infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,201 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

12832 Commits (f71ad111dabcf347e5ce770b72c617233b0f44cb)

Author SHA1 Message Date
jvazquez-r7 8d38087a10 Fix case / when indention 2014-04-09 09:12:55 -05:00
Christian Mehlmauer 0e0fd20f88
Added RFC link 2014-04-09 15:19:29 +02:00
Christian Mehlmauer a0a5b9faa1
Fix heartbleed module 
-) incorrect length read
-) Parse TLS errors
 2014-04-09 15:08:24 +02:00
Brandon Perry 8428b37e59 move file to .rb ext 2014-04-09 05:17:14 -07:00
jvazquez-r7 a93e22b5c0
Land #3209, @Firefart's heartbleed's module fix 2014-04-09 06:38:06 -05:00
Christian Mehlmauer 9c159f0aa3
Land #3210, typo in openssl_heartbleed 2014-04-09 09:53:06 +02:00
Meatballs ae3ead6ef9
Land #2107 Post Enum Domain Users 2014-04-09 11:32:12 +01:00
julianvilas 4e7c675f3c Fix typo, extraquote in message 2014-04-09 10:22:15 +02:00
Christian Mehlmauer cdfe333572
updated heartbleed module 
-) Heartbeat length was added twice
-) Use the current date for the TLS client_hello
 2014-04-09 09:19:05 +02:00
joev b4f5784ba2
Land #3147, @m-1-k-3's mipsbe exec payload. 2014-04-08 22:32:21 -05:00
Brandon Perry 82c9b539ac Fix disclosure date, earlier than I thought 2014-04-08 21:43:49 -05:00
Brandon Perry 3013704c75 Create sophos_wpa_iface_exec 
This module exploits both bugs in http://www.zerodayinitiative.com/advisories/ZDI-14-069/
 2014-04-08 21:21:43 -05:00
William Vu dd69a9e5dd
Land #3206, OpenSSL Heartbleed infoleak 2014-04-08 20:12:00 -05:00
William Vu 5e314f2a7c
Fix outstanding issues 2014-04-08 20:11:28 -05:00
sinn3r f3086085b6
Land #3204 - MS14-017 Microsoft Word RTF Object Confusion 2014-04-08 18:47:53 -05:00
jvazquez-r7 a4e1d866e1 Favor nil? 2014-04-08 18:21:49 -05:00
jvazquez-r7 153e003e23 Do small fixes 2014-04-08 18:21:09 -05:00
jvazquez-r7 39aecb140a Use the datastore option 2014-04-08 16:55:08 -05:00
jvazquez-r7 496dd944e6 Add support for datastore TLSVERSION 2014-04-08 16:51:50 -05:00
jvazquez-r7 d51aa34437 Use Random generation Time as pointed by @Firefart 2014-04-08 16:46:15 -05:00
jvazquez-r7 d964243cc4 Move heartbeat length to a variable 2014-04-08 16:33:05 -05:00
jvazquez-r7 3d6c553efd Fix endianess 2014-04-08 16:29:31 -05:00
jvazquez-r7 373b05c5aa Minimize extensions in the Hello 2014-04-08 16:21:38 -05:00
jvazquez-r7 3254cce832 Align comment 2014-04-08 16:04:38 -05:00
jvazquez-r7 c20b71e7b6 Switch to vprint unless success 2014-04-08 16:03:38 -05:00
jvazquez-r7 7dbd690c99 Add new references 2014-04-08 16:01:06 -05:00
jvazquez-r7 a55579dd4a Fix references 2014-04-08 15:56:56 -05:00
jvazquez-r7 4004cd8f9a Allow hello data to grow dinamically 2014-04-08 15:52:39 -05:00
jvazquez-r7 b8e2c9fe42 Clean and fix @Firefart's code 2014-04-08 15:32:13 -05:00
jvazquez-r7 80bdbbed92 Solve conflict 2014-04-08 15:18:38 -05:00
Christian Mehlmauer 8c7debb81d
Added some comments and modified JABBER 2014-04-08 22:13:02 +02:00
jvazquez-r7 021da84459 Add authors and switch and's format 2014-04-08 15:10:27 -05:00
sinn3r a2b709b20e
Land #3189 - Vtiger Install Unauthenticated Remote Command Execution 2014-04-08 14:58:34 -05:00
sinn3r 4012dd0acc Fix everything that needs to be fixed 2014-04-08 14:57:42 -05:00
Christian Mehlmauer 9c053a5b91
Added additional protocols 2014-04-08 21:56:05 +02:00
Fabian Bräunlein 8dce80fd30 Added Big Endianess, improved check()-Function 
Some Fritz!Box devices also run in Big Endianess mode. However, since
"uname -a" always returns "mips" and the "file"-command is not
available, autodetection is not an easy task.

The check()-function now checks, whether the device is really
vulnerable.

Furthemore, it's possible to send 92 bytes.
 2014-04-08 21:32:36 +02:00
jvazquez-r7 5f29026cb2 Complete @Firefart's module 2014-04-08 14:13:56 -05:00
Spencer McIntyre 3f6c8afbe3 Fix typo of MSCOMCTL not MCCOMCTL 2014-04-08 14:52:18 -04:00
Spencer McIntyre 85197dffe6 MS14-017 Word RTF listoverridecount memory corruption 2014-04-08 14:44:20 -04:00
Jeff Jarmoc 21b220321f Fix typo. 
This isn't a Linksys exploit.  Left over wording from a previous exploit?
 2014-04-07 18:06:59 -05:00
jvazquez-r7 fb1318b91c
Land #3193, @m-1-k-3's exploit for the Fritzbox RCE vuln 2014-04-07 16:13:31 -05:00
jvazquez-r7 ceaa99e64e Minor final cleanup 2014-04-07 16:12:54 -05:00
Christian Mehlmauer ac0cafcca6
Initial commit for openssl Heartbleed bug 2014-04-07 21:15:54 +02:00
Michael Messner b1a6b28af9 fixed disclosure date 2014-04-07 19:29:37 +02:00
Michael Messner 003310f18a feedback included 2014-04-07 19:25:26 +02:00
Tod Beardsley 7572d6612e
Spelling and grammar on new release modules 2014-04-07 12:18:13 -05:00
Michael Messner 85de6ed0c9 feedback included 2014-04-07 18:20:15 +02:00
sinn3r 0c883723ba
Land #3149 - Oracle Demantra Arbitrary File Retrieval with auth bypass 2014-04-07 11:11:55 -05:00
sinn3r 31dfae3a01 Follow the 100 columns per line guideline 2014-04-07 11:10:20 -05:00
sinn3r de242ecc00 Correct date format 
Hmm weird, msftidy didn't pick this up
 2014-04-07 11:09:27 -05:00
jvazquez-r7 56bd35c8ce Add module for WinRAR spoofing vulnerability 2014-04-07 09:21:49 -05:00
Michael Messner 11bbb7f429 fritzbox echo exploit 2014-04-07 09:12:22 +02:00
dummys ca7dcc0781 cleanup with msftidy 2014-04-06 12:41:58 +02:00
jvazquez-r7 6d72860d58
Land #3004, @m-1-k-3's linksys moon exploit 2014-04-04 14:04:48 -05:00
jvazquez-r7 0ae75860ea Code clean up 2014-04-04 14:02:12 -05:00
sinn3r ea1c6fe8a4
Land #3177 - JIRA Issues Collector Directory Traversal 2014-04-04 10:41:51 -05:00
Spencer McIntyre 395f5beef8
Land #3178, http header scan module 2014-04-04 11:36:35 -04:00
Spencer McIntyre 2b6ae68cbf Minor modifications for http_header 2014-04-04 10:46:03 -04:00
jvazquez-r7 e2cbcf3c5d
Land #3179, @brandonprry AlienVault sqli aux module 2014-04-04 09:17:11 -05:00
jvazquez-r7 ff6105e55d Add check codes 2014-04-04 09:13:43 -05:00
Brandon Perry 44db611845 defaultoptions, not option 2014-04-04 05:55:35 -07:00
dummys c90c49e319 Add vtiger install rce 0 day 2014-04-04 10:16:55 +02:00
jvazquez-r7 6f14cd225d Do minor clean up 2014-04-03 23:22:44 -05:00
William Vu 48ef061c3c
Land #3046, AIX ibtstat privesc exploit 2014-04-03 17:07:00 -05:00
William Vu 6c67f1881f
Normalize syntax and whitespace 2014-04-03 16:54:33 -05:00
Christian Mehlmauer 253a1c1f87
Land #3180, EMC Cloud Tiering Appliance Unauthed XXE with root perms 2014-04-03 22:02:13 +02:00
Brandon Perry a57da00932 fix refs line 2014-04-03 14:07:00 -07:00
Brandon Perry 51f83fccde add some checks in vase the file wasn't retrievable 2014-04-03 14:04:05 -07:00
sinn3r 03559dedcd
Land #3187 - Changed OptString to OptRegexp 2014-04-03 14:52:59 -05:00
William Vu d69a9d3c45
Land #3186, OptString should be OptRegexp 2014-04-03 13:07:23 -05:00
Christian Mehlmauer d995d84e91
Changed OptString to OptRegexp 2014-04-03 19:40:07 +02:00
Christian Mehlmauer b4aa08251f
changed option from string to regex 2014-04-03 19:34:40 +02:00
Brandon Perry e2ded663a6 make more robust 2014-04-03 06:15:09 -07:00
Brandon Perry 53b8148438 make more random 2014-04-03 05:52:35 -07:00
Brandon Perry 77b64ee77d make more random 2014-04-03 05:41:00 -07:00
Christian Mehlmauer a4adfac312
Added feedback for http_header module 2014-04-02 23:01:23 +02:00
Brandon Perry 75dc4c459b msftidy 2014-04-02 13:22:21 -07:00
Brandon Perry bb82277a41 msftidy 2014-04-02 13:20:13 -07:00
Brandon Perry abc0b31f26 exploithub wat 2014-04-02 13:18:48 -07:00
jvazquez-r7 577bd7c855
Land #3146, @wchen-r7's flash version detection code 2014-04-02 15:13:41 -05:00
Brandon Perry 765657d55a alienvault module 2014-04-02 13:09:46 -07:00
Brandon Perry d3f353118a edb update 2014-04-02 13:06:54 -07:00
Brandon Perry 32cd846fe4 emc cta xxe module 2014-04-02 13:05:53 -07:00
Christian Mehlmauer 69192edd4b
Added new http_header module 2014-04-02 22:04:54 +02:00
jvazquez-r7 a85d451904 Add module for CVE-2014-2314 2014-04-02 14:49:31 -05:00
agix 4a575d57ab Try to fix Meatballs1 suggestions : optional service_description change call 2014-04-02 20:33:09 +01:00
agix b636a679ae Erf, sorry, fixed now 2014-04-02 20:33:08 +01:00
agix 631a7b9c48 Adapt to new psexec mixin (first try :D) 2014-04-02 20:33:08 +01:00
Florian Gaultier 978bdbb676 Custom Service Description 2014-04-02 20:33:07 +01:00
sinn3r e3dda2e862
Land #3172 - CVE-2014-1510 to firefox_xpi_bootstrapped_addon 2014-04-02 14:07:37 -05:00
joev ebcf972c08 Add initial firefox xpi prompt bypass. 2014-04-01 23:48:35 -05:00
coma 149948485a Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra fixed issues 2014-04-01 12:28:41 -07:00
Sagi Shahar 8611526a01 Fix more bugs and more syntax errors 2014-04-01 01:22:12 +02:00
Sagi Shahar becefde52f Fix bugs and syntax 2014-04-01 00:54:51 +02:00
William Vu cf2589ba8d
Land #3162, Microsoft module name changes 2014-03-28 23:10:27 -05:00
sinn3r d7ca537a41 Microsoft module name changes 
So after making changes for MSIE modules (see #3161), I decided to
take a look at all MS modules, and then I ended up changing all of
them. Reason is the same: if you list modules in an ordered list
, this is a little bit easier to see for your eyes.
 2014-03-28 20:56:53 -05:00
sinn3r 466096f637 Add MSB number to name 2014-03-28 20:33:40 -05:00
William Vu c37dbd104a
Clean up perms and whitespace for owa_login 2014-04-02 01:45:15 -05:00
Tod Beardsley 2972220f60
Land #3047 for real. 
Merge branch 'land-3047-really' into upstream-master
 2014-04-01 13:16:13 -05:00
sinn3r 367652592c
Land #2964 - Powershell CMD Encoder 2014-04-01 10:26:38 -05:00
William Vu f9a7cfaa67
Land #3168, EICAR payload encoding 2014-04-01 09:17:10 -05:00
Spencer McIntyre dfec2eb53f Cleanup an expression and avoid fail_with 2014-03-31 18:05:20 -04:00
Spencer McIntyre 07e04717c2 Allow using a single URI and/or a list of URIs 2014-03-31 18:05:20 -04:00
Joshua Smith b21d5c1801 use TARGET_URI if given, otherwise TARGET_URIS_FILE 2014-03-31 18:05:20 -04:00
Spencer McIntyre 5e9e7e15c8 Return whether result is nil or not. 2014-03-31 18:05:20 -04:00
Spencer McIntyre 0ac112b5e7 Support checking a single URI for ntlm information. 2014-03-31 18:05:19 -04:00
Tod Beardsley fb20759fc2
Comment doc speelling 2014-03-31 16:42:50 -05:00
Tod Beardsley 6474c7be5c
Land #3166 and also #3167 
[Closes #3167]
 2014-03-31 16:21:07 -05:00
William Vu 3b6d73420e
Fix syntax error in dns_amp 2014-03-31 16:18:49 -05:00
William Vu d9df2fbf08
Land #3158, msftidy rank check for aux modules 2014-03-31 15:17:30 -05:00
Joshua Smith 159bc264a4 unretards the uri normalize loop 2014-03-31 15:58:21 -04:00
Joshua Smith 2290249a42 uses fail_with to bomb out on datastore probs 2014-03-31 15:52:05 -04:00
Joshua Smith 4f121e3e03 fixes if-logic for error condition 2014-03-31 15:38:05 -04:00
Tod Beardsley 894bbcae97
More fix-up on the DNS amplication scanner 2014-03-31 14:37:10 -05:00
Tod Beardsley 4d597174d0
Merge up from upstream/master 2014-03-31 14:33:28 -05:00
William Vu 387da26f8d
Land #3159, HP LaserJet printer SNMP enumeration 2014-03-31 12:48:23 -05:00
William Vu c6ceb8cdfd
Land #2929, DNS recursion amplification scanner 2014-03-31 12:47:46 -05:00
William Vu aaa15d13d9
Land #2928, extended SMTP open relay checks 2014-03-31 12:47:10 -05:00
Tod Beardsley ffdca3bf42
Fixup on some modules for release 
There may be more coming, but if not, this should cover
this week's minor style changes.
 2014-03-31 12:42:19 -05:00
Joshua Smith 2530fb9741 adds the return back in (forgot in prev commit) 2014-03-28 19:27:04 -04:00
Joshua Smith dc4b8461e8 unbreaks & DRYs my previous change. 2014-03-28 19:15:38 -04:00
Matteo Cantoni c559a6b39f fix description 
(cherry picked from commit 7c860b9553)
 2014-03-28 17:36:21 -05:00
Matteo Cantoni ae53d75cdb Module to HP LaserJet Printer SNMP Enumeration 
(cherry picked from commit f18fef1864)
 2014-03-28 17:36:21 -05:00
William Vu 2344a9368e
Fix warnings generated by #3158 
Keeping ManualRanking for DoS modules.
 2014-03-31 12:35:15 -05:00
jvazquez-r7 9374777da1
Land #2996, @mcantoni's jboss status aux module 2014-03-28 16:07:08 -05:00
jvazquez-r7 7689751c10 Module module location 2014-03-28 16:05:37 -05:00
jvazquez-r7 e3ec0e7624 Clean up jboss_status module 2014-03-28 16:04:43 -05:00
sinn3r a173fcf2fa Flash detection for firefox_svg_plugin 
Good test case
 2014-03-28 15:39:25 -05:00
jvazquez-r7 f7b1874e7d
Land #3151, @wchen-r7's use of BrowserExploitServer in ms13-59's exploit 2014-03-28 14:43:38 -05:00
jvazquez-r7 69369c04b3
Land #3126, @xistence's exploit for SePortal 2014-03-28 13:52:59 -05:00
jvazquez-r7 7b56c9edac Add references 2014-03-28 13:51:56 -05:00
Tod Beardsley 196e07c5b1
Touch up the EICAR stuff 2014-03-28 11:45:28 -05:00
Christian Mehlmauer 94494e38e7
Land #3152 - Use normalize_uri for module wp_property_upload_exec 2014-03-28 13:22:54 +01:00
William Vu 5458200434
Fix a couple minor annoyances in PJL 2014-03-28 02:19:30 -05:00
William Vu c1fdc4d945
Fix a couple things that were bugging me 2014-03-28 02:15:38 -05:00
Michael Messner 657b096be3 make msftidy happy 2014-03-27 19:24:25 +01:00
sinn3r f4e62a8dcd
Land #3146 - Firefox Gather Cookies from Privileged Javascript Shell 2014-03-27 13:14:22 -05:00
sinn3r 0b3f49f22a
Land #3145, Clean up firefox_svg_plugin, use FirefoxPrivilegeEscalation mixin 2014-03-27 12:59:49 -05:00
Kurt Grutzmacher 0b766cd412 changes per firefart 2014-03-27 10:08:44 -07:00
Michael Messner ad94653fc0 feedback included 2014-03-27 16:12:34 +01:00
Kurt Grutzmacher 744308bd35 tab... 2014-03-27 05:24:55 -07:00
Kurt Grutzmacher a8c96213f0 normalize_uri for wp_property_upload_exec 2014-03-27 05:22:56 -07:00
coma 107901b481 Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra msftidy fix 2014-03-26 22:37:21 -07:00
coma 30da3575e8 Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra 2014-03-26 21:53:12 -07:00
sinn3r 8ec10f7438 Use BrowserExploitServer for MS13-059 module 2014-03-26 17:49:01 -05:00
Michael Messner 4319885420 we do not need pieces ... 2014-03-26 20:45:30 +01:00
jvazquez-r7 19918e3207
Land #3143, @wchen-r7's switch to BrowserExploitServer on ie_setmousecapture_uaf 2014-03-26 14:16:35 -05:00
jvazquez-r7 7ce71445fe
Land #3140, @wchen-r7's requirements for ms14_012_textrange 2014-03-26 14:07:05 -05:00
Joe Vennix b7f1cee8d3 Remove targets from post module. 2014-03-26 13:55:02 -05:00
Joe Vennix ed8bf6279b Use #run, not #exploit, for post modules. 2014-03-26 13:51:05 -05:00