Andras Kabai
0339be229a
implement dynamic timeout handling
2013-04-24 18:22:37 +02:00
Andras Kabai
6f8fc81497
improve error handling
2013-04-24 17:59:11 +02:00
Andras Kabai
57113bee80
fine correction
...
add license
remove one unnecessary tab to make msftidy happy
2013-04-24 15:07:32 +02:00
Andras Kabai
6485124cdf
fix module name
2013-04-24 10:54:52 +02:00
Andras Kabai
358b8934bf
clarify description
2013-04-24 10:31:40 +02:00
Andras Kabai
00e6eeca54
implement command line magick to prevent bad char usage
...
commas in the HTTP queries are not allowed but the VBS stager contains
some, therefore it was necessary to find a way to echo out commas
without directly use them.
thanks to Laszlo Toth to help me figure out this windows command line
trick.
2013-04-24 09:46:36 +02:00
Andras Kabai
783cca6c17
allow only ARCH_X86 payloads
2013-04-24 09:29:47 +02:00
sinn3r
cae30bec23
Clean up all the whitespace found
2013-04-23 18:27:11 -05:00
Andras Kabai
750638e4d6
note on bad characters
2013-04-22 17:24:08 +02:00
Andras Kabai
a1e52b5b27
command execution needs cmd /c
2013-04-22 10:20:45 +02:00
Andras Kabai
d26289e05a
proper output handling in case of CMD payloads
2013-04-20 17:38:58 +02:00
Andras Kabai
d59ba37e6d
resize linemax
2013-04-20 17:37:50 +02:00
Andras Kabai
e36b58169b
implement CmbStagerVBS payload execution
2013-04-20 16:37:47 +02:00
Andras Kabai
8244c4dcac
multiple payload types, different paths to execute payloads
2013-04-20 14:20:30 +02:00
Andras Kabai
7b6a784a84
basic payload execution through OS command execution
2013-04-20 13:02:22 +02:00
Andras Kabai
223556a4e6
switch to exploit module environment
...
switch to Msf::Exploit, change the necessary declarations, start to
change the exploitation process
2013-04-20 12:30:44 +02:00
Andras Kabai
cff47771a2
initial commit
...
the original aux module will be the base of the exploit module
2013-04-20 11:32:05 +02:00
jvazquez-r7
4e8d32a89a
cleanup for freefloatftp_user
2013-04-16 20:43:38 -05:00
jvazquez-r7
eedeb37047
Landing #1731 , @dougsko's freefloat ftp server bof exploit
2013-04-16 20:42:01 -05:00
Tod Beardsley
a36c6d2434
Lands #1730 , adds a VERBOSE option checker
...
Also removes VERBOSE options from extant modules. There were only 5 of
them, and one was a commented option.
2013-04-15 15:32:56 -05:00
Tod Beardsley
29101bad41
Removing VERBOSE offenders
2013-04-15 15:29:56 -05:00
HD Moore
e2b8d5ed23
Fix from David Kennedy, enable Windows 8 support
2013-04-09 02:07:40 -05:00
m-1-k-3
1d6184cd63
fixed author details
2013-03-30 12:41:31 +01:00
jvazquez-r7
0109d81c95
fix typo
2013-03-27 17:39:18 +01:00
jvazquez-r7
c225d8244e
Added module for CVE-2013-1493
2013-03-26 22:30:18 +01:00
sinn3r
56c07211a0
Merge branch 'actfax_raw_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-actfax_raw_bof
2013-03-25 11:56:15 -05:00
sinn3r
47e3d7de59
Merge branch 'bugs/RM7108-adobe_flash_mp4_cprt-add_resource_issue' of github.com:neinwechter/metasploit-framework into neinwechter-bugs/RM7108-adobe_flash_mp4_cprt-add_resource_issue
2013-03-25 11:46:37 -05:00
jvazquez-r7
d54687cb37
fix typo
2013-03-25 00:58:47 +01:00
jvazquez-r7
26b43d9ed2
Added module for ZDI-13-050
2013-03-25 00:54:30 +01:00
Nathan Einwechter
89c0e8c27e
Fix add_resource call in adobe_flas_mp5_cprt
2013-03-22 19:27:02 -04:00
jvazquez-r7
6eaf995642
cleaning exploiting string
2013-03-22 21:48:02 +01:00
jvazquez-r7
fd63283524
make msftidy happy
2013-03-22 21:46:12 +01:00
sinn3r
051e31c19f
Merge branch 'kingview_kingmess_kvl' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-kingview_kingmess_kvl
2013-03-22 13:00:38 -05:00
jvazquez-r7
26dec4eb8f
last cleanup for sami_ftpd_list
2013-03-19 21:32:05 +01:00
jvazquez-r7
42efe5955b
Merge branch 'osvdb-90815' of https://github.com/dougsko/metasploit-framework into dougsko-osvdb-90815
2013-03-19 21:31:46 +01:00
jvazquez-r7
b19c51aa81
cleanup for sami_ftpd_list
2013-03-19 19:04:14 +01:00
dougsko
e2a9245b08
Changed target to Windows XP
2013-03-19 13:20:23 -03:00
sinn3r
0c0d15024a
No tabs for these
2013-03-19 08:39:47 -05:00
dougsko
fb90a1b497
Uses IP address length in offset calculation
2013-03-18 16:18:04 -03:00
jvazquez-r7
4aab1cc5df
delete debug code
2013-03-18 16:28:39 +01:00
jvazquez-r7
dffec1cd41
added module for cve-2012-4914
2013-03-17 21:12:40 +01:00
Doug P
3d92d6e977
removed the handler call
2013-03-15 16:48:53 -04:00
Doug P
a96283029e
made payload size a little smaller
2013-03-15 16:08:43 -04:00
Doug P
8b5c782b54
changed Platform from Windows to win
2013-03-15 15:13:52 -04:00
Doug P
8f4b3d073a
Explicitly set EXITFUNC to thread
2013-03-15 14:52:39 -04:00
Doug P
e9af05a178
made recommended changes
2013-03-15 11:35:12 -04:00
Doug P
4bb64a0f41
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-14 16:10:10 -04:00
Doug P
bbbf395659
got everything working and cleaned up
2013-03-14 16:02:41 -04:00
Doug P
1f7b2a8e9f
minor edits
2013-03-13 17:48:37 -04:00
Doug P
fa5c988110
got sami_ftpd_list.rb working
2013-03-13 17:27:02 -04:00
jvazquez-r7
456e4449e5
definitely the free trial of 6.53 is also vulnerable
2013-03-13 20:29:07 +01:00
jvazquez-r7
5345af87f2
better description according to advisory
2013-03-13 20:25:13 +01:00
jvazquez-r7
5339c6f76e
better target description according to advisory
2013-03-13 20:23:22 +01:00
jvazquez-r7
50083996ff
better target description
2013-03-13 20:13:09 +01:00
jvazquez-r7
a2755820cb
Added module for CVE-2012-4711
2013-03-13 20:07:58 +01:00
Spencer McIntyre
458ffc1f19
Add a target for Firebird 2.1.4.18393
2013-03-13 13:44:28 -04:00
Tod Beardsley
2f95d083e8
Updating URL for Honewell EBI exploit
2013-03-11 13:35:58 -05:00
Tod Beardsley
23972fbebc
Merge branch 'release'
2013-03-11 13:08:30 -05:00
Tod Beardsley
d81d9261e7
Adding Honeywell exploit.
2013-03-11 13:03:59 -05:00
James Lee
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
jvazquez-r7
64398d2b60
deleting some commas
2013-03-07 21:34:51 +01:00
jvazquez-r7
ab44e3e643
cleanup for fb_cnct_group
2013-03-07 21:34:07 +01:00
Spencer McIntyre
398d13e053
Initial commit of the Firebird CNCT Group Number Buffer Overflow.
2013-03-07 09:51:05 -05:00
sinn3r
b65f410048
Updates the description
2013-03-06 16:37:41 -06:00
sinn3r
fee07678dd
Rename module to better describe the bug.
2013-03-06 16:33:41 -06:00
sinn3r
79d3597d31
That's not a real check...
2013-03-06 16:32:53 -06:00
sinn3r
16d7b625bc
Format cleanup
2013-03-06 16:31:39 -06:00
sinn3r
7219c7b4aa
Merge branch 'codesys_gateway_server_remote_execution.rb' of github.com:nahualito/metasploit-framework into nahualito-codesys_gateway_server_remote_execution.rb
2013-03-06 16:15:24 -06:00
Enrique A. Sanchez Montellano
aa5c9461ae
Fixed more styling issues, EOL, tabs and headers
2013-03-06 10:50:31 -08:00
Enrique A. Sanchez Montellano
437d6d6ba6
Fixed EOL, bad indent, added header, removed #!/usr/env/ruby
2013-03-06 10:44:29 -08:00
sinn3r
af9982e289
Merge branch 'codesys_gateway_server_remote_execution.rb' of github.com:nahualito/metasploit-framework into nahualito-codesys_gateway_server_remote_execution.rb
2013-03-06 12:11:58 -06:00
Enrique A. Sanchez Montellano
aa3a54fba0
Added CoDeSyS Gateway.exe Server remote execution via arbitrary file creation
2013-03-06 09:29:28 -08:00
David Maloney
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
sinn3r
2b65cfa5ab
Minor changes
2013-02-22 21:02:19 -06:00
sinn3r
1623877151
Merge branch 'MS13-009' of github.com:jjarmoc/metasploit-framework into jjarmoc-MS13-009
2013-02-22 20:58:42 -06:00
jvazquez-r7
5b16e26f82
change module filename
2013-02-21 20:05:13 +01:00
jvazquez-r7
b4f4cdabbc
cleanup for the module
2013-02-21 20:04:05 +01:00
David Maloney
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
sinn3r
5108e8ef1c
Correct tab
2013-02-19 11:44:41 -06:00
sinn3r
b2664e04fb
Merge branch 'bigant_server_dupf_upload' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-bigant_server_dupf_upload
2013-02-19 11:42:04 -06:00
sinn3r
9813c815ef
Minor changes
2013-02-19 11:40:06 -06:00
sinn3r
553d7abe43
Merge branch 'bigant_server_sch_dupf_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-bigant_server_sch_dupf_bof
2013-02-19 11:26:47 -06:00
jvazquez-r7
416a7aeaa3
make msftidy happy for s4u_persistence
2013-02-18 15:23:06 +01:00
jvazquez-r7
be0feecf8f
Merge branch 's4u_persistence' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-s4u_persistence
2013-02-18 15:22:37 +01:00
Thomas McCarthy
25f8a7dcb9
Fix expire tag logic and slight clean up
...
Was a dumbass again and didn't fully understand how Optints worked when left blank at run time. If not 0 the expire tag will be inserted now. Also made it print the xpath if used because I believe it will be of value to the user for trouble shooting.
2013-02-17 22:35:52 -05:00
jvazquez-r7
322fa53d49
fix typo
2013-02-17 20:29:41 +01:00
jvazquez-r7
31a3a374c3
Added module for CVE-2012-6274
2013-02-17 20:25:39 +01:00
jvazquez-r7
1a2a0bc38e
Added module for CVE-2012-6275
2013-02-17 20:21:45 +01:00
Thomas McCarthy
a8d574e4ce
Updated one print_status
2013-02-17 14:08:33 -05:00
Jeff Jarmoc
ade2c9ef56
msftidy - fix line endings.
2013-02-14 11:42:02 -06:00
Jeff Jarmoc
4c90cacffe
Send iframe when URIPATH isnt '/'
2013-02-14 11:23:08 -06:00
Jeff Jarmoc
947aa24d44
MS13-009 / CVE-2013-0025 ie_slayout_uaf.rb by Scott Bell
2013-02-14 11:18:19 -06:00
Thomas McCarthy
7b2c1afadb
I'm an idiot, fix logon xpath
2013-02-14 09:16:47 -05:00
smilingraccoon
e78cbdd14d
missed one line
2013-02-13 18:17:38 -05:00
smilingraccoon
bbf8fe0213
Use Post::File methods and fail_with
2013-02-13 18:10:05 -05:00
sinn3r
4074a12fd7
Randomize some gadgets
2013-02-13 14:12:52 -06:00
jvazquez-r7
f58cc6a2e0
more fix version info
2013-02-12 18:51:04 +01:00
jvazquez-r7
96b1cb3cfb
fix version info
2013-02-12 18:50:36 +01:00
jvazquez-r7
69267b82b0
Make stable #1318 foxit reader exploit
2013-02-12 18:44:19 +01:00
Tod Beardsley
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
jvazquez-r7
9040fcd5ae
Merge branch 'darkoperator-post2localexploit' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-post2localexploit
2013-02-12 01:52:05 +01:00
jvazquez-r7
42a6d96ff4
using Post::File methods plus little more cleanup
2013-02-12 01:33:07 +01:00
jvazquez-r7
97edbb7868
using always a vbs file to drop exe
2013-02-12 00:58:26 +01:00
Carlos Perez
5edb138a8f
fixed nil issue
2013-02-11 11:51:33 -04:00
smilingraccoon
3a499b1a6d
added s4u_persistence.rb
2013-02-10 14:22:36 -05:00
jvazquez-r7
17b349ab50
added crash to comments
2013-02-09 17:49:57 +01:00
jvazquez-r7
5b576c1ed0
fix ident and make happy msftidy
2013-02-09 17:40:45 +01:00
Carlos Perez
fea84cad10
Fix additional typos per recomendation
2013-02-08 14:47:16 -04:00
James Lee
5b3b0a8b6d
Merge branch 'dmaloney-r7-http/auth_methods' into rapid7
2013-02-08 12:45:35 -06:00
Carlos Perez
b8f0a94c3f
Fixed typos mentioned by Egypt
2013-02-08 14:42:10 -04:00
sinn3r
0ad548a777
I expect people to know what a share is.
2013-02-07 19:16:44 -06:00
sinn3r
9415e55211
Merge branch 'feature/rm5455-patch-smb_relay' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm5455-patch-smb_relay
2013-02-07 19:12:58 -06:00
Carlos Perez
c131b7ef0e
Added exception handing and return checking as requested by Sinn3r
2013-02-07 21:06:05 -04:00
Carlos Perez
19e989dff9
Initial commit fo the migrated module
2013-02-07 19:11:44 -04:00
James Lee
1095fe198b
Merge branch 'rapid7' into dmaloney-r7-http/auth_methods
2013-02-06 16:57:50 -06:00
sinn3r
0186e290d3
Merge branch 'ovftool_format_string_fileformat' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_fileformat
2013-02-05 15:13:51 -06:00
sinn3r
b706af54a0
Merge branch 'ovftool_format_string_browser' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_browser
2013-02-05 15:12:24 -06:00
RageLtMan
92ef462c34
This commit completes powershell based psexec
...
The original module suffered from a small problem - interactive
process notification from Desktop 0 for users currently logged in.
Although acheiving full AV evasion, we were setting off UserAlert.
This commit updates the module itself to match #1379 in R7's repo.
The size of powershell payloads has been reduced, and a wrapper
added to hide the actual payload process entirely.
2013-02-04 20:39:05 -05:00
David Maloney
44d4e298dc
Attempting to cleanup winrm auth
2013-02-04 15:48:31 -06:00
David Maloney
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
David Maloney
2c3de43f4b
datastore opts cleanup
...
cleanuo digestauth datastore options in modules
2013-02-04 12:10:44 -06:00
jvazquez-r7
9ce5f39bc6
added migrate as initial script
2013-02-04 16:42:56 +01:00
jvazquez-r7
e0d4bb5799
Added module for cve-2012-3569, browser version
2013-02-04 16:37:42 +01:00
jvazquez-r7
135718a97b
Added module for cve-2012-3569, fileformat version
2013-02-04 16:36:33 +01:00
Tod Beardsley
e8def29b4f
Dropping all twitter handles
...
Also adds "pbot" as an accepted lowercase word. This will come up pretty
routinley for functions and stuff.
2013-02-01 16:33:52 -06:00
sinn3r
1a01d6d033
Fix scrutinizer checks
2013-01-31 14:48:54 -06:00
egypt
5332e80ae9
Fix errant use of .to_s instead of .path
2013-01-31 14:18:42 -06:00
sinn3r
4de5e475c3
Fix check
2013-01-31 02:15:50 -06:00
sinn3r
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
RageLtMan
6ba85d4c06
add libs from #1379 and allow psh 1.0 exec against older hosts
2013-01-30 12:38:53 -05:00
Tod Beardsley
aaf18f0257
EOL whitespace, yo.
2013-01-29 14:22:30 -06:00
lmercer
deb9385181
Patch for smb_relay.rb to allow the share written to, to be defined in an option
...
As described in Redmine Feature #5455
2013-01-29 15:19:35 -05:00
sinn3r
690ef85ac1
Fix trailing slash problem
...
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.
Related to: [SeeRM: #7727 ]
2013-01-28 13:19:31 -06:00
RageLtMan
61cd3b55fc
hide window
2013-01-24 14:43:07 -05:00
jvazquez-r7
3faf4b3aca
adding sinn3r as author
2013-01-24 18:13:30 +01:00
sinn3r
2cedcad810
Check PID
2013-01-24 10:46:23 -06:00
sinn3r
ad108900d5
Why yes I know it's a module
2013-01-23 16:23:41 -06:00
sinn3r
22f7619892
Improve Carlos' payload injection module - See #1201
...
Lots of changes, mainly:
* Description update
* Avoid accessing protected methods
* More careful exception & return value handling
2013-01-23 16:15:14 -06:00
sinn3r
e93b7ffcaf
Add Carlos Perez's payload injection module
...
See #1201
2013-01-23 14:07:48 -06:00
RageLtMan
e6ebf772de
allow psh to run in background via cmd start
2013-01-21 08:12:56 -05:00
RageLtMan
43a5322bd4
psexec_psh cleanup
2013-01-20 22:15:55 -05:00
RageLtMan
cae0362aa3
Add disk-less AV bypass PSExec module using PSH
...
This commit rewires the existing work on PSExec performed by R3dy,
HDM, and countless others, to execute a powershell command instead
of a binary written to the disk. This particular iteration uses
PSH to call .NET, which pull in WINAPI functions to execute the
shellcode in memory. The entire PSH script is compressed with ZLIB,
given a decompressor stub, encoded in base64 and executed directly
from the command-line with powershell -EncodedCommand.
In practice, this prevents us from having to write binaries with
shellcode to the target drive, deal with removal, or AV detection
at all. Moreover, the powershell wrapper can be quickly modified
to loop execution (included), or perform other obfu/delay in order
to confuse and evade sandboxing and other HIDS mechanisms.
This module has been tested with x86/x64 reverse TCP against win6,
win7 (32 and 64), and Server 2008r2. Targets tested were using
current AV with heuristic analysis and high identification rates.
In particular, this system evaded Avast, KAV current, and MS' own
offerings without any issue. In fact, none of the tested AVs did
anything to prevent execution or warn the user.
Lastly, please note that powershell must be running in the same
architecture as the payload being executed, since it pulls system
libraries and their functions from unmanaged memory. This means
that when executing x86 payloads on x64 targets, one must set the
RUN_WOW64 flag in order to forcibly execute the 32bit PSH EXE.
2013-01-20 21:46:26 -05:00
jvazquez-r7
51ba500b9f
msftidy compliant
2013-01-16 12:28:09 +01:00
sinn3r
0f24671cf7
Changes how the usernames are loaded.
...
Allows usernames to be loaded as a file (wordlist), that way the
it's much easier to manage. It defaults to unix_users.txt,
because these usernames are common in any SSH hosts out there.
If the user only wants to try a specific user (which is better,
because you reduce traffic noise that way), then he/she can set
the USERNAME option, and that should be the only one tried --
similar to how AuthBrute behaves.
I also fixed the regex in check().
2013-01-16 02:14:52 -06:00
sinn3r
04b35a38ff
Update MSB ref
2013-01-14 14:59:32 -06:00
jvazquez-r7
c6c59ace46
final cleanup
2013-01-14 20:53:19 +01:00
jvazquez-r7
5ecb0701ea
Merge branch 'freesshd_authbypass' of https://github.com/danielemartini/metasploit-framework into danielemartini-freesshd_authbypass
2013-01-14 20:52:45 +01:00
Daniele Martini
04fe1dae11
Added module for Freesshd Authentication Bypass (CVE-2012-6066)
...
This module works against FreeSSHD <= 1.2.6. Tested against
password and public key authentication methods. It will generate
a random key and password.
To use it you need to know a valid username. The module contains
a basic bruteforce methods, so you can specify more than one to try.
2013-01-13 17:08:04 +01:00
jvazquez-r7
5901058a61
Merge branch 'ms11_081' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms11_081
2013-01-09 23:24:14 +01:00
sinn3r
fe8b9c24cf
Merge branch 'jvazquez-r7-honeywell_tema_exec'
2013-01-09 16:08:19 -06:00
sinn3r
f3b88d34c1
Add MS11-081
2013-01-09 15:52:33 -06:00
jvazquez-r7
736f8db6c0
Deleting from browser autopwn
2013-01-09 09:58:20 +01:00
jvazquez-r7
377905be7f
Avoid FileDropper in this case
2013-01-09 09:15:38 +01:00
jvazquez-r7
52982c0785
Added BrowserAutopwn info
2013-01-08 19:53:34 +01:00
jvazquez-r7
0e475dfce1
improvements and testing
2013-01-08 19:43:58 +01:00
jvazquez-r7
b2575f0526
Added module for OSVDB 76681
2013-01-08 17:46:31 +01:00
sinn3r
5bc1066c69
Change how modules use the mysql login functions
2013-01-07 16:12:10 -06:00
sinn3r
a59c474e3e
Merge branch 'jvazquez-r7-ibm_cognos_tm1admsd_bof'
2013-01-07 13:34:52 -06:00
Tod Beardsley
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
jvazquez-r7
883b3446f3
license text
2013-01-05 08:03:25 +01:00
jvazquez-r7
0a13f01f23
Added module for ZDI-12-101
2013-01-05 07:40:32 +01:00
Christian Mehlmauer
6654faf55e
Msftidy fixes
2013-01-04 09:29:34 +01:00
sinn3r
6d4abe947d
Merge branch 'id_revision' of github.com:FireFart/metasploit-framework into FireFart-id_revision
2013-01-04 00:23:03 -06:00
sinn3r
38de5d63d8
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-01-03 17:49:24 -06:00
Christian Mehlmauer
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
sinn3r
b061a0f9c1
Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof
2013-01-03 17:45:24 -06:00
Christian Mehlmauer
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
jvazquez-r7
a0b4045b4b
trying to fix the variable offset length
2013-01-04 00:25:34 +01:00
sinn3r
724fa62019
Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof
2013-01-03 15:35:29 -06:00
sinn3r
6fd35482cc
This exploit should be in browser auto pwn
2013-01-03 14:45:00 -06:00
jvazquez-r7
9cea2d9af9
reference updated
2013-01-03 19:39:18 +01:00
jvazquez-r7
45808a3a44
Added module for ZDI-11-350
2013-01-03 19:17:45 +01:00
sinn3r
06b937ec11
Implements WTFUzz's no-spray technique
...
Do not try to bend the spoon, that is impossible. Instead, only
try to realize the truth: there is no spoon.
2013-01-03 11:57:47 -06:00
sinn3r
38157b86a9
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-31 11:15:44 -06:00
sinn3r
f7543e18fe
Your def of commit apparently is a little different than mine, git.
2012-12-31 00:35:13 -06:00
sinn3r
2b3f7c4430
Module rename
...
Sorry, Tod, this must be done.
2012-12-31 00:29:19 -06:00
sinn3r
5703274bc4
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-30 20:34:57 -06:00
sinn3r
1084334d5e
Randomness
2012-12-30 20:34:14 -06:00
sinn3r
7cb42a5eb4
Add BID ref
2012-12-30 18:14:22 -06:00
sinn3r
cc52e2c533
Where's Juan's name?
2012-12-30 12:58:16 -06:00
jvazquez-r7
14f21c0a29
using the rop as expected
2012-12-30 16:13:48 +01:00
jvazquez-r7
eed5a74f32
description updated and reference added
2012-12-30 16:08:01 +01:00
Christian Mehlmauer
f7d6594314
re-deleted comma
2012-12-30 13:39:14 +01:00
jvazquez-r7
6be8ed6168
readd fix for #1219
2012-12-30 13:25:42 +01:00
jvazquez-r7
cd58cc73d9
fixed rop chain for w2003
2012-12-30 13:12:55 +01:00
Christian Mehlmauer
cab84b5c27
Fix for issue #1219
2012-12-30 13:02:13 +01:00
Christian Mehlmauer
dcf018c339
Comma
2012-12-30 12:54:44 +01:00
Christian Mehlmauer
14d197eeb2
Added Windows Server 2003
2012-12-30 11:35:29 +01:00
jvazquez-r7
6cb9106218
Added module for CVE-2012-4792
2012-12-30 01:46:56 +01:00
sinn3r
eb2037bdba
Merge branch 'inotes_dwa85w_bof' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-inotes_dwa85w_bof
2012-12-28 12:16:06 -06:00
jvazquez-r7
9ffb0dcf79
switch to some random data
2012-12-28 12:48:36 +01:00
jvazquez-r7
8f62cd5561
swith to some random data
2012-12-28 12:47:20 +01:00
jvazquez-r7
af61438b0b
added module for zdi-12-132
2012-12-28 11:45:32 +01:00
jvazquez-r7
8ea5c993a2
added module for zdi-12-134
2012-12-28 11:44:30 +01:00
sinn3r
771460fa4c
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-26 11:35:52 -06:00
sinn3r
d2dc7ebc2d
Merge branch 'feature/windows-postgres-payload-dll' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/windows-postgres-payload-dll
2012-12-26 11:18:21 -06:00
sinn3r
8223df375d
Avoid making the title sound too generic.
2012-12-26 11:15:37 -06:00
sinn3r
0b2ea3e55e
Fix weird tabs vs spaces prob
2012-12-26 11:14:48 -06:00
jvazquez-r7
e895ccb6b1
added random string functions
2012-12-25 18:13:02 +01:00
jvazquez-r7
fec989026f
Added module for CVE-2012-5691
2012-12-25 18:05:10 +01:00
sinn3r
6a3bf6a2a6
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-24 17:57:02 -06:00
sinn3r
38f0886058
James has more modules that need to be updated.
...
e-mail update.
2012-12-24 17:51:58 -06:00
sinn3r
076c8aa995
Merge branch 'nullbind-mssql_linkcrawler'
2012-12-24 11:14:28 -06:00
sinn3r
677b9718da
Finalizing module
2012-12-24 11:13:51 -06:00
jvazquez-r7
4c897c5181
added module for ZDI-12-154
2012-12-24 16:23:19 +01:00
James Lee
20cc2fa38d
Make Windows postgres_payload more generic
...
* Adds Exploit::EXE to windows/postgres/postgres_payload. This gives us
the ability to use generate_payload_dll() which generates a generic dll
that spawns rundll32 and runs the shellcode in that process. This is
basically what the linux version accomplishes by compiling the .so on
the fly. On major advantage of this is that the resulting DLL will
work on pretty much any version of postgres
* Adds Exploit::FileDropper to windows version as well. This gives us
the ability to delete the dll via the resulting session, which works
because the template dll contains code to shove the shellcode into a
new rundll32 process and exit, thus leaving the file closed after
Postgres calls FreeLibrary.
* Adds pre-auth fingerprints for 9.1.5 and 9.1.6 on Ubuntu and 9.2.1 on
Windows
* Adds a check method to both Windows and Linux versions that simply
makes sure that the given credentials work against the target service.
* Replaces the version-specific lo_create method with a generic
technique that works on both 9.x and 8.x
* Fixes a bug when targeting 9.x; "language C" in the UDF creation query
gets downcased and subsequently causes postgres to error out before
opening the DLL
* Cleans up lots of rdoc in Exploit::Postgres
2012-12-22 00:30:09 -06:00
sinn3r
9b768a2c62
Merge branch 'cleanup/post-windows-services' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-cleanup/post-windows-services
2012-12-21 23:42:17 -06:00
jvazquez-r7
02782258eb
fix eol for ms12_004_midi
2012-12-21 21:01:39 +01:00
sinn3r
3c398d0e62
Final cleanup
2012-12-21 10:46:36 -06:00
sinn3r
4c58991c89
Cleanup ROP a little
2012-12-21 10:35:28 -06:00
sinn3r
e95f0267c6
Update for some leaky icky
2012-12-21 10:03:38 -06:00
HD Moore
b3c0c6175d
FixRM #3398 by removing double user-agent headers
2012-12-20 14:45:18 -06:00
jvazquez-r7
f820ffb32d
update authors
2012-12-18 23:57:29 +01:00
jvazquez-r7
8a07d2e53d
Added module for ZDI-12-168
2012-12-18 23:48:53 +01:00
sinn3r
0344c568fd
Merge branch 'smb_fixes' of git://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-smb_fixes
2012-12-18 11:38:14 -06:00
sinn3r
88f02e0016
Merge branch 'jvazquez-r7-crystal_reports_printcontrol'
2012-12-17 13:52:11 -06:00
Tod Beardsley
10511e8281
Merge remote branch 'origin/bug/fix-double-slashes'
...
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
jvazquez-r7
3ed36bd66a
trying to fix stability issues on w7
2012-12-17 19:17:36 +01:00
jvazquez-r7
bce7d48931
comment updated
2012-12-14 23:55:12 +01:00
jvazquez-r7
0a0b26dc2c
after study the crash after the overflow...
2012-12-14 23:54:44 +01:00
sinn3r
53a2fda608
Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler
2012-12-14 15:23:25 -06:00
jvazquez-r7
3e3f35419b
Added module for CVE-2010-2590
2012-12-14 12:50:29 +01:00
sinn3r
d2885d9045
Correct US Cert references
2012-12-13 14:19:53 -06:00
nullbind
67829756f8
fixed errors
2012-12-12 17:45:02 -06:00
sinn3r
a69a4fbbce
Extra spaces, be gone.
2012-12-12 14:38:00 -06:00
sinn3r
3a481c8e42
Merge branch 'feature/winrm_compat_mode' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/winrm_compat_mode
2012-12-12 14:31:04 -06:00
David Maloney
5856874cea
Login check fixes for exploit
2012-12-12 14:18:41 -06:00
sinn3r
b465d20d61
Merge branch 'feature/winrm_compat_mode' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/winrm_compat_mode
2012-12-12 11:59:23 -06:00
David Maloney
5e8b9a20a4
Fix boneheaded mistake
2012-12-12 09:18:03 -06:00
sinn3r
343a785420
Add OSVDB references
2012-12-11 12:47:08 -06:00
jvazquez-r7
2eb4de815d
added c# code by Nicolas Gregoire
2012-12-11 16:33:41 +01:00
jvazquez-r7
44633c4f5b
deleted incorrect cve ref
2012-12-11 12:16:47 +01:00
jvazquez-r7
fdb457d82b
Merge branch 'refs_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-refs_update
2012-12-11 12:16:06 +01:00
sinn3r
b315a4eee4
Grammar
2012-12-11 00:19:15 -06:00
jvazquez-r7
e3a126aa75
Added module for ZDI-10-174
2012-12-11 01:37:44 +01:00
sinn3r
31e2a164a9
MySQL file priv gets a ref from OSVDB
2012-12-10 12:15:44 -06:00
sinn3r
f5193b595c
Update references
2012-12-10 11:42:21 -06:00
David Maloney
e448431c8a
Add 32bit comapt mode for 64 bit targets on wirnm
...
When a 32 bit payload is selected for an x64 target using the powershell
2.0 method,
it will try to invoke the 32bit version of pwoershell to sue instead
allowing us to still get a session even with the wrong payload arch
2012-12-10 11:39:24 -06:00
Tod Beardsley
7ea188e02d
Merge pull request #1147 from wchen-r7/cve_text_consistency
...
Change CVE text format
2012-12-09 14:48:08 -08:00
sinn3r
23d0ffa3ab
Dang it, grammar fail.
2012-12-09 01:39:24 -06:00
sinn3r
64a8b59ff9
Change CVE forma
...
Although the original text should work perfectly, for better
consistency, it's best to remove the "CVE" part. This may not
be a big deal in framework, but stands out a lot in Pro.
2012-12-09 01:09:21 -06:00
sinn3r
811bc49bfd
Merge branch 'bug/rm7593-flash-otf' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/rm7593-flash-otf
2012-12-08 17:16:14 -06:00
sinn3r
e989142d9d
Merge branch 'freefloat' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-freefloat
2012-12-07 14:48:01 -06:00
sinn3r
78b4233b56
Final changes
2012-12-07 14:44:41 -06:00
jvazquez-r7
bae5442ca6
working...
2012-12-07 21:38:17 +01:00
sinn3r
3f1cfcc184
More changes
2012-12-07 13:47:07 -06:00
jvazquez-r7
1aaecbcf0c
cleanup and user agent check
2012-12-07 20:38:08 +01:00
sinn3r
a1336c7b5a
Some more changes
2012-12-07 13:32:44 -06:00
sinn3r
403ac1dc37
I would do anything for a cake.
2012-12-07 13:15:27 -06:00
sinn3r
9838a2c75f
This never works for us. Gonna ditch it.
2012-12-07 13:02:26 -06:00