Commit Graph

6782 Commits (f6baf824b696e7ecc562ac593cce4aa664158017)

Author SHA1 Message Date
jvazquez-r7 d04fdc9382 Added aux module for CVE-2009-1730 2012-08-08 16:26:41 +02:00
Erran Carey bb588d338b Add Keychain Enumeration Mac OS X Post Module
Based off my `Keyjacker` script this module runs through an account's
keychains and returns internet accounts associated.
Setting the GETPASS option to true will return both many plain text
passwords given that the user allows their system to use the keychain
when prompted.
2012-08-08 03:03:19 -05:00
sinn3r b46fb260a6 Comply with msftidy
*Knock, knock!*  Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
sinn3r 7221420267 When it hangs, it's actually the correct behavior, not a failure. 2012-08-07 15:00:08 -05:00
Tod Beardsley 955a5af8cf Adding OSVDB ref 2012-08-07 12:56:29 -05:00
sinn3r dc47551a5c Merge branch 'scrutinizer_add_admin' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-scrutinizer_add_admin 2012-08-07 12:40:04 -05:00
sinn3r ddcee6fee0 And the war between spaces and tabs goes on.... 2012-08-07 12:36:53 -05:00
sinn3r 540f6253ef Merge branch 'pbot_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-pbot_exec 2012-08-07 12:26:07 -05:00
sinn3r 57c32c9c7b Slip Plixer's name in there, because it's their product. 2012-08-07 12:20:44 -05:00
jvazquez-r7 fb452d75a3 Added module for pbot RCE 2012-08-07 19:20:32 +02:00
sinn3r 0f37c1704d Add vendor's name in there fore better searching 2012-08-07 12:17:41 -05:00
sinn3r f26053c2c3 Add vendor's name in there for easier searching 2012-08-07 12:16:52 -05:00
sinn3r 614ae02a26 Add CVE-2012-2626 Scrutinizer add-user aux mod 2012-08-07 12:13:25 -05:00
sinn3r 5f4297a68a I tested it 9.5.2 too 2012-08-07 11:01:08 -05:00
sinn3r 3ba73c4f7f Fix check() function 2012-08-07 11:00:12 -05:00
sinn3r 6b4ae94dce Add CVE-2012-3951 Scrutinizer NetFlow and sFlow Analyzer exploit
This uses a default MySQL admin credential to write a php file to
the web directory, extracts our malicious executable, and then
finally execute it. We get SYSTEM.
2012-08-07 03:19:44 -05:00
jvazquez-r7 44dd8b0cc5 Merge branch 'update_juan_author' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-update_juan_author 2012-08-06 19:04:26 +02:00
jvazquez-r7 c2cc4b3b15 juan author name updated 2012-08-06 18:59:16 +02:00
sinn3r 349c841f6b Blah, OSVDB ref shouldn't be a link 2012-08-06 11:57:59 -05:00
sinn3r 647b587f75 Merge branch 'Meatballs1-uplay' 2012-08-06 11:54:51 -05:00
sinn3r 69ff9e7c1c Lots of changes before commit. 2012-08-06 11:54:08 -05:00
sinn3r 25b2b2de68 Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay 2012-08-06 11:33:27 -05:00
sinn3r 99d3ee6fc4 Merge branch 'webpagetest_traversal' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webpagetest_traversal 2012-08-06 03:15:16 -05:00
sinn3r 13aca3fe4c Merge branch 'oracle_autovue_setmarkupmode' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_autovue_setmarkupmode 2012-08-06 03:13:27 -05:00
sinn3r f1e7ef06cc Add webpagetest dir traversal module
How did I forget this while writing the exploit?
2012-08-06 03:11:07 -05:00
Steve Tornio 54ed27c1b3 add osvdb ref 2012-08-05 09:02:54 -05:00
Steve Tornio b646dcc87f add osvdb ref 2012-08-05 09:02:32 -05:00
Steve Tornio 79e04bb793 add osvdb ref 2012-08-05 09:02:11 -05:00
Steve Tornio eb963ae52a add osvdb ref 2012-08-05 09:01:46 -05:00
jvazquez-r7 4e8a6f6508 Added module for CVE-2012-0549 2012-08-05 12:13:23 +02:00
Tod Beardsley d5b165abbb Msftidy.rb cleanup on recent modules.
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
Meatballs1 1aacea951d Serve files as hidden 2012-08-04 18:03:12 +01:00
Meatballs1 833999b2c3 Changed blacklist to 404 all files that are not our share and executable - this allows windows/exec payload to work 2012-08-04 17:59:45 +01:00
Rob Fuller 76fee330ee Squashed commit of the following:
commit dadb717f5e17851a85183847f3fdb01e45e6caaa
Author: James Lee <egypt@metasploit.com>
Date:   Fri Aug 3 18:48:53 2012 -0600

    Rescue SMB errors

    Prevents backtraces and gives the user some idea of what happened.
    Specifically useful for STATUS_ACCESS_DENIED and STATUS_LOGON_FAILURE.

commit aba203ead75eec22606f52d7eb67f1581c44c4df
Author: Rob Fuller <jd.mubix@gmail.com>
Date:   Fri Jul 20 03:24:26 2012 -0400

    add SMB list directory module

[Closes #628]
2012-08-03 19:00:11 -06:00
Daniel Miller 31510167e6 Make setuid_nmap more robust
Squashed commit of the following:

commit e1a1f84f9b1ce6466e82c72e39070c34607d6769
Author: James Lee <egypt@metasploit.com>
Date:   Fri Aug 3 14:13:33 2012 -0600

    Fix 1.8 compat

commit 26533219896b6e874b2f2113e7cbc6d5d7d1ac79
Author: Daniel Miller <bonsaiviking@gmail.com>
Date:   Thu Aug 2 09:50:38 2012 -0500

    Handle early Nmap versions that don't take absolute paths

commit 00db80131deba1f4a3bcc289b394feb5057fbbe9
Author: Daniel Miller <bonsaiviking@gmail.com>
Date:   Fri Jul 27 11:58:36 2012 -0500

    Add compatibility args to setuid_nmap command

    Nmap before 4.75 would not run a script without a port scan being
    performed. Example: 4.53 installed on Metasploitable would not work.
    Added "-p80 localhost" to the command to ensure it works with these
    older versions.

[Closes #649]
2012-08-03 14:15:09 -06:00
h0ng10 8872ea693c real support for cve-2010-0738/verb bypass 2012-08-03 14:22:40 -04:00
h0ng10 52b1919315 Additional cleanups, verb tampering 2012-08-02 17:33:17 -04:00
James Lee 227d0dbc47 Add jabra to authors. I'm a jerk 2012-08-02 11:13:53 -06:00
James Lee 1a2a1e70f7 Replace load with require, *facepalm* 2012-08-01 22:51:36 -06:00
sinn3r 2f1022a5a3 Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay 2012-08-01 16:24:23 -05:00
sinn3r f6a2ba094d Merge branch 'sonicwall_scrutinizer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sonicwall_scrutinizer 2012-08-01 15:14:34 -05:00
sinn3r 74a6c724a6 Merge branch 'cisco_playerpt_setsource_surl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cisco_playerpt_setsource_surl 2012-08-01 15:13:15 -05:00
sinn3r 6ae863cdff Forgot two extra spaces, how dare me! 2012-08-01 15:11:33 -05:00
sinn3r 227c3afed3 Merge branch 'bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec' 2012-08-01 15:08:51 -05:00
sinn3r 7af9979687 Merge branch 'zenoss_3.2.1_showdaemonxmlconfig_exec' of https://github.com/bcoles/metasploit-framework into bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec 2012-08-01 15:06:42 -05:00
sinn3r 832f47d467 Merge branch 'master' into jtr_seeding 2012-08-01 15:04:31 -05:00
sinn3r 48533dc392 Merge branch 'current-user-psexec' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-current-user-psexec 2012-08-01 15:02:10 -05:00
sinn3r 92d1d26288 Add CVE-2012-2962 : Dell SonicWall Scrutinizer exploit 2012-08-01 15:00:24 -05:00
David Maloney fa2b0c26bb Fixes password seeding for JtR modules 2012-08-01 14:15:51 -05:00
jvazquez-r7 4c28b2a310 modified autopwn_info to add ie9 2012-08-01 19:36:20 +02:00
jvazquez-r7 d3c10d5d39 Added module for CVE-2012-0284 2012-08-01 19:34:37 +02:00
bcoles 2bf0899d09 minor improvements to Zenoss showdaemonxmlconfig exploit 2012-08-01 20:15:45 +09:30
James Lee 0707730fe0 Remove superfluous method
Obsoleted by session.session_host, which does the same thing
2012-08-01 01:07:21 -06:00
James Lee 47eb387886 Add current_user_psexec module
Tested against a 2k8 domain controller.
2012-08-01 01:05:10 -06:00
sinn3r 8a40ef397d Merge branch 'webpagetest' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webpagetest 2012-07-31 17:29:42 -05:00
sinn3r d66678e7ee Forgot to randomize element ID 2012-07-31 17:25:50 -05:00
sinn3r c1297043f2 Merge branch 'ms12_037_ie_colspan' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ms12_037_ie_colspan 2012-07-31 17:18:20 -05:00
David Maloney 94c7415653 Remove typo 2012-07-31 16:30:41 -05:00
jvazquez-r7 7a0b5a6169 Added module for CVE-2012-1876 2012-07-31 23:14:29 +02:00
Meatballs1 75a9283fbf Removed auto migrate as exploit loads in a seperate process to browser anyway 2012-07-31 20:44:14 +01:00
Meatballs1 6f697ce519 Working with WebDAV 2012-07-31 20:26:47 +01:00
sinn3r 9815faec37 Add OSVDB-83822 2012-07-31 13:31:06 -05:00
sinn3r 20489864fc Merge branch 'zenoss_3.2.1_showdaemonxmlconfig_exec' of https://github.com/bcoles/metasploit-framework into bcoles-zenoss_3.2.1_showdaemonxmlconfig_exec 2012-07-31 08:42:34 -05:00
sinn3r e7db0ebcef Blah, removed the wrong ref. 2012-07-30 12:47:32 -05:00
sinn3r edfe43e7e0 When I say to remove BID ref, I mean it... 2012-07-30 12:46:27 -05:00
sinn3r e84214d1e1 Remove some references to avoid confusion.
rgod's poc and Mikado aren't actually the same thing, despite the
fact they both use the same method. To avoid confusion, refs to
Secunia and CVE are removed, but OSVDB/EDB are kept unless OSVDB
decides rgod's and Mikado's are separate issues.
2012-07-30 12:42:27 -05:00
Meatballs1 f298dbbd04 Fixed to work with browser_autopwn 2012-07-30 16:43:21 +01:00
Meatballs1 066020e572 Msftidy 2012-07-30 15:51:56 +01:00
Meatballs1 404909cb95 Check as IE crashes if length > 693 2012-07-30 15:41:58 +01:00
Meatballs1 690c381abd Initial commit 2012-07-30 14:49:34 +01:00
bcoles bdf8f1a543 Clean up Zenoss exploit + minor improvements
Changed send_request_raw() to send_request_cgi()
 - Removed redundant request headers 'Content-Length'

Added rescue error message for connection failures

Changed username to the default 'admin' account
2012-07-30 18:04:14 +09:30
jvazquez-r7 2fa88366be Added module for MS10-104 2012-07-30 09:01:38 +02:00
bcoles 8d3700cc3c Add Zenoss <= 3.2.1 exploit and Python payload
- modules/exploits/linux/http/zenoss_3.2.1_showdaemonxmlconfig_exec.rb
 - modules/payloads/singles/cmd/unix/reverse_python.rb
2012-07-30 01:24:27 +09:30
Matt Andreko 2f7b5f35af Added Sysax 5.64 Create Folder exploit 2012-07-29 10:40:02 -04:00
h0ng10 36be7cd9c4 removed unnecessary cleanup 2012-07-27 16:32:08 -04:00
sinn3r d67234bd03 Better regex and email format correction 2012-07-27 01:14:32 -05:00
sinn3r 2939e3918e Rename file 2012-07-27 01:06:57 -05:00
bcoles cec15aa204 Added CuteFlow v2.11.2 Arbitrary File Upload
- modules/exploits/multi/http/cuteflow_2.11.2_upload_exec.rb
2012-07-27 12:30:20 +09:30
sinn3r 80e0688c68 Merge branch 'symantec_pbcontrol' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-symantec_pbcontrol 2012-07-26 15:16:23 -05:00
sinn3r e483af64e4 Random text 2012-07-26 15:14:02 -05:00
sinn3r 6c3b05f1c4 Add CVE-2012-2953 Symantec Web Gateway proxy_file() cmd exec bug 2012-07-26 13:11:05 -05:00
jvazquez-r7 0bbcac96ea cleanup: delete revision metadata plus fix disc date 2012-07-26 15:04:15 +02:00
jvazquez-r7 e885b84347 Added module for CVE-2012-0284 2012-07-26 13:08:24 +02:00
sinn3r 3cb60fb42a Fix 1.8-specific regexp syntax bug
The bug was:
line 343: warning: regexp has invalid interval
line 343: warning: regexp has '}' without escape
2012-07-26 02:19:13 -05:00
jvazquez-r7 d2e1f4b448 Added module for OSVDB 83745 2012-07-25 19:24:09 +02:00
sinn3r 87aae548e6 Final cleanup 2012-07-24 13:11:04 -05:00
sinn3r fc0683310e Merge branch 'master' of https://github.com/morisson/metasploit-framework into morisson-master 2012-07-24 13:05:04 -05:00
Bruno Morisson dbc779e02d implemented fixes requested by sinn3r
Implemented the fixes, and re-tested the modules
2012-07-24 11:02:49 +01:00
sinn3r 716028c907 Catch exceptions that are expected when a host isn't pingable. 2012-07-23 18:34:03 -05:00
sinn3r bc176b4148 Merge branch 'pingsweep_fix' of https://github.com/darkoperator/metasploit-framework into darkoperator-pingsweep_fix 2012-07-23 17:37:01 -05:00
Carlos Perez cdee09b5cd Fixes in threading and for Java Meterpreter on OSX 2012-07-23 18:34:05 -04:00
Bruno Morisson 397d708340 Added bulk file retrieval to sap_mgmt_con_getlogfiles, and new module to get SAP process list from remote host
* Added option to retrieve all available files from remote SAP host to
sap_mgmt_con_getlogfiles, based on the listing request provided in
sap_mgmt_con_listlogfiles module, if the variable GETALL is set to true.
Kept previous functionality of retrieving just one chosen file.

* Added new module sap_mgmt_con_getprocesslist to remotely list SAP
processes using SAP SOAP interface. Based on the other sap_mgmt_con_*
modules by Chris John Riley.
2012-07-23 16:26:33 +01:00
sinn3r 4efe84c609 Merge branch 'Fix_Threading' of https://github.com/darkoperator/metasploit-framework into darkoperator-Fix_Threading 2012-07-23 02:58:30 -05:00
webstersprodigy 3c7ad96b45 Changing a string concat from + to << 2012-07-22 20:28:17 -04:00
webstersprodigy 6bb31280fb Took/tested all egypt's comments, other than the Actions one 2012-07-22 20:02:12 -04:00
sinn3r d3f9e8ce72 Merge branch 'nevdull77-sip-capture' 2012-07-22 03:36:21 -05:00
sinn3r 33ee6ee699 Merge branch 'sip-capture' of https://github.com/nevdull77/metasploit-framework into nevdull77-sip-capture 2012-07-22 03:36:13 -05:00
sinn3r b527356e00 This check can be handy 2012-07-22 03:34:16 -05:00
sinn3r 5fd58eda71 Merge branch 'sws_connection_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sws_connection_bof 2012-07-22 03:29:33 -05:00
Carlos Perez 4042275421 Fixed threading and added verbose print for each attempt 2012-07-22 00:26:37 -04:00
Carlos Perez 2f85f57922 Fixed threading and added new SRV records to enumerate. 2012-07-22 00:12:32 -04:00
Carlos Perez 7fc9d57f89 Fixed the threading for the reverse DNS lookup and improvements when ran against a Java Meterpreter session. 2012-07-21 23:54:29 -04:00
Carlos Perez 2941755576 Fixed the threading for ARP Scanner and skipped making a note is OUI is not known 2012-07-21 23:38:41 -04:00
jvazquez-r7 2f66aa7c4f Added module for OSVDB 83891 2012-07-21 12:14:29 +02:00
jvazquez-r7 beb1fbb55d Added module for Simple Web Server Connection header bof 2012-07-21 12:07:36 +02:00
James Lee cccd3754a4 Fix load order problem
[FIXRM #7151]
2012-07-20 15:58:57 -06:00
jvazquez-r7 f4e4675dc5 Avoid unpack with native endian types 2012-07-20 22:07:12 +02:00
Patrik Karlsson 08f0f693b0 change sname in report_auth_info from sip_challenge to sip_client 2012-07-20 19:48:15 +02:00
Patrik Karlsson 5dc985c911 fix msftidy WARNING 2012-07-20 17:15:06 +02:00
Patrik Karlsson 3fc1c1db73 fix problem with report_auth_info that was passed invalid host and port params. 2012-07-20 17:07:42 +02:00
Patrik Karlsson d494ed9bf7 add a function to sanitize source and dest ip's to avoid breaking JtR format. 2012-07-20 13:27:45 +02:00
sinn3r b662881613 Enforce a check before firing the exploit 2012-07-19 16:43:52 -05:00
Patrik Karlsson 7ec5c0d6e0 change module to use Rex::Socket::Udp instead of Ruby's ::UDPSocket. 2012-07-19 20:34:02 +02:00
sinn3r 1c6ce20ad8 Merge branch 'sip-capture' of https://github.com/nevdull77/metasploit-framework into nevdull77-sip-capture 2012-07-19 10:51:57 -05:00
sinn3r 9c510a738e Improve outputs 2012-07-19 10:50:58 -05:00
sinn3r 7cb12921d6 Don't print cli addr twice 2012-07-19 10:43:55 -05:00
sinn3r c4bb224a75 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-07-19 10:43:02 -05:00
sinn3r afd314701e Improve outputs 2012-07-19 10:41:25 -05:00
jvazquez-r7 37f14f76b7 Descriptions updated 2012-07-19 17:38:01 +02:00
sinn3r 3253929555 Fix indent 2012-07-19 10:21:30 -05:00
sinn3r 2bb36f5ef9 Remove repeating words 2012-07-19 10:17:05 -05:00
sinn3r 898530dd54 Fix description 2012-07-19 10:15:26 -05:00
sinn3r 2c648b1c5b Merge branch 'zenworks_preboot_op6c_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6c_bof 2012-07-19 10:14:10 -05:00
sinn3r 8f867b5b0d 100 columns or each line in the description 2012-07-19 10:12:22 -05:00
jvazquez-r7 d51209a3cf Beautify 2012-07-19 15:53:47 +02:00
jvazquez-r7 d69a46a9f0 Beautify 2012-07-19 15:53:09 +02:00
jvazquez-r7 83b7b90c61 Added module for CVE-2011-3175 2012-07-19 15:30:51 +02:00
jvazquez-r7 48f8145d97 Added module for CVE-2011-3176 2012-07-19 15:29:10 +02:00
HD Moore 9bff1c913b Merge pull request #592 from alexmaloteaux/ipv6arpfix
ipv6 and arp_scanner fix
2012-07-18 20:40:27 -07:00
James Lee d238debb2f Add disclo date, discoverers, and better description 2012-07-18 16:14:32 -06:00
Patrik Karlsson ad4a4b2ae3 add module for capturing SIP authentication challenge and response pairs.
The module starts a fake SIP server listening for incoming REGISTER requests.
It then triggers an authentication request at the client and captures the
response for cracking in JtR or Cain.
2012-07-18 20:45:08 +02:00
James Lee ebe48ecf16 Add Rank for schelevator, update sock_sendpage's 2012-07-18 11:16:29 -06:00
sinn3r 981ba60fee Fix exception handlings
Two things:
1. Make msftidy happy
2. Exception handling shouldn't be used to shut errors up.
2012-07-18 12:05:14 -05:00
Rory McCune 464df4ed1d Oraenum - added error handling
The oraenum module has errror handling to catch instances where the user used to run the checks doesn't have the appropriate rights, however in one place (The default password check) the error handling code isn't included.  This patch just adds the same check for that code.
2012-07-18 09:22:22 +01:00
sinn3r f4547527a8 Merge branch 'omg-post-exploits' of https://github.com/jlee-r7/metasploit-framework 2012-07-17 17:43:40 -05:00
sinn3r b3e11f2e6b Merge branch 'zenworks_preboot_op6_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_op6_bof 2012-07-17 17:42:58 -05:00
jvazquez-r7 80bfd48535 Added module for ZDI-010-090 Opcode 0x6 2012-07-17 23:25:55 +02:00
jvazquez-r7 0514756e92 Added module for ZDI-010-090 Opcode 0x21 2012-07-17 23:25:04 +02:00
sinn3r 78edf15a86 Improve module 2012-07-17 08:39:56 -05:00
sinn3r dde2254f29 rename file 2012-07-17 08:36:02 -05:00
sinn3r d5711efd26 Merge branch 'master' of https://github.com/j0hnf/metasploit-framework into j0hnf-master 2012-07-17 08:35:49 -05:00
sinn3r fbe0cb7471 Merge branch 'post_win_gather_creds_gpp_pass' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-post_win_gather_creds_gpp_pass 2012-07-17 08:28:19 -05:00
jvazquez-r7 6ac6e375a7 Changes according to hdm and sinn3r feedback 2012-07-17 12:02:24 +02:00
jvazquez-r7 7c2ea2ff23 Merge branch 'mysql-capture' of https://github.com/nevdull77/metasploit-framework into nevdull77-mysql-capture 2012-07-17 12:01:19 +02:00
sinn3r 3def2afb46 Correct e-mail format 2012-07-17 04:24:54 -05:00
HD Moore b3eb7b1358 Clean up unicode names 2012-07-17 00:46:28 -05:00
HD Moore c887e0aaff Re-add AFP changes due to mangled merge 2012-07-17 00:42:49 -05:00
HD Moore f62e0b1cca AFP fixes and JTR typo fix 2012-07-16 21:45:45 -05:00
HD Moore bc2edeace2 Cleanup AFP module output 2012-07-16 21:02:40 -05:00
James Lee efe478f847 Merge branch 'master' into omg-post-exploits 2012-07-16 09:20:23 -06:00
Patrik Karlsson 88275620ab removed JtR support due to bugs in cracking module. 2012-07-16 15:59:43 +02:00
Patrik Karlsson 25a78e6ab0 change so that both Cain and JTR hashes can be stored at the same time and
added username report_auth_info
2012-07-16 14:13:35 +02:00
Patrik Karlsson 4859e0809e add missing username to john hash 2012-07-16 09:14:44 +02:00
HD Moore 8fef1479ed Trim string fields at first null 2012-07-15 23:12:40 -05:00
HD Moore a57e712630 Be less verbose 2012-07-15 22:19:12 -05:00
HD Moore b133428bc1 Better error handling in two web app modules 2012-07-15 21:56:00 -05:00
HD Moore 10db74d480 Show the IP address in the output 2012-07-15 21:35:43 -05:00
HD Moore 7f3aeca501 Put lipstick on this pig for the time being 2012-07-15 21:35:29 -05:00
James Lee 7091d1c65b Add an exploit for sock_sendpage
Unfortunately, adds a dep on bionic for runtime compilation.

Gets ring0, sets the (res)uid to 0 and jumps to the payload.  Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into.  Single payloads work fine, though.

Also cleans up and improves local exploits' ability to compile C.

[SEERM #3038]
2012-07-15 20:29:48 -06:00
HD Moore 6c058d9a9a Skip blank usernames (corner case) 2012-07-15 21:14:55 -05:00
HD Moore 44e56c87f1 Make super sure that blank creds are not reported 2012-07-15 20:56:31 -05:00
Patrik Karlsson 8889d89eea msftidy cleanup 2012-07-16 02:07:45 +02:00
Patrik Karlsson 6331c33472 add MySQL password capturing module
This module provides a fake MySQL service that is designed to
capture authentication credentials. It captures	challenge and
response pairs that can be supplied to Cain or JTR for
cracking.
2012-07-16 01:55:22 +02:00
jvazquez-r7 8cf08c6ca3 Target W7 updated 2012-07-15 17:45:58 +02:00
sinn3r e1ff6b0cef Nicer cleanup 2012-07-14 17:57:32 -05:00
jvazquez-r7 bdf009d7a8 Review of pull request #606 2012-07-15 00:20:12 +02:00
HD Moore 6cdd044e10 Remove a buggy payload that doesn't have NX support 2012-07-12 12:15:57 -05:00
jvazquez-r7 2da984d700 Added module for OSVDB 83275 2012-07-12 13:12:31 +02:00
jvazquez-r7 6c8ee443c8 datastore cleanup according to sinn3r 2012-07-12 09:31:22 +02:00
jvazquez-r7 65d15df9f9 Merge branch 'jboss-revision' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-revision 2012-07-12 09:25:37 +02:00
webstersprodigy fd009fe3ff Improved smb_put reliability
The .write function was having issues with large files, the
connection would close or sometimes there would be errors.
I changed thefunction to act more like smb_relay and it works better.
2012-07-11 23:30:55 -04:00
jvazquez-r7 b12f13f837 Review of Pull request #594 2012-07-12 00:46:24 +02:00
jvazquez-r7 16cd847e5a Merge branch 'mssql_review' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-mssql_review 2012-07-12 00:36:54 +02:00
jvazquez-r7 a840ff8cf8 Review of pull request #598 2012-07-12 00:34:17 +02:00
jvazquez-r7 f933d98d38 Review of #595 2012-07-12 00:19:27 +02:00
h0ng10 87f5002516 added datastore cleanup 2012-07-11 12:56:23 -04:00
h0ng10 0d38a7e45f switched to Rex::Text.encode_base64() 2012-07-11 12:52:09 -04:00
webstersprodigy c593a3429d fixed a type bug with the default response 2012-07-11 02:23:37 -04:00
LittleLightLittleFire 32fa8bdfcf Fixed typo in Stefan's last name 2012-07-11 14:53:26 +10:00
h0ng10 61ec07a10c additional targets, meterpreter, bugfixes 2012-07-10 13:33:28 -04:00
sinn3r 06974cbc43 This bug is now patched 2012-07-10 12:28:46 -05:00
Alexandre Maloteaux 81ba60169f ipv6 and arp_scanner fix 2012-07-10 18:28:24 +01:00
jvazquez-r7 4af75ff7ed Added module for CVE-2011-4542 2012-07-10 18:40:18 +02:00
sinn3r 6f97b330e7 Merge branch 'LittleLightLittleFire-module-cve-2012-1723' 2012-07-10 00:50:31 -05:00
sinn3r 5b7d1f17c0 Correct juan's name and comments 2012-07-10 00:43:46 -05:00
sinn3r 54576a9bbd Last touch-up
The contents of this pull request are very similar to what the msf
dev had in private, so everybody is credited for the effort.
2012-07-10 00:37:07 -05:00
sinn3r 64709be909 Merge branch 'module-cve-2012-1723' of https://github.com/LittleLightLittleFire/metasploit-framework into LittleLightLittleFire-module-cve-2012-1723 2012-07-10 00:27:36 -05:00
HD Moore c532d4307a Use the right failure reason 2012-07-10 00:26:14 -05:00
webstersprodigy f50843e0b7 Adding http_ntlmrelay module 2012-07-09 22:56:24 -04:00
LittleLightLittleFire e9ac90f7b0 added CVE-2012-1723 2012-07-10 12:20:37 +10:00
sinn3r b817070545 Merge branch 'mac_oui' of https://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-mac_oui 2012-07-09 20:14:25 -05:00
Alexandre Maloteaux e509c72574 better handle company name 2012-07-10 00:24:30 +01:00
Alexandre Maloteaux e949b8c2c8 mac_oui 2012-07-09 23:46:57 +01:00
sinn3r 81b4cb737d Merge branch 'zenworks_preboot_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_fileaccess 2012-07-09 11:14:56 -05:00
jvazquez-r7 73fcf73419 Added module for CVE-2011-2657 2012-07-09 18:03:16 +02:00
jvazquez-r7 b33220bf90 Added module for CVE-2012-2215 2012-07-09 17:32:55 +02:00
sinn3r 0fbfa8e6f7 Merge branch 'enum_unattend_ii' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-enum_unattend_ii 2012-07-09 10:14:30 -05:00
sinn3r 5586aa6c1b Move some code around 2012-07-09 09:44:22 -05:00
sinn3r 5db26beef7 Add more features
Please see the following ticket:
http://dev.metasploit.com/redmine/issues/7041
2012-07-09 05:17:40 -05:00
James Lee 6d6b4bfa92 Merge remote branch 'rapid7/master' into omg-post-exploits 2012-07-08 17:32:39 -06:00
sinn3r d626de66f7 Print out where the scheme info is stored.
This module needs to print out where the scheme is stored so the
user knows where it is, see complaint:
https://community.rapid7.com/message/4448
2012-07-08 18:24:18 -05:00
HD Moore 442eccd1d6 Merge pull request #578 from claudijd/master
Bug Fix to "Stamp Out" LM and NTLM Hash Corruption in Hashdump Code
2012-07-08 12:24:46 -07:00
Jonathan Claudius 5938771e6c Bug Fix to "Stamp Out" LM and NTLM Hash Corruption
-This commit Addresses Metasploit Bug #4402 that notes corrupted (aka:
incorrect) hashes yielded from hashdump
-Fail case can be reliably reproduced on a Windows system where (1) a
user is not storing an LM hash and (2) password histories are enabled
on the system
-This issue along with other extraction tools that are affected in a
similar way will be discussed at BlackHat USA 2012 and DEFCON 20 in 2
weeks.

If you have questions, please let us know.

-Jonathan Claudius (@claudijd)
-Ryan Reynolds (@reynoldsrb)
2012-07-08 14:02:22 -05:00
sinn3r 87bac91d71 Apply additional changes from #549
From pull request #549. Changes include:
* Use OptEnum to enforce the use of wpad.dat or proxy.pac
* Remove cli.peerhost:cli.peerport, the API does that already
* cleanup function to restore uripath datastore option
* More friendly error when the user doesn't have enough permission
  to bind to port 80, that way they don't blame it's a bug on msf.
* Remove unnecessary SVN stuff in modinfo
2012-07-07 15:59:16 -05:00
sinn3r 4e90da002d Merge branch 'master' of https://github.com/efraintorres/wmap-metasploit into wpad 2012-07-07 15:44:05 -05:00
Steve Tornio 44290c2c89 add osvdb ref 2012-07-07 08:40:25 -05:00
sinn3r 70c718a5ed Fix indent level 2012-07-06 12:44:03 -05:00
sinn3r 24c57b61a8 Add juan as an author too for improving the module a lot 2012-07-06 10:41:06 -05:00
jvazquez-r7 9fecc80459 User of TARGETURI plus improve of description 2012-07-06 15:47:25 +02:00
jvazquez-r7 7751c54a52 references updates 2012-07-06 11:56:03 +02:00
jvazquez-r7 f8ca5b4234 Revision of pull request #562 2012-07-06 11:52:43 +02:00
sinn3r 1e6c4301b6 We worked on it, so we got credit 2012-07-06 02:12:10 -05:00
sinn3r f8123ef316 Add a "#" in the end after the payload 2012-07-06 02:09:31 -05:00
sinn3r 187731f2cb Add a check function to detect the vuln 2012-07-06 01:58:01 -05:00
sinn3r dcddc712d2 Missing a "&" 2012-07-06 01:50:18 -05:00
sinn3r 3c8a836091 Add lcashdol's module from #568
Initial version being worked on by sinn3r & juan
2012-07-06 01:41:34 -05:00
sinn3r ecb4e20c92 Instead of deleting the "/", here's a different approach 2012-07-06 01:23:41 -05:00
sinn3r 7876d7fd60 Delete the extra "/" 2012-07-06 01:20:31 -05:00
sinn3r 686f176a99 Correct path 2012-07-06 01:12:47 -05:00
sinn3r 0c18662d46 Make msftidy happy and change the traversal option 2012-07-06 01:10:39 -05:00
sinn3r 3b7e1cd73a Add Dillion's module for Wangkongbao 2012-07-06 00:54:55 -05:00
sinn3r 260cea934d Add more reference 2012-07-05 16:48:43 -05:00
sinn3r 850242e733 Remove the extra comma and a tab char 2012-07-05 14:05:23 -05:00
jvazquez-r7 aee7d1a966 Added module for CVE-2012-0911 2012-07-05 20:58:27 +02:00
Meatballs1 fc58e485c3 Added further protection to enum_dcs method to prevent crashes 2012-07-05 14:27:45 +01:00
Meatballs1 a513b41283 Couple of readability changes suggested by TLC 2012-07-05 14:19:41 +01:00
jvazquez-r7 ff4a0bc3aa poisonivy_bof description updated 2012-07-05 00:18:13 +02:00
jvazquez-r7 8bdf3b56f5 tries updated 2012-07-04 15:48:32 +02:00
jvazquez-r7 d8a5af7084 last changes done by gal, added RANDHEADER to single_exploit 2012-07-04 15:25:12 +02:00
jvazquez-r7 644d5029d5 add bruteforce target as optional 2012-07-04 13:02:47 +02:00
jvazquez-r7 7214a6c969 check function updated 2012-07-04 12:16:30 +02:00
jvazquez-r7 c531bd264b brute force version of the exploit 2012-07-04 11:37:36 +02:00
jvazquez-r7 da2105787d no rop versio of the exploit, metadata used, check and description fixed 2012-07-04 10:54:35 +02:00
Loic Jaquemet cadbeafc4b match dot and not any character 2012-07-03 20:41:03 -03:00
Loic Jaquemet 5bba81b738 or something equivalent... if enum_dcs returns nil 2012-07-03 20:38:26 -03:00
jvazquez-r7 8bcc0ba440 Review of pull request #559 2012-07-03 23:49:47 +02:00
Meatballs1 c30b2de35b Removed comments in code! 2012-07-03 21:34:33 +01:00
Meatballs1 9998ca928d msftidy, bugfixes, and protection to prevent DNS style domains going into the DC enumeration (which causes a meterpreter crash) 2012-07-03 21:28:45 +01:00
Meatballs1 bdd9364fa4 Refactored registry DC enumeration to occur by default, fixed nil DomainCaches exception 2012-07-03 21:08:12 +01:00
jvazquez-r7 600ca5b1dd Added module for CVE-2012-0708 2012-07-03 19:03:58 +02:00
Loic Jaquemet f74fe39280 fix error message to a more helpful one. 2012-07-03 12:54:02 -03:00
Loic Jaquemet 12e24dbd99 failback to target's PDC to get policies 2012-07-03 12:49:34 -03:00
sinn3r 7cfb7c1915 Update description 2012-07-03 10:26:02 -05:00
Loic Jaquemet 5fff195eba DomainCache is a list of domainName = dnsDomainName 2012-07-03 12:20:00 -03:00
sinn3r 77d6fe16f0 Merge branch 'Winlog-CVE-resource' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-Winlog-CVE-resource 2012-07-02 16:04:02 -05:00
sinn3r 7262faac57 Correct a typo 2012-07-02 16:02:14 -05:00
sinn3r fa0422c88a Must respect the PlainText field to extract password info properly 2012-07-02 15:56:25 -05:00
sinn3r e2a2789f78 Support Ruby 1.8 syntax. Thanks M M. 2012-07-02 14:15:14 -05:00
m-1-k-3 e06ca8e654 Winlog-CVE-resource 2012-07-02 20:33:15 +02:00
jvazquez-r7 9d49052c52 hp_dataprotector_new_folder: added support for hpdp 6 2012-07-02 18:32:19 +02:00
efraintorres 4c68cdd584 Actions removed. 2012-07-02 10:57:32 -05:00
Meatballs1 4eec5a5288 msftidy 2012-07-02 16:51:15 +01:00
Meatballs1 261989dddf Fixed get_domain_reg where value returned was '.' 2012-07-02 16:46:02 +01:00
Meatballs1 bd2368d6ab Added specific details for each policy type to output table, modified REX:Ui:Table to prevent sorting when SortIndex == -1 2012-07-02 11:47:44 +01:00
Meatballs1 299ed9d1d5 Local loot storage of retrieved XML files with option to disable storage 2012-07-02 10:48:04 +01:00
Meatballs1 5c2c1ccc39 Added extra logic and fixes for user supplied domains option 2012-07-02 10:15:58 +01:00
HD Moore 3bb7405b09 Only report auth if the username is not blank 2012-07-02 04:11:29 -05:00
Meatballs1 b549c9b767 Added a number of registry locations to enumerate the domain as this was inconsistant across testing environments 2012-07-02 09:35:47 +01:00
Meatballs1 994074948a Removed @enumed_domains which inadvertantly skipped processing after the first file on a domain 2012-07-02 09:17:29 +01:00
Meatballs1 21776697b2 Merged with upstream 2012-07-02 08:57:54 +01:00
sinn3r 1b02f17d52 Shamelessly add my name too, because I made a lot of changes. 2012-07-01 19:23:34 -05:00
sinn3r e1c43c31bd Title change 2012-07-01 16:43:25 -05:00
sinn3r 326230b34b Don't need to print the xml path twice 2012-07-01 13:58:04 -05:00
sinn3r fcf5e02708 Be aware of bad XML format 2012-07-01 13:50:43 -05:00
sinn3r ac52b0cc9f Filter out 'AdministratorPassword' and 'Password' 2012-07-01 13:45:12 -05:00
sinn3r 61983b21b9 Add documentation about unattend.xml's specs 2012-07-01 04:15:11 -05:00
sinn3r bf03995e30 Add veritysr's unattend.xml collector. See #548. 2012-07-01 04:08:18 -05:00
efraintorres be666fde89 Full msftidy compliant 2012-06-30 22:08:10 -05:00
efraintorres cad749d495 More formatting. 2012-06-30 21:21:56 -05:00
efraintorres 22b47e32fe Fixed wrapping of module description 2012-06-30 21:12:01 -05:00
efraintorres f8aacc3482 All fixes applied to wpad module. 2012-06-30 20:57:59 -05:00
sinn3r a3d74f5b10 Correct dead milw0rm references 2012-06-30 16:50:04 -05:00
sinn3r 2874768539 Also add juan as author. And links to the vulnerable setup. 2012-06-30 13:12:13 -05:00
jvazquez-r7 5dbfb7b9aa last cleanup 2012-06-30 14:18:25 +02:00
jvazquez-r7 19d476122b versions affected corrected 2012-06-29 20:23:17 +02:00
jvazquez-r7 533111c6da irfanview_jpeg2000_bof: review of pull req #543 2012-06-29 20:13:02 +02:00
sinn3r 196e1b7f70 Update title & description to match what ZDI has.
ZDI publishes a new advisory that's closer to what we actually
see in a debugger. So we update the reference, as well as the
description + title to better match up theirs.
2012-06-29 11:10:28 -05:00
sinn3r 19b6ebbfbf Merge branch 'apple_quicktime_texml_zdi' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-apple_quicktime_texml_zdi 2012-06-29 10:59:11 -05:00
sinn3r 0e87238e58 Space space 2012-06-29 10:56:12 -05:00
jvazquez-r7 c79312547a Added module for CVE-2012-0124 2012-06-29 17:50:21 +02:00
jvazquez-r7 5efb459616 updated zdi reference 2012-06-29 16:36:11 +02:00
sinn3r e5dd6fc672 Update milw0rm references.
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links.  Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
sinn3r e37a71192d Make msftidy happy 2012-06-28 12:10:38 -05:00
Rob Fuller 77326edc45 fixed tcpnetstat table displaying 2012-06-28 12:56:29 -04:00
Rob Fuller 6f37ccbcae tcp netstat post module via railgun 2012-06-28 09:17:05 -04:00
sinn3r 7c9a8ba699 Add OSVDB reference 2012-06-28 02:09:12 -05:00
sinn3r cf9a6d58cc Update missing OSVDB ref 2012-06-28 00:44:01 -05:00
sinn3r f63a3959e0 Update web app module references 2012-06-28 00:37:37 -05:00
sinn3r 869aec5e3e Update CVE/OSVDB/Milw0rm references for browser modules 2012-06-28 00:26:20 -05:00
sinn3r 7dcdd205bb Update CVEs for fileformat exploits 2012-06-28 00:21:03 -05:00
sinn3r b83c02d8e3 Update CVE reference 2012-06-28 00:06:41 -05:00
sinn3r d85ce8db5c Update CVEs for HTTP exploits 2012-06-28 00:00:53 -05:00
sinn3r e8102284ff Add missing CVEs for misc exploit modules 2012-06-27 22:17:34 -05:00
sinn3r f5faccfa07 Add missing CVEs for SCADA modules 2012-06-27 22:10:24 -05:00
sinn3r 7c258d7aa9 Merge branch 'jvazquez-r7-atlassian_crowd' 2012-06-27 17:12:00 -05:00
sinn3r 68c582873b Add the MSF license text 2012-06-27 17:11:00 -05:00
sinn3r 6c80fd9b42 Merge branch 'atlassian_crowd' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-atlassian_crowd 2012-06-27 17:09:25 -05:00
sinn3r e605a35433 Make sure the check func is always returning the same data type 2012-06-27 17:07:55 -05:00
sinn3r cb1af5ab79 Final cleanup 2012-06-27 16:57:04 -05:00
jvazquez-r7 d3bc78c53b applied changes proposed by sinn3r 2012-06-27 23:55:51 +02:00
jvazquez-r7 73360dfae3 minor fixes 2012-06-27 23:38:52 +02:00
jvazquez-r7 245205c6c9 changes on openfire_auth_bypass 2012-06-27 23:15:40 +02:00
jvazquez-r7 6ec990ed85 Merge branch 'Openfire-auth-bypass' of https://github.com/h0ng10/metasploit-framework into h0ng10-Openfire-auth-bypass 2012-06-27 23:09:26 +02:00
sinn3r dc30a2dddb Merge branch 'atlassian_crowd' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-atlassian_crowd 2012-06-27 15:37:15 -05:00
sinn3r 2f733ff8b9 Add CVE-2012-0663 Apple QuickTime TeXML Exploit 2012-06-27 14:41:45 -05:00
Tod Beardsley 97974d9241 Shorten title for display 2012-06-27 10:19:46 -05:00
Tod Beardsley 94e28933c8 Whitespace fixes. msftidy.rb yall 2012-06-27 10:06:15 -05:00
jvazquez-r7 2c5cc697c9 Added auxiliary module for CVE-2012-2926 2012-06-27 10:21:18 +02:00
HD Moore 2dd51690c2 Add a missing require 2012-06-27 00:47:32 -05:00
sinn3r be2692a623 Merge branch 'pdf_parser_fix' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-pdf_parser_fix 2012-06-26 16:55:26 -05:00
James Lee 891400fdbb Array#select! is only in 1.9 2012-06-26 15:32:39 -06:00
sinn3r 9ea6d84a7a Make it clear the exploit doesn't like certain PDF formats
If the exploit cannot fetch certain xref fields, we warn the user
we don't like their PDF, and recommend them to try a different
one.
2012-06-26 16:32:10 -05:00
h0ng10 6cc8390da9 Module rewrite, included Java support, direct upload, plugin deletion 2012-06-26 11:56:44 -04:00
jvazquez-r7 cc90a60a1b Correct the use of the platform argument
The platform argument is meant to be a PlatformList object, not as an array:
http://dev.metasploit.com/redmine/issues/6826
This commit undoes the last change to init_platform() in alpha_mixed and modifies msfvenom to use it as intended.
2012-06-26 17:32:55 +02:00
j0hn__f 7d20f14525 exec SQL from file 2012-06-26 12:40:34 +01:00
j0hn__f 83260c9c89 module to exe SQL queries from a file 2012-06-26 12:15:30 +01:00
sinn3r b966dda980 Update missing CVE reference 2012-06-26 01:26:09 -05:00
sinn3r 8f355554c8 Update missing CVE reference 2012-06-26 01:21:24 -05:00
sinn3r 0d7b6d4053 Update missing CVE reference 2012-06-26 01:20:28 -05:00
sinn3r c7935e0e99 Update OSVDB reference 2012-06-26 01:18:25 -05:00
sinn3r 9980c8f416 Add rh0's analysis 2012-06-25 21:32:45 -05:00
sinn3r 7698b2994d Correct OSVDB typo 2012-06-25 18:32:35 -05:00
sinn3r 8927c8ae57 Make it more verbose, and do some exception handling for cleanup 2012-06-25 17:27:33 -05:00
sinn3r fef77bfd7f Merge branch 'sugarcrm_unserialize_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sugarcrm_unserialize_exec 2012-06-25 16:55:45 -05:00
jvazquez-r7 7b0f3383d2 delete default credentials 2012-06-25 23:53:56 +02:00
sinn3r 7f5687ef10 Merge branch 'sugarcrm_unserialize_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-sugarcrm_unserialize_exec 2012-06-25 16:28:55 -05:00
jvazquez-r7 7dc1a572e5 trying to fix serialization issues 2012-06-25 23:25:38 +02:00
sinn3r 063a2119a3 Merge branch 'iis_auth_bypass' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-iis_auth_bypass 2012-06-25 15:51:33 -05:00
sinn3r f93658b37a Minor name change 2012-06-25 15:51:02 -05:00
sinn3r 637edc21ce Add CVE-2010-2731 2012-06-25 15:48:36 -05:00
jvazquez-r7 59bb9ac23b quoting ip to avoid php complaining 2012-06-25 18:52:26 +02:00
jvazquez-r7 4c453f9b87 Added module for CVE-2012-0694 2012-06-25 17:21:03 +02:00
HD Moore 807f7729f0 Merge branch 'master' into feature/vuln-info 2012-06-25 10:10:20 -05:00
Steve Tornio 5d2655b0ce add osvdb ref 2012-06-25 09:00:03 -05:00
HD Moore f7dca272b6 IE 10/Win8 detection support 2012-06-25 00:36:49 -05:00
HD Moore 1989f0ab46 IE 10/Win8 detection support 2012-06-25 00:36:04 -05:00
HD Moore 348a0b8f6e Merge branch 'master' into feature/vuln-info 2012-06-24 23:00:13 -05:00
HD Moore c28d47dc70 Take into account an integer-normalized datastore 2012-06-24 23:00:02 -05:00
HD Moore e31a09203d Take into account an integer-normalized datastore 2012-06-24 22:59:14 -05:00
sinn3r 05eaac9085 Fix possible param duplicates 2012-06-24 19:05:42 -05:00
dmaloney-r7 46dd286cc8 Merge pull request #519 from rapid7/gpp-passwords
Gpp passwords
2012-06-24 16:18:34 -07:00
David Maloney 6e19dddf2a Alleviate duplicated work in gpp module 2012-06-24 16:21:35 -05:00
David Maloney aa09cd7f82 More collaboration stuff on gpp module 2012-06-24 13:08:19 -05:00
h0ng10 65197e79e2 added Exploit for CVE-2008-6508 (Openfire Auth bypass) 2012-06-24 07:35:38 -04:00
sinn3r e805675c1f Add Apple iTunes 10 Extended M3U Stack Buffer Overflow
New exploit against Apple iTunes. Note that this appears to be
different than liquidworm's CVE-2012-0677, because this one is
a stack-based buffer overflow, while CVE-2012-0677 is heap-based,
and a different crash/backtrace. However, according to Rh0, this
bug is patched anyway in the same update... possibly a silent
patch.

As of now, there seems to be no CVE or OSVDB addressing this
particular bug.
2012-06-24 02:01:34 -05:00
David Maloney eefea8d9d3 Add newname attr in gpp module 2012-06-23 17:51:58 -05:00
David Maloney 7bcb9d1a45 Reintegrated extra options into gpp module
reintegrated meatballs control options into the gpp module
2012-06-23 17:38:07 -05:00
David Maloney b320679d1f Exception message fix for gpp 2012-06-23 12:56:12 -05:00
David Maloney 5497d091fc fix gpp attribution and description 2012-06-23 12:45:56 -05:00
David Maloney 534008b010 Major rework of the gpp module
Took the combination work Meatballs did
on pulling togetehr the three seperate gpp modules.
Cleaned it up and cut it down to a smaller, smoother form.
2012-06-23 12:42:33 -05:00