:00
jvazquez-r7
9b18eb858b
cleanup for stunshell_exec
2013-03-28 14:45:51 +01:00
jvazquez-r7
a7a5569725
Merge branch 'STUNSHELL_exec' of https://github.com/bwall/metasploit-framework into bwall-STUNSHELL_exec
2013-03-28 14:45:28 +01:00
agix
4a683ec9a4
Fix msftidy WARNING
2013-03-28 13:36:35 +01:00
agix
139926a25b
Fix msftidy Warning
2013-03-28 13:22:26 +01:00
agix
eec386de60
fail in git usage... sorry
2013-03-28 12:05:49 +01:00
agix
4bcadaabc1
hp system management homepage DataValidation?iprange buffer overflow
2013-03-28 12:00:17 +01:00
agix
69fb465293
Put gadgets in Target
2013-03-28 11:15:13 +01:00
agix
dee5835eab
Create mongod_native_helper.rb
...
metasploit exploit module for CVE-2013-1892
2013-03-28 03:10:38 +01:00
bwall
ce9f11aeb3
Changed the targets to be more specific
2013-03-27 17:22:29 -04:00
bwall
f14d5ba8ec
Removed extra comma
2013-03-27 17:15:34 -04:00
bwall
2a60ef2d60
Renamed and fixed some code issues
2013-03-27 17:14:41 -04:00
bwall
cc92b54e83
Moved module and cleaned code
2013-03-27 17:03:18 -04:00
bwall
76fb6ff48f
Updated ranking
2013-03-27 16:41:35 -04:00
jvazquez-r7
e25a06c649
delete comma
2013-03-27 21:33:58 +01:00
jvazquez-r7
276e8f647b
Merge branch 'v0pCr3w' of https://github.com/bwall/metasploit-framework into bwall-v0pCr3w
2013-03-27 21:33:34 +01:00
jvazquez-r7
5fc5a4f429
use target_uri
2013-03-27 20:45:34 +01:00
jvazquez-r7
f29cfbf393
cleanup for v0pCr3w_exec
2013-03-27 20:38:11 +01:00
bwall
fd302d62b8
Removed testing code
2013-03-27 12:50:42 -04:00
m-1-k-3
dfd451f875
make msftidy happy
2013-03-27 17:46:02 +01:00
sinn3r
951f95db05
Merge branch 'java_cmm' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-java_cmm
2013-03-27 11:41:46 -05:00
jvazquez-r7
0109d81c95
fix typo
2013-03-27 17:39:18 +01:00
m-1-k-3
e042fd3697
first test of e1500 down and exec exploit
2013-03-27 17:09:17 +01:00
jvazquez-r7
353f02cdcc
move word_unc_injector to gather dir
2013-03-27 16:23:19 +01:00
jvazquez-r7
ed23fe6502
Merge branch 'post-word_unc_injector.rb' of https://github.com/SphaZ/metasploit-framework into SphaZ-post-word_unc_injector.rb
2013-03-27 16:21:54 +01:00
m-1-k-3
aa981cc991
DIR-645 also working
2013-03-27 12:11:14 +01:00
jvazquez-r7
ef11a584f4
work on word_unc_injector
2013-03-27 11:17:29 +01:00
m-1-k-3
615aa57399
Dlink DIR615 HW rev B login module
2013-03-27 09:26:23 +01:00
m-1-k-3
680b551215
default to user admin
2013-03-27 08:59:19 +01:00
m-1-k-3
032214fb1d
default to user admin
2013-03-27 08:49:04 +01:00
jvazquez-r7
c225d8244e
Added module for CVE-2013-1493
2013-03-26 22:30:18 +01:00
m-1-k-3
e1a719a6c0
http login module for DLink DIR300revB, DIR600revB, DIR815
2013-03-26 20:57:24 +01:00
m-1-k-3
c4fe21865c
user fix
2013-03-26 20:15:19 +01:00
jvazquez-r7
1d95abc458
cleanup for joomla_comjce_imgmanager
2013-03-26 12:02:39 +01:00
jvazquez-r7
9b3bbd577f
module moved to unix webapps
2013-03-26 12:02:08 +01:00
jvazquez-r7
c4fcf85af2
Merge branch 'heyder-joomla' of https://github.com/heyder/metasploit-framework into heyder-heyder-joomla
2013-03-26 12:01:46 +01:00
bwall
a5346240de
Updated v0pCr3w_exec to use send_request_cgi
2013-03-26 01:33:30 -04:00
heyder
014c01099e
improve cleanup
2013-03-26 02:22:10 -03:00
nmonkee
121c75f646
vprint_status mod
2013-03-25 20:18:14 +00:00
nmonkee
da6a99defb
vprint_status mod
2013-03-25 20:16:11 +00:00
jvazquez-r7
9717a8c3b4
cleanup for tplink_traversal_noauth
2013-03-25 19:20:18 +01:00
jvazquez-r7
543b401a55
Merge branch 'tplink-traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-tplink-traversal
2013-03-25 19:18:53 +01:00
sinn3r
dcce23d23d
Merge branch 'bugs/tomcat_enum-double_check' of github.com:neinwechter/metasploit-framework into neinwechter-bugs/tomcat_enum-double_check
2013-03-25 12:19:52 -05:00
nmonkee
01ee30e389
PFL_CHECK_OS_FILE_EXISTENCE (file existence and SMB relay)
2013-03-25 17:11:23 +00:00
jvazquez-r7
fdd06c923a
cleanup for dlink_dir_645_password_extractor
2013-03-25 18:04:12 +01:00
jvazquez-r7
a9a5a3f64f
Merge branch 'dlink-dir645-password-extractor' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink-dir645-password-extractor
2013-03-25 18:02:51 +01:00
Nathan Einwechter
aad0eed485
Fix whitespace EOL
2013-03-25 13:00:37 -04:00
nmonkee
5be98593a9
RZL_READ_DIR_LOCAL (directory listing and SMB relay)
2013-03-25 16:59:37 +00:00
Nathan Einwechter
3f79b2fd3b
Use :abort for scanner mixin
2013-03-25 12:59:18 -04:00
sinn3r
56c07211a0
Merge branch 'actfax_raw_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-actfax_raw_bof
2013-03-25 11:56:15 -05:00
sinn3r
47e3d7de59
Merge branch 'bugs/RM7108-adobe_flash_mp4_cprt-add_resource_issue' of github.com:neinwechter/metasploit-framework into neinwechter-bugs/RM7108-adobe_flash_mp4_cprt-add_resource_issue
2013-03-25 11:46:37 -05:00
sinn3r
0d56da0511
Merge branch 'netgear-sph200d' of github.com:m-1-k-3/metasploit-framework into m-1-k-3-netgear-sph200d
2013-03-25 11:45:40 -05:00
sinn3r
f4c04503d2
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-03-25 11:38:08 -05:00
Nathan Einwechter
99fe2a33d7
Deregister USER_AS_PASS and stop on connect error
2013-03-25 12:35:52 -04:00
jvazquez-r7
53b862300e
cleanup for linksys_e1500_traversal
2013-03-25 17:33:38 +01:00
jvazquez-r7
ea804d433e
change file name
2013-03-25 17:33:16 +01:00
jvazquez-r7
660d3d5388
Merge branch 'linksys-traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys-traversal
2013-03-25 17:31:11 +01:00
m-1-k-3
e57498190b
dlink dir 300/600 login module - initial commit
2013-03-25 08:48:24 +01:00
bwall
5218831167
Added license information and tidied up the code
2013-03-25 00:05:31 -04:00
bwall
e98a463de2
Added license information and tidied up code
2013-03-25 00:04:39 -04:00
bwall
e37fa3b40a
Added license information and tidied up code
2013-03-25 00:03:32 -04:00
bwall
6be88224bf
Added the license information and tidied up
2013-03-25 00:01:20 -04:00
heyder
0c169f94eb
correct some bad indent
2013-03-24 21:07:51 -03:00
jvazquez-r7
d54687cb37
fix typo
2013-03-25 00:58:47 +01:00
jvazquez-r7
26b43d9ed2
Added module for ZDI-13-050
2013-03-25 00:54:30 +01:00
heyder
50ac5cf247
Adjust payload size and others code adjustments
2013-03-24 20:25:29 -03:00
m-1-k-3
98ac6e8090
feedback included
2013-03-24 21:01:30 +01:00
bwall
7e0b0ac092
Added STUNSHELL webshell remote command execution module
2013-03-24 15:18:08 -04:00
bwall
b23d259485
Added STUNSHELL webshell remote code evaluation[PHP] module
2013-03-24 15:16:45 -04:00
bwall
bbcf21ee24
Added v0pCr3w webshell remote command execution module
2013-03-24 15:13:42 -04:00
bwall
ca6ab7c8c2
Added Ra1NX pubcall authentication bypass exploit module
2013-03-24 14:59:27 -04:00
m-1-k-3
d90de54891
reporting and feedback
2013-03-24 15:00:18 +01:00
m-1-k-3
9f8ec37060
store loot
2013-03-24 11:48:49 +01:00
m-1-k-3
71708c4bc3
dir 645 password extractor - initial commit
2013-03-24 11:44:24 +01:00
jvazquez-r7
49ac3ac1a3
cleanup for linksys_e1500_e2500_exec
2013-03-23 23:30:49 +01:00
jvazquez-r7
98be5d97b8
Merge branch 'linksys-e1500-e2500-exec' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys-e1500-e2500-exec
2013-03-23 23:30:14 +01:00
m-1-k-3
b2bf1df098
fixed encoding and set telnetd as default cmd
2013-03-23 22:56:15 +01:00
m-1-k-3
7ff9c70e38
10 to 0 is good :)
2013-03-23 22:46:26 +01:00
m-1-k-3
47d458a294
replacement of the netgear-sph200d module
2013-03-23 22:40:32 +01:00
m-1-k-3
bd522a03e3
replace module to the scanner directory
2013-03-23 22:29:44 +01:00
m-1-k-3
b1ae2f7bf4
replace module to the scanner directory
2013-03-23 22:29:31 +01:00
m-1-k-3
8f59999f82
replace module to the scanner directory
2013-03-23 22:25:04 +01:00
m-1-k-3
f58554bb57
replace module to the scanner directory
2013-03-23 22:24:50 +01:00
m-1-k-3
965ec34368
check of the server on the first try
2013-03-23 22:13:01 +01:00
m-1-k-3
aacd14ae45
version removed, encode params removed
2013-03-23 21:31:08 +01:00
m-1-k-3
b01959ea70
tplink traversal - initial commit
2013-03-23 20:30:32 +01:00
m-1-k-3
36d1746c0d
linksys traversal module - initial commit
2013-03-23 17:01:02 +01:00
m-1-k-3
270f64acc2
feedback included
2013-03-23 15:54:34 +01:00
heyder
5bee1471df
many code adjustments
2013-03-22 23:07:08 -03:00
Nathan Einwechter
89c0e8c27e
Fix add_resource call in adobe_flas_mp5_cprt
2013-03-22 19:27:02 -04:00
jvazquez-r7
6eaf995642
cleaning exploiting string
2013-03-22 21:48:02 +01:00
jvazquez-r7
fd63283524
make msftidy happy
2013-03-22 21:46:12 +01:00
sinn3r
f22c18e026
Merge branch 'module-psexec_command-file_prefix' of github.com:kn0/metasploit-framework into kn0-module-psexec_command-file_prefix
2013-03-22 13:08:13 -05:00
sinn3r
11754f271a
Merge branch 'mutiny_subnetmask_exec' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mutiny_subnetmask_exec
2013-03-22 13:05:16 -05:00
sinn3r
051e31c19f
Merge branch 'kingview_kingmess_kvl' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-kingview_kingmess_kvl
2013-03-22 13:00:38 -05:00
sinn3r
dea48b459f
Merge branch 'download_exec_shell' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-download_exec_shell
2013-03-22 12:53:36 -05:00
Tod Beardsley
d908050808
Merge epo_sql fix from neinwechter
...
Easy, sensible fix -- since report_auth_info uses full_user, print_good
should too.
[Closes #1629 ]
2013-03-22 11:22:24 -05:00
Nathan Einwechter
096ec9a5d7
Fix to print out correct/full username
2013-03-22 10:22:24 -04:00
heyder
b5c65ad51b
add Joomla Component JCE File Upload Code Execution
2013-03-22 10:41:35 -03:00
jvazquez-r7
bbff20fd65
cleanup for struts_code_exec_parameters
2013-03-21 22:17:47 +01:00
jvazquez-r7
50c6a98530
Merge branch 'struts-param-rce' of https://github.com/Console/metasploit-framework into Console-struts-param-rce
2013-03-21 22:17:20 +01:00
Console
cbccda10ca
fixing issue raised by @meatballs1
2013-03-21 20:58:40 +00:00
Console
302193f98b
Various fixes and improvements
...
Chunk_length now varies according to targeturi and parameter
A few typographical inconsistences corrected
CMD option removed as its not being used
custom http request timeout removed
2013-03-21 19:03:39 +00:00
Console
8027615608
fixed comments left in by accident
2013-03-21 16:43:44 +00:00
Console
4edf5260f4
check function now tells user about delay
2013-03-21 16:40:45 +00:00
jvazquez-r7
f27333567f
use bash or sh according to availability
2013-03-21 17:26:56 +01:00
jvazquez-r7
47ea8aea30
Merge branch 'download_exec_wget' of https://github.com/dougsko/metasploit-framework into dougsko-download_exec_wget
2013-03-21 17:09:20 +01:00
Console
a714b430ca
used normalize_uri
2013-03-21 14:05:08 +00:00
Console
5c9bec1552
commit fix branch for Console-struts-RCE
2013-03-21 13:40:16 +00:00
jvazquez-r7
370f849e29
cleanup for download_exec
2013-03-21 09:24:02 +01:00
Doug P
39b1ad8bd6
spacing cleanup
2013-03-21 00:21:10 -04:00
Doug P
837d426ff0
removed an extra space
2013-03-21 00:18:35 -04:00
Doug P
08029ca2e8
edited Description
2013-03-21 00:17:55 -04:00
Doug P
edd85ccd69
added wget support
2013-03-21 00:09:22 -04:00
Tod Beardsley
e149c8670b
Unconflicting ruby_string method
...
Looks like the conflict was created by the msftidy fixes that happened
over on the master branch. No big deal after all.
2013-03-20 15:49:23 -05:00
m-1-k-3
dcd2aebdcd
feedback included
2013-03-20 21:34:30 +01:00
SphaZ
804e2cfa3a
small fixup of unused old vars
2013-03-20 21:31:28 +01:00
Tod Beardsley
011b6899b0
Merge 'neinwechter/browser_autopwn-updates'
...
Brings in neinwechter's BAP fixes. Seems to not only be a more sane
strategy, but in practice, ends up with tons more shells for at least
MSIE which is what most people are using it for anyway.
[Closes #1612 ]
2013-03-20 15:26:09 -05:00
SphaZ
b275797ba2
Used msf file mixin where possible and more in memory handling
2013-03-20 21:25:07 +01:00
Tod Beardsley
e377e30873
unscrewing syntax error
2013-03-20 15:04:31 -05:00
Tod Beardsley
fd20eba35e
Expanding the title and desc for external_ip
...
Also allowing the capitalization on "via" to be small.
2013-03-20 14:42:12 -05:00
jvazquez-r7
cd58a6e1a1
cleanup for nagios_nrpe_arguments
2013-03-20 19:22:48 +01:00
jvazquez-r7
072fca9f6c
Merge branch 'post_linux_manage_download_exec' of https://github.com/jasbro/metasploit-framework into jasbro-post_linux_manage_download_exec
2013-03-20 18:02:51 +01:00
jvazquez-r7
54f22ed06c
check if curl is on the path
2013-03-20 17:31:48 +01:00
Joshua Abraham
9948d1ec12
change from vcmd_exec to a method in the module
2013-03-19 20:40:25 -04:00
jvazquez-r7
26dec4eb8f
last cleanup for sami_ftpd_list
2013-03-19 21:32:05 +01:00
jvazquez-r7
42efe5955b
Merge branch 'osvdb-90815' of https://github.com/dougsko/metasploit-framework into dougsko-osvdb-90815
2013-03-19 21:31:46 +01:00
jvazquez-r7
b19c51aa81
cleanup for sami_ftpd_list
2013-03-19 19:04:14 +01:00
m-1-k-3
9fc0f9a927
initial commit
2013-03-19 17:31:01 +01:00
dougsko
e2a9245b08
Changed target to Windows XP
2013-03-19 13:20:23 -03:00
sinn3r
0c0d15024a
No tabs for these
2013-03-19 08:39:47 -05:00
sinn3r
07a3f15292
Merge branch 'coolpdf_image_stream_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-coolpdf_image_stream_bof
2013-03-19 08:38:30 -05:00
sinn3r
116f5b87f0
Merge branch 'axigen_file_access' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-axigen_file_access
2013-03-19 08:33:58 -05:00
Joel Parish
21e9f7dbd2
Added module for CVE-2013-1362
...
Module exploits a shell code metacharacter escaping vulnerability in
poorly configured Nagios Remote Plugin Executor installations.
2013-03-19 01:43:46 -07:00
Matt Andreko
fd5bd52e6d
Added some error handling if the connection dies.
2013-03-18 17:26:40 -04:00
Matt Andreko
66dcbca562
Sysax Multi-Server SSHD DoS
...
This exploit affects Sysax Multi-Server version 6.10. It causes a
Denial of Service by sending a specially crafted Key Exchange, which
causes the service to crash.
2013-03-18 17:16:12 -04:00
dougsko
fb90a1b497
Uses IP address length in offset calculation
2013-03-18 16:18:04 -03:00
jvazquez-r7
4aab1cc5df
delete debug code
2013-03-18 16:28:39 +01:00
jvazquez-r7
dffec1cd41
added module for cve-2012-4914
2013-03-17 21:12:40 +01:00
Doug P
3d92d6e977
removed the handler call
2013-03-15 16:48:53 -04:00
Doug P
a96283029e
made payload size a little smaller
2013-03-15 16:08:43 -04:00
Doug P
8b5c782b54
changed Platform from Windows to win
2013-03-15 15:13:52 -04:00
Doug P
8f4b3d073a
Explicitly set EXITFUNC to thread
2013-03-15 14:52:39 -04:00
Doug P
e9af05a178
made recommended changes
2013-03-15 11:35:12 -04:00
Joshua Abraham
07d78af421
Linux post module to download and run a command
2013-03-15 10:13:56 -04:00
Doug P
4bb64a0f41
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-14 16:10:10 -04:00
Doug P
bbbf395659
got everything working and cleaned up
2013-03-14 16:02:41 -04:00
jvazquez-r7
d8f46e3df4
Merge branch 'module/fb_cnct_target_214' of https://github.com/zeroSteiner/metasploit-framework into zeroSteiner-module/fb_cnct_target_214
2013-03-14 16:27:58 +01:00
jvazquez-r7
b86b70c31c
Merge branch 'openpli-shell' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-openpli-shell
2013-03-14 15:58:14 +01:00
jvazquez-r7
02f90b5bbd
cleanup for dopewars
2013-03-14 15:53:19 +01:00
jvazquez-r7
4d9f2bbb06
Merge branch 'master' of https://github.com/dougsko/metasploit-framework into dougsko-master
2013-03-14 15:51:47 +01:00
jvazquez-r7
6ccfa0ec18
cleanup for dreambox_openpli_shell
2013-03-14 15:02:21 +01:00
jvazquez-r7
7403239de7
cleanup for psexec_ntdsgrab
2013-03-14 13:40:45 +01:00
jvazquez-r7
9ae2c8e718
Merge branch 'ntdsgrab4' of https://github.com/R3dy/metasploit-framework into R3dy-ntdsgrab4
2013-03-14 13:39:41 +01:00
m-1-k-3
9366e3fcc5
last adjustment
2013-03-14 11:18:52 +01:00
m-1-k-3
0140caf1f0
Merge branch 'master' of git://github.com/rapid7/metasploit-framework into openpli-shell
2013-03-14 10:55:52 +01:00
Trenton Ivey
97023413cb
Added advanced option for temp filenames prefix
2013-03-14 01:50:52 -05:00
Royce Davis
abbb3b248d
methods that use @ip now reference it directly instead of being passed in as paramaters
2013-03-13 19:35:53 -05:00
Royce Davis
462ffb78c1
Simplified copy_ntds & copy_sys check on line 91
2013-03-13 19:31:36 -05:00
Royce Davis
4e9af74763
All print statements now use #{peer}
2013-03-13 19:28:09 -05:00
Royce Davis
edf2804bb5
Added simple.disconnect to end of cleanup_after method
2013-03-13 19:23:22 -05:00
Royce Davis
8eba71ebe2
Added simple.disconnect to end of download_sys_hive method
2013-03-13 19:20:58 -05:00
Doug P
1f7b2a8e9f
minor edits
2013-03-13 17:48:37 -04:00
Doug P
fa5c988110
got sami_ftpd_list.rb working
2013-03-13 17:27:02 -04:00
James Lee
2f11796dfa
Fix typo
...
[SeeRM #7800 ]
2013-03-13 16:10:20 -05:00
jvazquez-r7
456e4449e5
definitely the free trial of 6.53 is also vulnerable
2013-03-13 20:29:07 +01:00
jvazquez-r7
5345af87f2
better description according to advisory
2013-03-13 20:25:13 +01:00
jvazquez-r7
5339c6f76e
better target description according to advisory
2013-03-13 20:23:22 +01:00
jvazquez-r7
50083996ff
better target description
2013-03-13 20:13:09 +01:00
jvazquez-r7
a2755820cb
Added module for CVE-2012-4711
2013-03-13 20:07:58 +01:00
Spencer McIntyre
458ffc1f19
Add a target for Firebird 2.1.4.18393
2013-03-13 13:44:28 -04:00
jvazquez-r7
e5f7c08d6f
Added module for CVE-2012-4940
2013-03-13 11:52:54 +01:00
Doug P
22133ba8ff
removed version number
2013-03-12 16:36:14 -04:00
Doug P
70da739666
fixed errors in dopewars.rb shown by msftidy
2013-03-12 15:47:31 -04:00
doug
b5c3161ceb
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-12 13:20:06 -04:00
Doug P
c8c50a6407
cleaned up dopewars module
2013-03-12 12:56:12 -04:00
Royce Davis
9a970415bc
Module uses store_loot now instead of logdir which has been removed
2013-03-11 20:05:23 -05:00
doug
a199c397e4
...
2013-03-11 17:09:17 -04:00
doug
4d6e19b40b
small edits to dopewars.rb
2013-03-11 17:07:05 -04:00
James Lee
6da4c53191
Merge remote-tracking branch 'jvazquez-r7/netcat_gaping' into rapid7
...
[Closes #1576 ]
2013-03-11 16:02:49 -05:00
doug
0e607f8252
added dopewars module
2013-03-11 16:52:49 -04:00
jvazquez-r7
2684e6103c
use of send_request_cgi
2013-03-11 20:36:47 +01:00
jvazquez-r7
9c89599737
cleanup before merge external_ip
2013-03-11 20:35:25 +01:00
jvazquez-r7
546e24a9c6
Merge branch 'external_ip_discovery' of https://github.com/sempervictus/metasploit-framework into sempervictus-external_ip_discovery
2013-03-11 20:35:07 +01:00
Royce Davis
aa4cc11640
Removed Scanner class running as stand-alone single target module now
2013-03-11 13:39:47 -05:00
Tod Beardsley
2f95d083e8
Updating URL for Honewell EBI exploit
2013-03-11 13:35:58 -05:00
Tod Beardsley
23972fbebc
Merge branch 'release'
2013-03-11 13:08:30 -05:00
Tod Beardsley
d81d9261e7
Adding Honeywell exploit.
2013-03-11 13:03:59 -05:00
jvazquez-r7
4852f1b9f7
modify exploits to be compatible with the new netcat payloads
2013-03-11 18:35:44 +01:00
jvazquez-r7
627e7f6277
avoiding grouping options
2013-03-11 18:26:03 +01:00
jvazquez-r7
f0cee29100
modified CommandDispatcher::Exploit to have the change into account
2013-03-11 18:08:46 +01:00
jvazquez-r7
c9268c3d54
original modules renamed
2013-03-11 18:04:22 +01:00
jvazquez-r7
074ea7dee4
Merge branch 'ssl' of https://github.com/luh2/metasploit-framework into luh2-ssl
2013-03-11 15:36:20 +01:00
Royce Davis
a96753e9df
Added licensing stuff at the top
2013-03-10 20:07:04 -05:00
Royce Davis
bf9a2e4f52
Fixed module to use psexec mixin
2013-03-10 15:15:50 -05:00
Royce Davis
907983db4a
updating with r7-msf
2013-03-10 14:19:20 -05:00
James Lee
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
RageLtMan
25f3f935c4
Apply Egypt's cleanup
...
Remove revision, raise the exception itself, remove scanner mixin,
datastore['RHOST'] unstead of RHOSTS, and useles agent var removed.
2013-03-07 18:34:12 -05:00
jvazquez-r7
64398d2b60
deleting some commas
2013-03-07 21:34:51 +01:00
jvazquez-r7
ab44e3e643
cleanup for fb_cnct_group
2013-03-07 21:34:07 +01:00
jvazquez-r7
969490771f
Merge branch 'module-fb_cnct_group' of https://github.com/zeroSteiner/metasploit-framework into zeroSteiner-module-fb_cnct_group
2013-03-07 21:33:33 +01:00
jvazquez-r7
c5e61f1e9d
Merge branch 'msftidy_ssl_shells' of https://github.com/sempervictus/metasploit-framework into sempervictus-msftidy_ssl_shells
2013-03-07 20:47:11 +01:00
jvazquez-r7
25db782b03
change print location
2013-03-07 19:15:40 +01:00
jvazquez-r7
fdd7c375ad
added linux native target
2013-03-07 19:12:25 +01:00
Spencer McIntyre
398d13e053
Initial commit of the Firebird CNCT Group Number Buffer Overflow.
2013-03-07 09:51:05 -05:00
jvazquez-r7
03f3b06ccb
added module for cve-2012-3001
2013-03-07 14:23:13 +01:00
J.Townsend
db1f4d7e1d
added license info
2013-03-07 00:20:02 +00:00
J.Townsend
e8c1899dc2
added license info
2013-03-07 00:18:32 +00:00
J.Townsend
3946cdf91e
added license info
2013-03-07 00:17:55 +00:00
J.Townsend
1b493d0e4c
added license info
2013-03-07 00:16:26 +00:00
J.Townsend
9e89d9608f
added license info
2013-03-07 00:11:45 +00:00
J.Townsend
56639e7f15
added license info
2013-03-07 00:10:46 +00:00
RageLtMan
7f80692457
everyone will comply, resistance is futile
2013-03-06 18:38:14 -05:00
sinn3r
b65f410048
Updates the description
2013-03-06 16:37:41 -06:00
RageLtMan
dfe3a4f394
msftidy and module placement per todb
2013-03-06 17:36:01 -05:00
sinn3r
fee07678dd
Rename module to better describe the bug.
2013-03-06 16:33:41 -06:00
sinn3r
79d3597d31
That's not a real check...
2013-03-06 16:32:53 -06:00
sinn3r
16d7b625bc
Format cleanup
2013-03-06 16:31:39 -06:00
sinn3r
7219c7b4aa
Merge branch 'codesys_gateway_server_remote_execution.rb' of github.com:nahualito/metasploit-framework into nahualito-codesys_gateway_server_remote_execution.rb
2013-03-06 16:15:24 -06:00
Royce Davis
1d8c759a34
yeah
2013-03-06 16:01:36 -06:00
Enrique A. Sanchez Montellano
aa5c9461ae
Fixed more styling issues, EOL, tabs and headers
2013-03-06 10:50:31 -08:00
Enrique A. Sanchez Montellano
437d6d6ba6
Fixed EOL, bad indent, added header, removed #!/usr/env/ruby
2013-03-06 10:44:29 -08:00
sinn3r
af9982e289
Merge branch 'codesys_gateway_server_remote_execution.rb' of github.com:nahualito/metasploit-framework into nahualito-codesys_gateway_server_remote_execution.rb
2013-03-06 12:11:58 -06:00
Enrique A. Sanchez Montellano
aa3a54fba0
Added CoDeSyS Gateway.exe Server remote execution via arbitrary file creation
2013-03-06 09:29:28 -08:00
RageLtMan
225b15f7f3
Add external IP discovery module
...
This module performs an HTTP request to ifconfig.me/ip.
The body of the response contains the publicly routable IP from
which the request originated. This can be useful in discovering
routes on pivoted hosts and initial recon as a simple aux module.
2013-03-05 23:42:31 -05:00
James Lee
ca43900a7c
Merge remote-tracking branch 'R3dy/psexec-mixin2' into rapid7
2013-03-05 16:34:11 -06:00
jvazquez-r7
781132b1cf
cleanup for openssl_aesni
2013-03-05 22:41:16 +01:00
jvazquez-r7
784c075986
Merge branch 'module-cve-2012-2686' of https://github.com/ettisan/metasploit-framework into ettisan-module-cve-2012-2686
2013-03-05 22:40:46 +01:00
James Lee
27727df415
Merge branch 'R3dy-psexec-mixin2' into rapid7
2013-03-05 14:36:55 -06:00
James Lee
a74b576a0f
Merge branch 'rapid7' into rsmudge-authproxyhttpstager
2013-03-04 17:50:48 -06:00
James Lee
c0689a7d43
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-03-04 12:14:33 -06:00
Wolfgang Ettlinger
867875b445
Beautified OpenSSL-AESNI module
...
Modifed the CVE-2012-2686 module to follow
suggestions by @jvazquez-r7:
* Added description for all fields in the
SSL packets
* MAX_TRIES now required
* use get_once instead of timeout
2013-03-04 19:09:50 +01:00
David Maloney
71ba044d03
remove debugging aid
2013-03-04 11:25:34 -06:00
David Maloney
6dcca7df78
Remove duplicated header issues
...
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
sinn3r
7fa24d9060
Module rename
2013-03-04 10:54:33 -06:00
sinn3r
59b5e8e688
Merge branch 'setuid_tunnelblick' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-setuid_tunnelblick
2013-03-04 10:53:31 -06:00
sinn3r
95cd46d362
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-03-04 10:46:27 -06:00
sinn3r
12247d47ba
Rename module, sorry, no pull request.
2013-03-04 10:46:05 -06:00
jvazquez-r7
e465a07030
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-04 17:41:18 +01:00
jvazquez-r7
92ee4300df
cleanup for reflective_dll_inject
2013-03-04 17:40:09 +01:00
jvazquez-r7
582395412f
Merge branch 'post_ref_dll_inj' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-post_ref_dll_inj
2013-03-04 17:39:11 +01:00
jvazquez-r7
a980bf0ef6
minor fixes
2013-03-03 19:54:17 +01:00
jvazquez-r7
248481f195
fixed EOF
2013-03-03 19:52:31 +01:00
jvazquez-r7
81e2dbc71e
added module for CVE-2012-3485
2013-03-03 19:48:12 +01:00
jvazquez-r7
76180f22fc
added module for cve-2012-4284
2013-03-03 13:23:21 +01:00
Raphael Mudge
1cc49f75f5
move flag comment to where it's used.
2013-03-03 03:26:43 -05:00
Raphael Mudge
ecdb884b13
Make download_exec work with authenticated proxies
...
Adds INTERNET_FLAG_KEEP_CONNECTION to HttpOpenRequest flags to allow
download_exec to transparently authenticate to a proxy device through
wininet.
Fun trivia, Windows 7 systems uses Connection: keep-alive by default.
This flag benefits older targets (e.g., Windows XP).
2013-03-03 01:42:17 -05:00
Michael Schierl
4a17a30ffd
Regenerate ruby modules
...
For shellcode changes (removed unneeded instruction) committed in
46a5c4f4bf
. Saves 2 bytes per shellcode.
2013-03-03 00:14:30 +01:00
David Maloney
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
David Maloney
b2f68f0fdb
Merge branch 'dmaloney-r7-feature/http/authv2' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-dmaloney-r7-feature/http/authv2
2013-02-28 14:37:37 -06:00
David Maloney
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
jvazquez-r7
8f58c7b25e
cleanup for sap_icf_public_info
2013-02-28 18:47:48 +01:00
jvazquez-r7
0dcfb51071
cleanup for sap_soap_rfc_system_info
2013-02-28 18:46:18 +01:00
jvazquez-r7
1a10c27872
Merge branch 'sap_rfc_system_info' of https://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-sap_rfc_system_info
2013-02-28 18:45:42 +01:00
RageLtMan
3778ae09e9
This commit adds DNS resolution to rev_tcp_rc4
...
Due to the modular structure of payload stages its pretty trivial
to add DNS resolution instead of hard-coded IP address in stage0.
The only real complication here is that ReverseConnectRetries ends
up being one byte further down than in the original shellcode. It
appears that the original rev_tcp_dns payload suffers from the same
issue.
Hostname substitution is handled in the same method as the RC4 and
XOR keys, with an offset provided and replace_vars ignoring the
hostname.
Tested in x86 native and WOW64 on XP and 2k8r2 respectively.
This is a good option for those of us needing to leave persistent
binaries/payloads on hosts for long periods. Even if the hostname
resolves to a malicious party attempting to steal our hard earned
session, they'd be hard pressed to crypt the payload with the
appropriate RC4 pass. So long as we control the NS and records, the
hardenned shellcode should provide a better night's sleep if running
shells over the WAN. Changing the RC4 password string in the
shellcode and build.py should reduce the chances of recovery by RE.
Next step will likely be to start generating elipses for ECDH SSL
in meterpreter sessions and passing them with stage2 through the
RC4 socket. If P is 768-1024 the process is relatively quick, but
we may want to precompute a few defaults as well to have 2048+.
2013-02-28 02:59:20 -05:00
Wolfgang Ettlinger
e7015985e7
Added CVE-2012-2686
...
Added Module for a DoS issue in OpenSSL (pre 1.0.1d). Can be exploited
with services that use TLS >= 1.1 and AES-NI. Because of improper
length computation, an integer underflow occurs leading to a
segmentation fault. This module brute-forces serveral encrypted
messages - when the decrypted message coincidentally specifies a
certain value for the size, the integer underflow occurs. Though this
could be accomplished more effectively (e.g. implementing or
maninpulating and TLS implementation), this module still does what it
should do.
2013-02-27 22:57:53 +01:00
James Lee
d3b3587660
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-27 14:01:57 -06:00
sinn3r
4085fa73c5
Merge branch 'stephenfewer-master'
2013-02-27 11:13:10 -06:00
sinn3r
3334257aa4
Merge branch 'bug/fix_screenspy' of github.com:kernelsmith/metasploit-framework into kernelsmith-bug/fix_screenspy
2013-02-26 13:54:47 -06:00
Joe Rozner
abdcde06cd
Fix polarcms_upload_exec exploit
2013-02-25 22:58:26 -08:00
sinn3r
0158919031
Merge branch 'master' of github.com:L1ghtn1ng/metasploit-framework into L1ghtn1ng-master
2013-02-25 19:41:29 -06:00
sinn3r
181e3c0496
Uses normalize_uri
2013-02-25 19:36:48 -06:00
J.Townsend
cbce1bdff2
update module description
...
This adds the version of wordpress the issue was fixed in to the description
2013-02-26 00:24:46 +00:00
James Lee
1ce86b7adb
Whitespace
2013-02-25 14:29:10 -06:00
James Lee
e41922853e
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-25 14:15:22 -06:00
sinn3r
1ed74b46be
Add CVE-2013-0803
...
From:
http://dev.metasploit.com/redmine/issues/7691
2013-02-25 14:14:57 -06:00
sinn3r
cae1939914
Kinda too long
2013-02-25 13:44:11 -06:00
sinn3r
593be7ab2f
Merge branch 'xbmc' of github.com:mandreko/metasploit-framework into mandreko-xbmc
2013-02-25 13:43:12 -06:00
sinn3r
f3f913edc5
Correct bad naming style
2013-02-25 13:29:27 -06:00
sinn3r
690e7ec8a7
Uses normalize_uri
2013-02-25 13:28:00 -06:00
sinn3r
b930613653
Merge branch 'kordil-edms-upload-exec' of github.com:bcoles/metasploit-framework into bcoles-kordil-edms-upload-exec
2013-02-25 12:43:50 -06:00
sinn3r
5fe2c26d82
Merge branch 'bcoles-glossword_upload_exec'
2013-02-25 12:41:05 -06:00
sinn3r
52241b847a
Uses normalize_uri instead of manually adding a slash
2013-02-25 12:20:37 -06:00
Tod Beardsley
1446992253
Merge jvazquez-r7's java exploit
2013-02-25 07:19:12 -06:00
bcoles
d7c0ce4e4a
Fix 'check()' in glossword_upload_exec
2013-02-25 15:52:07 +10:30
Raphael Mudge
788c96566f
Allow HTTP stager to work with authenticated proxies
...
The HttpOpenRequest function from WinINet requires the
INTERNET_FLAG_KEEP_CONNECTION flag to communicate through an
authenticated proxy.
From MSDN ( http://tinyurl.com/chwt86j ):
"Uses keep-alive semantics, if available, for the connection. This
flag is required for Microsoft Network (MSN), NT LAN Manager (NTLM),
and other types of authentication."
Without this flag, the HTTP stager will fail when faced with a proxy
that requires authentication. The Windows HTTPS stager does not have
this problem.
For HTTP Meterpreter to communicate through an authenticated proxy a
separate patch will need to be made to the Meterpreter source code.
This is at line 1125 of source/common/core.c in the Meterpreter source
code.
My motivation for this request is for windows/dllinject/reverse_http
to download a DLL even when faced with an authenticated proxy. These
changes accomplish this.
Test environment:
I staged a SmoothWall device with the Advanced Proxy Web Add-on. I
enabled Integrated Windows Authentication with a W2K3 DC. I verified
the HTTP stager authenticated to and communicated through the proxy
by watching the proxy access.log
2013-02-24 17:33:00 -05:00
bcoles
1f46b3aa02
Add Glossword Arbitrary File Upload Vulnerability exploit
2013-02-25 01:59:46 +10:30
Matt Andreko
2c0a916c83
Made the password optional
2013-02-23 17:14:30 -05:00
Matt Andreko
b221711ecd
Added basic error handling
2013-02-23 10:24:04 -05:00
Matt Andreko
67c2c3da20
Code Review Feedback
...
Fixed the USER/PASS that I missed in last review
Converted from Scanner module to Gather
2013-02-23 10:09:23 -05:00
sinn3r
2b65cfa5ab
Minor changes
2013-02-22 21:02:19 -06:00
sinn3r
1623877151
Merge branch 'MS13-009' of github.com:jjarmoc/metasploit-framework into jjarmoc-MS13-009
2013-02-22 20:58:42 -06:00
Meatballs
15d505f7a9
Msftidy
2013-02-22 22:09:19 +00:00
Meatballs
0ea7247a43
Initial commit
2013-02-22 22:05:29 +00:00
James Lee
fc07bf16e7
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-22 15:41:49 -06:00