Commit Graph

536 Commits (ec6516d87ccc347bef17af73c49433b91c38667a)

Author SHA1 Message Date
Ramon de C Valle 11ef4263a4 Remove call to handler as per review 2013-07-22 12:49:42 -03:00
jvazquez-r7 4beea52449 Use instance variables 2013-07-19 14:46:17 -05:00
Ramon de C Valle 6761f95892 Change print_error/ret to fail_with as per review 2013-07-19 12:19:29 -03:00
m-1-k-3 e93eef4534 fixing server header check 2013-07-19 08:00:02 +02:00
m-1-k-3 f26b60a082 functions and some tweaking 2013-07-19 07:57:27 +02:00
jvazquez-r7 a1a6aac229 Delete debug code from mutiny_frontend_upload 2013-07-18 14:03:19 -05:00
Ramon de C Valle 8fd6dd50de Check session and CSRF variables as per review 2013-07-16 14:30:55 -03:00
Ramon de C Valle dc51c8a3a6 Change URIPATH option to TARGETURI as per review 2013-07-16 14:27:47 -03:00
Ramon de C Valle 3dbe8fab2c Add foreman_openstack_satellite_code_exec.rb
This module exploits a code injection vulnerability in the 'create'
action of 'bookmarks' controller of Foreman and Red Hat
OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
2013-07-16 12:07:31 -03:00
m-1-k-3 f594c4b128 small cleanup 2013-07-15 08:48:18 +02:00
m-1-k-3 393c1b2a99 session stuff 2013-07-15 07:57:30 +02:00
m-1-k-3 a6b48f3082 HTTP GET 2013-07-14 19:02:53 +02:00
m-1-k-3 9f65264af4 make msftidy happy 2013-07-14 15:45:14 +02:00
m-1-k-3 47ca4fd48f session now working 2013-07-14 15:42:41 +02:00
m-1-k-3 9133dbac4a some feedback included and some playing 2013-07-14 14:14:06 +02:00
m-1-k-3 49c70911be dlink upnp command injection 2013-07-09 13:24:12 +02:00
sinn3r 4df943d1a2 CVE and OSVDB update 2013-06-25 02:06:20 -05:00
jvazquez-r7 b86b4d955a Make random strings also length random 2013-06-24 12:01:30 -05:00
jvazquez-r7 6672679530 Add local privilege escalation for ZPanel zsudo abuse 2013-06-23 11:00:39 -05:00
James Lee 81b4efcdb8 Fix requires for PhpEXE
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
Tod Beardsley f58e279066 Cleanup on module names, descriptions. 2013-06-10 10:52:22 -05:00
sinn3r f55edac0ca Title and description update 2013-06-07 22:38:53 -05:00
sinn3r a510084f1c Description change. 2013-06-07 22:35:46 -05:00
jvazquez-r7 600494817d Fix typo and target name 2013-06-07 21:08:38 -05:00
jvazquez-r7 9025b52951 make the payload build more clear 2013-06-07 18:05:11 -05:00
jvazquez-r7 d76e14fc9c Add module for OSVDB 93004 - Exim Dovect exec 2013-06-07 17:59:04 -05:00
Steve Tornio 4d26299de3 add osvdb ref 93881 and edb ref 21191 2013-06-05 18:57:33 -05:00
jvazquez-r7 3111013991 Minor cleanup for miniupnpd_soap_bof 2013-06-04 08:53:52 -05:00
jvazquez-r7 6497e5c7a1 Move exploit under the linux tree 2013-06-04 08:53:18 -05:00
sinn3r c705928052 Landing #1899 - Add OSVDB ref 85462 for esva_exec.rb 2013-06-03 10:40:31 -05:00
Steve Tornio 76faba60b7 add osvdb ref 85462 2013-06-03 06:16:43 -05:00
Steve Tornio e612a3d017 add osvdb ref 77183 2013-06-03 05:42:56 -05:00
sinn3r e74c1d957f Landing #1897 - Add OSVDB ref 93444 for mutiny_frontend_upload.rb 2013-06-03 02:15:35 -05:00
sinn3r 093830d725 Landing #1896 - Add OSVDB ref 82925 for symantec_web_gateway_exec.rb 2013-06-03 02:13:34 -05:00
Steve Tornio c2c630c338 add osvdb ref 93444 2013-06-02 21:03:44 -05:00
Steve Tornio bc993b76fc add osvdb ref 82925 2013-06-02 20:43:16 -05:00
Steve Tornio ae17e9f7b5 add osvdb ref 56992 2013-06-02 18:32:46 -05:00
Steve Tornio 61c8861fcf add osvdb ref 2013-06-02 08:33:42 -05:00
sinn3r 90117c322c Landing #1874 - Post API cleanup 2013-05-31 16:15:23 -05:00
Tod Beardsley e7a1f06fbc Modules shouldn't be +x 2013-05-29 15:11:35 -05:00
James Lee f3ff5b5205 Factorize and remove includes
Speeds up compilation and removes dependency on bionic source
2013-05-28 15:46:06 -05:00
Tod Beardsley 75d6c8079a Spelling, whitespace
Please be sure to run msftidy.rb on new modules. Thanks!
2013-05-28 10:03:37 -05:00
jvazquez-r7 bfcd86022d Add code cleanup for nginx_chunked_size. 2013-05-22 14:37:42 -05:00
LinuxGeek247 81b690ae4b Initial check in of nginx module 2013-05-22 13:52:00 -04:00
James Lee f4498c3916 Remove $Id tags
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
jvazquez-r7 94bc3bf8eb Fix msftidy warning 2013-05-20 10:35:59 -05:00
jvazquez-r7 395aac90c2 Do minor cleanup for linksys_wrt160nv2_apply_exec 2013-05-20 10:34:39 -05:00
jvazquez-r7 08b2c9db1e Land #1801, @m-1-k-3's linksys wrt160n exploit 2013-05-20 10:33:44 -05:00
m-1-k-3 1a904ccf7d tftp download 2013-05-19 20:37:46 +02:00
jvazquez-r7 dfa19cb46d Do minor cleanup for dlink_dir615_up_exec 2013-05-19 12:43:01 -05:00
jvazquez-r7 348705ad46 Land #1800, @m-1-k-3's exploit for DLINK DIR615 2013-05-19 12:42:02 -05:00
m-1-k-3 f3a2859bed removed user,pass in request 2013-05-19 18:50:12 +02:00
m-1-k-3 aee5b02f65 tftp download check 2013-05-19 18:45:01 +02:00
m-1-k-3 4816925f83 feeback included 2013-05-19 16:19:45 +02:00
James Lee 3009bdb57e Add a few more references for those without 2013-05-16 14:32:02 -05:00
jvazquez-r7 649a8829d3 Add modules for Mutiny vulnerabilities 2013-05-15 09:02:25 -05:00
sinn3r 5e925f6629 Description update 2013-05-14 14:20:27 -05:00
jvazquez-r7 42cfa72f81 Update data after test kloxo 6.1.12 2013-05-13 19:09:06 -05:00
jvazquez-r7 58f2373171 Added module for EDB 25406 2013-05-13 18:08:23 -05:00
m-1-k-3 981cc891bc description 2013-05-12 20:07:32 +02:00
m-1-k-3 09bf23f4d6 linksys wrt160n tftp download module 2013-05-06 16:18:15 +02:00
m-1-k-3 22d850533a dir615 down and exec exploit 2013-05-06 15:33:45 +02:00
Tod Beardsley 60e0cfb17b Trivial description cleanup 2013-04-29 14:11:20 -05:00
jvazquez-r7 2b4144f20f Add module for US-CERT-VU 345260 2013-04-24 10:47:16 -05:00
Antoine 0115833724 SyntaxError fixes 2013-04-21 20:22:41 +00:00
jvazquez-r7 19a158dce9 Do final cleanup for netgear_dgn2200b_pppoe_exec 2013-04-19 15:50:23 -05:00
jvazquez-r7 c1819e6ecc Land #1700, @m-1-k-3's exploit for Netgear DGN2200B 2013-04-19 15:49:30 -05:00
m-1-k-3 2713991c64 timeout and HTTP_Delay 2013-04-17 20:25:59 +02:00
m-1-k-3 59045f97fb more testing, reworking of config restore, rework of execution 2013-04-17 18:10:27 +02:00
Tod Beardsley 513b3b1455 Minor cleanup on DLink module 2013-04-15 13:27:47 -05:00
jvazquez-r7 7e5d4bc893 Landing #1614, @jwpari nagios nrpe exploit 2013-04-11 17:53:52 +02:00
jvazquez-r7 a1605184ed Landing #1719, @m-1-k-3 dlink_diagnostic_exec_noauth exploit module 2013-04-10 11:17:29 +02:00
jvazquez-r7 4f2e3f0339 final cleanup for dlink_diagnostic_exec_noauth 2013-04-10 11:15:32 +02:00
m-1-k-3 8fbade4cbd OSVDB 2013-04-10 10:45:30 +02:00
jvazquez-r7 157f25788b final cleanup for linksys_wrt54gl_apply_exec 2013-04-09 12:39:57 +02:00
jvazquez-r7 b090495ffb Landing pr #1703, m-1-k-3's linksys_wrt54gl_apply_exec exploit 2013-04-09 12:38:49 +02:00
m-1-k-3 b93ba58d79 EDB, BID 2013-04-09 11:56:53 +02:00
m-1-k-3 cbefc44a45 correct waiting 2013-04-08 21:40:50 +02:00
m-1-k-3 955efc7009 final cleanup 2013-04-07 17:59:57 +02:00
m-1-k-3 9f89a996b2 final regex, dhcp check and feedback from juan 2013-04-07 17:57:18 +02:00
jvazquez-r7 0e69edc89e fixing use of regex 2013-04-07 11:39:29 +02:00
jvazquez-r7 6a410d984d adding get_config where I forgot 2013-04-06 19:13:42 +02:00
jvazquez-r7 0c25ffb4de Landing #1695, agix's smhstart local root exploit 2013-04-06 17:32:12 +02:00
jvazquez-r7 55302ee07f Merge remote-tracking branch 'origin/pr/1695' into landing-pr1695 2013-04-06 17:30:02 +02:00
jvazquez-r7 9a2f409974 first cleanup for linksys_wrt54gl_apply_exec 2013-04-06 01:05:09 +02:00
m-1-k-3 ecaaaa34bf dlink diagnostic - initial commit 2013-04-05 19:56:15 +02:00
m-1-k-3 96b444c79e ManualRanking 2013-04-04 17:40:53 +02:00
m-1-k-3 67f0b1b6ee little cleanump 2013-04-04 17:33:46 +02:00
m-1-k-3 f07117fe7d replacement of wrt54gl auxiliary module - initial commit 2013-04-04 17:30:36 +02:00
agix b947dc71e9 english :) "must be" 2013-04-03 13:47:57 +02:00
agix 60dfece55c add opcode description 2013-04-03 13:46:56 +02:00
jvazquez-r7 ce88d8473a cleanup for netgear_dgn1000b_setup_exec 2013-04-03 12:44:04 +02:00
jvazquez-r7 3c27678168 Merge branch 'netgear-dgn1000b-exec-exploit' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-netgear-dgn1000b-exec-exploit 2013-04-03 12:43:42 +02:00
m-1-k-3 a93ec3aea3 fix name 2013-04-03 10:40:52 +02:00
m-1-k-3 2ceecabede make msftidy happy 2013-04-03 10:34:28 +02:00
m-1-k-3 91b0e5f800 netgear dgn2200b pppoe exec exploit - initial commit 2013-04-03 10:32:52 +02:00
m-1-k-3 642d8b846f netgear_dgn1000b_setup_exec - initial commit 2013-04-02 14:41:50 +02:00
m-1-k-3 7f3c6f7629 netgear_dgn1000b_setup_exec - initial commit 2013-04-02 14:39:04 +02:00
m-1-k-3 1b27d39591 netgear dgn1000b mipsbe exploit 2013-04-02 14:34:09 +02:00
agix 7359151c14 decrement esp to fix crash in the middle of shellcode 2013-04-02 13:25:31 +02:00
jvazquez-r7 6a6fa5b39e module filename changed 2013-04-02 10:50:50 +02:00
jvazquez-r7 b3feb51c49 cleanup for linksys_e1500_up_exec 2013-04-02 10:49:09 +02:00
jvazquez-r7 5e42b8472b Merge branch 'linksys_e1500_exploit' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys_e1500_exploit 2013-04-02 10:48:28 +02:00
m-1-k-3 579c499f43 Juans SRVHOST check included 2013-04-02 07:50:51 +02:00
jvazquez-r7 08ba2c70d3 update title and descr for mongod_native_helper 2013-04-01 21:44:08 +02:00
jvazquez-r7 81bca2c45a cleanup for mongod_native_helper 2013-04-01 21:35:34 +02:00
m-1-k-3 c386d54445 check SRVHOST 2013-04-01 18:12:13 +02:00
agix cc598bf977 Resolv a problem with mmap64 libc function and its unknown last argument 2013-04-01 17:38:09 +02:00
agix 6b639ad2ee add memcpy to the ropchain due to the zeroed mmap function under ubuntu 2013-04-01 14:13:19 +02:00
agix baf1ce22b3 increase mmap RWX size 2013-03-31 21:04:39 +02:00
jvazquez-r7 0f965ddaa3 waiting for payload download on linksys_e1500_more_work 2013-03-31 16:07:14 +02:00
agix 30111e3d8b hpsmh smhstart local exploit BOF 2013-03-31 13:04:34 +02:00
m-1-k-3 1d6184cd63 fixed author details 2013-03-30 12:41:31 +01:00
m-1-k-3 cd8bc2f87d description, blind exploitation info on cmd payload 2013-03-30 12:03:14 +01:00
m-1-k-3 b0a61adc23 juans feedback included 2013-03-30 11:43:10 +01:00
jvazquez-r7 5fd996f775 added osvdb reference 2013-03-30 10:42:58 +01:00
jvazquez-r7 3bf0046e3e Merge branch 'hp_system_management' of https://github.com/agix/metasploit-framework into agix-hp_system_management 2013-03-30 10:42:06 +01:00
m-1-k-3 7965f54890 juans feedback included 2013-03-30 08:40:42 +01:00
jvazquez-r7 607b1c5c14 little cleanup for e1500_up_exec 2013-03-29 23:16:13 +01:00
m-1-k-3 1b563ad915 stop_service 2013-03-29 22:38:06 +01:00
m-1-k-3 813ff1e61e removed payload stuff 2013-03-29 22:32:57 +01:00
m-1-k-3 c5e358c9c3 compatible payloads 2013-03-29 20:54:35 +01:00
m-1-k-3 0164cc34be msftidy, generate exe, register_file_for_cleanup 2013-03-29 19:00:04 +01:00
jvazquez-r7 c55a3870a8 cleanup for hp_system_management 2013-03-29 18:02:23 +01:00
m-1-k-3 cfeddf3f34 cmd payload working, most feedback included 2013-03-29 14:43:48 +01:00
agix 4a683ec9a4 Fix msftidy WARNING 2013-03-28 13:36:35 +01:00
agix 139926a25b Fix msftidy Warning 2013-03-28 13:22:26 +01:00
agix eec386de60 fail in git usage... sorry 2013-03-28 12:05:49 +01:00
agix 4bcadaabc1 hp system management homepage DataValidation?iprange buffer overflow 2013-03-28 12:00:17 +01:00
agix 69fb465293 Put gadgets in Target 2013-03-28 11:15:13 +01:00
agix dee5835eab Create mongod_native_helper.rb
metasploit exploit module for CVE-2013-1892
2013-03-28 03:10:38 +01:00
m-1-k-3 dfd451f875 make msftidy happy 2013-03-27 17:46:02 +01:00
jvazquez-r7 cd58a6e1a1 cleanup for nagios_nrpe_arguments 2013-03-20 19:22:48 +01:00
Joel Parish 21e9f7dbd2 Added module for CVE-2013-1362
Module exploits a shell code metacharacter escaping vulnerability in
poorly configured Nagios Remote Plugin Executor installations.
2013-03-19 01:43:46 -07:00
jvazquez-r7 6ccfa0ec18 cleanup for dreambox_openpli_shell 2013-03-14 15:02:21 +01:00
m-1-k-3 9366e3fcc5 last adjustment 2013-03-14 11:18:52 +01:00
m-1-k-3 0140caf1f0 Merge branch 'master' of git://github.com/rapid7/metasploit-framework into openpli-shell 2013-03-14 10:55:52 +01:00
jvazquez-r7 4852f1b9f7 modify exploits to be compatible with the new netcat payloads 2013-03-11 18:35:44 +01:00
James Lee 2160718250 Fix file header comment
[See #1555]
2013-03-07 17:53:19 -06:00
David Maloney 0ae489b37b last of revert-merge snaffu 2013-02-19 23:16:46 -06:00
m-1-k-3 3ab5585107 make msftidy happy 2013-02-16 20:49:32 +01:00
m-1-k-3 121a736e28 initial commit 2013-02-16 20:42:02 +01:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
2013-02-11 20:49:55 -06:00
David Maloney 4c1e630bf3 BasicAuth datastore cleanup
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
sinn3r c174e6a208 Correctly use normalize_uri()
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
sinn3r 690ef85ac1 Fix trailing slash problem
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.

Related to: [SeeRM: #7727]
2013-01-28 13:19:31 -06:00
sinn3r f50c7ea551 A version number helps deciding which exploit to use 2013-01-23 11:43:39 -06:00
sinn3r ca144b9e84 msftidy fix 2013-01-23 11:40:12 -06:00
jvazquez-r7 dd0fdac73c fix indent 2013-01-23 18:19:14 +01:00
jvazquez-r7 9c9a0d1664 Added module for cve-2012-0432 2013-01-23 10:51:29 +01:00