d2885d9045
Correct US Cert references
2012-12-13 14:19:53 -06:00
67829756f8
fixed errors
2012-12-12 17:45:02 -06:00
e762ca0d9b
Merge remote branch 'jlee-r7/midnitesnake-postgres_payload'
2012-12-12 15:30:56 -06:00
a69a4fbbce
Extra spaces, be gone.
2012-12-12 14:38:00 -06:00
3a481c8e42
Merge branch 'feature/winrm_compat_mode' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/winrm_compat_mode
2012-12-12 14:31:04 -06:00
5856874cea
Login check fixes for exploit
2012-12-12 14:18:41 -06:00
b465d20d61
Merge branch 'feature/winrm_compat_mode' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/winrm_compat_mode
2012-12-12 11:59:23 -06:00
5e8b9a20a4
Fix boneheaded mistake
2012-12-12 09:18:03 -06:00
3f4efea879
No twitter name, please.
2012-12-11 14:52:39 -06:00
343a785420
Add OSVDB references
2012-12-11 12:47:08 -06:00
2eb4de815d
added c# code by Nicolas Gregoire
2012-12-11 16:33:41 +01:00
44633c4f5b
deleted incorrect cve ref
2012-12-11 12:16:47 +01:00
fdb457d82b
Merge branch 'refs_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-refs_update
2012-12-11 12:16:06 +01:00
b315a4eee4
Grammar
2012-12-11 00:19:15 -06:00
e3a126aa75
Added module for ZDI-10-174
2012-12-11 01:37:44 +01:00
31e2a164a9
MySQL file priv gets a ref from OSVDB
2012-12-10 12:15:44 -06:00
f5193b595c
Update references
2012-12-10 11:42:21 -06:00
e448431c8a
Add 32bit comapt mode for 64 bit targets on wirnm
...
When a 32 bit payload is selected for an x64 target using the powershell
2.0 method,
it will try to invoke the 32bit version of pwoershell to sue instead
allowing us to still get a session even with the wrong payload arch
2012-12-10 11:39:24 -06:00
7ea188e02d
Merge pull request #1147 from wchen-r7/cve_text_consistency
...
Change CVE text format
2012-12-09 14:48:08 -08:00
23d0ffa3ab
Dang it, grammar fail.
2012-12-09 01:39:24 -06:00
64a8b59ff9
Change CVE forma
...
Although the original text should work perfectly, for better
consistency, it's best to remove the "CVE" part. This may not
be a big deal in framework, but stands out a lot in Pro.
2012-12-09 01:09:21 -06:00
811bc49bfd
Merge branch 'bug/rm7593-flash-otf' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/rm7593-flash-otf
2012-12-08 17:16:14 -06:00
d921c6f6e9
bid reference added
2012-12-08 15:09:32 +01:00
080e45045b
Merge branch 'nagios_graph_explorer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-nagios_graph_explorer
2012-12-08 15:08:57 +01:00
60feba164d
Add OSVDB
2012-12-07 23:18:02 -06:00
15661b82bc
Add Nagios Network Monitor Graph Explorer module
2012-12-07 23:16:25 -06:00
e989142d9d
Merge branch 'freefloat' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-freefloat
2012-12-07 14:48:01 -06:00
78b4233b56
Final changes
2012-12-07 14:44:41 -06:00
bae5442ca6
working...
2012-12-07 21:38:17 +01:00
901ef5060c
Merge branch 'maxthon' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-maxthon
2012-12-07 13:52:23 -06:00
3f1cfcc184
More changes
2012-12-07 13:47:07 -06:00
1aaecbcf0c
cleanup and user agent check
2012-12-07 20:38:08 +01:00
a1336c7b5a
Some more changes
2012-12-07 13:32:44 -06:00
403ac1dc37
I would do anything for a cake.
2012-12-07 13:15:27 -06:00
9838a2c75f
This never works for us. Gonna ditch it.
2012-12-07 13:02:26 -06:00
b0be8dc4df
history exploit cleanup
2012-12-07 19:23:00 +01:00
38f2348c33
First changes
2012-12-07 11:27:09 -06:00
a872362a65
Merge branch 'maxthon3' of git://github.com/malerisch/metasploit-framework into maxthon
2012-12-07 11:17:15 -06:00
2260e4b471
Switch to manual payload selection, because we don't auto-detect
2012-12-07 11:07:11 -06:00
8812285678
Move print of my_target.name to after nil check
...
Avoids
"Exception handling request: undefined method `name' for nil:NilClass"
when we don't have a target for the connecting browser.
[FixRM #7593 ]
2012-12-07 11:00:24 -06:00
c08ee695a9
Merge branch 'splunk_upload_app_exec_cleanup' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-splunk_upload_app_exec_cleanup
2012-12-07 10:46:28 -06:00
fafdcbaae1
Vuln discovered by Rich.
...
See: https://twitter.com/webstersprodigy/status/277087755073380353
2012-12-07 10:42:45 -06:00
e5cc950fe1
fix identation
2012-12-07 11:57:11 +01:00
133ad04452
Cleanup of #1062
2012-12-07 11:55:48 +01:00
cddda9eab7
Merge branch 'master' into nullbind-mssql_linkcrawler
2012-12-06 23:51:06 -06:00
88c97cd2b5
Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler
2012-12-06 18:08:13 -06:00
bf47eaaa41
Remove code that's commented out. Clearly not needed anymore.
2012-12-06 12:57:41 -06:00
0ea5c781c1
Tabs and spaces don't mix
2012-12-06 12:53:22 -06:00
37f9cff25a
Merge branch 'ibm_director_cim_dllinject' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ibm_director_cim_dllinject
2012-12-06 12:36:48 -06:00
fd20998f40
using the primer callback as pointed by egypt
2012-12-06 18:59:46 +01:00
817a7749c1
Merge branch 'ibm_director_cim_dllinject' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ibm_director_cim_dllinject
2012-12-06 11:35:09 -06:00
8e21d9e235
fix source_address param
2012-12-06 18:34:22 +01:00
1fb05c0baf
Merge branch 'ibm_director_cim_dllinject' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ibm_director_cim_dllinject
2012-12-06 11:34:19 -06:00
215017e17c
Merge remote branch 'wchen-r7/better_tectia_ssh'
2012-12-06 11:01:36 -06:00
06927345e5
If message becomes nil, we should force a to_s for the regex
...
next_message can be nil sometimes if packet is nil (see net/ssh's
poll_message source)
2012-12-06 10:44:16 -06:00
fc8b08f10f
trailing comma
2012-12-06 17:32:58 +01:00
532afc2919
Added module for CVE-2009-0880
2012-12-06 16:43:07 +01:00
6d3d4c1d84
Added support for FileDropper
2012-12-06 12:03:17 +01:00
18f4df0a38
Fix weird indent prob
2012-12-06 03:58:16 -06:00
a90ed82413
Correct CVE format
2012-12-06 03:57:46 -06:00
2b96c4e2a5
Add Kingcope's MySQL 'Stuxnet' technique exploit
...
Because why not. One more trick to a pentest + coverage = better.
2012-12-06 03:56:23 -06:00
530332b176
Apply evil-e's fix when port isn't 22
...
See #1130
2012-12-05 21:42:53 -06:00
32c5f12912
Hmm, I should change the target name
2012-12-05 21:38:31 -06:00
d3c1fa842a
Lots of improvements
...
Keyboard-interactive method isn't required to exploit Tectia SSH.
So this update will just go straight to password method. There's
also improvements for the check() method: Not only does it check
the SSH version (banner), it will also check and see if the server
is using password method to auth.
2012-12-05 21:34:33 -06:00
5e28563e4e
Advisories URLs changed
2012-12-05 14:33:25 -08:00
49999a56ea
Added CVE & vendor advisory information
2012-12-05 10:13:44 -06:00
dd1d60293c
Merge branch 'indesign_server' of https://github.com/h0ng10/metasploit-framework into h0ng10-indesign_server
2012-12-05 15:27:25 +01:00
b85919266d
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-12-04 15:55:08 -06:00
2cca857f6f
added support for Mac OS X
2012-12-04 22:04:21 +01:00
9d8f0f94f6
added support for Mac OS X
2012-12-04 22:03:58 +01:00
5548bebb16
embeding payload on the c# script
2012-12-04 17:44:55 +01:00
e6c6133c90
must be password authentication
2012-12-04 09:56:51 -06:00
2467183c4f
"Appears" is better
...
"Appears" is a more accureate way describing how much we think the
host is vulnerable.
2012-12-04 09:28:05 -06:00
b5e7009283
Since we have included Tcp for check(), we don't need to reg rhost
2012-12-04 09:25:24 -06:00
3c59c2d5c0
This extra space must die.
2012-12-03 21:09:07 -06:00
211a1674f5
Add kingcope's Tectia SSH 0day
2012-12-03 21:07:32 -06:00
752907d5f0
exploit for OSVDB-87548
2012-12-03 19:01:40 -05:00
3f3bdb8473
my editor...
2012-12-03 21:45:26 +01:00
8a9ad4253a
comment about the original discoverer updated
2012-12-03 21:44:35 +01:00
2cb824d62d
Added module for CVE-2012-5357
2012-12-03 20:12:02 +01:00
bc63ee9c46
Merge branch 'jvazquez-r7-file_dropper_support_local' into rapid7
2012-11-30 13:43:02 -06:00
9d52048d7f
Forgot to remove this after badchar analysis
2012-11-30 02:17:08 -06:00
37f731fe7d
Add OSVDB-80896 BlazeVideo HDTV Player Pro 6.6 Buffer Overflow
2012-11-30 02:14:22 -06:00
93a69ea62e
Fix instances of invalid lower-case datastore use
2012-11-29 00:05:36 -06:00
8b3d200986
Add a check for nil
2012-11-28 23:50:29 -06:00
c0c3dff4e6
Several fixes for smb, mainly win 8 compatibility
2012-11-28 22:49:40 +01:00
17518f035c
support for local exploits on file_dropper
2012-11-28 22:17:27 +01:00
b2f906e83e
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-11-28 15:10:51 -06:00
b764110e6e
Use PhpEXE to be able to support PHP and Linux native payloads
2012-11-28 15:06:39 -06:00
85ed074674
Final cleanup on always_install_elevated
2012-11-28 21:50:08 +01:00
fd1557b6d2
Merge branch 'msi_elevated' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-msi_elevated
2012-11-28 21:49:36 +01:00
fd2296317d
Strip the credential dumping stuff (making it auxiliary)
...
Also a little description update
2012-11-28 14:27:01 -06:00
6b524ff22a
Merge branch 'eaton_network_shutdown' of git://github.com/h0ng10/metasploit-framework into h0ng10-eaton_network_shutdown
2012-11-28 11:22:36 -06:00
7fea0d4af6
Add initial auto run script
2012-11-28 16:38:31 +00:00
a3fbf276f9
Reinstated cleanup
2012-11-28 11:23:08 +00:00
b5b47152fc
Changed to static msi filename
2012-11-28 11:21:02 +00:00
897ae102d4
fixed msftidy.rb complains
2012-11-28 01:22:19 -05:00
7109d63f36
Code clean up, thanks to Brandon Perry
2012-11-28 01:20:41 -05:00
76f7abe5b6
Little tidy up
2012-11-27 23:58:58 +00:00
81c2182424
Msftidy
2012-11-27 23:33:07 +00:00
9741d55724
Moved to agnostic post module commands
2012-11-27 23:26:19 +00:00
6fe378b594
Minor changes to description
2012-11-27 20:56:52 +00:00
d067b040a0
Minor changes to description
2012-11-27 20:55:36 +00:00
7727f3d6e8
Msftidy
2012-11-27 18:31:54 +00:00
889c8ac12d
Add build instructions and removed binary
2012-11-27 18:18:20 +00:00
bc9065ad42
Move MSI source and binary location
2012-11-27 18:12:49 +00:00
4ef0d8699a
added exploit for OSVDB 83199
2012-11-27 12:29:10 -05:00
17d8d3692b
Merge branch 'rapid7' into midnitesnake-postgres_payload
2012-11-27 11:14:54 -06:00
b395f8f96d
Only XP for target coverage
2012-11-27 10:48:20 -06:00
2e71fc740e
No badchars, then no need to have the key
2012-11-27 10:46:20 -06:00
8c53b275c6
Added module for cve-2012-3753
2012-11-27 12:10:00 +01:00
f1fedee63b
EOL space, deleted
2012-11-26 14:19:40 -06:00
36e2a4fddc
Merge branch 'splunk_nil_cookie' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-splunk_nil_cookie
2012-11-26 19:18:32 +01:00
9c3be383d0
The 'Set-Cookie' header should be checked before accessing it
2012-11-26 12:06:43 -06:00
6dfda6da37
Added Maxthon3 Cross Context Scripting (XCS) exploits for Win
2012-11-24 15:53:58 -08:00
e9256de6f6
Merge branch 'jvazquez-r7-apple_quicktime_texml_font_table'
2012-11-23 18:53:31 -06:00
89ddedf773
If no badchars, no need to specify.
2012-11-23 18:46:50 -06:00
4c9b8d4567
targets updated
2012-11-23 18:48:59 +01:00
d4e873df07
Fix bad reference (thanks Daniel Moeller)
2012-11-22 23:51:57 -06:00
52ff38ad8a
add module for cve-2012-3752
2012-11-22 19:56:12 +01:00
579126c777
Remove redundant sleep
2012-11-22 10:44:41 +00:00
021e0f37e9
Cleanup s
2012-11-22 10:34:05 +00:00
7936fce7cf
Remove auto migrate - we probably dont want to migrate away from a SYSTEM process.
2012-11-22 10:29:58 +00:00
128eafe22c
Changed to Local Exploit
2012-11-22 10:26:23 +00:00
007dcd2dcb
Module is good, except with a little grammar error
2012-11-21 10:30:28 -06:00
04aae008ca
fix to use pseudorandom exe name
2012-11-21 09:56:20 +01:00
14cba22e64
changes requested by egypt
2012-11-21 09:46:22 +01:00
99d32191c5
Added module for OSVDB 87334
2012-11-20 23:15:21 +01:00
6b4c131cf5
Avoiding a future conflict with release
2012-11-20 13:24:19 -06:00
959ea1f0c5
final cleanup
2012-11-20 12:52:00 +01:00
b002996708
Merge branch 'narcissus' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-narcissus
2012-11-20 12:49:15 +01:00
edaa66094c
Merge branch 'jlee-r7-feature/automatic-fs-cleanup'
2012-11-19 16:13:08 -06:00
a93fbfea32
Add Narcissus module (OSVDB-87410)
2012-11-19 15:12:57 -06:00
dc93bd7215
removed redundant file
2012-11-19 14:27:08 -06:00
35b3bf4aa5
back to the original Brute mixin
2012-11-19 14:13:49 +01:00
24fe043960
Merge branch 'samba' of https://github.com/mephos/metasploit-framework into mephos-samba
2012-11-19 14:13:15 +01:00
f4aa84956c
Add technet reference
2012-11-17 01:24:12 -06:00
d4749ff009
Merge branch 'feature/automatic-fs-cleanup' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/automatic-fs-cleanup
2012-11-16 19:02:46 -06:00
591b085858
Add support for shell sessions in FileDropper
2012-11-16 15:51:54 -06:00
f784ea65af
Merge branch 'master' into ms12-005_mod
2012-11-16 11:59:41 -06:00
8375bb8390
Merge branch 'bypassuac_admincheck' of git://github.com/mubix/metasploit-framework into mubix-bypassuac_admincheck
2012-11-16 11:29:09 -06:00
8930d618e3
Merge branch 'invision_pboard_cleanup' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-invision_pboard_cleanup
2012-11-16 11:24:04 -06:00
e8fe6031e9
Let default timeout for send_request_cgi
2012-11-16 18:09:47 +01:00
51f238ec38
up to date
2012-11-16 16:03:09 +01:00
83708a5a48
Add a FileDropper mixin for recording cleanup targets
...
Doesn't cover shell sessions yet, so needs a bit more work
2012-11-15 17:52:10 -06:00
de016780b8
Rename the PAYLOAD_TYPE datastore option
...
This datastore option conflicts with a reserved option in Pro causing
this module to fail in Pro.
2012-11-15 14:42:31 -06:00
e18acf2103
remove debugging code
2012-11-14 23:56:32 -05:00
7d41f1f9a0
add admin already and admin group checks
2012-11-14 23:54:01 -05:00
09ec7dea95
fix check function after speak with egix
2012-11-15 01:34:17 +01:00
3ba3e906d7
added improvements by egix
2012-11-15 01:20:32 +01:00
af8ac2fbf6
There's a bug here, can you tell?
...
Need to be aware of what happens when no version is captured.
2012-11-14 11:54:59 -06:00
88ea347e40
added cookie prefix check
2012-11-14 16:20:40 +01:00
1546aa6a10
No need to repeat the default values
2012-11-13 18:38:17 -06:00
9054fafb15
Not sure why paths were repeated, but no more.
2012-11-13 18:32:32 -06:00
4675cd873b
Merge branch 'client_system_analyzer_upload' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-client_system_analyzer_upload
2012-11-13 11:21:23 -06:00
bbb2f69b55
Add missing require for PhpExe
2012-11-13 10:17:42 -06:00
7d317e7863
Use PhpEXE, and a check() function
...
Uses the PhpEXE mixin for the payload. And then in the future
we can modify PhpEXE again to allow it to be space-free (problem
being a space is required when you use a function). Also, this
commit has a new check function.
2012-11-13 01:41:26 -06:00
162b5a391a
Merge branch 'invision_pboard_unserialize_exec' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-invision_pboard_unserialize_exec
2012-11-13 00:40:30 -06:00
8e7a748805
thins in place...
2012-11-11 20:19:20 +01:00
5076198ba2
fixing bperry comments
2012-11-11 20:18:19 +01:00
c4f10a1d53
added bid reference
2012-11-11 17:48:57 +01:00
9d3c068da0
added linux target
2012-11-11 17:28:48 +01:00
8619c5291b
Added module for CVE-2012-5076
2012-11-11 17:05:51 +01:00
42dd1ee3ff
added module for CVE-2012-5692
2012-11-10 11:35:21 +01:00
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
21693831ae
Added module for ZDI-11-018
2012-11-08 17:32:42 +01:00
36066f8c78
Catch a few stragglers for double slash
2012-11-08 07:21:37 -06:00
4d2147f392
Adds normalize_uri() and fixes double-slash typos
2012-11-08 07:16:51 -06:00
ac1b60e6db
Remove debug load
2012-11-07 20:00:41 -06:00
208e706307
Module title fixes
2012-11-07 10:33:14 -06:00
34bc92584b
Refactor WindowsServices
...
* Pulls common code up from several methods into #open_sc_manager
* Deprecates the name Windows::WindowsServices in favor of
Windows::Services. The platform is already clear from the namespace.
* Makes the post/test/services test module actually work
[See #1007 ]
[See #1012 ]
2012-11-06 17:30:04 -06:00
9166d12179
Merge branch 'WinRM_piecemeal' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal
2012-11-05 23:08:59 +01:00
70d53b4e2d
Merge remote branch 'jvazquez-r7/emc_networker_format_string'
2012-11-05 16:03:56 -06:00
77b1e9e648
added comment about ropdb
2012-11-05 23:02:23 +01:00
e385aad9e5
Merge remote branch 'jvazquez-r7/emc_networker_format_string'
2012-11-05 16:02:18 -06:00
9d5ab5a66f
Stupid typing error
2012-11-05 15:41:47 -06:00
314026ed0e
Some error checking and fixups
2012-11-05 13:29:57 -06:00
0246e921c5
style, ref, desc, and author updates
2012-11-05 12:45:54 -06:00
7c141e11c4
Hopefully final touches
...
Some smftidy cleanup, and added a method to check that the payload is
the correct arch when using the powershell method
2012-11-05 10:06:57 -06:00
04668c7d61
fix response codes check to avoid second tries to fail
2012-11-05 09:26:26 +01:00
25a6e983a1
Remove the older modules
2012-11-04 14:48:34 -06:00
fca8208171
Some minor code cleanup
2012-11-04 14:45:15 -06:00
f69ccc779f
Unified smarter module
2012-11-04 13:14:02 -06:00
c30ada5eac
Adds temp vbs mod and tweaked decoder stub
2012-11-04 12:49:15 -06:00
88c99161b4
added universal target
2012-11-03 18:52:07 +01:00
b8eea1007f
Added module for CVE-2012-2288 EMC Networker Format String
2012-11-03 18:17:12 +01:00
d4fc99e40c
Merge branch 'ms10_104_100_continue_support' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ms10_104_100_continue_support
2012-11-02 15:16:35 -05:00
ffca972075
Opps mispalced line
2012-11-02 09:34:32 -05:00
355bdbfa39
Add check for propper powershell version
2012-11-02 09:33:28 -05:00
9158497fb4
msftidy updates
2012-11-01 20:59:37 -05:00
8bb95e9f17
msftidy updates
2012-11-01 20:56:52 -05:00
b1b85bee44
Actually require PhpEXE mixin.
2012-11-01 14:53:18 -05:00
f843740fcb
more fixes
2012-11-01 11:59:18 -05:00
22fbfb3601
cleanup
2012-11-01 17:38:04 +01:00
e720769747
Added module for ZDI-12-171
2012-11-01 17:17:45 +01:00
aeb837838f
typo
2012-11-01 11:03:50 -05:00
84c8660c96
Fix targets to be more specific
2012-11-01 11:00:45 -05:00
0eccfaf1bb
Add a disclosure date
2012-11-01 10:24:28 -05:00
59f5d9bc5d
Man i'm rusty at writing for framework
...
Fixes up all sinn3r's findings so far
2012-11-01 08:37:21 -05:00
00b9fb3c90
Switc smart mgirate to post mod as it should be
2012-10-31 17:03:49 -05:00
sinn3r
nullbind
Tod Beardsley
David Maloney
jvazquez-r7
Tod Beardsley
James Lee
malerisch
h0ng10
HD Moore
Alexandre Maloteaux
Meatballs1
Rob Fuller
Chris John Riley