Tod Beardsley
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
jvazquez-r7
d65ed54e0c
Check STARTUP_FOLDER option
2015-01-09 12:21:01 -06:00
jvazquez-r7
2c633e403e
Do code cleanup
2015-01-09 12:07:59 -06:00
jvazquez-r7
d52e9d4e21
Fix metadata again
2015-01-09 11:20:00 -06:00
jvazquez-r7
9dbf163fe7
Do minor style fixes
2015-01-09 11:17:16 -06:00
jvazquez-r7
8f09e0c20c
Fix metadata by copying the mysql_mof data
2015-01-09 11:15:32 -06:00
jvazquez-r7
da6496fee1
Test landing #2156 into up to date branch
2015-01-09 11:04:47 -06:00
Sean Verity
9a0ed723d1
Adds error handling for drive letter enumeration
2014-12-14 12:56:20 -05:00
Sean Verity
0c5f4ce4ee
Removed the handler-ish code
2014-12-13 22:18:41 -05:00
Sean Verity
2addd0fdc4
Fixed name, removed tabs, updated license
2014-12-13 20:37:19 -05:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
jvazquez-r7
870fa96bd4
Allow quotes in CmdStagerFlavor metadata
2014-06-27 08:34:56 -04:00
jvazquez-r7
91e2e63f42
Add CmdStagerFlavor to metadata
2014-06-27 08:34:55 -04:00
jvazquez-r7
7ced5927d8
Use One CMDStagermixin
2014-06-27 08:34:55 -04:00
Spencer McIntyre
ae25c300e5
Initial attempt to unify the command stagers.
2014-06-27 08:34:55 -04:00
sinn3r
e5dc6a9911
Update exploit checks
...
Progress group 1: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-20 14:26:10 -06:00
jvazquez-r7
7f9f4ba4db
Make gsubs compliant with the new indentation standard
2013-12-31 11:06:53 -06:00
Tod Beardsley
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
Tod Beardsley
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
Tab Assassin
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
Tod Beardsley
11e9cca855
Spelling and description touch ups.
2013-07-29 10:57:19 -05:00
Sean Verity
911e9dcb54
Made some final touches. Ready for review.
2013-07-26 16:07:20 -04:00
Sean Verity
7bbdc8c0dc
Couple of minor fixes and steps towards payload cleanup.
2013-07-25 21:37:17 -04:00
Sean Verity
b362ae8ae3
Using Meatballs1's first suggestion. Not quite there...but it's better.
2013-07-25 17:41:05 -04:00
Sean Verity
418bbd2db4
Shameless variation (ripoff) on sinn3r's mysql_mof.rb module.
2013-07-24 23:14:13 -04:00
Sean Verity
dff35c0820
Minor update to Target Selection. Refer to comments on #2128 .
2013-07-24 19:02:47 -04:00
Sean Verity
f16ed32848
Added '2003 R2 SP2' to target selection
2013-07-19 09:57:09 -04:00
sinn3r
1a01d6d033
Fix scrutinizer checks
2013-01-31 14:48:54 -06:00
egypt
5332e80ae9
Fix errant use of .to_s instead of .path
2013-01-31 14:18:42 -06:00
sinn3r
690ef85ac1
Fix trailing slash problem
...
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.
Related to: [SeeRM: #7727 ]
2013-01-28 13:19:31 -06:00
sinn3r
5bc1066c69
Change how modules use the mysql login functions
2013-01-07 16:12:10 -06:00
Tod Beardsley
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Christian Mehlmauer
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
Christian Mehlmauer
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
sinn3r
31e2a164a9
MySQL file priv gets a ref from OSVDB
2012-12-10 12:15:44 -06:00
sinn3r
23d0ffa3ab
Dang it, grammar fail.
2012-12-09 01:39:24 -06:00
jvazquez-r7
6d3d4c1d84
Added support for FileDropper
2012-12-06 12:03:17 +01:00
sinn3r
18f4df0a38
Fix weird indent prob
2012-12-06 03:58:16 -06:00
sinn3r
a90ed82413
Correct CVE format
2012-12-06 03:57:46 -06:00
sinn3r
2b96c4e2a5
Add Kingcope's MySQL 'Stuxnet' technique exploit
...
Because why not. One more trick to a pentest + coverage = better.
2012-12-06 03:56:23 -06:00
Chris John Riley
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
sinn3r
799c22554e
Warn user if a file/permission is being modified during new session
2012-10-24 00:54:17 -05:00
sinn3r
b4b860f356
Correct MC's name
2012-08-08 14:16:02 -05:00
sinn3r
7221420267
When it hangs, it's actually the correct behavior, not a failure.
2012-08-07 15:00:08 -05:00
sinn3r
0f37c1704d
Add vendor's name in there fore better searching
2012-08-07 12:17:41 -05:00
sinn3r
5f4297a68a
I tested it 9.5.2 too
2012-08-07 11:01:08 -05:00
sinn3r
3ba73c4f7f
Fix check() function
2012-08-07 11:00:12 -05:00
sinn3r
6b4ae94dce
Add CVE-2012-3951 Scrutinizer NetFlow and sFlow Analyzer exploit
...
This uses a default MySQL admin credential to write a php file to
the web directory, extracts our malicious executable, and then
finally execute it. We get SYSTEM.
2012-08-07 03:19:44 -05:00
HD Moore
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
Tod Beardsley
3c36b0c975
Msftidy: knocking out all those trailing spaces. Screw those guys.
...
git-svn-id: file:///home/svn/framework3/trunk@13967 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 03:49:49 +00:00