Commit Graph

609 Commits (fe767f3f64001c097e8b3ecc4dd94cfb791f2a5a)

Author SHA1 Message Date
jvazquez-r7 272fe5ddfd Delete debug comments 2014-01-16 16:12:12 -06:00
jvazquez-r7 8213eed49f Delete Netgear N150 target, ist's a Netgear DGN1000 model 2014-01-16 15:14:31 -06:00
jvazquez-r7 139119d32c Add Manual targets to sercomm_exec 2014-01-16 12:44:26 -06:00
jvazquez-r7 0922aef8d1 Update module description 2014-01-16 11:16:11 -06:00
Matt Andreko b7b1ddf1e8 Sercomm Exploit module fixes
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
2014-01-13 16:58:32 -05:00
jvazquez-r7 24c57b34a7 Have into account endianess 2014-01-13 15:04:23 -06:00
Tod Beardsley 671027a126
Pre-release title/desc fixes 2014-01-13 13:57:34 -06:00
jvazquez-r7 9d14dd59eb Delete parentheses 2014-01-09 15:17:13 -06:00
jvazquez-r7 85203c2f2a
Land #2823, @mandreko's exploit module for OSVDB 101653 2014-01-09 10:27:44 -06:00
Matt Andreko 40d2299ab4 Added tested device 2014-01-09 10:46:14 -05:00
Matt Andreko c50f7697a5 Merge branch 'review_2823' of https://github.com/jvazquez-r7/metasploit-framework into sercomm_exec 2014-01-09 10:39:12 -05:00
jvazquez-r7 bbaaecd648 Delete commas 2014-01-09 08:01:11 -06:00
jvazquez-r7 5e510dc64c Add minor fixes, mainly formatting 2014-01-09 07:51:42 -06:00
Matt Andreko ed6723655d Code Review Feedback
Fixed some handling of errors and invalid hosts
2014-01-09 08:44:01 -05:00
Matt Andreko d2458bcd2a Code Review Feedback
Migrated the Sercomm module to use the CmdStager mixin to provide
uploading of the ELF binary.
Modified the CmdStagerEcho mixin to allow bypass of the "-en " since in
this case, the device messed up when it was used, and would actually
write the "-en " to the file, from some flaky busybox version of "echo".
2014-01-08 22:21:32 -05:00
jvazquez-r7 590547ebc7 Modify title to avoid versions 2014-01-07 13:01:10 -06:00
Joe Vennix c34af35230 Add wrt100 to the description and title.
* The wrt110 and wrt100 share the same firmware, and are both vulnerable to this
bug.
2014-01-07 10:26:15 -06:00
jvazquez-r7 7f9f4ba4db Make gsubs compliant with the new indentation standard 2013-12-31 11:06:53 -06:00
Tod Beardsley 5ce862a5b5
Add OSVDB 2013-12-26 10:33:46 -06:00
jvazquez-r7 163a54f8b1 Do send_request_cgi final clean up 2013-12-20 17:00:57 -06:00
jvazquez-r7 af13334c84 Revert gsub! 2013-12-20 11:39:49 -06:00
jvazquez-r7 1da961343a Do final (minor) cleanup 2013-12-20 11:20:29 -06:00
Markus Wulftange 929f3ea35c Turn Auxiliary module into Exploit module 2013-12-20 16:45:38 +01:00
jvazquez-r7 ec64382efc Fix cfme_manageiq_evm_upload_exec according to chat with @rcvalle 2013-12-18 11:53:30 -06:00
jvazquez-r7 a28ea18798 Clean pull request 2013-12-18 11:32:34 -06:00
Ramon de C Valle 21661b168b Add cfme_manageiq_evm_upload_exec.rb
This module exploits a path traversal vulnerability in the "linuxpkgs"
action of "agent" controller of the Red Hat CloudForms Management Engine
5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier).
2013-12-09 16:18:12 -02:00
sinn3r bf3489203a I missed this one 2013-12-03 13:13:14 -06:00
sinn3r 230db6451b Remove @peer for modules that use HttpClient
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
Tod Beardsley 55847ce074
Fixup for release
Notably, adds a description for the module landed in #2709.
2013-12-02 16:19:05 -06:00
sinn3r fc14a6c149
Land #2576 - NETGEAR ReadyNAS Perl Code Evaluation Vulnerability 2013-11-24 00:47:14 -06:00
sinn3r b5fc0493a5
Land #2642 - Fix titles 2013-11-18 12:14:36 -06:00
jvazquez-r7 9e46975a95
Land #2643, @ChrisJohnRiley SkipVersionCheck for exim4_dovecot_bannercheck 2013-11-18 11:28:07 -06:00
jvazquez-r7 540b85df3f Set SkipVersionCheck as not required 2013-11-18 11:27:32 -06:00
Tod Beardsley 36db6a4d59
Land #2616, SuperMicro close_window BOF 2013-11-15 11:34:53 -06:00
Chris John Riley 5bd5eacd77 Added option to ignore banner checks 2013-11-15 15:01:11 +01:00
William Vu 2c485c509e Fix caps on module titles (first pass) 2013-11-15 00:03:42 -06:00
Tod Beardsley 2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints

[SeeRM #8498]
2013-11-11 21:23:35 -06:00
jvazquez-r7 40f8e80775 Fix jlee-r7's feedback 2013-11-08 14:28:19 -06:00
jvazquez-r7 b7e360922d Update ranking 2013-11-07 15:10:26 -06:00
jvazquez-r7 decf6ff6a0 Add module for CVE-2013-3623 2013-11-07 14:59:40 -06:00
James Lee 9e30c58495 Blow away remnants of Local::Unix 2013-11-05 13:51:45 -06:00
James Lee 36f96d343e Revert "Revert "Land #2505" to resolve new rspec fails"
This reverts commit e7d3206dc9.
2013-11-05 13:45:00 -06:00
jvazquez-r7 c92e8ff98d Delete extra space 2013-10-30 19:34:54 -05:00
Tod Beardsley 9045eb06b0
Various title and description updates 2013-10-28 14:00:19 -05:00
jvazquez-r7 dd094eee04 Use 443 by default with SSL 2013-10-24 16:30:26 -05:00
jvazquez-r7 72f686d99a Add module for CVE-2013-2751 2013-10-24 16:10:32 -05:00
William Vu 2aed8a3aea Update modules to use new ZDI reference 2013-10-21 15:13:46 -05:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Tod Beardsley e7d3206dc9
Revert "Land #2505" to resolve new rspec fails
This reverts commit 717dfefead, reversing
changes made to 6430fa3354.
2013-10-21 12:47:57 -05:00
sinn3r cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow 2013-10-21 12:03:07 -05:00