ae25c300e5
Initial attempt to unify the command stagers.
2014-06-27 08:34:55 -04:00
a60dfdaacb
Land #3471 - HP AutoPass License Server File Upload
2014-06-26 14:34:32 -05:00
ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape
2014-06-26 13:48:28 -05:00
0b6f7e4483
Land #3404 - MS14-009 .NET Deployment Service IE Sandbox Escape
2014-06-26 11:45:47 -05:00
6075c795e9
Land #3467 - failure message for nil payload
2014-06-26 11:12:37 -05:00
9cec330f05
Merge branch 'master' into staging/electro-release
2014-06-26 10:22:30 -05:00
4da28f1708
updated platform
2014-06-25 22:01:19 -04:00
54ccc261d1
Updates
...
Updated spacing, ranking, php command, platform, and merged *nix and
windows cmds
2014-06-25 16:34:51 -04:00
3ed7050b67
Lands 3420 after wrapping most lines at 80
2014-06-24 17:37:43 -05:00
3fe162a8b1
wraps most lines at 80
2014-06-24 17:36:10 -05:00
0219c4974a
Release fixups, word choice, refs, etc.
2014-06-23 11:17:00 -05:00
267642aa4b
Fix description
2014-06-23 09:20:47 -05:00
cc3c06440f
Add module for ZDI-14-195, HP AutoPass License Traversal
2014-06-23 09:19:56 -05:00
e8b914a62f
Download rankings for reliable exploit, but depending on a specific version without autodetection
2014-06-20 14:33:02 -05:00
191c871e9b
[SeeRM #8815 ] Dont try to exploit when generate_payload_exe fails
2014-06-20 14:07:49 -05:00
99b1702559
Merge branch 'master' into staging/electro-release
...
Conflicts:
lib/msfenv.rb
2014-06-20 11:38:47 -05:00
f0d04fe77e
Do some randomizations
2014-06-20 11:38:10 -05:00
f26f8ae5db
Change module filename
2014-06-20 11:27:49 -05:00
33eaf643aa
Fix usage of :concat_operator operator
2014-06-20 11:27:23 -05:00
5542f846d6
Merge to solve conflicts
2014-06-20 11:24:08 -05:00
4203e75777
Land #3408 , @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950
2014-06-20 10:27:32 -05:00
f74594c324
Order metadata
2014-06-20 10:26:50 -05:00
a081beacc2
Use Gem::Version for string versions comparison
2014-06-20 09:44:29 -05:00
45dc197827
Lands 3454, exploits/linux/ids/alienvault_centerd_soap_exec
2014-06-19 15:58:33 -05:00
d28ced5b7b
change module filename
2014-06-19 15:56:55 -05:00
a0386f0797
Fix cmd_concat_operator
2014-06-19 15:52:55 -05:00
86f523f00c
concator handling
2014-06-18 18:15:58 +02:00
2b0bb608b1
Merge branch 'master' into staging/electro-release
2014-06-18 10:49:58 -05:00
45ea59050c
Fix the if cleanup
2014-06-17 23:40:00 -05:00
288430d813
wraps some long lines
2014-06-17 22:30:28 -05:00
5879ca3340
Merge branch 'upstream/master' into meatballs x64_injection
2014-06-18 10:24:33 +10:00
bab1e30557
Land #3460 , Ericom AccessNow Server BOF exploit
2014-06-17 19:10:34 -05:00
9af9d2f5c2
slight cleanup
2014-06-17 19:08:31 -05:00
1133332702
Finish module
2014-06-17 15:01:35 -05:00
8f8af0e93a
Add draft version
2014-06-17 14:21:49 -05:00
03fa858089
Added newline at EOF
2014-06-17 21:05:00 +02:00
8e1949f3c8
Added newline at EOF
2014-06-17 21:03:18 +02:00
b710014ece
Land #3435 -- Rocket Servergraph ZDI-14-161/162
2014-06-17 18:06:03 +10:00
508998263b
removed wrong module file
2014-06-17 08:57:46 +02:00
6f45eb13c7
moved module file
2014-06-17 08:56:07 +02:00
a5eed71d50
renamed and other module removed
2014-06-17 08:50:09 +02:00
e908b7bc25
renamed and other module removed
2014-06-17 08:49:46 +02:00
f464c5ee97
dlink msearch commmand injection
2014-06-16 22:12:15 +02:00
d44d409ff2
Land #3407 , @julianvilas's exploit for Java JDWP RCE
2014-06-16 13:38:51 -05:00
6a780987d5
Do minor cleanup
2014-06-16 13:37:44 -05:00
f7b892e55b
Add module for AlienVault's ZDI-14-202
2014-06-16 12:10:30 -05:00
2aa26fa290
Minor spacing and word choice fixups
2014-06-16 11:40:21 -05:00
461fba97d7
Update forgotten call to js() in webview exploit.
2014-06-15 23:43:05 -05:00
caa1e10370
Add feature for disabling Java Security Manager
2014-06-15 20:35:19 +02:00
12ec785bdb
clean up, echo stager, concator handling
2014-06-14 17:37:09 +02:00
8eb21ded97
clean up
2014-06-14 17:02:55 +02:00
9b43749916
Land #3418 - android adobe reader addjisf pdf exploit
...
Merge branch 'landing-3418' into upstream-master
2014-06-14 11:25:29 +01:00
3abfa3e12e
change to case switch
2014-06-13 19:17:28 -04:00
4b78f0ad7c
Merge branch 'feature/MSP-9723/glassfish_deployer' into staging/electro-release
2014-06-13 16:11:14 -05:00
2fe7593559
Land #3433 , @TecR0c's exploit for Easy File Management Web Server
2014-06-13 09:54:12 -05:00
eddac55c37
Remove spaces at EOL.
2014-06-13 08:37:44 -05:00
a3ae177347
echo stager, arch_cmd, echo module
2014-06-13 11:42:47 +02:00
894af92b22
echo stager, arch_cmd
2014-06-13 11:40:50 +02:00
96e492f572
Merge branch 'master' into staging/electro-release
2014-06-12 14:02:27 -05:00
cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key)
2014-06-12 13:41:44 -05:00
56efd82112
Correct the disclosure date.
2014-06-11 21:53:42 -05:00
88273f87db
Targets update
2014-06-11 21:50:16 -04:00
2296dea5ad
Clean and fix
2014-06-12 01:55:27 +02:00
4f67db60ed
Modify breakpoint approach by step into
2014-06-12 01:23:20 +02:00
0bac24778e
Fix the case statements to match platform
2014-06-11 15:22:55 -05:00
d5b32e31f8
Fix a typo where platform was 'windows' not 'win'
...
This was reported by dracu on freenode
2014-06-11 15:10:33 -05:00
9593422f9c
Merge branch 'master' into staging/electro-release
2014-06-11 10:23:56 -05:00
34f98ddc50
Do minor cleanup
2014-06-11 09:20:22 -05:00
b27b00afbb
Added target 4.0 and cleaned up exploit
2014-06-11 06:22:47 -07:00
f1382af018
Added target 4.0 and cleaned up exploit
2014-06-11 06:20:49 -07:00
af04d5dd05
Use the new hash syntax for consistency
2014-06-10 12:54:35 -05:00
00fcdc25f2
Use getaddress on rhost
2014-06-10 12:50:53 -05:00
a554b25855
Use EXITFUNC
2014-06-10 09:51:06 -05:00
384b65b3ec
Refactor glassfish_deployer creds
2014-06-09 15:40:26 -05:00
8e35f5fa12
username and password flipped
...
we reported the username as the password
and vice versa
2014-06-09 13:45:12 -05:00
3d33a82c1c
Changed to unless
2014-06-09 09:31:14 -07:00
1252eea4b9
Changed to unless
2014-06-09 09:26:03 -07:00
482aa2ea08
Merge branch 'master' into staging/electro-release
2014-06-09 10:27:22 -05:00
52d26f290f
Added check in exploit func
2014-06-09 03:23:14 -07:00
e4d14194bb
Add module for Rocket Servergraph ZDI-14-161 and ZDI-14-162
2014-06-08 11:07:10 -05:00
8ecafbc49e
Easy File Management Web Server v5.3 Stack Buffer Overflow
2014-06-08 04:21:14 -07:00
73536f2ac0
Add support Java 8
2014-06-07 22:43:14 +02:00
6bef6edb81
Update efs_easychatserver_username.rb
...
Add targets for versions 2.0 to 3.1.
Add install path detection for junk size calculation.
Add version detection for auto targeting.
2014-06-08 06:36:18 +10:00
bf1a665259
Land #2657 , Dynamic generation of windows service executable functions
...
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
da09a2725b
we need the service data in the login!
...
ooopsie #2
2014-06-06 10:51:12 -05:00
a84980fa9d
login creation was missing!
2014-06-05 13:56:08 -05:00
e7957bf999
Change GET request by random text
2014-06-05 01:33:00 +02:00
62866374b8
refactor tomcat_mgr_deploy
2014-06-04 16:22:22 -05:00
f22447f91e
refactor tomcat_mgr_upload
2014-06-04 16:07:57 -05:00
c9bd0ca995
Add minor changes
2014-06-04 15:56:14 -05:00
bb77327b09
Warn the user if the detected platform doesnt match target
2014-06-04 14:50:18 -05:00
b76253f9ff
Add context to the socket
2014-06-04 14:25:01 -05:00
77eeb5209a
Do small cleanups
2014-06-04 14:23:21 -05:00
6c643f8837
Fix usage of Rex::Sockket::Tcp
2014-06-04 14:14:23 -05:00
837668d083
use optiona argument for read_reply
2014-06-04 13:48:53 -05:00
d184717e55
delete blank lines
2014-06-04 13:24:34 -05:00
33a7bc64fa
Do some easy cleaning
2014-06-04 13:18:59 -05:00
1ff539fc73
No sense to check two times
2014-06-04 12:48:20 -05:00
7a5b5d31f9
Avoid messages inside check
2014-06-04 12:43:39 -05:00
3869fcb438
common http breakpoint event
2014-06-04 12:41:23 -05:00
9ffe8d80b4
Do some metadata cleaning
2014-06-04 12:33:57 -05:00
079fe8622a
Add module for ZDI-14-136
2014-06-04 10:29:33 -05:00
28bf29980e
Merge branch 'master' into staging/electro-release
2014-06-04 10:21:08 -05:00
b9d8f75f59
Add breakpoint autohitting
2014-06-03 23:34:40 +02:00
6061e5e713
Fix suggestions
2014-06-03 23:13:14 +02:00
62fe30798d
Tidy
2014-06-03 14:48:40 -04:00
5ddbdb7dfd
Tidy
2014-06-03 14:23:04 -04:00
fdfd7f410d
Tidy
2014-06-03 14:21:13 -04:00
392b383c2c
Update
2014-06-03 14:07:04 -04:00
166748a997
Add script_web_delivery
2014-06-03 11:53:32 -04:00
43699b1dfb
Don't clean env variable before using it
2014-06-03 09:56:19 -05:00
b8a2cf776b
Do test
2014-06-03 09:52:01 -05:00
05ed2340dc
Use powershell
2014-06-03 09:29:04 -05:00
f918bcc631
Use powershell instead of mshta
2014-06-03 09:01:56 -05:00
04ac07a216
Compress and base64 data to save bytes.
...
Reduced file size from 43kb to 12kb, yay.
2014-06-02 23:06:46 -05:00
cf6b181959
Revert change to trailer(). Kill dead method.
...
* I verified that changes to PDF mixin do not affect any older modules that
generate PDF. I did this by (on each branch) running in irb, then
running the module and diffing the pdf's generated by each branch. There were
no changes.
2014-06-02 22:26:14 -05:00
9f5dfab9ea
Add better interface for specifying custom #eol.
2014-06-02 22:26:11 -05:00
feca6c4700
Add exploit for ajsif vuln in Adobe Reader.
...
* This refactors the logic of webview_addjavascriptinterface into a mixin (android.rb).
* Additionally, some behavior in pdf.rb had to be modified (in backwards-compatible ways).
Conflicts:
lib/msf/core/exploit/mixins.rb
2014-06-02 22:25:55 -05:00
7f4702b65e
Update from rapid7 master
2014-06-02 17:41:41 -05:00
d0d389598a
Land #3086 , Android Java Meterpreter updates
...
w00t.
2014-06-02 17:28:38 -05:00
4840a05ada
Update from rapid7 master
2014-06-02 17:17:00 -05:00
52c33b7e79
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2014-06-02 17:32:51 -04:00
07093ada58
add realm handling to psexec
...
oops, forgot to create the realm when applicable
2014-06-02 14:53:40 -05:00
9574a327f8
use the new check also in exploit()
2014-06-02 14:38:33 -05:00
3c38c0d87c
Dont be confident about string comparision
2014-06-02 14:37:29 -05:00
b136765ef7
Nuke extra space at EOL
2014-06-02 14:22:01 -05:00
361b9a1616
psexec credential refactor
...
refactor psexec credential reporting
to use Metasploit::Credential
2014-06-02 14:20:54 -05:00
ea383b4139
Make print/descs/case consistent
2014-06-02 13:20:01 -05:00
d0241cf4c1
Add check method
2014-06-02 08:14:40 -05:00
31af8ef07b
Check .NET version
2014-06-01 20:58:08 -05:00
3c5fae3706
Use correct include
2014-06-01 11:51:06 +01:00
4801a7fca0
Allow x86->x64 injection
2014-06-01 11:50:13 +01:00
3ae4a16717
Clean environment variables
2014-05-30 12:21:23 -05:00
b99b577705
Clean environment variable
2014-05-30 12:20:00 -05:00
b27a95c008
Delete unused code
2014-05-30 12:08:55 -05:00
e215bd6e39
Delete unnecessary code and use get_env
2014-05-30 12:07:59 -05:00
76ed9bcf86
hedwig.cgi - cookie bof - return to system
2014-05-30 17:49:37 +02:00
1ddc2d4e87
hedwig.cgi - cookie bof - return to system
2014-05-30 17:32:49 +02:00
1dbd36a3dd
Check for the .NET dfsvc and use %windir%
2014-05-30 09:02:43 -05:00
ffbcbe8cc1
Use cmd_psh_payload
2014-05-29 18:12:18 -05:00
03889ed31f
Use cmd_psh_payload
2014-05-29 18:11:22 -05:00
60c5307475
Fix msftidy
2014-05-30 00:14:59 +02:00
9627bae98b
Add JDWP RCE for Windows and Linux
2014-05-29 23:45:44 +02:00
3a3d038904
Land #3397 - ElasticSearch Dynamic Script Arbitrary Java Execution
2014-05-29 12:21:21 -05:00
dfa61b316e
A bit of description change
2014-05-29 12:20:40 -05:00
e145298c13
Add module for CVE-2014-0257
2014-05-29 11:45:19 -05:00
6e122e683a
Add module for CVE-2013-5045
2014-05-29 11:42:54 -05:00
53ab2aefaa
Land #3386 , a few datastore msftidy error fixes
2014-05-29 10:44:37 -05:00
8a2236ecbb
Fix the last of the Set-Cookie msftidy warnings
2014-05-29 04:42:49 -05:00
7a29ae5f36
Add module for CVE-2014-3120
2014-05-27 18:01:16 -05:00
Spencer McIntyre