Commit Graph

303 Commits (ecaaaa34bff024fefddb0e763d12b1d2beea8ba7)

Author SHA1 Message Date
m-1-k-3 ecaaaa34bf dlink diagnostic - initial commit 2013-04-05 19:56:15 +02:00
jvazquez-r7 6ccfa0ec18 cleanup for dreambox_openpli_shell 2013-03-14 15:02:21 +01:00
m-1-k-3 9366e3fcc5 last adjustment 2013-03-14 11:18:52 +01:00
m-1-k-3 0140caf1f0 Merge branch 'master' of git://github.com/rapid7/metasploit-framework into openpli-shell 2013-03-14 10:55:52 +01:00
jvazquez-r7 4852f1b9f7 modify exploits to be compatible with the new netcat payloads 2013-03-11 18:35:44 +01:00
James Lee 2160718250 Fix file header comment
[See #1555]
2013-03-07 17:53:19 -06:00
David Maloney 0ae489b37b last of revert-merge snaffu 2013-02-19 23:16:46 -06:00
m-1-k-3 3ab5585107 make msftidy happy 2013-02-16 20:49:32 +01:00
m-1-k-3 121a736e28 initial commit 2013-02-16 20:42:02 +01:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
2013-02-11 20:49:55 -06:00
David Maloney 4c1e630bf3 BasicAuth datastore cleanup
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
sinn3r c174e6a208 Correctly use normalize_uri()
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
sinn3r 690ef85ac1 Fix trailing slash problem
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.

Related to: [SeeRM: #7727]
2013-01-28 13:19:31 -06:00
sinn3r f50c7ea551 A version number helps deciding which exploit to use 2013-01-23 11:43:39 -06:00
sinn3r ca144b9e84 msftidy fix 2013-01-23 11:40:12 -06:00
jvazquez-r7 dd0fdac73c fix indent 2013-01-23 18:19:14 +01:00
jvazquez-r7 9c9a0d1664 Added module for cve-2012-0432 2013-01-23 10:51:29 +01:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Christian Mehlmauer 6654faf55e Msftidy fixes 2013-01-04 09:29:34 +01:00
Christian Mehlmauer 8f2dd8e2ce msftidy: Remove $Revision$ 2013-01-04 00:48:10 +01:00
Christian Mehlmauer 25aaf7a676 msftidy: Remove $Id$ 2013-01-04 00:41:44 +01:00
James Lee 20cc2fa38d Make Windows postgres_payload more generic
* Adds Exploit::EXE to windows/postgres/postgres_payload. This gives us
  the ability to use generate_payload_dll() which generates a generic dll
  that spawns rundll32 and runs the shellcode in that process. This is
  basically what the linux version accomplishes by compiling the .so on
  the fly. On major advantage of this is that the resulting DLL will
  work on pretty much any version of postgres

* Adds Exploit::FileDropper to windows version as well. This gives us
  the ability to delete the dll via the resulting session, which works
  because the template dll contains code to shove the shellcode into a
  new rundll32 process and exit, thus leaving the file closed after
  Postgres calls FreeLibrary.

* Adds pre-auth fingerprints for 9.1.5 and 9.1.6 on Ubuntu and 9.2.1 on
  Windows

* Adds a check method to both Windows and Linux versions that simply
  makes sure that the given credentials work against the target service.

* Replaces the version-specific lo_create method with a generic
  technique that works on both 9.x and 8.x

* Fixes a bug when targeting 9.x; "language C" in the UDF creation query
  gets downcased and subsequently causes postgres to error out before
  opening the DLL

* Cleans up lots of rdoc in Exploit::Postgres
2012-12-22 00:30:09 -06:00
Tod Beardsley e762ca0d9b Merge remote branch 'jlee-r7/midnitesnake-postgres_payload' 2012-12-12 15:30:56 -06:00
sinn3r f5193b595c Update references 2012-12-10 11:42:21 -06:00
James Lee 17d8d3692b Merge branch 'rapid7' into midnitesnake-postgres_payload 2012-11-27 11:14:54 -06:00
jvazquez-r7 35b3bf4aa5 back to the original Brute mixin 2012-11-19 14:13:49 +01:00
jvazquez-r7 24fe043960 Merge branch 'samba' of https://github.com/mephos/metasploit-framework into mephos-samba 2012-11-19 14:13:15 +01:00
Chris John Riley f88ec5cbc8 Add normalize_uri to modules that may have
been missed by PULL 1045.

Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)

ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
James Lee ac1b60e6db Remove debug load 2012-11-07 20:00:41 -06:00
m m e170c1e3e3 typo in centos5 range 2012-10-31 18:28:26 +01:00
m m f7481b160c add centos5 target 2012-10-31 18:21:41 +01:00
m m 3e3c518753 remove SessionTypes as per egypt 2012-10-30 17:13:57 +01:00
m m 3855ba88b1 add meterpreter/command support to samba exploit using ROP 2012-10-29 17:33:00 +01:00
sinn3r 799c22554e Warn user if a file/permission is being modified during new session 2012-10-24 00:54:17 -05:00
Tod Beardsley be9a954405 Merge remote branch 'jlee-r7/cleanup/post-requires' 2012-10-23 15:08:25 -05:00
Michael Schierl 910644400d References EDB cleanup
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
James Lee 9c95c7992b Require's for all the include's 2012-10-23 13:24:05 -05:00
Michael Schierl f9ac55c221 Infohash key cleanups
Replace obvious typos in infohash keys. Note that this *does*
affect the behaviour as those keys have been ignored before.
2012-10-22 21:24:36 +02:00
Michael Schierl e9f7873afc Version cleanup
Remove all values that are neither 0 nor $Revision$.
2012-10-22 20:57:02 +02:00
James Lee 768d2c5921 Go back to old behavior for unknown versions
May not be correct, but it's what we used to do, so probably better than
just raising.

Also documents things a bit better.
2012-10-18 16:57:40 -05:00
James Lee 1eccb24bf8 Raise if the version isn't what we expect
Also adds some clarifying commentation and adds todb to the list of
authors since he wrote the original module for windows upon which this
one is based.
2012-10-18 15:55:55 -05:00
James Lee 3c5c1cd86e Remove unnecessary version restrictions
Since the payload is now run in the .so constructor, there's no need to
be compatible with a particular Postgres API.

Also:
 - report the service
 - delete the payload in the payload itself to reduce forensics
	 footprint
 - randomize the created function name instead of abusing
	 postgres_create_sys_exec
2012-10-18 15:40:27 -05:00
James Lee 0221f75f39 Merge branch 'rapid7' into midnitesnake-postgres_payload 2012-10-18 13:57:25 -05:00
James Lee 52feae2dcd Add missing require
[FixRM #7345]
2012-10-15 17:18:04 -05:00
sinn3r 529f88c66d Some msftidy fixes 2012-10-14 19:16:54 -05:00
James Lee 9c6fdbe9d7 Compile a .so instead of being version-specific
This makes it possible to use payloads for the appropriate architecture

NOTE: need to test windows and make sure I didn't break it
2012-10-13 15:18:25 -05:00
James Lee ad1870d819 Merge branch 'rapid7' into midnitesnake-postgres_payload 2012-10-12 14:18:34 -05:00
James Lee db12413b09 Convert vcms_upload to use PhpEXE
Incidentally adds a Linux x86 target
2012-10-12 04:29:57 -05:00
jvazquez-r7 aba69d8438 fix indentation 2012-10-05 20:18:40 +02:00
jvazquez-r7 4c646762a5 Added target debian squeeze 2012-10-05 20:12:09 +02:00