57c7d0679a
Land #2295 - Add platform info
2013-08-28 10:38:50 -05:00
1042dbe56a
Land #2108 , @jiuweigui's post module to get info from prefetch files
2013-08-28 10:01:06 -05:00
0fbe411be7
Ensure use Ruby File
2013-08-28 09:55:21 -05:00
5c32bb4a8e
Beautify metadata
2013-08-28 09:32:23 -05:00
4f8ba82d02
Make gather_pf_info return a prefetch entry
2013-08-28 09:29:49 -05:00
904bd12663
Fix print over nil or empty string
2013-08-28 09:27:18 -05:00
ef3085823c
Use default timeout value
2013-08-28 09:26:46 -05:00
8ac82b8b18
Beautify timezone_key_values function
2013-08-28 09:25:49 -05:00
bc593aab4f
Avoid confusion between variable and method name
2013-08-28 09:24:32 -05:00
26531dbaa7
Land #2100 , @ddouhine's exploit for OSVDB 83543
2013-08-28 08:55:59 -05:00
ab572d7d72
Fix Authors metadata section
2013-08-28 08:53:48 -05:00
b702a0d353
Fix "A payload has not been selected."
...
Since platform definition is missing, exploitation fails.
2013-08-28 12:53:08 +02:00
f823290a4c
Add nc check. Prints successful binary match.
...
* kills session nil check
2013-08-27 17:21:18 -05:00
13996b98cf
Correct action description for recording
...
The correct description is recording
2013-08-27 12:39:46 -05:00
a91b38cbf4
Land #2276 - osx webcam and record_mic post modules
2013-08-27 12:28:14 -05:00
067b8f3c59
Adds session existence check. Moves error log path to datastore option.
2013-08-27 11:44:21 -05:00
8a8f80e097
Move error log path to datastore option.
2013-08-27 11:43:20 -05:00
0bfc12ada1
Fix the way to get a session over a telnet connection
2013-08-27 11:38:49 -05:00
728d0a0e65
Land #2240 - OSX keylogger
2013-08-27 11:36:58 -05:00
a9459ef703
Update module title for naming style consistency
2013-08-27 11:36:26 -05:00
16ace44f2d
Move keylogger.rb to post/osx/capture/keylog_recorder
...
To match the naming consistency with Windows
2013-08-27 11:35:00 -05:00
5cc4ef09d1
Move previous error log path to method. Renames the #check method.
2013-08-27 11:25:00 -05:00
e4a567b2b5
Land #2284 - Fix description
2013-08-27 11:20:58 -05:00
b0226cab79
Land #2290 - HP LoadRunner lrFileIOService ActiveX Vulnerability
2013-08-27 11:19:43 -05:00
2e4e3fdbe6
Land #2237 - Fix check function
2013-08-27 11:11:54 -05:00
997c5e5516
Land #2291 , @todb-r7's patch for oracle_endeca_exec's requires
2013-08-27 11:01:21 -05:00
15b741bb5f
Require the powershell mixin explicitly
2013-08-27 10:36:51 -05:00
f59f57e148
Randomize object id
2013-08-27 10:35:06 -05:00
66fa1b41aa
Fix logic to spray correctly IE9
2013-08-27 09:57:55 -05:00
7efe85dbd6
php_include - added @wchen-r7's code improvements
2013-08-27 14:00:13 +01:00
87c03237a9
Fix discrepencies between unix/osx with whereis cmd.
2013-08-27 03:17:14 -05:00
98b21471ed
fix some bugs in cups_root_file_read module.
2013-08-27 03:03:08 -05:00
93c46c4be5
Complete the Author metadata
2013-08-26 23:29:16 -05:00
8efe2d9206
Land #2289 , @jlee-r7's exploit for CVE-2013-1662
2013-08-26 23:27:19 -05:00
e1e889131b
Add references and comments
2013-08-26 23:26:13 -05:00
63786f9e86
Add local exploit for taviso's vmware privesc
2013-08-26 21:06:40 -05:00
7a4d781538
Land #2274 - Firefox XMLSerializer Use After Free
2013-08-26 20:53:42 -05:00
b9360b9de6
Land #2286 , @wchen-r7's patch for undefined method errors
2013-08-26 20:46:05 -05:00
4cbdf38377
updated contact info
...
MASTER OF DISASTER
ULTRA LASER
:::::::-. :::::::.. :::::::-. ... ... . :
;;, `';,;;;;``;;;; ;;, `';, .;;;;;;;. .;;;;;;;. ;;,. ;;;
`[[ [[ [[[,/[[[' `[[ [[,[[ \[[,,[[ \[[,[[[[, ,[[[[,
$$, $$ $$$$$$c $$, $$$$$, $$$$$$, $$$$$$$$$$$"$$$
888_,o8P' 888b "88bo,d8b 888_,o8P'"888,_ _,88P"888,_ _,88P888 Y88" 888o
MMMMP"` MMMM "W" YMP MMMMP"` "YMMMMMP" "YMMMMMP" MMM M' "MMM
2013-08-26 16:14:49 -07:00
85ed9167f2
Print target endpoint
...
If a module consistently print the target endpoint in all its print
functions, then we'll follow that.
2013-08-26 17:51:43 -05:00
9f8051161f
Properly implement normalize_uri
2013-08-26 17:18:00 -05:00
7fad26968c
More fix to jboss_seam_exec
2013-08-26 17:16:15 -05:00
c660279963
Land #2259 , @wchen-r7's patch for [SeeRM #8319 ]
2013-08-26 16:36:45 -05:00
a58750fbbb
Land #2266 , @wchen-r7's patch forn [SeeRM #8345 ] and [SeeRM #8344 ]
2013-08-26 16:14:50 -05:00
6b15a079ea
Update for grammar in descriptions on new modules.
2013-08-26 14:52:51 -05:00
5b4890f5b9
Fix caps on typo3_winstaller module
2013-08-26 14:47:42 -05:00
3769da2722
Better fixes
2013-08-26 14:02:45 -05:00
6b8feaff8c
Type conversion
2013-08-26 13:56:11 -05:00
8c7f4b3e1f
Avoid using inline rescue
2013-08-26 13:54:06 -05:00
252f48aeee
Land #2272 , @jvennix-r7's exploit for CVE-2013-1775
2013-08-26 13:21:58 -05:00
0baaf989fb
Delete on_new_session cleanup, as discusses with @jlee-r7
2013-08-26 13:20:43 -05:00
9cb8ec950f
Fix module description
2013-08-26 11:40:05 -05:00
2b577552a2
OptEnum option changed
2013-08-26 15:25:23 +02:00
64d21c7216
added portproxy post meterpreter module
2013-08-26 14:44:41 +02:00
f8d1d29648
Add module for ZDI-13-182
2013-08-25 23:07:08 -05:00
34404ee067
Commit cups module. Tested on osx 10.7, 10.8, and unpatched ubuntu 12.0.4.
2013-08-25 14:30:11 -05:00
bf89c956c4
Just the one file, please
2013-08-24 14:53:51 -05:00
757886bece
Remove some extra wip files.
2013-08-24 14:52:52 -05:00
29320f5b7f
Fix vn refs. Add juan as an @author.
2013-08-24 13:07:35 -05:00
5b812b0c22
Add references
2013-08-24 12:12:21 -05:00
b4ad8c8867
Beautify module
2013-08-24 12:08:38 -05:00
0e116730a1
Polishing module. Tested on 10.8, 10.8.2, and 10.8.4.
2013-08-24 12:01:38 -05:00
b13d357000
Add ranking
2013-08-24 11:35:35 -05:00
2ebfdcc84b
Fix to description
2013-08-24 19:32:01 +03:00
3ce23ffb49
Make a test before running the payload
2013-08-24 11:20:47 -05:00
73f4259156
Fix based on suggestions
2013-08-24 19:14:48 +03:00
ab293d2ad9
Make msftidy happy
2013-08-24 10:51:19 -05:00
82cf812311
Switch to PrependMigrate
2013-08-24 10:46:04 -05:00
480794a9ab
Make small fixes
2013-08-24 10:40:08 -05:00
832fa8838b
Change the command to launch after background the payload job
2013-08-24 09:57:33 -05:00
4532474309
Allow cleanup from the new session
2013-08-24 09:47:40 -05:00
3cdc6abec6
Clean up some code, get CMD working.
2013-08-23 20:19:21 -05:00
140d8ae42f
Need to set timezone first.
2013-08-23 20:09:18 -05:00
a4c2ba04f3
Pass cmd through /bin/sh to set default /Users/joe/.rvm/gems/ruby-1.9.3-p392@pro-dev/bin /Users/joe/.rvm/gems/ruby-1.9.3-p392@global/bin /Users/joe/.rvm/rubies/ruby-1.9.3-p392/bin /Users/joe/.rvm/bin /usr/local/sbin /usr/local/bin /usr/bin /bin /usr/sbin /sbin /usr/X11/bin /opt/bin /opt/X11/bin. CMD and native payloads now working.
2013-08-23 19:39:21 -05:00
fc91380ebc
Add work code
2013-08-23 17:54:21 -05:00
2d3f599498
Moves ruby_dl helpers to proper place in repo.
...
* Adds fail_with methods and moves timeouts to constants.
2013-08-23 17:17:19 -05:00
ba00395cfd
Set filename to osx_mic_rec instead of webcam.
2013-08-23 15:52:24 -05:00
7b5e98d57e
Land #2269 - Oracle Endeca Server Remote Command Execution
2013-08-23 15:40:31 -05:00
6c4ad6a976
Move modules to post/osx/manage.
2013-08-23 15:38:58 -05:00
c3b98262bf
Seriously ,stop writing things to my desktop.
2013-08-23 15:16:41 -05:00
a5c9f8d670
Beautify targets metadata
2013-08-23 15:15:04 -05:00
f3415f4147
Make msftidy compliant
2013-08-23 15:14:13 -05:00
413474f417
Move module to the correct path
2013-08-23 15:08:25 -05:00
7ebe6635ea
Finish fixing ruby 1.8.7 regressions. Works on 10.8 and 10.7.
2013-08-23 15:06:48 -05:00
ba27eab0d6
Comment out ctrl-z hax.
2013-08-23 19:44:39 +00:00
ad214da3de
Switch to powershell to exec payload
2013-08-23 14:39:29 -05:00
a45f49e3b7
Use a new Ranking
2013-08-23 08:49:58 -05:00
ff6ad30be0
Add module for ZDI-13-006
2013-08-22 18:15:35 -05:00
965e2d88fe
Use normalize_uri
2013-08-21 16:49:24 -05:00
ffac6478cc
Un typo a client and server socket mixup.
2013-08-21 14:59:30 -04:00
514d2b4721
Fix to make msftidy happy.
2013-08-21 21:46:44 +03:00
b72566b8aa
Add module for ZDI-13-190
2013-08-21 12:47:47 -05:00
0cc499faf7
Minor deletes related to filetime change.
2013-08-21 14:47:50 +03:00
3a2433dac9
Remove unneeded filetime read
2013-08-21 12:18:07 +03:00
50e7d8015a
Validate datastore option "YEAR"
...
The YEAR option is a numeric value, so should be OptInt in order to
go through validation.
[FixRM #8345 ]
[FixRM #8344 ]
2013-08-21 01:38:16 -05:00
89753a6390
Fix undefined method error
...
[FixRM #8323 ]
2013-08-21 01:22:27 -05:00
92752de651
Fix undefined method error
...
[FixRM #8324 ]
2013-08-21 01:20:57 -05:00
77942f0d29
Fix undefined method error
...
[FixRM #8325 ]
2013-08-21 01:20:03 -05:00
2fa75e0133
Fix undefined method error
...
[FixRM #8325 ]
2013-08-21 01:16:49 -05:00
be29e44788
Fix undefined method error
...
[FixRM #8328 ]
2013-08-21 01:15:07 -05:00
ae8c40c8f7
Fix undefined method error
...
[FixRM #8329 ]
2013-08-21 01:10:46 -05:00
42a7766f1b
Fix undefined method error
...
[FixRM #8330 ]
2013-08-21 01:09:24 -05:00
0f85fa21b4
Fix undefined method error
...
[FixRM #8331 ]
2013-08-21 01:08:19 -05:00
8eeb66f96d
Fix undefined method error
...
[FixRM #8332 ]
2013-08-21 01:06:54 -05:00
785f633d1d
Fix undefined method error
...
[FixRM #8334 ]
[FixRM #8333 ]
2013-08-21 01:01:53 -05:00
0561928b92
Fix undefined method error
...
[FixRM #8336 ]
2013-08-21 00:54:08 -05:00
2597c71831
Fix undefined method error
...
[FixRM #8338 ]
[FixRM #8337 ]
2013-08-21 00:52:33 -05:00
092b43cbfa
Fix undefined method error
...
[FixRM #8339 ]
2013-08-21 00:50:37 -05:00
32a190f1bd
Fix undefined method error
...
[FixRM #8340 ]
2013-08-21 00:49:13 -05:00
217d89fa7c
Fix undefined method error
...
[FixRM #8341 ]
2013-08-21 00:47:31 -05:00
3a271e7cc7
Fix undefined method error
...
[FixRM #8342 ]
2013-08-21 00:45:48 -05:00
8806e76e4d
Fix undefined method error
...
[FixRM #8343 ]
2013-08-21 00:44:10 -05:00
37eaa62096
Fix undefined method error
...
[FixRM #8346 ]
2013-08-21 00:42:33 -05:00
9ca7a727e1
Fix undefined method error
...
[FixRM #8347 ]
2013-08-21 00:41:49 -05:00
5993cbe3a8
Fix undefined method error
...
[FixRM #8348 ]
2013-08-21 00:40:38 -05:00
9f98d4afe6
Fix undefined method error
...
[FixRM #8349 ]
2013-08-21 00:38:35 -05:00
35b15b6809
Fix undefined method error
...
[FixRM #8322 ]
2013-08-21 00:37:22 -05:00
ea78e8309d
Fix undefined method error
...
[FixRM #8350 ]
2013-08-21 00:35:36 -05:00
fe089030d4
Land #2257 , @wchen-r7's patch for [SeeRM #8317 ]
2013-08-20 13:43:37 -05:00
ceb0f56f42
Land #2258 , @wchen-r7's patch for [SeeRM #8318 ]
2013-08-20 13:26:34 -05:00
1702cf2af9
Use TARGETURI
2013-08-20 13:23:32 -05:00
3ac59fede7
Land #2251 , @wchen-r7's patch to use OptRegexp
2013-08-20 12:55:30 -05:00
202b31d869
Better fix based on feedback
...
Tell daddy how you want it.
2013-08-20 12:52:04 -05:00
42f774a064
Fix check method
2013-08-20 12:02:09 -05:00
533d98bd1b
Adding module for CVE 2013-5093, Graphite Web Exploit
2013-08-20 12:56:30 -04:00
546c523ed8
Land #2252 , @wchen-r7's patch for print_line vs print
2013-08-20 11:17:38 -05:00
8adc4f05dd
Land #2250 , @wchen-r7's clean up for mssql_ping
2013-08-20 10:38:01 -05:00
586ae8ded3
Land #2249 , @wchen-r7's patch for [SeeRM #8314 ]
2013-08-20 10:32:47 -05:00
277fc69a19
Land #2246 , @wchen-r7's patch for [SeeRM #8313 ]
2013-08-20 10:15:15 -05:00
f68d581b7a
[FixRM #8319 ] - Properly disable BLANK_PASSWORDS for ektron_cms400net
...
In module ektron_cms400net.rb, datastore option "BLANK_PASSWORDS" is
set to false by default, because according to the original author, a
blank password will result in account lockouts. Since the user should
never set "BLANK_PASSWORDS" to true, this option should never be
presented as an option (when issuing the "show options").
While fixing #8319 , I also noticed another bug at line 108, where
res.code is used when res could be nil due to a timeout, so I ended
up fixing it, too.
2013-08-20 01:20:52 -05:00
4790d8de50
Land #2256 , @wchen-r7's patch for [FixRM #8316 ]
2013-08-19 23:23:57 -05:00
246c2d82f9
[FixRM #8318 ] - Use normalize_uri properly
...
normalize_uri should be used when paths are being merged, not after.
2013-08-19 18:04:12 -05:00
3c27520e10
[FixRM #8317 ] - Fix possible double slash in file path
...
It is possible to have a double slash in the base path, shouldn't
happen.
2013-08-19 17:55:14 -05:00
268a3e769e
Missed this one
2013-08-19 17:45:05 -05:00
5366453031
[FixRM #8316 ] - Escape characters correctly
...
dots need to be escaped
2013-08-19 16:51:19 -05:00
7fc37231e0
Fix email format
...
Correct email format
2013-08-19 16:34:14 -05:00
a8ca32ab34
Oh yeah, need to do this too
2013-08-19 16:28:58 -05:00
154b1e8888
Remove comments
2013-08-19 16:27:35 -05:00
cf10a0ca91
Use print_line instead of print
...
These modules should be using print_line instead of print
2013-08-19 16:25:44 -05:00
8eb9266bff
Use the correct var
2013-08-19 16:19:03 -05:00
58d5cf6faa
Module should use OptRegexp for regex pattern option
...
Instead of using OptString, OptRegexp should be used because this
datastore option is a regex pattern.
2013-08-19 16:16:34 -05:00
8c03e905de
Get rid of function that's never used
...
RPORT datastore option is deregistered, and is never used anywhere
in the module, so I don't why we need this rport() function here.
2013-08-19 16:09:10 -05:00
a815d9277e
Merge pull request #2245 from todb-r7/grammar-and-such
...
Trivial grammar and word choice fixes for modules
2013-08-19 13:45:18 -07:00
17b5e57280
Typo
2013-08-19 15:32:19 -05:00
fb5ded1472
[FixRM #8314 ] - Use OptPath instead of OptString
...
These modules need to use OptPath to make sure the path is validated.
2013-08-19 15:30:33 -05:00
7b555679e6
Really delete the telnet target
2013-08-19 15:06:47 -05:00
d64c8748e8
Fix descriptions and names
2013-08-19 15:05:27 -05:00
2e74c50880
[SeeRM #8313 ] - Print where files are stored
...
As an user, I want to be able to see where my file is stored when the
module I'm using runs a store_loot().
2013-08-19 15:02:15 -05:00
232289d500
Add new module to exploit to through telnet dlink_upnp_exec_noauth
2013-08-19 15:01:29 -05:00
846925e3ba
Delete telnet target from dlink_upnp_exec_noauth
2013-08-19 14:56:12 -05:00
d0b56e1650
Use the correct variable
2013-08-19 14:38:40 -05:00
d89932bfd8
Use the correct variable
2013-08-19 14:33:01 -05:00
ca313806ae
Trivial grammar and word choice fixes for modules
2013-08-19 13:24:42 -05:00
4cef4e88a6
If exception hits, make sure it's closed.
2013-08-19 13:21:53 -05:00
11ef366818
Properly close hashlist
2013-08-19 13:14:13 -05:00
89d4f0180d
Make sure we close hashlist
2013-08-19 12:54:27 -05:00
c902b0ea4b
removed user and pass option
2013-08-19 18:07:11 +02:00
e276b57ee7
Merge remote-tracking branch 'upstream/master' into python-meterpreter-dev
2013-08-19 08:37:12 -04:00
abaec32ad6
What Luke said.
...
"You cannot, in general, place a variable declaration in a begin
scope and use it in the ensure scope unless you use nil?. It is
better to swap line 35 and line 34."
2013-08-18 23:54:04 -05:00
86d6bce8c4
[FixRM #8312 ] - Fix file handle leaks
...
Fix file handle leaks for [SeeRM #8312 ]
2013-08-18 20:31:13 -05:00
f843743294
Adds fixes from @wchen-r7.
2013-08-18 18:46:51 -05:00
017309d02d
Minor fixes to keylogger.
2013-08-18 16:29:34 -05:00
1cdf77df7d
OSX keylogger module finally working.
2013-08-18 16:21:38 -05:00
5fc806e3e0
little fixes
2013-08-18 16:18:27 +02:00
9ae977ec80
Merge branch 'raidsonic_telnet' of https://github.com/jvazquez-r7/metasploit-framework into raidsonic-ib5220-exec
...
Conflicts:
modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb
2013-08-18 15:56:39 +02:00
abd4fb778f
add osvdb ref for chasys overflow
2013-08-18 06:35:28 -05:00
0037ccceed
add osvdb ref for openx backdoor
2013-08-18 06:34:50 -05:00
02e394e1c3
php_include - fix check
2013-08-17 17:36:43 +01:00
98b4c653c0
php_include - uses verbose
2013-08-17 17:35:09 +01:00
c5d426fc70
Land #2235 , @wchen-r7's patch for [SeeRM #6264 ]
2013-08-17 10:05:41 -05:00
a75a4906f2
Description update
2013-08-16 23:28:24 -05:00
780293d817
Minor changes
2013-08-16 23:24:40 -05:00
a8cc15db20
Add module for ZDI-13-178
2013-08-16 18:13:18 -05:00
a94c6aa72b
[FixRM 6264] Check required vulnerable component before testing
...
tomcat_enum requires the admin web app package for it to work, but
by default many Apache Tomcat don't actually have this. The module
should check that first before trying usernames.
[FixRM 6264], see:
http://dev.metasploit.com/redmine/issues/6264
I also made changes to do_login in order to verify successful/bad
attempts more specific.
2013-08-16 15:45:23 -05:00
e50ef209b2
Land #2233 , @bperry-r7's module for nexpose
2013-08-16 14:21:22 -05:00
f42797fc5c
Fix indentation
2013-08-16 14:19:37 -05:00
f7339f4f77
Cleanup various style issues
...
* Unset default username and password
* Register SSL as a DefaultOption instead of redefining it
* Use the HttpClient mixin `ssl` instead of datastore.
* Unless is better than if !
* Try to store loot even if you can't cleanup the site ID.
2013-08-16 14:03:59 -05:00
dfa1310304
Commas in the author array
2013-08-16 13:54:46 -05:00
24b8fb0d7b
Whitespace retab, add rport 3780 as default
2013-08-16 13:31:05 -05:00
85b050112a
Land #2231 , @wchen-r7's patch for [SeeRM #8114 ]
2013-08-16 12:52:10 -05:00
a86b247077
Land #2224 - Add brute force module for Cisco IronPort
2013-08-16 12:07:14 -05:00
bbe57dbf3a
Some cleanup, also remove TARGETURI because not registered by default
2013-08-16 12:06:24 -05:00
d4dbea5594
Check 200
2013-08-16 11:34:32 -05:00
e436d31d23
Use SSL by defailt
2013-08-16 11:32:10 -05:00
60a229c71a
Use rhost and rport, not local host and port
2013-08-16 11:12:39 -05:00
646d55b638
Description should be present tense
2013-08-16 11:06:34 -05:00
f0237f07d6
Correct author and references
2013-08-16 11:04:51 -05:00
46d6fb3b42
Add module for xxe
2013-08-16 10:51:05 -05:00
0063d4e06c
Extend description & add Win2k3 section to WinXP section.
2013-08-16 14:44:08 +03:00
e4885b2017
updated module
...
removed the csrfkey parameter from login uri.
2013-08-16 13:04:02 +05:30
1a3b4eebdb
Fix directory name on ruby
2013-08-15 22:54:31 -05:00
795ad70eab
Change directory names
2013-08-15 22:52:42 -05:00
c5c2aebf15
Update references
2013-08-15 22:04:15 -05:00
8602e744da
Add support for Win2k3
2013-08-16 02:46:16 +03:00
cc5804f5f3
Add Port for OSVDB 96277
2013-08-15 18:34:51 -05:00
79acc96e9a
Land #2230 , enum_shares nil deref
...
[FixRM #8224 ]
2013-08-15 16:55:39 -05:00
462ccc3d36
Missed these little devils
2013-08-15 16:50:13 -05:00
cd734acf3e
[See RM 8114] - Reduce false positive if traffic is redirected
...
Fix complaint for hitting this false positive when the user has
all the traffic redirected.
2013-08-15 16:33:10 -05:00
83a179ff08
[Fix RM 8224] - undefined method `include?' for nil:NilClass
...
Bug due to registry_enumkeys returning nil.
2013-08-15 16:04:35 -05:00
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
a65181d51b
new revision - cisco_ironport_enum
...
Added code to check successful conn first, so now if there is no connectivity on target port, script aborts run.
New check to ensure 'set-cookie' is set by the app as expected, before any further fingerprinting & b-f starts.
If the app is not Ironport, 'set-cookie' will not be set & remains null, and so script aborts run.
De-registered 'TARGETURI.'
Registered 'username' and 'password' with default value.
Changed some run messages.
And lastly, changed the csrf key piece cos I miss a cold beer right now.
2013-08-15 04:06:30 +05:30
7a8bafd82c
Beautify
2013-08-14 13:50:08 -05:00
90aec6cff5
Fix telnet negotiation for the raidsonic case
2013-08-14 13:38:51 -05:00
23c5f02e9a
Land #2225 - Fix dlink_dir300_exec_telnet
2013-08-14 13:11:42 -05:00
98e0053dc6
Fix indent level
2013-08-14 13:07:01 -05:00
178a7b0dbb
Fix author's email format
2013-08-14 11:56:47 -05:00
2a4b8e4a64
Add useful comment
2013-08-14 11:49:32 -05:00
e6c36864c4
Fix telnet related stuff
2013-08-14 11:47:57 -05:00
d526663a53
Add module to brute force the Cisco IronPort application
2013-08-14 09:16:49 -07:00
7145a85fb4
Add MiniWeb (Build 300) Arbitrary File Upload
2013-08-15 01:01:46 +09:30
6b87240323
thx to juan ... session stuff looks better
2013-08-14 16:51:09 +02:00
1d82ed176f
Update joomla_media_upload_exec references
2013-08-13 23:27:01 -05:00
bce50d1b05
Land #2220 - OSX Password Prompt Spoof
2013-08-13 22:15:14 -05:00
919e0d1901
MSF license, make use of print_good
2013-08-13 22:14:35 -05:00
e1856651bc
Incorporate the suggested edits from the PR review.
...
* Rewrites helpers to just use cmd_exec, since that works in meterpreter and shell.
* Changes _EOF_ to EOF, since that threw a harmless error in shell
commits
* Prefer using Post mixin API instead of rolling-own implementation
* Fixes whitespace
[SeeRM #5940 ]
2013-08-13 19:35:55 -05:00
99ef714d00
Updates pps description.
2013-08-13 19:35:55 -05:00
52fa000211
Get password_prompt_spoof module working. [RM #5940 ]
2013-08-13 19:35:55 -05:00
54cffdb27d
Land #2219 - OSVDB-95933: Joomla Media Manager File Upload Vulnerability
2013-08-13 19:04:57 -05:00
e912a64ccc
Description change
2013-08-13 19:04:25 -05:00
c9799c1ee6
Land #2212 - Change migrate order & print target_pid
2013-08-13 18:56:54 -05:00
312ff1a20e
Delete period from regular expressions
2013-08-13 17:50:26 -05:00
04eed49310
Add support for FileDropper
2013-08-13 16:47:24 -05:00
e4a570d36b
Update metadata according to OSVDB
2013-08-13 16:42:53 -05:00
2086c51b67
Add module for Joomla Upload Exploit in the wild
2013-08-13 16:27:27 -05:00
73e9bf9fa8
Merge branch 'bug/smart_migrate' of github.com:/dmaloney-r7/metasploit-framework into bug/smart_migrate
...
Conflicts:
modules/post/windows/manage/smart_migrate.rb
2013-08-13 13:56:01 -05:00
6be4d9e583
missing interpolation
2013-08-13 13:52:44 -05:00
31cbc270fd
Favor unless over if for negative condition
2013-08-13 08:46:12 -05:00
bc9a26d4ee
Fix condition
2013-08-12 23:05:26 -05:00
568181de84
Add sthetic spaces
2013-08-12 22:33:34 -05:00
6d70d4924e
Land #2206 , @PsychoSpy module for OSVDB 94097
2013-08-12 22:27:03 -05:00
7981601eb8
Do final cleanup on intrasrv_bof
2013-08-12 22:24:53 -05:00
ebd485349f
Retab smart_migrate.rb module
...
Retabs completely for PR #2212
2013-08-12 20:23:33 -05:00
2d3c2c1c87
Set default target to 0 because there's only one
2013-08-12 20:01:23 -05:00
c0335cee26
Land #2214 - CVE-2013-3928: Chasys Draw IES Buffer Overflow
2013-08-12 19:16:02 -05:00
7562324d96
Land #2210 - CVE-2013-5019: Ultra Mini HTTPD Stack Buffer Overflow
2013-08-12 19:13:58 -05:00
51d9c59dcd
Extra tabs, bye
2013-08-12 19:13:20 -05:00
db78ffcc46
...
2013-08-12 18:21:10 -04:00
49bcec5c92
Additional cleanup
2013-08-12 18:20:03 -04:00
b3f229ff59
Add module for CVE-2013-3928
2013-08-12 17:18:30 -05:00
7014322dfd
Code cleanup
2013-08-12 18:16:00 -04:00
264fe32705
Added new badchars
2013-08-12 18:08:49 -04:00
bbc93b2a58
msftidy
2013-08-12 15:14:01 -04:00
28f030494e
Use tcp mixin/clean corrupt bytes
2013-08-12 15:12:15 -04:00
4480dc3bec
Land #2213 , @todb-r7's deletion of deprecated modules
2013-08-12 11:36:24 -05:00
b1fc8308c1
Land #2211 , @bcoles exploit for CVE-201-2620
2013-08-12 11:23:20 -05:00
bfb5040dbf
Remove deprecated modules
...
These three modules are well over their deprecation dates. Making good
on that threat now.
* service_permissions: Marked for removal on 2013-01-10
* bypassuac: Marked for removal on 2013-01-04
* ms10_092_schelevator: Marked for removal on 2013-06-01
2013-08-12 11:21:45 -05:00
8ac01d3b8e
Fix description and make it aggressive
2013-08-12 11:19:25 -05:00
c9bd791ff6
fix smart_migrate choice order
...
was trying winlogon first
should do explorer first
2013-08-12 11:02:27 -05:00
7854c452d2
Added more payload padding
2013-08-12 11:10:10 -04:00
9f33a59dc2
Fix target ret
2013-08-12 11:04:55 -04:00
6f96445b42
Change target ret/cleanup
2013-08-12 10:13:48 -04:00
a35d548979
Use HttpClient
2013-08-12 10:01:01 -04:00
d63d7bc7da
Add Open-FTPD 1.2 Writable Directory Traversal Execution
2013-08-12 08:49:49 +09:30
896320ed42
fix typo
2013-08-11 16:48:43 -04:00
4b14fa53e0
tidy debugs
2013-08-11 16:39:41 -04:00
90ef224c46
Implement CVE-2012-5019
2013-08-11 16:33:40 -04:00
f2e5092fd5
Add module for ZDI-13-179
2013-08-10 18:44:33 -05:00
185ef2ecae
msftidy
2013-08-10 16:01:44 -04:00
6fe4e3dd0e
Added Intrasrv 1.0 BOF
2013-08-10 15:56:07 -04:00
5436ec7dd3
Title change for dlink_dir300_exec_telnet
...
Title change for dlink_dir300_exec_telnet. Also correct the email
format.
2013-08-09 15:41:50 -05:00
5128458c90
Land #2201 - Better check for ppr_flatten_rec
2013-08-09 14:44:23 -05:00
021c358159
Land #2203 - Fix regex for x64 detection
2013-08-09 13:23:38 -05:00
6c0b067d7c
Land #2163 , known secret session cookie for RoR
...
From @joernchen, leverages an infoleak to gain a shell on rails
applications. There is no patch, since you are expected to keep your
secrets, well, secret.
2013-08-09 12:30:37 -05:00
969b380d71
More explicit title, grammar check on description
2013-08-09 12:27:45 -05:00
13ea8aaaad
VALIDATE_COOKIE better grammar on fail message
2013-08-09 12:26:12 -05:00
94e7164b01
Allow user to choose to validate the cookie or not
2013-08-09 12:22:28 -05:00
376c37d4cc
Two more fixes, Arch and unneeded include.
2013-08-09 09:23:50 +02:00
7178633140
Fixed architecture detection in bypassuac modules
2013-08-09 03:42:02 +02:00
155c121cbb
More spacing between ends
2013-08-08 16:35:38 -05:00
f4fc0ef3fb
Moved classes into the Metasploit3 space
...
I'm just worried about all those naked classes just hanging around in
the top namespace. This shouldn't impact functionality at all.
While most modules don't define their own classes (this is usually the
job of Msf::Exploit and Rex), I can't think of a reason why you
shouldn't (well, aside from reusability). And yet, very rarely do
modules do it. It's not unknown, though -- the drda.rb capture module
defines a bunch of Constants, and the
post/windows/gather/credentials/bulletproof_ftp.rb module defines some
more interesting things.
So, this should be okay, as long as things are defined in the context of
the Metasploit module proper.
2013-08-08 16:22:34 -05:00
4e166f3da4
Adding more blank lines between methods
...
For readability
2013-08-08 16:20:38 -05:00
567873f3cc
Use normalize_uri a little better
2013-08-08 15:12:51 -05:00
4a609504e3
Land #2199 , @jlee-r7's exploit for CVE-2013-4211
2013-08-08 14:57:28 -05:00
06ebc686c4
Land #2194 , @CharlieEriksen exploit for CVE-2013-5036
2013-08-08 14:50:28 -05:00
40a61ec654
Do minor cleanup
2013-08-08 14:47:46 -05:00
318280fea7
Add 7/2k8 RTM versions
2013-08-08 20:02:14 +01:00
d64352652f
Adds unsupported Vista versions
2013-08-08 19:58:40 +01:00
08c32c250f
File versions
2013-08-08 19:42:14 +01:00
a03d71d60e
Land #2181 - More targets for hp_sys_mgmt_exec
...
Thanks mwulftange!
2013-08-08 13:35:33 -05:00
a73f87eaa5
No autodetect. Allow the user to manually select.
2013-08-08 13:34:25 -05:00
28b36ea29b
Removing a space at EOL I missed.
2013-08-08 14:30:53 -04:00
1c6e994fe8
Adding improvements based on Juan's feedback
2013-08-08 14:29:35 -04:00
080ca0b1b1
Use fail_with when failing instead of print_error
2013-08-08 13:12:39 -05:00
a7c80ebfc2
Land #2185 , @bmerinofe's post module for dns cache dumping
2013-08-08 12:49:37 -05:00
5d0e868701
Land #2192 after cleanup
2013-08-08 08:44:17 -05:00
74eeacf9f2
Fix regex
2013-08-08 08:40:45 -05:00
ca7c0defe1
No need to rescue if we're just re-raising
2013-08-07 17:36:07 -05:00
c808930f15
Add module for CVE-2013-4211, openx backdoor
2013-08-07 17:24:47 -05:00
3a24765585
Adding CVE ID
2013-08-07 18:11:43 -04:00
0f975da5f4
Update target info and something else...
2013-08-07 16:00:06 -05:00
d1beb313f6
Add module for 2013-1690
2013-08-07 15:36:54 -05:00
821673c4d2
Try to fix a little description
2013-08-07 10:26:39 -05:00
33ac0c5c3f
Make exploit more print friendly
2013-08-07 10:21:14 -05:00
32436973e4
Land #2192 , @m-1-k-3's exploit for OSVDB-89861
2013-08-07 10:16:49 -05:00
ae685ac41d
Beautify description
2013-08-07 09:52:29 -05:00
afb8a95f0a
Land #2179 , @m-1-k-3's exploit for OSVDB-92698
2013-08-07 09:00:41 -05:00
7412981138
Adding an OSVDB reference
2013-08-07 07:15:00 -04:00
36bab2fdfa
Adding a space between init and check
2013-08-06 16:14:21 -04:00
be683d5dc6
Fixing the TARGETURI variable, adding check
2013-08-06 16:13:44 -04:00
a745ec8fa6
Adding reference
2013-08-06 14:43:25 -04:00
cfd5f29220
Fixing the use of APIKEY, which is not needed
2013-08-06 14:10:48 -04:00
69a86b60e2
Added initial squash RCE exploit
2013-08-06 14:00:17 -04:00
885417c9d9
removing config file from target
2013-08-06 15:11:54 +02:00
2d69174c5b
Initial commit of the python meterpreter.
2013-08-05 23:38:49 -04:00
c73e417531
Merge pull request #2171 from frederic/master
...
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-08-05 18:31:41 -07:00
dd35495fb8
dir 300 and 600 auxiliary module replacement
2013-08-05 22:28:59 +02:00
786f16fc91
feedback included
2013-08-05 21:55:30 +02:00
2efc2a79bf
fail with
2013-08-05 21:41:28 +02:00
9790181dd2
Land #2176 , @wchen-r7's fix for [TestRM #8272 ]
2013-08-05 13:10:25 -05:00
40f015f596
Avoid require race with powershell
2013-08-05 09:56:32 -05:00
8431eb7a79
Msftidy fixes, also use correct possessive plurals
...
http://englishplus.com/grammar/00000132.htm
2013-08-05 09:43:38 -05:00
bddcb33507
Update description for reverse_https_proxy
2013-08-05 09:35:14 -05:00
a885ff9bcc
Use consistent caps for 'PowerShell'
2013-08-05 09:33:49 -05:00
5ea67586c8
Rewrite description for MS13-005
...
The first part of the description was copy-pasted from
http://packetstormsecurity.com/files/122588/ms13_005_hwnd_broadcast.rb.txt
which contained some grammatical errors. Please try to avoid cribbing
other researchers' descriptions directly for Metasploit modules.
2013-08-05 09:29:29 -05:00
e7206af5b5
OSVDB and comment doc fixes
2013-08-05 09:08:17 -05:00
5ef1e507b8
Make msftidy happy with http_login
2013-08-05 08:41:07 -05:00
98c8c16803
Change offset values and hostname length
2013-08-05 12:29:54 +02:00
34134b2e11
feedback included
2013-08-04 14:45:55 +02:00
9955899d9a
Minor formal fixes
2013-08-04 08:03:02 +02:00
8be3f511a4
Fix undefined variable 'path' for http_login
2013-08-03 21:35:22 -05:00
b8ed364cb8
telnet user working
2013-08-03 15:07:10 +02:00
3e6de5d2e9
added a post-exploitation module to dump the cache dns entries
2013-08-03 13:37:32 +02:00
62e3c01190
raidsonic nas - command execution
2013-08-02 21:04:19 +02:00
8cc07cc571
Merge Linux and Windows exploit in multi platform exploit
2013-08-02 18:49:03 +02:00
a19afd163a
feedback included
2013-08-02 17:30:39 +02:00
10e9b97a88
Land #2180 - Accepting args for x64 osx exec payload
2013-08-02 00:45:09 -05:00
f927d1d7d3
Increase exploit reliability
...
From some limited testing, it appears that this exploit is
missing \x0d\x0a in the bad chars. If the generated payload / hunter
or egg contain that combination, it seems to cause reliability issues
and exploitation fails.
The home page for this software can be found at
http://www.leighb.com/intrasrv.htm
2013-08-02 09:06:20 +10:00
4a127c2ed2
Add hp_sys_mgmt_exec module for Linux and enhance module for Windows
...
The hp_sys_mgmt_exec module for Linux is a port of the Windows module with minor changes due to the requirement of quotes. It also uses Perl instead of PHP as PHP may not always be in the environment PATH. Although the Windows module works perfectly, it now uses the same technique to encode the command (thankfully, PHP adopted major syntax characteristics and functions from Perl).
2013-07-31 22:05:25 +02:00
592176137a
Rewrite osx x64 cmd payload to accept args.
...
[SeeRM #8260 ]
2013-07-31 08:50:28 -05:00
15906b76db
dir300 and 615 command injection
2013-07-31 14:36:51 +02:00
6b514bb44a
dir300 and 615 command injection telnet session
2013-07-31 14:34:03 +02:00
8c47f1df2d
We don't need this option anymore
2013-07-31 03:30:34 -05:00
af0046658b
Change the way file is stored
2013-07-31 03:28:24 -05:00
5e1def26aa
remove Axis M1011 fingerprint, may not be specific enough to be used automatically.
2013-07-30 09:54:33 +02:00
1b6f6b8bf0
Land #2168 again
...
Adding Dhiru's module back now that things are straight.
2013-07-29 22:10:25 -05:00
7e539332db
Reverting disaster merge to 593363c5f with diff
...
There was a disaster of a merge at 6f37cf22eb593363c5f9
2013-07-29 21:47:52 -05:00
63940d438e
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-07-30 01:56:10 +02:00
300781823d
Undo bad landing
...
This reverts commit e624ed18ad593363c5f9
2013-07-29 17:39:12 -05:00
438fbababd
Land #2158 , @kholia's post module to collect .ecryptfs info
2013-07-29 17:21:10 -05:00
b29d18d8b8
Merge branch 'ecryptfs-creds' of https://github.com/kholia/metasploit-framework
2013-07-29 16:41:41 -05:00
05be76ecb7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 16:41:22 -05:00
ab75d00f8a
Land #2169 - Description update
2013-07-29 14:24:57 -05:00
5efcbbd474
Land #2167 - PineApp Mail-SeCure livelog.html Exec
2013-07-29 13:18:18 -05:00
7967426db1
Land #2166 - PineApp Mail-SeCure ldapsyncnow.php EXEC
2013-07-29 13:16:42 -05:00
7801eadbc2
psh description
2013-07-29 19:14:12 +01:00
baa0b983c8
Land #2165 - PineApp Mail-SeCure test_li_connection.php CMD EXEC
2013-07-29 13:13:55 -05:00
8379225e9b
make msftidy happy (hopefully)
2013-07-29 23:42:29 +05:30
455569aee8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 12:10:12 -05:00
3a05993f16
Make msftidy happy and warn user about long times
2013-07-29 11:45:30 -05:00
0851974408
Land #2162 , @Meatballs1's exploit for ms13-005
2013-07-29 11:43:31 -05:00
sinn3r
jvazquez-r7
Vlatko Kosturjak
Joe Vennix
Tod Beardsley
g0tmi1k
James Lee
violet
bmerinofe
jiuweigui
Spencer McIntyre
Charlie Eriksen
Brandon Turner
m-1-k-3
Steve Tornio
Brandon Perry
Karn Ganeshen
HD Moore
bcoles
Joff Thyer
David Maloney
Tab Assassin
Nathan Einwechter
joernchen of Phenoelit
Sagi Shahar
Meatballs
root
Markus Wulftange
Ruslaideemin
Frederic Basse
Dhiru Kholia