Jon Hart
ff440ed5a4
Describe vulns in more detail, add more URLs
2014-12-22 20:20:48 -08:00
Jon Hart
b4f6d984dc
Minor style cleanup
2014-12-22 17:51:35 -08:00
Jon Hart
421fc20964
Partial mercurial support. Still need to implement bundle format
2014-12-22 17:44:14 -08:00
Jon Hart
fdd1d085ff
Don't encode the payload because this only complicates OS X
2014-12-22 13:36:38 -08:00
Joe Vennix
0bf3a9cd55
Fix duplicate :ua_maxver key.
2014-12-22 14:57:44 -06:00
Jon Hart
ea9f5ed6ca
Minor cleanup
2014-12-22 12:16:53 -08:00
Jon Hart
dd73424bd1
Don't link to unused repositories
2014-12-22 12:04:55 -08:00
Jon Hart
6c8cecf895
Make git/mercurial support toggle-able, default mercurial to off
2014-12-22 11:36:50 -08:00
Jon Hart
574d3624a7
Clean up setup_git verbose printing
2014-12-22 11:09:08 -08:00
Jon Hart
16543012d7
Correct planted clone commands
2014-12-22 10:56:33 -08:00
Jon Hart
01055cd41e
Use a trigger to try to only start a handler after the malicious file has been requested
2014-12-22 10:43:54 -08:00
Jon Hart
3bcd67ec2e
Unique URLs for public repo page and malicious git/mercurial repos
2014-12-22 10:03:30 -08:00
Jon Hart
308eea0c2c
Make malicious hook file name be customizable
2014-12-22 08:28:55 -08:00
Jon Hart
7f3cfd2207
Add a ranking
2014-12-22 07:51:47 -08:00
Jon Cave
44084b4ef6
Correct Microsoft security bulletin for ppr_flatten_rec
2014-12-22 10:40:23 +00:00
Gabor Seljan
9be95eacb8
Use %Q for double-quoted string
2014-12-22 07:37:32 +01:00
sgabe
bb33a91110
Update description to be a little more descriptive
2014-12-21 19:31:58 +01:00
Jon Hart
74783b1c78
Remove ruby and telnet requirement
2014-12-21 10:06:06 -08:00
sgabe
cd02e61a57
Add module for OSVDB-114279
2014-12-21 17:00:45 +01:00
Jon Hart
31f320c901
Add mercurial debugging
2014-12-20 20:00:12 -08:00
Jon Hart
3da1152743
Add better logging. Split out git support in prep for mercurial
2014-12-20 19:34:55 -08:00
Jon Hart
58d5b15141
Add another useful URL. Use a more git-like URIPATH
2014-12-20 19:11:56 -08:00
Jon Hart
f41d0fe3ac
Randomize most everything about the malicious commit
2014-12-19 19:31:00 -08:00
Jon Hart
805241064a
Create a partially capitalized .git directory
2014-12-19 19:07:45 -08:00
Jon Hart
f7630c05f8
Use payload.encoded
2014-12-19 18:52:34 -08:00
Jon Hart
7f2247f86d
Add description and URL
2014-12-19 15:50:16 -08:00
Jon Hart
9b815ea0df
Some style cleanup
2014-12-19 15:35:09 -08:00
Jon Hart
4d0b5d1a50
Add some vprints and use a sane URIPATH
2014-12-19 15:33:26 -08:00
Tod Beardsley
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Jon Hart
48444a27af
Remove debugging pp
2014-12-19 15:27:06 -08:00
Jon Hart
1c7fb7cc7d
Mostly working exploit for CVE-2014-9390
2014-12-19 15:24:27 -08:00
Jon Hart
4888ebe68d
Initial commit of POC module for CVE-2013-9390 ( #4435 )
2014-12-19 12:58:02 -08:00
David Maloney
f237c56a13
This oracle scheduler exploit hangs if not vuln
...
When this exploit gets run against a system that isn't vulnerable
it can hang for a signifigant ammount of time. This change uses the check
method on the exploit to see whether it should proceed. Don't try to exploit
the host if it's not vulnerable.
2014-12-16 09:42:42 -06:00
Jon Hart
025c0771f8
Have exploit call check. Have check report_vuln
2014-12-15 09:53:11 -08:00
Jon Hart
f521e7d234
Use newer Ruby hash syntax
2014-12-15 09:17:32 -08:00
Jon Hart
c93dc04a52
Resolve address before storing the working cred
2014-12-15 09:11:12 -08:00
Jon Hart
5ca8f187b3
Merge remote-tracking branch 'upstream/pr/4328' into temp
2014-12-15 08:15:51 -08:00
Brendan Coles
4530066187
return nil
2014-12-15 01:04:39 +11:00
Brendan Coles
55d9e9cff6
Use list of potential analytics hosts
2014-12-14 23:15:41 +11:00
jvazquez-r7
b1453afb52
Land #4297 , fixes #4293 , Use OperatingSystems::Match::WINDOWS
...
* instead of Msf::OperatingSystems::WINDOWS
2014-12-12 18:19:58 -06:00
HD Moore
4fc4866fd8
Merge code in from #2395
2014-12-12 16:22:51 -06:00
Tod Beardsley
488f46c8a1
Land #4324 , payload_exe rightening.
...
Fixes #4323 , but /not/ #4246 .
2014-12-12 15:04:57 -06:00
Tod Beardsley
9908e0e35b
Land #4384 , fix typo.
2014-12-12 14:39:47 -06:00
HD Moore
50b734f996
Add Portuguese target, lands #3961 (also reorders targets)
2014-12-12 14:23:02 -06:00
jvazquez-r7
008c33ff51
Fix description
2014-12-12 13:36:28 -06:00
Tod Beardsley
81460198b0
Add openssl payload to distcc exploit
...
This is required to test #4274
2014-12-12 13:25:55 -06:00
jvazquez-r7
b334e7e0c6
Land #4322 , @FireFart's wordpress exploit for download-manager plugin
2014-12-12 12:41:59 -06:00
jvazquez-r7
aaed7fe957
Make the timeout for the calling payload request lower
2014-12-12 12:41:06 -06:00
Jon Hart
00f66b6050
Correct named captures
2014-12-12 10:22:14 -08:00
jvazquez-r7
98dca6161c
Delete unused variable
2014-12-12 12:03:32 -06:00
jvazquez-r7
810bf598b1
Use fail_with
2014-12-12 12:03:12 -06:00
Jon Hart
1e6bbc5be8
Use blank?
2014-12-12 09:51:08 -08:00
jvazquez-r7
4f3ac430aa
Land #4341 , @EgiX's module for tuleap PHP Unserialize CVE-2014-8791
2014-12-12 11:48:25 -06:00
jvazquez-r7
64f529dcb0
Modify default timeout for the exploiting request
2014-12-12 11:47:49 -06:00
Jon Hart
24f1b916e0
Minor ruby style cleanup
2014-12-12 09:47:35 -08:00
Jon Hart
1d1aa5838f
Use Gem::Version to compare versions in check
2014-12-12 09:47:01 -08:00
jvazquez-r7
d01a07b1c7
Add requirement to description
2014-12-12 11:42:45 -06:00
jvazquez-r7
fd09b5c2f6
Fix title
2014-12-12 10:52:18 -06:00
jvazquez-r7
4871228816
Do minor cleanup
2014-12-12 10:52:06 -06:00
Christian Mehlmauer
0f27c63720
fix msftidy warnings
2014-12-12 13:16:21 +01:00
Jon Hart
65b316cd8c
Land #4372
2014-12-11 18:48:16 -08:00
Christian Mehlmauer
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
Christian Mehlmauer
de88908493
code style
2014-12-11 23:30:20 +01:00
Jon Hart
24dbc28521
Land #4356
2014-12-11 09:03:18 -08:00
Tod Beardsley
0eea9a02a1
Land #3144 , psexec refactoring
2014-12-10 17:30:39 -06:00
Meatballs
c813c117db
Use DNS names
2014-12-10 22:25:44 +00:00
Marc Wickenden
245b76477e
Fix issue with execution of perl due to gsub not matching across newlines
2014-12-10 21:38:04 +00:00
EgiX
700ccc71e7
Create tuleap_unserialize_exec.rb
2014-12-09 10:15:46 +01:00
jvazquez-r7
21742b6469
Test #3729
2014-12-06 21:20:52 -06:00
Brendan Coles
42744e5650
Add actualanalyzer_ant_cookie_exec exploit
2014-12-06 19:09:20 +00:00
William Vu
2f98a46241
Land #4314 , @todb-r7's module cleanup
2014-12-05 14:05:09 -06:00
sinn3r
7ae786a53b
Add a comment as an excuse to tag the issue
...
Fix #4246
... so it will automatically close the ticket.
2014-12-05 11:26:26 -06:00
sinn3r
f25e3ebaaf
Fix #4246 - More undef 'payload_exe' in other modules
...
Root cause: payload_exe is an accessor in the TFPT command stager
mixin, you need stager_instance in order to retreive that info.
2014-12-05 11:19:58 -06:00
Christian Mehlmauer
5ea062bb9c
fix bug
2014-12-05 11:30:45 +01:00
Christian Mehlmauer
55b8d6720d
add wordpress download-manager exploit
2014-12-05 11:17:54 +01:00
sinn3r
e3f7398acd
Fix #4246 - Access payload_exe information correctly
...
This fixes an undef method 'payload_exe' error. We broke this when
all modules started using Msf::Exploit::CmdStager as the only source
to get a command stager payload. The problem with that is "payload_exe"
is an accessor in CmdStagerTFTP, not in CmdStager, so when the module
wants to access that, we trigger the undef method error.
To be exact, this is the actual commit that broke it:
7ced5927d8
Fix #4246
2014-12-05 02:08:13 -06:00
Jon Hart
52851d59c0
Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT
2014-12-04 13:26:16 -08:00
Jon Hart
6bd56ac225
Update any modules that deregistered NETMASK
2014-12-04 13:22:06 -08:00
Tod Beardsley
79f2708a6e
Slight fixes to grammar/desc/whitespace
...
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
sinn3r
2fcbcc0c26
Resolve merge conflict for ie_setmousecapture_uaf ( #4213 )
...
Conflicts:
modules/exploits/windows/browser/ie_setmousecapture_uaf.rb
2014-12-03 14:12:15 -06:00
sinn3r
a631ee65f6
Fix #4293 - Use OperatingSystems::Match::WINDOWS
...
Fix #4293 . Modules should use OperatingSystems::Match::WINDOWS
instead of Msf::OperatingSystems::WINDOWS, because the second
won't match anything anymore.
2014-12-02 13:46:27 -06:00
sinn3r
a88ee0911a
Fix os detection
...
See #3373
2014-12-02 01:15:55 -06:00
sinn3r
a42c7a81e7
Fix os detection
...
See #4283
2014-12-02 01:13:51 -06:00
William Vu
394d132d33
Land #2756 , tincd post-auth BOF exploit
2014-12-01 12:13:37 -06:00
sinn3r
0f973fdf2b
Fix #4284 - Typo "neline" causing the exploit to break
...
"neline" isn't supposed to be there at all.
2014-12-01 01:24:30 -06:00
jvazquez-r7
7a2c9c4c0d
Land #4263 , @jvennix-r7's OSX Mavericks root privilege escalation
...
* Msf module for the Ian Beer exploit
2014-11-30 21:13:07 -06:00
jvazquez-r7
b357fd88a7
Add comment
2014-11-30 21:08:38 -06:00
jvazquez-r7
0ab99549bd
Change ranking
2014-11-30 21:08:12 -06:00
jvazquez-r7
7772da5e3f
Change paths, add makefile and compile
2014-11-30 21:06:11 -06:00
jvazquez-r7
d7d1b72bce
Rename local_variables
2014-11-30 20:40:55 -06:00
jvazquez-r7
d77c02fe43
Delete unnecessary metadata
2014-11-30 20:37:34 -06:00
sinn3r
f7f4a191c1
Land #4255 - CVE-2014-6332 Internet Explorer
2014-11-28 10:12:27 -06:00
sinn3r
2a7d4ed963
Touchup
2014-11-28 10:12:05 -06:00
Rasta Mouse
985838e999
Suggestions from OJ
2014-11-27 21:38:50 +00:00
Rasta Mouse
25ecf73d7d
Add configurable directory, rather than relying on the session working
...
directory.
2014-11-27 17:12:37 +00:00
OJ
75e5553cd4
Change to in exploit
2014-11-26 16:53:30 +10:00
jvazquez-r7
9524efa383
Fix banner
2014-11-25 23:14:20 -06:00
jvazquez-r7
16ed90db88
Delete return keyword
2014-11-25 23:11:53 -06:00
jvazquez-r7
85926e1a07
Improve check
2014-11-25 23:11:32 -06:00
jvazquez-r7
5a2d2914a9
Fail on upload errors
2014-11-25 22:48:57 -06:00