Christian Mehlmauer
9c159f0aa3
Land #3210 , typo in openssl_heartbleed
2014-04-09 09:53:06 +02:00
Meatballs
ae3ead6ef9
Land #2107 Post Enum Domain Users
2014-04-09 11:32:12 +01:00
julianvilas
4e7c675f3c
Fix typo, extraquote in message
2014-04-09 10:22:15 +02:00
Christian Mehlmauer
cdfe333572
updated heartbleed module
...
-) Heartbeat length was added twice
-) Use the current date for the TLS client_hello
2014-04-09 09:19:05 +02:00
joev
b4f5784ba2
Land #3147 , @m-1-k-3's mipsbe exec payload.
2014-04-08 22:32:21 -05:00
Brandon Perry
82c9b539ac
Fix disclosure date, earlier than I thought
2014-04-08 21:43:49 -05:00
Brandon Perry
3013704c75
Create sophos_wpa_iface_exec
...
This module exploits both bugs in http://www.zerodayinitiative.com/advisories/ZDI-14-069/
2014-04-08 21:21:43 -05:00
William Vu
dd69a9e5dd
Land #3206 , OpenSSL Heartbleed infoleak
2014-04-08 20:12:00 -05:00
William Vu
5e314f2a7c
Fix outstanding issues
2014-04-08 20:11:28 -05:00
sinn3r
f3086085b6
Land #3204 - MS14-017 Microsoft Word RTF Object Confusion
2014-04-08 18:47:53 -05:00
jvazquez-r7
a4e1d866e1
Favor nil?
2014-04-08 18:21:49 -05:00
jvazquez-r7
153e003e23
Do small fixes
2014-04-08 18:21:09 -05:00
jvazquez-r7
39aecb140a
Use the datastore option
2014-04-08 16:55:08 -05:00
jvazquez-r7
496dd944e6
Add support for datastore TLSVERSION
2014-04-08 16:51:50 -05:00
jvazquez-r7
d51aa34437
Use Random generation Time as pointed by @Firefart
2014-04-08 16:46:15 -05:00
jvazquez-r7
d964243cc4
Move heartbeat length to a variable
2014-04-08 16:33:05 -05:00
jvazquez-r7
3d6c553efd
Fix endianess
2014-04-08 16:29:31 -05:00
jvazquez-r7
373b05c5aa
Minimize extensions in the Hello
2014-04-08 16:21:38 -05:00
jvazquez-r7
3254cce832
Align comment
2014-04-08 16:04:38 -05:00
jvazquez-r7
c20b71e7b6
Switch to vprint unless success
2014-04-08 16:03:38 -05:00
jvazquez-r7
7dbd690c99
Add new references
2014-04-08 16:01:06 -05:00
jvazquez-r7
a55579dd4a
Fix references
2014-04-08 15:56:56 -05:00
jvazquez-r7
4004cd8f9a
Allow hello data to grow dinamically
2014-04-08 15:52:39 -05:00
jvazquez-r7
b8e2c9fe42
Clean and fix @Firefart's code
2014-04-08 15:32:13 -05:00
jvazquez-r7
80bdbbed92
Solve conflict
2014-04-08 15:18:38 -05:00
Christian Mehlmauer
8c7debb81d
Added some comments and modified JABBER
2014-04-08 22:13:02 +02:00
jvazquez-r7
021da84459
Add authors and switch and's format
2014-04-08 15:10:27 -05:00
sinn3r
a2b709b20e
Land #3189 - Vtiger Install Unauthenticated Remote Command Execution
2014-04-08 14:58:34 -05:00
sinn3r
4012dd0acc
Fix everything that needs to be fixed
2014-04-08 14:57:42 -05:00
Christian Mehlmauer
9c053a5b91
Added additional protocols
2014-04-08 21:56:05 +02:00
Fabian Bräunlein
8dce80fd30
Added Big Endianess, improved check()-Function
...
Some Fritz!Box devices also run in Big Endianess mode. However, since
"uname -a" always returns "mips" and the "file"-command is not
available, autodetection is not an easy task.
The check()-function now checks, whether the device is really
vulnerable.
Furthemore, it's possible to send 92 bytes.
2014-04-08 21:32:36 +02:00
jvazquez-r7
5f29026cb2
Complete @Firefart's module
2014-04-08 14:13:56 -05:00
Spencer McIntyre
3f6c8afbe3
Fix typo of MSCOMCTL not MCCOMCTL
2014-04-08 14:52:18 -04:00
Spencer McIntyre
85197dffe6
MS14-017 Word RTF listoverridecount memory corruption
2014-04-08 14:44:20 -04:00
Jeff Jarmoc
21b220321f
Fix typo.
...
This isn't a Linksys exploit. Left over wording from a previous exploit?
2014-04-07 18:06:59 -05:00
jvazquez-r7
fb1318b91c
Land #3193 , @m-1-k-3's exploit for the Fritzbox RCE vuln
2014-04-07 16:13:31 -05:00
jvazquez-r7
ceaa99e64e
Minor final cleanup
2014-04-07 16:12:54 -05:00
Christian Mehlmauer
ac0cafcca6
Initial commit for openssl Heartbleed bug
2014-04-07 21:15:54 +02:00
Michael Messner
b1a6b28af9
fixed disclosure date
2014-04-07 19:29:37 +02:00
Michael Messner
003310f18a
feedback included
2014-04-07 19:25:26 +02:00
Tod Beardsley
7572d6612e
Spelling and grammar on new release modules
2014-04-07 12:18:13 -05:00
Michael Messner
85de6ed0c9
feedback included
2014-04-07 18:20:15 +02:00
sinn3r
0c883723ba
Land #3149 - Oracle Demantra Arbitrary File Retrieval with auth bypass
2014-04-07 11:11:55 -05:00
sinn3r
31dfae3a01
Follow the 100 columns per line guideline
2014-04-07 11:10:20 -05:00
sinn3r
de242ecc00
Correct date format
...
Hmm weird, msftidy didn't pick this up
2014-04-07 11:09:27 -05:00
jvazquez-r7
56bd35c8ce
Add module for WinRAR spoofing vulnerability
2014-04-07 09:21:49 -05:00
Michael Messner
11bbb7f429
fritzbox echo exploit
2014-04-07 09:12:22 +02:00
dummys
ca7dcc0781
cleanup with msftidy
2014-04-06 12:41:58 +02:00
jvazquez-r7
6d72860d58
Land #3004 , @m-1-k-3's linksys moon exploit
2014-04-04 14:04:48 -05:00
jvazquez-r7
0ae75860ea
Code clean up
2014-04-04 14:02:12 -05:00
sinn3r
ea1c6fe8a4
Land #3177 - JIRA Issues Collector Directory Traversal
2014-04-04 10:41:51 -05:00
Spencer McIntyre
395f5beef8
Land #3178 , http header scan module
2014-04-04 11:36:35 -04:00
Spencer McIntyre
2b6ae68cbf
Minor modifications for http_header
2014-04-04 10:46:03 -04:00
jvazquez-r7
e2cbcf3c5d
Land #3179 , @brandonprry AlienVault sqli aux module
2014-04-04 09:17:11 -05:00
jvazquez-r7
ff6105e55d
Add check codes
2014-04-04 09:13:43 -05:00
Brandon Perry
44db611845
defaultoptions, not option
2014-04-04 05:55:35 -07:00
dummys
c90c49e319
Add vtiger install rce 0 day
2014-04-04 10:16:55 +02:00
jvazquez-r7
6f14cd225d
Do minor clean up
2014-04-03 23:22:44 -05:00
William Vu
48ef061c3c
Land #3046 , AIX ibtstat privesc exploit
2014-04-03 17:07:00 -05:00
William Vu
6c67f1881f
Normalize syntax and whitespace
2014-04-03 16:54:33 -05:00
Christian Mehlmauer
253a1c1f87
Land #3180 , EMC Cloud Tiering Appliance Unauthed XXE with root perms
2014-04-03 22:02:13 +02:00
Brandon Perry
a57da00932
fix refs line
2014-04-03 14:07:00 -07:00
Brandon Perry
51f83fccde
add some checks in vase the file wasn't retrievable
2014-04-03 14:04:05 -07:00
sinn3r
03559dedcd
Land #3187 - Changed OptString to OptRegexp
2014-04-03 14:52:59 -05:00
William Vu
d69a9d3c45
Land #3186 , OptString should be OptRegexp
2014-04-03 13:07:23 -05:00
Christian Mehlmauer
d995d84e91
Changed OptString to OptRegexp
2014-04-03 19:40:07 +02:00
Christian Mehlmauer
b4aa08251f
changed option from string to regex
2014-04-03 19:34:40 +02:00
Brandon Perry
e2ded663a6
make more robust
2014-04-03 06:15:09 -07:00
Brandon Perry
53b8148438
make more random
2014-04-03 05:52:35 -07:00
Brandon Perry
77b64ee77d
make more random
2014-04-03 05:41:00 -07:00
Christian Mehlmauer
a4adfac312
Added feedback for http_header module
2014-04-02 23:01:23 +02:00
Brandon Perry
75dc4c459b
msftidy
2014-04-02 13:22:21 -07:00
Brandon Perry
bb82277a41
msftidy
2014-04-02 13:20:13 -07:00
Brandon Perry
abc0b31f26
exploithub wat
2014-04-02 13:18:48 -07:00
jvazquez-r7
577bd7c855
Land #3146 , @wchen-r7's flash version detection code
2014-04-02 15:13:41 -05:00
Brandon Perry
765657d55a
alienvault module
2014-04-02 13:09:46 -07:00
Brandon Perry
d3f353118a
edb update
2014-04-02 13:06:54 -07:00
Brandon Perry
32cd846fe4
emc cta xxe module
2014-04-02 13:05:53 -07:00
Christian Mehlmauer
69192edd4b
Added new http_header module
2014-04-02 22:04:54 +02:00
jvazquez-r7
a85d451904
Add module for CVE-2014-2314
2014-04-02 14:49:31 -05:00
agix
4a575d57ab
Try to fix Meatballs1 suggestions : optional service_description change call
2014-04-02 20:33:09 +01:00
agix
b636a679ae
Erf, sorry, fixed now
2014-04-02 20:33:08 +01:00
agix
631a7b9c48
Adapt to new psexec mixin (first try :D)
2014-04-02 20:33:08 +01:00
Florian Gaultier
978bdbb676
Custom Service Description
2014-04-02 20:33:07 +01:00
sinn3r
e3dda2e862
Land #3172 - CVE-2014-1510 to firefox_xpi_bootstrapped_addon
2014-04-02 14:07:37 -05:00
joev
ebcf972c08
Add initial firefox xpi prompt bypass.
2014-04-01 23:48:35 -05:00
coma
149948485a
Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra fixed issues
2014-04-01 12:28:41 -07:00
Sagi Shahar
8611526a01
Fix more bugs and more syntax errors
2014-04-01 01:22:12 +02:00
Sagi Shahar
becefde52f
Fix bugs and syntax
2014-04-01 00:54:51 +02:00
William Vu
cf2589ba8d
Land #3162 , Microsoft module name changes
2014-03-28 23:10:27 -05:00
sinn3r
d7ca537a41
Microsoft module name changes
...
So after making changes for MSIE modules (see #3161 ), I decided to
take a look at all MS modules, and then I ended up changing all of
them. Reason is the same: if you list modules in an ordered list
, this is a little bit easier to see for your eyes.
2014-03-28 20:56:53 -05:00
sinn3r
466096f637
Add MSB number to name
2014-03-28 20:33:40 -05:00
William Vu
c37dbd104a
Clean up perms and whitespace for owa_login
2014-04-02 01:45:15 -05:00
Tod Beardsley
2972220f60
Land #3047 for real.
...
Merge branch 'land-3047-really' into upstream-master
2014-04-01 13:16:13 -05:00
sinn3r
367652592c
Land #2964 - Powershell CMD Encoder
2014-04-01 10:26:38 -05:00
William Vu
f9a7cfaa67
Land #3168 , EICAR payload encoding
2014-04-01 09:17:10 -05:00
Spencer McIntyre
dfec2eb53f
Cleanup an expression and avoid fail_with
2014-03-31 18:05:20 -04:00
Spencer McIntyre
07e04717c2
Allow using a single URI and/or a list of URIs
2014-03-31 18:05:20 -04:00
Joshua Smith
b21d5c1801
use TARGET_URI if given, otherwise TARGET_URIS_FILE
2014-03-31 18:05:20 -04:00
Spencer McIntyre
5e9e7e15c8
Return whether result is nil or not.
2014-03-31 18:05:20 -04:00