sinn3r
fe767f3f64
Saving progress
...
Progress group 2: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 11:07:03 -06:00
sinn3r
e5dc6a9911
Update exploit checks
...
Progress group 1: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-20 14:26:10 -06:00
jvazquez-r7
e2fa581b8c
Delete empty line
2014-01-17 22:05:14 -06:00
sinn3r
57318ef009
Fix nil bug in jboss_invoke_deploy.rb
...
If there is a connection timeout, the module shouldn't access the
"code" method because that does not exist.
2014-01-17 11:47:18 -06:00
jvazquez-r7
ac9e634cbb
Land #2874 , @mandreko's sercomm exploit fixes
2014-01-16 16:35:32 -06:00
jvazquez-r7
272fe5ddfd
Delete debug comments
2014-01-16 16:12:12 -06:00
jvazquez-r7
8213eed49f
Delete Netgear N150 target, ist's a Netgear DGN1000 model
2014-01-16 15:14:31 -06:00
jvazquez-r7
139119d32c
Add Manual targets to sercomm_exec
2014-01-16 12:44:26 -06:00
jvazquez-r7
0922aef8d1
Update module description
2014-01-16 11:16:11 -06:00
William Vu
5d387c96ec
Land #2879 , minor code formatting missed in #2863
2014-01-14 11:22:09 -06:00
sgabe
b4280f2876
Very minor code formatting
2014-01-14 13:35:00 +01:00
Matt Andreko
b7b1ddf1e8
Sercomm Exploit module fixes
...
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
2014-01-13 16:58:32 -05:00
jvazquez-r7
24c57b34a7
Have into account endianess
2014-01-13 15:04:23 -06:00
Tod Beardsley
671027a126
Pre-release title/desc fixes
2014-01-13 13:57:34 -06:00
sinn3r
771bd039a0
Land #2863 - Update realplayer_ver_attribute_bof.rb
...
Refs & ROP
2014-01-13 11:29:52 -06:00
sinn3r
bc9c865c25
Land #2865 - js payload to firefox_svg_plugin & add BA support for FF JS exploits
2014-01-13 11:17:36 -06:00
jvazquez-r7
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
sgabe
e7cc3a2345
Removed unnecessary target
2014-01-13 13:17:16 +01:00
sgabe
26d17c03b1
Replaced ROP chain
2014-01-13 02:54:49 +01:00
Joe Vennix
b3b04c4159
Fix both firefox js exploits to use browser_autopwn.
2014-01-11 17:34:38 -06:00
sgabe
d657a2efd3
Added DEP Bypass
2014-01-11 20:31:28 +01:00
sgabe
72d15645df
Added more references
2014-01-11 20:30:50 +01:00
sgabe
8449005b2a
Fixed CVE identifier.
2014-01-10 23:45:34 +01:00
sinn3r
cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells
2014-01-10 14:29:32 -06:00
jvazquez-r7
9d14dd59eb
Delete parentheses
2014-01-09 15:17:13 -06:00
jvazquez-r7
85203c2f2a
Land #2823 , @mandreko's exploit module for OSVDB 101653
2014-01-09 10:27:44 -06:00
Matt Andreko
40d2299ab4
Added tested device
2014-01-09 10:46:14 -05:00
Matt Andreko
c50f7697a5
Merge branch 'review_2823' of https://github.com/jvazquez-r7/metasploit-framework into sercomm_exec
2014-01-09 10:39:12 -05:00
jvazquez-r7
bbaaecd648
Delete commas
2014-01-09 08:01:11 -06:00
jvazquez-r7
5e510dc64c
Add minor fixes, mainly formatting
2014-01-09 07:51:42 -06:00
Matt Andreko
ed6723655d
Code Review Feedback
...
Fixed some handling of errors and invalid hosts
2014-01-09 08:44:01 -05:00
William Vu
8414973746
Land #2833 , rm linksys_wrt110_cmd_exec_stager
2014-01-09 01:21:22 -06:00
Matt Andreko
d2458bcd2a
Code Review Feedback
...
Migrated the Sercomm module to use the CmdStager mixin to provide
uploading of the ELF binary.
Modified the CmdStagerEcho mixin to allow bypass of the "-en " since in
this case, the device messed up when it was used, and would actually
write the "-en " to the file, from some flaky busybox version of "echo".
2014-01-08 22:21:32 -05:00
Niel Nielsen
e79ccb08cb
Update rails_secret_deserialization.rb
...
When using aws-sdk with Ruby 2.1.0-rc1, many "Digest::Digest is deprecated; use Digest" warnings are printed.
Even in Ruby 1.8.7-p374, OpenSSL::Digest::Digest is only provided for backward compatibility.
2014-01-07 21:41:15 +01:00
jvazquez-r7
590547ebc7
Modify title to avoid versions
2014-01-07 13:01:10 -06:00
Joe Vennix
c34af35230
Add wrt100 to the description and title.
...
* The wrt110 and wrt100 share the same firmware, and are both vulnerable to this
bug.
2014-01-07 10:26:15 -06:00
Joe Vennix
1057cbafee
Remove deprecated linksys module.
2014-01-07 10:22:35 -06:00
Tod Beardsley
c0a82ec091
Avoid specific versions in module names
...
They tend to be a lie and give people the idea that only that version is
vulnerable.
2014-01-06 13:47:24 -06:00
sinn3r
1cdfbfeed5
Land #2820 - vTigerCRM SOAP AddEmailAttachment Arbitrary File Upload
2014-01-06 10:36:02 -06:00
Tod Beardsley
cd38f1ec5d
Minor touchups to recent modules.
2014-01-03 13:39:14 -06:00
Matt Andreko
41ac66b5e5
Removed stupid debug line I left in
2014-01-03 11:00:13 -05:00
Matt Andreko
aaa9fa4d68
Removed RequiredCmd options that didn't work successfully.
2014-01-03 10:56:01 -05:00
Matt Andreko
20b073006d
Code Review Feedback
...
Removed Payload size restriction. I tested with 10,000 characters and it
worked.
Removed handler for now, since it's unable to get a shell. It's
currently limited to issuing commands.
2014-01-03 10:54:16 -05:00
Matt Andreko
570e7f87d3
Moved to more appropriate folder
2014-01-02 20:58:46 -05:00
Matt Andreko
b24e927c1a
Added module to execute commands on certain Sercomm devices through
...
backdoor
See more: https://github.com/elvanderb/TCP-32764
2014-01-02 20:54:02 -05:00
William Vu
2d25781cf0
Land #2804 for real (thanks, @jvazquez-r7!)
...
It was the wrong time to mess with my workflow.
2014-01-02 16:39:02 -06:00
William Vu
67a796021d
Land #2804 , IBM Forms Viewer 4.0 exploit
2014-01-02 16:10:02 -06:00
jvazquez-r7
eaeb457d5e
Fix disclosure date and newline as pointed by @wvu-r7
2014-01-02 16:08:44 -06:00
Joe Vennix
06fb2139b0
Digging around to get shell_command_token to work.
2014-01-02 14:05:06 -06:00
jvazquez-r7
1b893a5c26
Add module for CVE-2013-3214, CVE-2013-3215
2014-01-02 11:25:52 -06:00