54b98b4175
Merge branch 'ntr_activex_check_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_check_bof
2012-09-20 16:43:20 -05:00
4ead0643a0
Correct target parameters
2012-09-20 16:41:54 -05:00
41449d8379
Merge branch 'ntr_activex_stopmodule' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_stopmodule
2012-09-20 16:33:12 -05:00
1534c4af6f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-09-20 16:20:34 -05:00
776d24d8a9
cleanup
2012-09-20 16:16:30 -05:00
311c01be46
Cleanup, improve option handlingg
2012-09-20 16:14:15 -05:00
7fcc34766a
Added datastore items to BAP handlers
...
Added two datastore items to handlers created by BAP
2012-09-20 15:21:08 -05:00
a5ffe7297f
Touching up Kernelsmith's wording.
...
It is merely the ROP chain, not the vuln, that requires Java.
2012-09-20 14:52:52 -05:00
883dc26d73
Merge remote branch 'kernelsmith/ie_execcommand_uaf_info'
2012-09-20 14:48:36 -05:00
57fd9b8c18
Merge branch 'master' of https://github.com/dcbz/metasploit-framework into dcbz-master
2012-09-20 13:37:31 -05:00
e98e3a1a28
added module for cve-2012-0266
2012-09-20 19:03:46 +02:00
b61c8b85b8
Added module for CVE-2012-02672
2012-09-20 19:02:20 +02:00
17f7e94f4d
Add support for dumping MySQL challenge-response pairs in JtR format
2012-09-20 13:54:12 +05:30
f75ff8987c
updated all my authour refs to use an alias
2012-09-19 21:46:14 -05:00
f5df7e0e8a
Added 2 payload modules (reverse and bind tcp shells)
2012-09-19 16:59:26 -05:00
f1a39c76ed
update to ie_execcommand_uaf's info to add ROP info
...
This module requires the following dependencies on the target for the
ROP chain to function. For WinXP SP3 with IE8, msvcrt must be present
(which it is on default installs). For Vista/Win7 with IE8 or Win7
with IE9, ire 1.6.x or below must be installed.
2012-09-19 14:10:02 -05:00
11f82de098
Update author information
2012-09-19 14:00:51 -03:00
cc8102434a
CVE assigned for the IE '0day'
2012-09-18 16:13:27 -05:00
25475ffc93
Msftidy fixes.
...
Whitespace on ie_execcommand_uaf, and skipping a known-weird caps check
on a particular software name.
2012-09-18 11:25:00 -05:00
8b251b053e
initializing msghdr a little better
2012-09-18 12:12:27 +02:00
16c5df46fc
fix while testing ubuntu intrepid
2012-09-18 11:52:50 +02:00
5fbc4b836a
Add Microsoft advisory
2012-09-17 22:13:57 -05:00
75bbd1c48d
Being slightly more clear on Browser Not Supported
...
With this and the rest of sinn3r's fixes, it looks like we can close the
Redmine bug.
[FixRM #7242 ]
2012-09-17 11:16:19 -05:00
d77ab9d8bd
Fix URIPATH and nil target
...
Allow random and '/' as URIPATh, also refuse serving the exploit
when the browser is unknown.
2012-09-17 10:54:12 -05:00
48a46f3b94
Pack / Unpack should be V not L
...
Packing or unpacking to/from L, I, or S as pack types will cause
problems on big-endian builds of Metasloit, and are best avoided.
2012-09-17 09:52:43 -05:00
d77efd587a
Merge remote branch 'wchen-r7/ie_0day_execcommand'
2012-09-17 08:48:22 -05:00
5eaefcf4c7
This is the right one, I promise
2012-09-17 08:41:25 -05:00
8f50a167bd
This is the right module
2012-09-17 08:36:04 -05:00
e43cae70a7
Add IE 0day exploiting the execcommand uaf
2012-09-17 08:28:33 -05:00
c83b49ad58
Unix linefeeds, not windows
...
That's what I get for just committing willy-nilly with a fresh install
of Gvim for Windows.
Also, this is an experiment to see if linefeeds are being respected in
this editor Window. I doubt it will be, given GitHub's resistence to
50/72 as a sensible default.
2012-09-16 18:10:35 -05:00
2fc34e0073
Auth successful, not successfully
...
Just fixing up some adverb versus adjective grammar.
2012-09-16 17:51:00 -05:00
b07b30839e
Merge branch 'webmin_edit_html_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-webmin_edit_html_fileaccess
2012-09-16 03:17:09 -05:00
63d2d60c68
delete don't needed line
2012-09-15 23:56:38 +02:00
ff2e9fc157
add changes proposed by sinn3r
2012-09-15 23:55:55 +02:00
cbc778cb47
add changes proposed by sinn3r
2012-09-15 23:53:09 +02:00
0708ec72fc
module moved to a more correct location
2012-09-15 15:31:21 +02:00
0f67f8d08a
target modified
2012-09-15 15:14:33 +02:00
70ff7621d6
added module for CVE-2012-2983
2012-09-15 15:11:12 +02:00
0061d23b37
Added module for CVE-2012-2982
2012-09-15 15:09:19 +02:00
9a83c7c338
changes according to egypt review
2012-09-14 18:47:50 +02:00
eae571592c
Added rgod email
2012-09-14 17:45:16 +02:00
a2649dc8d1
fix typo
2012-09-14 17:10:41 +02:00
e27d5e2eb7
Description improved
2012-09-14 17:08:59 +02:00
9c77c15cf5
Added module for osvdb 85087
2012-09-14 16:54:28 +02:00
caf7619b86
Remove extra comma, fixes syntax errors in 1.8
...
Thanks, Kanedaaa, for reporting
2012-09-13 12:07:34 -05:00
1f58458073
Merge branch 'udev_netlink' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-udev_netlink
2012-09-13 10:37:52 -05:00
b31e8fd080
Merge branch 'qdpm_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-qdpm_upload_exec
2012-09-13 10:37:10 -05:00
71a0db9ae5
Make sure the user has a 'myAccount' page
2012-09-13 10:33:43 -05:00
6771466cb7
Added module for CVE-2011-2750
2012-09-13 17:24:16 +02:00
658502d5ad
Add OSVDB-82978
...
This module exploits a vuln in qdPM - a web-based project
management software. The user profile's photo upload feature can
be abused to upload any arbitrary file onto the victim server
machine, which allows remote code execution. However, note in
order to use this module, the attacker must have a valid cred
to sign.
2012-09-13 10:01:08 -05:00
12f3ef9c7c
added osvdb numbers
2012-09-13 14:00:12 +02:00
39f2cbfc3c
Older targets confirmed for CoolType SING
2012-09-12 16:51:51 -05:00
fba219532c
Updating BID for openfiler
2012-09-12 14:13:21 -05:00
32e2232de3
Disambiguating hkm from hdm
...
Having an author name of "hkm" really looks like a typo for "hdm," but
it's not.
2012-09-11 11:13:20 -05:00
83f4b38609
Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 16:19:14 -05:00
61bf15114a
deregistering FILENAME option
2012-09-10 23:14:14 +02:00
2259de3130
Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 16:10:22 -05:00
199fbaf33d
use a static filename
2012-09-10 23:08:21 +02:00
1c14c270bc
Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 15:53:16 -05:00
cb975ce0a2
cleanup plus documentation for the maki template
2012-09-10 22:48:04 +02:00
f5a0f74d27
Merge branch 'wanem_exec_improve' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-wanem_exec_improve
2012-09-10 13:35:48 -05:00
bbeb6cc97a
Add a privilege escalation exploit for udev < 1.4.1
...
Also includes a new ```rm_f``` method for Post::File for deleting remote
files in a platform-independent way.
2012-09-10 12:32:14 -05:00
607c0f023a
added edb references
2012-09-10 17:30:31 +02:00
b813e4e650
Added module for CVE-2009-1831
2012-09-10 16:46:16 +02:00
64b8696e3c
Extra condition that's not actually needed
...
Don't actually need to check nil res, because no code will
actually try to access res when it's nil anyway. And the 'return'
at the of the function will catch it when the response times out.
2012-09-09 04:06:48 -05:00
cb95a7b520
Add openfiler_networkcard_exec exploit
2012-09-09 17:28:09 +09:30
37c7f366f2
check function test vulnerability + minor improvements
2012-09-09 00:42:02 +02:00
f02659184a
Add WANem v2.3 command execution
2012-09-08 16:01:45 +09:30
caae54a7ca
added osvdb reference
2012-09-07 16:56:37 +02:00
aaf7fcd5e9
Closing bracket doh
2012-09-07 08:57:27 -05:00
53e4818c2e
Humble-desser, not humble-dresser
2012-09-07 08:49:27 -05:00
c572c20831
Description updated to explain conditions
2012-09-07 11:18:54 +02:00
bd596a3f39
Merge branch 'sflog_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sflog_upload_exec
2012-09-06 18:40:19 -05:00
86036737ca
Apparently this app has two different names
...
People may either call the app "ActiveFax", or "ActFax". Include
both names in there to allow the module to be more searchable.
2012-09-06 18:38:03 -05:00
6a484cdbc5
Merge branch 'actfax_local_exploit' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-actfax_local_exploit
2012-09-06 18:35:08 -05:00
b4270bb480
Add OSVDB-83767: SFlog Upload Exec Module
...
This module exploits multiiple flaws in SFlog!. By default, the
CMS has a default admin cred of "admin:secret", which can be
abused to access admin features such as blog management. Through
the management interface, we can upload a backdoor that's accessible
by any remote user, and then we gain code execution.
2012-09-06 18:30:45 -05:00
fc1c1c93ba
ZDI references fixed
2012-09-07 00:50:07 +02:00
4985cb0982
Added module for ActFac SYSTEM Local bof
2012-09-07 00:45:08 +02:00
65681dc3b6
added osvdb reference
2012-09-06 13:56:52 +02:00
b4113a2a38
hp_site_scope_uploadfileshandler is now multiplatform
2012-09-06 12:54:51 +02:00
270fa1b87b
updated descriptions for hp sitescope modules tested over linux
2012-09-05 23:25:08 +02:00
9531c95627
Adding BID
2012-09-05 15:04:05 -05:00
ff97b1da00
Whitespace EOL
2012-09-05 14:04:20 -05:00
43041e3a0a
Merge branch 'hp_sitescope_uploadfileshandler' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_uploadfileshandler
2012-09-05 14:03:24 -05:00
6705f5405e
Merge branch 'symantec_smg_ssh_pass' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-symantec_smg_ssh_pass
2012-09-05 14:00:55 -05:00
bed3c7bbac
Merge branch 'hp_sitescope_loadfilecontent_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_loadfilecontent_fileaccess
2012-09-05 13:59:49 -05:00
2f87af1c3a
add some checks while parsing the java serialization config file
2012-09-05 20:58:55 +02:00
598fdb5c50
Merge branch 'hp_sitescope_getsitescopeconfiguration' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_getsitescopeconfiguration
2012-09-05 13:58:39 -05:00
41904891c9
Merge branch 'hp_sitescope_getfileinternal_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_getfileinternal_fileaccess
2012-09-05 13:57:39 -05:00
b2116e2394
cleanup, test, add on_new_session handler and osvdb references
2012-09-05 20:54:25 +02:00
bbab206eac
Add CVE-2012-3579 - Symantec Messaging Gateway 9 Default SSH Pass
...
This module exploits a default misconfig flaw on Symantec Messaging
Gateway 9.5 (or older). The "support" user has a known default
password, which can be used to login to the SSH service, and then
gain privileged access from remote.
2012-09-05 13:21:10 -05:00
20655232d7
cleanup, tested and added osvdb reference
2012-09-05 20:03:46 +02:00
c6f5b1f072
cleanup, test, osvdb reference
2012-09-05 19:56:04 +02:00
ea2eb046c3
cleanup, final test, osvdb reference
2012-09-05 19:45:50 +02:00
406202fc81
Added module for ZDI-12-174
2012-09-05 12:56:09 +02:00
166f68b194
added module for ZDI-12-177
2012-09-05 12:54:30 +02:00
534ab55e5c
Added module for ZDI-12-173
2012-09-05 12:53:03 +02:00
8a50ca2f47
Added module for ZDI-12-176
2012-09-05 12:51:25 +02:00
8fce975593
Aux module raise an error because Report module is not included in the source
2012-09-05 10:38:36 +02:00
c7de73e7bf
Clean up SVN metadata
2012-09-04 19:36:10 -05:00
sinn3r
David Maloney
Tod Beardsley
jvazquez-r7
Dhiru Kholia
dcbz
kernelsmith
Ramon de C Valle
James Lee
bcoles
Cristiano Maruti