jvazquez-r7
d55faa14d3
Add check function
2013-04-25 07:44:37 -05:00
jvazquez-r7
51fd07a145
Add BID reference
2013-04-24 21:48:05 -05:00
jvazquez-r7
378c2079a2
Add hdm also as author
2013-04-24 17:37:29 -05:00
jvazquez-r7
b816dd569c
Update description
2013-04-24 17:34:25 -05:00
jvazquez-r7
573e880a62
Use the correct post id when posting
2013-04-24 17:30:24 -05:00
jvazquez-r7
ded0269ba0
Add POST ID bruteforcing capabality
2013-04-24 17:21:36 -05:00
jvazquez-r7
fca4c3b8b2
Add sha1 sum check to allow execution
2013-04-24 16:10:49 -05:00
jvazquez-r7
d2e29b846c
Add module for Wordpress Total Cache PHP Injection
2013-04-24 15:29:40 -05:00
jvazquez-r7
787f8cc32f
up to date
2013-03-26 12:18:53 +01:00
jvazquez-r7
1d95abc458
cleanup for joomla_comjce_imgmanager
2013-03-26 12:02:39 +01:00
jvazquez-r7
9b3bbd577f
module moved to unix webapps
2013-03-26 12:02:08 +01:00
jvazquez-r7
c151d867dc
up to date
2013-03-12 17:04:27 +01:00
jvazquez-r7
6603dcd652
up to date
2013-03-12 17:04:13 +01:00
jvazquez-r7
5a70314f55
up to date
2013-03-12 16:57:48 +01:00
jvazquez-r7
15742c49cb
up to date
2013-03-12 16:57:48 +01:00
Patrick Webster
1c3aa97bf8
Added Lotus Protector exploit module.
2013-03-12 16:57:47 +01:00
jvazquez-r7
4852f1b9f7
modify exploits to be compatible with the new netcat payloads
2013-03-11 18:35:44 +01:00
James Lee
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
David Maloney
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
David Maloney
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
jvazquez-r7
6b1bb9e1e8
Added module for OSVDB 90222
2013-02-16 13:11:46 +01:00
Tod Beardsley
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
David Maloney
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
David Maloney
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
sinn3r
027ba28e70
Merge branch 'jvazquez-r7-datalife_template'
2013-02-01 16:27:18 -06:00
HD Moore
a63cf6977c
Fix 1.8 support
2013-02-01 14:39:32 -06:00
jvazquez-r7
bf7bb9952e
added template stuff improve
2013-02-01 11:53:42 +01:00
sinn3r
de8572d934
Use normalize_uri for URI
2013-01-31 16:57:48 -06:00
jvazquez-r7
70b252dc7b
Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2
2013-01-31 22:32:50 +01:00
jvazquez-r7
b2ce9302c6
uri normalization in the old way
2013-01-31 16:59:49 +01:00
jvazquez-r7
365e1b0557
added module for cve-2013-1412
2013-01-31 16:09:14 +01:00
sinn3r
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
bcoles
970591a85f
Add ZoneMinder arbitrary command execution exploit
2013-01-22 22:56:50 +10:30
jvazquez-r7
9769efbf01
references and date updated
2013-01-20 17:38:37 +01:00
bcoles
dc318c5aed
update php_charts_exec metadata
2013-01-21 02:12:42 +10:30
bcoles
f975a42571
move and update php_charts_exec metadata
2013-01-21 02:10:48 +10:30
jvazquez-r7
2348a0b066
final cleanup and testing
2013-01-16 11:55:14 +01:00
Jose Selvi
064ea63a72
Fixes
2013-01-16 05:22:43 +01:00
Jose Selvi
18f81fd6f4
Nagios3 history.cgi exploit
2013-01-15 15:32:32 +01:00
sinn3r
2a1ab2c99a
Improve the module
2013-01-07 19:03:58 -06:00
sinn3r
1d3c1ec7fc
Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master
2013-01-07 19:03:35 -06:00
Charlie Eriksen
4e0fca6d0f
Adding DB error handling
...
As per sinn3r's suggestion, adding handling for the most common MySQL
errors.
Also adding HostNotPrivileged, which I encountered during my testing.
2013-01-07 23:52:13 +00:00
Tod Beardsley
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Charlie Eriksen
a8df3d71ff
Changes based on Sinn3r's feedback
...
A bucket-load of changes!
- Added a fallback for if there is no Set-Cookie header
- Added a check if the cookie we produce is simply empty, meaning we
failed something :(
- Removed use of flatten. Though I may look into making that extraction
better
- Changed cgi requests to use vars_(post|get)
- Clarified a few status prints
- A few EOL space fixes
2013-01-06 12:34:27 +00:00
Charlie Eriksen
a5113f0da4
Adding a check function
...
Because it makes sense. The non-vulnerable versions doesn't have
/libs/pdf.php.
So pretty simple.
2013-01-05 18:37:29 +00:00
Charlie Eriksen
ae72022777
Improvement for CVE 2012-4915
...
Made two tiny improvements based on Meatballs' points
- Added handling for 127.0.0.1 as DB_HOST
- Added a note in the description about it changing the pasword
2013-01-05 18:23:00 +00:00
Charlie Eriksen
25cadf8b87
Adding exploit for CVE 2012-4915
...
Initial commit.
Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00
sinn3r
b50e040e69
Fix e-mail format, and the extra comma
2013-01-04 01:11:40 -06:00
Christian Mehlmauer
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
Christian Mehlmauer
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
jvazquez-r7
758edd7aed
make msftidy happy
2013-01-03 00:02:03 +01:00
Charlie Eriksen
97253d46a1
Multiple change for Juan
...
Incooperated changes as per Juan's suggestions.
- Removed redundant space option for the payload
- Doing the uri more intelligently
- Detecting allow_url_include being disabled and reporting it
- Moved to unix/webapp
- Removed redundant handler call
- Adding to description that this requires allow_url_include to be
enabled
2013-01-02 21:19:06 +00:00
sinn3r
2682908ff2
Small corrections here and there
2012-12-24 18:20:46 -06:00
jvazquez-r7
5b8492fc0d
module cleanup by juan
2012-12-24 23:26:40 +01:00
jvazquez-r7
ac6f34dc09
module name renamed
2012-12-24 23:26:06 +01:00
jvazquez-r7
bf036c97ad
added initial submission from james fitts
2012-12-24 23:25:25 +01:00
jvazquez-r7
7173c9b598
update james email address
2012-12-24 22:46:47 +01:00
sinn3r
d69e506221
Final changes
2012-12-24 15:08:52 -06:00
sinn3r
3d27397429
This error will still show even if we get a shell
2012-12-24 15:06:15 -06:00
jvazquez-r7
0950240d9a
module cleanup by juan
2012-12-24 18:59:45 +01:00
jvazquez-r7
9020c96373
module renamed
2012-12-24 18:59:25 +01:00
jvazquez-r7
09568f255e
Submission by James Fitts
2012-12-24 18:58:53 +01:00
sinn3r
9af8c9b457
Small corrections
2012-12-21 18:52:40 -06:00
jvazquez-r7
d5f08a2405
Added module for CVE-2012-6329 for foswiki
2012-12-21 22:08:08 +01:00
sinn3r
115ad9ae33
Small corrections
2012-12-21 12:56:44 -06:00
jvazquez-r7
76cad3dd4c
Added module for CVE-2012-6329
2012-12-21 11:30:04 +01:00
HD Moore
b3c0c6175d
FixRM #3398 by removing double user-agent headers
2012-12-20 14:45:18 -06:00
sinn3r
f5193b595c
Update references
2012-12-10 11:42:21 -06:00
jvazquez-r7
d921c6f6e9
bid reference added
2012-12-08 15:09:32 +01:00
sinn3r
60feba164d
Add OSVDB
2012-12-07 23:18:02 -06:00
sinn3r
15661b82bc
Add Nagios Network Monitor Graph Explorer module
2012-12-07 23:16:25 -06:00
sinn3r
06927345e5
If message becomes nil, we should force a to_s for the regex
...
next_message can be nil sometimes if packet is nil (see net/ssh's
poll_message source)
2012-12-06 10:44:16 -06:00
sinn3r
530332b176
Apply evil-e's fix when port isn't 22
...
See #1130
2012-12-05 21:42:53 -06:00
sinn3r
32c5f12912
Hmm, I should change the target name
2012-12-05 21:38:31 -06:00
sinn3r
d3c1fa842a
Lots of improvements
...
Keyboard-interactive method isn't required to exploit Tectia SSH.
So this update will just go straight to password method. There's
also improvements for the check() method: Not only does it check
the SSH version (banner), it will also check and see if the server
is using password method to auth.
2012-12-05 21:34:33 -06:00
sinn3r
49999a56ea
Added CVE & vendor advisory information
2012-12-05 10:13:44 -06:00
sinn3r
e6c6133c90
must be password authentication
2012-12-04 09:56:51 -06:00
sinn3r
2467183c4f
"Appears" is better
...
"Appears" is a more accureate way describing how much we think the
host is vulnerable.
2012-12-04 09:28:05 -06:00
sinn3r
b5e7009283
Since we have included Tcp for check(), we don't need to reg rhost
2012-12-04 09:25:24 -06:00
sinn3r
3c59c2d5c0
This extra space must die.
2012-12-03 21:09:07 -06:00
sinn3r
211a1674f5
Add kingcope's Tectia SSH 0day
2012-12-03 21:07:32 -06:00
HD Moore
8b3d200986
Add a check for nil
2012-11-28 23:50:29 -06:00
HD Moore
d4e873df07
Fix bad reference (thanks Daniel Moeller)
2012-11-22 23:51:57 -06:00
jvazquez-r7
959ea1f0c5
final cleanup
2012-11-20 12:52:00 +01:00
sinn3r
a93fbfea32
Add Narcissus module (OSVDB-87410)
2012-11-19 15:12:57 -06:00
jvazquez-r7
09ec7dea95
fix check function after speak with egix
2012-11-15 01:34:17 +01:00
jvazquez-r7
3ba3e906d7
added improvements by egix
2012-11-15 01:20:32 +01:00
sinn3r
af8ac2fbf6
There's a bug here, can you tell?
...
Need to be aware of what happens when no version is captured.
2012-11-14 11:54:59 -06:00
jvazquez-r7
88ea347e40
added cookie prefix check
2012-11-14 16:20:40 +01:00
James Lee
bbb2f69b55
Add missing require for PhpExe
2012-11-13 10:17:42 -06:00
sinn3r
7d317e7863
Use PhpEXE, and a check() function
...
Uses the PhpEXE mixin for the payload. And then in the future
we can modify PhpEXE again to allow it to be space-free (problem
being a space is required when you use a function). Also, this
commit has a new check function.
2012-11-13 01:41:26 -06:00
jvazquez-r7
42dd1ee3ff
added module for CVE-2012-5692
2012-11-10 11:35:21 +01:00
Chris John Riley
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
sinn3r
2c4273e478
Correct some modules with res nil
2012-10-29 04:41:30 -05:00
sinn3r
799c22554e
Warn user if a file/permission is being modified during new session
2012-10-24 00:54:17 -05:00
sinn3r
f1423bf0b4
If a message is clearly a warning, then use print_warning
2012-10-24 00:44:53 -05:00
Tod Beardsley
be9a954405
Merge remote branch 'jlee-r7/cleanup/post-requires'
2012-10-23 15:08:25 -05:00
Michael Schierl
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
James Lee
9c95c7992b
Require's for all the include's
2012-10-23 13:24:05 -05:00
James Lee
13a5892e95
Add a mixin for uploading/executing bins with PHP
...
And use it in three modules that had copy-paste versions of the same
idea.
2012-10-12 02:57:41 -05:00
sinn3r
9ea208d129
Oops, overwrote egypt's changes by accident
2012-10-11 16:40:52 -05:00
sinn3r
82eaa322fe
Make cleanup work better
2012-10-11 16:39:54 -05:00
James Lee
3a66a07844
Proposed re-wording of description
...
[See #889 ]
2012-10-11 15:48:04 -05:00
sinn3r
24980e735b
I found an OSVDB ID
2012-10-11 15:28:07 -05:00
sinn3r
55128f5bb3
Make sure res has value before passing it on to exec_php
2012-10-11 14:43:38 -05:00
sinn3r
033a11eff5
Add Project Pier File Upload Vulnerability
2012-10-11 13:47:40 -05:00
jvazquez-r7
4fa3631e34
avoiding the python support on the barracuda one if cannot be tested
2012-10-09 18:01:23 +02:00
jvazquez-r7
f33411abd1
Merge branch 'python_payload_support' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-python_payload_support
2012-10-09 18:00:44 +02:00
sinn3r
a12aed7ffc
Don't really need these keywords
2012-10-09 00:49:05 -05:00
sinn3r
c094508119
Support Python payload
...
Pretty sure if the app is run on Unix/Apache, or supports perl and
ruby, chances are python works too.
2012-10-08 22:17:11 -05:00
ethicalhack3r
f4e442bcbd
Added headers support to php_include module
2012-10-05 23:00:38 +02:00
sinn3r
d515b3274d
Apply wfsdelay and apply egypt's suggestions
2012-10-04 00:40:52 -05:00
bcoles
e2276bfedb
Add QNX QCOMM command execution module
2012-09-30 17:21:08 +09:30
Tod Beardsley
c83b49ad58
Unix linefeeds, not windows
...
That's what I get for just committing willy-nilly with a fresh install
of Gvim for Windows.
Also, this is an experiment to see if linefeeds are being respected in
this editor Window. I doubt it will be, given GitHub's resistence to
50/72 as a sensible default.
2012-09-16 18:10:35 -05:00
Tod Beardsley
2fc34e0073
Auth successful, not successfully
...
Just fixing up some adverb versus adjective grammar.
2012-09-16 17:51:00 -05:00
jvazquez-r7
cbc778cb47
add changes proposed by sinn3r
2012-09-15 23:53:09 +02:00
jvazquez-r7
0708ec72fc
module moved to a more correct location
2012-09-15 15:31:21 +02:00
jvazquez-r7
e27f736e95
BID reference added
2012-08-24 17:29:12 +02:00
jvazquez-r7
0e535e6485
added module for XODA file upload RCE
2012-08-22 00:54:13 +02:00
jvazquez-r7
c2cc4b3b15
juan author name updated
2012-08-06 18:59:16 +02:00
Tod Beardsley
d5b165abbb
Msftidy.rb cleanup on recent modules.
...
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
Daniel Miller
31510167e6
Make setuid_nmap more robust
...
Squashed commit of the following:
commit e1a1f84f9b1ce6466e82c72e39070c34607d6769
Author: James Lee <egypt@metasploit.com>
Date: Fri Aug 3 14:13:33 2012 -0600
Fix 1.8 compat
commit 26533219896b6e874b2f2113e7cbc6d5d7d1ac79
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Thu Aug 2 09:50:38 2012 -0500
Handle early Nmap versions that don't take absolute paths
commit 00db80131deba1f4a3bcc289b394feb5057fbbe9
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Fri Jul 27 11:58:36 2012 -0500
Add compatibility args to setuid_nmap command
Nmap before 4.75 would not run a script without a port scan being
performed. Example: 4.53 installed on Metasploitable would not work.
Added "-p80 localhost" to the command to ensure it works with these
older versions.
[Closes #649 ]
2012-08-03 14:15:09 -06:00
jvazquez-r7
2f66aa7c4f
Added module for OSVDB 83891
2012-07-21 12:14:29 +02:00
James Lee
efe478f847
Merge branch 'master' into omg-post-exploits
2012-07-16 09:20:23 -06:00
HD Moore
a57e712630
Be less verbose
2012-07-15 22:19:12 -05:00
HD Moore
b133428bc1
Better error handling in two web app modules
2012-07-15 21:56:00 -05:00
jvazquez-r7
4af75ff7ed
Added module for CVE-2011-4542
2012-07-10 18:40:18 +02:00
James Lee
6d6b4bfa92
Merge remote branch 'rapid7/master' into omg-post-exploits
2012-07-08 17:32:39 -06:00
Steve Tornio
44290c2c89
add osvdb ref
2012-07-07 08:40:25 -05:00
sinn3r
1e6c4301b6
We worked on it, so we got credit
2012-07-06 02:12:10 -05:00
sinn3r
f8123ef316
Add a "#" in the end after the payload
2012-07-06 02:09:31 -05:00
sinn3r
187731f2cb
Add a check function to detect the vuln
2012-07-06 01:58:01 -05:00
sinn3r
dcddc712d2
Missing a "&"
2012-07-06 01:50:18 -05:00
sinn3r
3c8a836091
Add lcashdol's module from #568
...
Initial version being worked on by sinn3r & juan
2012-07-06 01:41:34 -05:00
sinn3r
850242e733
Remove the extra comma and a tab char
2012-07-05 14:05:23 -05:00
jvazquez-r7
aee7d1a966
Added module for CVE-2012-0911
2012-07-05 20:58:27 +02:00
sinn3r
e5dd6fc672
Update milw0rm references.
...
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links. Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
sinn3r
f63a3959e0
Update web app module references
2012-06-28 00:37:37 -05:00
sinn3r
8927c8ae57
Make it more verbose, and do some exception handling for cleanup
2012-06-25 17:27:33 -05:00
jvazquez-r7
7b0f3383d2
delete default credentials
2012-06-25 23:53:56 +02:00
jvazquez-r7
7dc1a572e5
trying to fix serialization issues
2012-06-25 23:25:38 +02:00
jvazquez-r7
4c453f9b87
Added module for CVE-2012-0694
2012-06-25 17:21:03 +02:00
James Lee
815d80a2cc
Merge branch 'rapid7' into omg-post-exploits
2012-06-21 17:02:55 -06:00
HD Moore
d40e39b71b
Additional exploit fail_with() changes to remove raise calls
2012-06-19 19:43:41 -05:00
HD Moore
fb7f6b49f0
This mega-diff adds better error classification to existing modules
2012-06-19 12:59:15 -05:00
James Lee
96c16a498a
Add a check for distcc_exec
...
Just executes the exploit with an "echo <random>" payload to see if it
works.
2012-06-18 14:34:02 -06:00
James Lee
c39a42da3d
No need to alter time out
2012-06-12 23:58:20 -06:00
James Lee
0e8fb0fe98
Add a post-exploitation exploit for suid nmap
...
Tested on Ubuntu with nmap 6.00 and nmap 5.00
2012-06-12 23:58:20 -06:00
jvazquez-r7
4ae786590a
php_wordpress_foxypress from patrick updated. Related to Pull Request #475
2012-06-12 17:39:05 +02:00
Christian Mehlmauer
3752c10ccf
Adding FireFart's RPORT(80) cleanup
...
This was tested by creating a resource script to load every changed
module and displaying the options, like so:
````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````
...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.
Thanks FireFart!
Squashed commit of the following:
commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Fri May 25 22:09:42 2012 +0200
Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
2012-06-02 09:53:19 -05:00
David Maloney
54fb6d2f7a
Fixes unreal ircd race condition
...
Handler would exit before finishing staging
2012-05-29 17:16:07 -05:00
jvazquez-r7
e774df5c32
target info plus relocation
2012-05-25 20:16:13 +02:00
jvazquez-r7
c4fad0dea5
module added for OSVDB-73609
2012-05-25 17:18:09 +02:00
HD Moore
d668e2321d
Rename this to a more suitable location
2012-05-04 09:59:40 -05:00
HD Moore
6cf6a9548d
Fix up the PHP CGI exploit, remove debug lines
2012-05-04 09:58:10 -05:00
sinn3r
9a36017271
no unicode
2012-05-04 00:01:03 -05:00
James Lee
2d1f4d4f3e
Add hdm's better check method
2012-05-03 19:00:40 -06:00
James Lee
40ec3d9d40
Add an exploit module for the recent php cgi bug (CVE-2012-1823)
2012-05-03 18:51:54 -06:00
sinn3r
a8eada6016
This module should be able to support more payloads
2012-04-16 14:43:36 -05:00
sinn3r
edadc19757
This module should be able to support more payloads than it should be
2012-04-16 14:41:11 -05:00
Tod Beardsley
56404f5edd
Fixing EDB reference
2012-03-28 14:33:25 -06:00
Tod Beardsley
2bcf259301
Setting correct LFs on freepbx_callmenum.rb
2012-03-23 16:29:42 -05:00
wchen-r7
71462bc73d
Merging in freepbx_callmenum.rb and ricoh_dl_bof.rb
...
[Closes #266 ]
2012-03-23 16:23:36 -05:00
Tod Beardsley
47493af103
Merge pull request #259 from todb-r7/edb-2
...
Convert Exploit-DB references to first-tier "EDB-12345" references
2012-03-23 12:09:07 -07:00
James Lee
17a044db89
Print the full URI
...
Makes everything obvious from output alone, don't need to show options
to see what RHOST is.
2012-03-22 18:44:55 -06:00
Tod Beardsley
7d12a3ad3a
Manual fixup on remaining exploit-db references
2012-03-21 16:43:21 -05:00
Tod Beardsley
2f3bbdc00c
Sed replacement of exploit-db links with EDB refs
...
This is the result of:
find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/ \([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
sinn3r
aeb691bbee
Massive whitespace cleanup
2012-03-18 00:07:27 -05:00
James Lee
70162fde73
A few more author typos
2012-03-05 13:28:46 -07:00
James Lee
5e6c40edfd
Remove unnecessary space restrictions.
...
This allows using the full range of PHP payloads
2012-02-21 23:21:07 -07:00
James Lee
7ca573a1b4
Give these two old modules a chance to work by setting a proper arch
...
These must have been broken for quite some time. =/ They should
probably both be ARCH_PHP but I'm reluctant to make that big of a change
without having the target software to test.
2012-02-21 22:59:20 -07:00
HD Moore
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
HD Moore
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00
Tod Beardsley
7e25f9a6cc
Death to unicode
...
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
sinn3r
e7ab48693c
Repair dead milw0rm link to exploit-db
2011-12-13 16:12:57 -06:00
sinn3r
94b736c76c
Repair dead milw0rm link to exploit-db
2011-12-13 16:12:38 -06:00
sinn3r
97b74101fb
Repair dead milw0rm link to exploit-db
2011-12-13 16:12:11 -06:00
sinn3r
6f5d64f6de
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-11-29 03:31:15 -06:00
sinn3r
34a933d499
Feature #5610
2011-11-29 03:30:49 -06:00
Rob Fuller
c411c216c0
Solved most of msftidy issues with the /modules directory
2011-11-28 17:10:29 -06:00
Wei Chen
e767214411
Fix: whitespaces, svn propset, author e-mail format
...
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 22:02:26 +00:00
Steve Tornio
7a07e069da
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@14156 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 14:15:00 +00:00
Wei Chen
3722a5c3c1
Add LifeSize room command injection (feature #5333 )
...
git-svn-id: file:///home/svn/framework3/trunk@14143 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-02 19:40:05 +00:00
Joshua Drake
62c8c6ea9f
big msftidy pass, ping me if there are issues
...
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
HD Moore
5916a4afe3
Cosmetic
...
git-svn-id: file:///home/svn/framework3/trunk@13991 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:56:33 +00:00
HD Moore
f2469fc23f
Drop phpi to normal ranking, it eats too much time
...
git-svn-id: file:///home/svn/framework3/trunk@13990 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:10:45 +00:00
Wei Chen
975cc52bac
Fix spelling errors
...
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 00:54:05 +00:00
Wei Chen
d204f4027b
Catch nil first before do .empty?
...
git-svn-id: file:///home/svn/framework3/trunk@13978 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 15:59:57 +00:00
Tod Beardsley
30ac88694f
More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster.
...
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:58:53 +00:00
HD Moore
cf8524b1b4
Fixes #5414 by applying Joshua Taylor's patch that corrects bad reference types
...
git-svn-id: file:///home/svn/framework3/trunk@13949 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:53:53 +00:00
Wei Chen
14d7db1641
Add disclosure dates to all the exploit modules that didn't have one
...
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 21:09:17 +00:00
Wei Chen
1a02a2199b
These are considered as cmd exec and do not cause crashes, therefore received an ExcellentRanking
...
git-svn-id: file:///home/svn/framework3/trunk@13937 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:42:20 +00:00
Chao Mu
4b9346e40e
Switching my BSD modules to MSF_LICENSE to make life easier. Resistance is Futile! Assimilate!
...
git-svn-id: file:///home/svn/framework3/trunk@13925 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 23:29:52 +00:00
HD Moore
0ff7f17cba
Cosmetic module and service name fixes
...
git-svn-id: file:///home/svn/framework3/trunk@13917 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 00:52:15 +00:00
HD Moore
643223ff11
Fixes #5651 by applying patch
...
git-svn-id: file:///home/svn/framework3/trunk@13850 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 15:40:59 +00:00
Wei Chen
9ddfc122af
Fix indentation, white spaces, add patch URL to reference
...
git-svn-id: file:///home/svn/framework3/trunk@13847 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 20:39:02 +00:00
Tod Beardsley
921549fc3d
Adding OSVDB ref that just popped up for me.
...
git-svn-id: file:///home/svn/framework3/trunk@13844 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 15:49:02 +00:00
Tod Beardsley
3d9c94633d
Adding MyBB backdoor exploit submitted by tdz. Thanks!
...
git-svn-id: file:///home/svn/framework3/trunk@13838 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 03:22:07 +00:00
Wei Chen
37069a252c
Support POST. Feature #5571
...
git-svn-id: file:///home/svn/framework3/trunk@13814 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-04 16:02:52 +00:00
HD Moore
81cb99c7ab
A better fix
...
git-svn-id: file:///home/svn/framework3/trunk@13605 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-21 19:26:41 +00:00
David Rude
b39ed220ca
remove the .strip call in banner check causes stack traces in some cases
...
git-svn-id: file:///home/svn/framework3/trunk@13604 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-21 06:50:51 +00:00
HD Moore
1fb64f099d
Typo
...
git-svn-id: file:///home/svn/framework3/trunk@13427 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-30 18:23:52 +00:00
Wei Chen
f47a2c7565
Format dictatorship round 2: Fix author e-mail format for all exploit modules
...
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 20:17:58 +00:00
Steve Tornio
94640b6bc4
add osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@13115 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-07 11:54:54 +00:00
HD Moore
ab4961bfa9
Timeline
...
git-svn-id: file:///home/svn/framework3/trunk@13099 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-05 05:20:47 +00:00
HD Moore
e678bb0a8e
Update the description to match the latest information
...
git-svn-id: file:///home/svn/framework3/trunk@13098 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-05 05:11:00 +00:00
HD Moore
c82063d708
Update based on feedback from mc, indicating this backdoor was in place since February 15th 2011 and likely even earlier
...
git-svn-id: file:///home/svn/framework3/trunk@13097 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-05 01:49:05 +00:00
HD Moore
5482a59910
Exit cleanly if the shell as not valid
...
git-svn-id: file:///home/svn/framework3/trunk@13095 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 21:18:44 +00:00
HD Moore
bd12c8c6a9
Fix a couple small typos
...
git-svn-id: file:///home/svn/framework3/trunk@13094 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 21:10:30 +00:00
HD Moore
e6968c202a
A couple bug fixes to enable cmd_interact and a new module for the VSFTPD backdoor
...
git-svn-id: file:///home/svn/framework3/trunk@13093 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 20:09:32 +00:00
Joshua Drake
bf20ace73e
totally noobd out on that one, thx
...
git-svn-id: file:///home/svn/framework3/trunk@13035 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 18:09:21 +00:00
Joshua Drake
a29002ee2e
handle a few corner cases
...
git-svn-id: file:///home/svn/framework3/trunk@13032 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 06:03:23 +00:00
Patrick Webster
5617d23635
Removed erroneous awstatstotals_multisort print_status.
...
git-svn-id: file:///home/svn/framework3/trunk@12715 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-25 10:45:36 +00:00
Patrick Webster
51ce0dba58
Added awstatstotals_multisort exploit module.
...
git-svn-id: file:///home/svn/framework3/trunk@12714 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-25 10:42:37 +00:00
James Lee
486c0556d0
don't leave unnecessary evil-looking logs
...
git-svn-id: file:///home/svn/framework3/trunk@12604 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-12 22:46:43 +00:00
David Rude
a8b6c43636
reverting the disclosure dates for now need to clean up the patch
...
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 20:43:19 +00:00
David Rude
3b7ea08f6a
Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy
...
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:17:31 +00:00
Patrick Webster
cacac970e1
Added privilege escalation to contentkeeperweb_mimencode exploit module.
...
git-svn-id: file:///home/svn/framework3/trunk@12265 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-07 11:02:48 +00:00
Joshua Drake
d682069aec
add cve-2010-4566 exploit from Erwin Paternotte
...
git-svn-id: file:///home/svn/framework3/trunk@11873 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-03 20:51:12 +00:00
HD Moore
2dbbdc18dd
Explicitly yield to other threads after each request, reducing the chance that this module will eat all cycles.
...
git-svn-id: file:///home/svn/framework3/trunk@11857 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-02 05:03:20 +00:00
Joshua Drake
b6b9b83dd7
add CVE reference
...
git-svn-id: file:///home/svn/framework3/trunk@11579 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-14 16:25:37 +00:00
Joshua Drake
287f4c87fe
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@11516 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 01:13:26 +00:00
Steve Tornio
860e29228b
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@11414 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-25 14:43:13 +00:00
HD Moore
e7f3c63e1c
Exploit for a recent Redmine command injection vulnerability, provided as a holiday gift by Joernchen of Phenoelit.
...
git-svn-id: file:///home/svn/framework3/trunk@11406 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-25 05:46:29 +00:00
Steve Tornio
3662fb4bc6
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@11389 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-21 19:16:18 +00:00
HD Moore
4708d5b159
Add coverage for the mitel audio web conferencing web interface command injection.
...
git-svn-id: file:///home/svn/framework3/trunk@11388 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-21 19:02:13 +00:00
Joshua Drake
c46be9d387
better error for non-exim servers
...
git-svn-id: file:///home/svn/framework3/trunk@11352 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-16 17:30:24 +00:00
Joshua Drake
843b121ea1
fix typo
...
git-svn-id: file:///home/svn/framework3/trunk@11350 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-16 16:38:31 +00:00
Joshua Drake
d69cff2b34
add bid reference
...
git-svn-id: file:///home/svn/framework3/trunk@11318 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-13 16:16:29 +00:00
Joshua Drake
573c639c85
remove debug prints
...
git-svn-id: file:///home/svn/framework3/trunk@11299 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 22:00:34 +00:00
Joshua Drake
7c6eadc24b
check more responses, account for corner case in initial headers
...
git-svn-id: file:///home/svn/framework3/trunk@11298 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 21:58:25 +00:00
Joshua Drake
ea4e8c29d3
add hdm to authors, minor cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@11289 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 10:55:24 +00:00
HD Moore
c1a3364ea9
Update the privileged flag
...
git-svn-id: file:///home/svn/framework3/trunk@11285 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 03:31:45 +00:00
HD Moore
8ad08ec535
Update the description/refs
...
git-svn-id: file:///home/svn/framework3/trunk@11284 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 03:31:04 +00:00
HD Moore
61e8ab1432
This module will now automatically gain root if Perl is installed
...
git-svn-id: file:///home/svn/framework3/trunk@11283 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 03:21:52 +00:00
Joshua Drake
c1f37b3c8a
minor adjustment to output printing
...
git-svn-id: file:///home/svn/framework3/trunk@11281 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 23:29:26 +00:00
Joshua Drake
5624c55599
add EHLO_NAME advanced option, remove debug print, fix version regex
...
git-svn-id: file:///home/svn/framework3/trunk@11280 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 22:51:05 +00:00
Joshua Drake
b5d44d1684
handle hosts that reverse properly, whitespace
...
git-svn-id: file:///home/svn/framework3/trunk@11279 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 22:32:39 +00:00
HD Moore
cc81d3bbc0
Automagic updates to jduck's exim module
...
git-svn-id: file:///home/svn/framework3/trunk@11278 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 22:17:47 +00:00
HD Moore
a683f7b7d4
Automagic updates to jduck's exim module
...
git-svn-id: file:///home/svn/framework3/trunk@11277 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 22:16:34 +00:00
Steve Tornio
d5fc9df054
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@11276 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 21:43:12 +00:00
Joshua Drake
5cc8407748
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@11275 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 19:50:16 +00:00
Joshua Drake
9f5df90e60
add exploit for cve-2010-4344
...
git-svn-id: file:///home/svn/framework3/trunk@11274 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 19:34:23 +00:00
Joshua Drake
add6955501
add disclosure date, fix parse error on 1.8.7
...
git-svn-id: file:///home/svn/framework3/trunk@11253 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-08 16:17:16 +00:00
Joshua Drake
9c1576b20e
update the title
...
git-svn-id: file:///home/svn/framework3/trunk@11246 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 17:46:24 +00:00
Joshua Drake
bbab0e3fd9
add cve-2008-6825 exploit from Larry Wert, fixes #3145
...
git-svn-id: file:///home/svn/framework3/trunk@11245 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 17:44:47 +00:00
Mario Ceballos
5dad5e2ee5
consistency
...
git-svn-id: file:///home/svn/framework3/trunk@11227 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-05 15:08:22 +00:00
Steve Tornio
e93c196363
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@11214 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-03 12:34:38 +00:00
Mario Ceballos
50d6c9659a
added coverage for the proftpd backdoor.
...
git-svn-id: file:///home/svn/framework3/trunk@11210 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-02 22:33:37 +00:00
Joshua Drake
26a9fe6fc7
add some missing CVE references
...
git-svn-id: file:///home/svn/framework3/trunk@11180 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 20:19:18 +00:00