c88b582f97
Add CorpWatch Name lookup module by bperry
2011-12-28 15:43:21 -06:00
d896f128e5
Add CorpWatch ID Lookup module by bperry
2011-12-28 15:41:28 -06:00
0e3370f1fe
Grammar and spelling on splunk and oracle exploits
2011-12-28 13:42:56 -06:00
9e1e87508f
Fix to boundary validation for when no db is present
...
Fixes #6171
2011-12-28 08:47:22 -08:00
5dc647a125
Make it clear that this exploit is for RHEL 3 (White Box 3 uses the same
...
packages)
2011-12-28 02:02:03 -06:00
5d67bd2a5e
Phew. Exhaustive test of all i386 FreeBSD versions complete
2011-12-28 01:38:55 -06:00
1ff0cb2eef
More testing - looks like 5.5 is not exploitable, at least not the same
...
way
2011-12-28 01:30:25 -06:00
e071944a1a
Allow ff in payloads but double them back up
2011-12-28 00:04:24 -06:00
edb9843ef9
Add Linux exploit with one sample target (Whitebox Linux 3)
2011-12-28 00:00:10 -06:00
79103074cb
Add credit for Dan's advice
2011-12-27 23:39:02 -06:00
f9224d6010
Adds basic coverage for CVE-2011-4862. Ported from Jaime Penalba
...
Estebanez's code, mostly written by Brandon Perry, exploit method (jmp
edx) by Dan Rosenberg, and general mangling/targets by hdm.
2011-12-27 23:37:30 -06:00
2ad5c56d48
Typo in comment
2011-12-27 19:11:09 -06:00
617f3250cf
Handle patched systems accurately (requires actually triggering the bug)
2011-12-27 19:04:34 -06:00
f8e3119215
Add references
2011-12-27 17:50:06 -06:00
a2760b219d
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-12-27 11:34:36 -08:00
9b995bc0a5
Adds boundary validation to the framework
...
enforces boudnary checking on netbios probes
2011-12-27 11:33:52 -08:00
101eba6aa5
Add CVE-2011-3587 Plone/Zope Remote CMD Injection (Feature #6151 )
2011-12-27 00:59:26 -06:00
05f3af1e77
Fixed typo in the windows autlogin post module
2011-12-26 11:17:17 -08:00
a00937b4d8
Fix typo.
2011-12-24 15:32:08 -06:00
87cf4cefea
Fix bug #6164
2011-12-24 15:26:20 -06:00
062f661991
Fix bug #6161 - Must explicitly convert e to e.to_s
2011-12-24 15:11:26 -06:00
8a705c9223
Fix bug #6158 - session.db_record might return nil but wasn't checked
2011-12-24 15:06:43 -06:00
dcb66307be
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-12-24 14:58:40 -06:00
2e2e28afb8
Fix bug #6160 - undefined method '[] for nil:NilClass' due to an invalid path
2011-12-24 14:57:46 -06:00
06077a37f8
Fixes typo, variable name is paths not path.
2011-12-24 14:39:08 -06:00
4215ef3ae1
add osvdb ref
2011-12-24 06:54:39 -06:00
3fe076bcd6
Check nil before using .empty?
2011-12-23 17:42:58 -06:00
69570dada6
Add CVE-2008-2161 OpenTFTP SP 1.4 Buffer Overflow by steponequit
2011-12-23 16:28:36 -06:00
84c6739921
added initial opentftp 1.4 windows exploit
2011-12-23 11:27:11 -06:00
41697440c7
Add Oracle Job Scheduler Command Execution (CreateProcessA) - Feature #6079
2011-12-23 01:22:39 -06:00
ce6b1d6b8c
Improve:
...
- Use 'Actions' to configure which OWA version to try
- Fix a bug where the USER_AS_PASS option might overwrite PASSWORD (and not restoring it) even though a password is already set.
- Increase timeout to 25
- Update description
2011-12-22 16:26:02 -06:00
b5b24a1fbf
Add a check. I decided not to try to login in the check function in order to remain non-malicious.
...
However, this decision doesn't represent how modules should write their own check.
2011-12-22 13:16:54 -06:00
262fe75e0a
Add CVE-2011-4642 - Splunk Remote Code Execution (Feature #6129 )
2011-12-22 13:04:37 -06:00
a03f5e32f8
Merge branch 'master' of github_r7:rapid7/metasploit-framework
2011-12-22 11:11:29 -06:00
2f55f08ebe
Actually describe the module in the title/description
2011-12-22 11:10:24 -06:00
5e1efdcd73
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-12-22 10:49:53 -05:00
30141f3008
Fix typo in the oracle enum aux module
...
The password grace time query was not checking the right value,
spotted by user bNull in the IRC channel.
2011-12-22 10:47:57 -05:00
743a0546f1
Don't blow up if the user doesn't set a filename
...
Can't actually require FILENAME or REMOTE_FILENAME because I don't know
if you're going to upload or download. However, there shouldn't be a
stacktrace when you just try to go with neither.
2011-12-21 16:26:29 -06:00
2db697cd7a
Fixup on checkpoint firewall module
...
get() should get get_once() (intent is to get 4 bytes,
not timeout after 4 seconds), no need to escape equals
signs in regexes, no need to newline the unexpected
responses.
2011-12-21 11:21:46 -06:00
c6297458e6
Adding ref/disclosure date to checkpoint module
...
Talked with patrick, this all looks correct now.
2011-12-21 10:59:02 -06:00
1128c3ec6b
Checkpoint error msg should use res.inspect
...
Otherwise your terminal will go all wonky.
2011-12-20 15:46:31 -06:00
a58ddcae1b
Adds reporting to Patrick's Checkpoint module
...
Also refers to port 264/TCP as the SecuRemote service instead of the
Topology service (I believe this is correct)
Reporting is initially conservative -- if we don't get something for
fw_hostname, then don't bother reporting at all; assume we're
mis-identifying the target.
2011-12-20 15:44:05 -06:00
baaa1f6c82
Add US-Cert references to all these SCADA modules. The refers are based on this list:
...
http://www.scadahacker.com/resources/msf-scada.html
2011-12-20 14:07:29 -06:00
d439390aa2
Fix typo
2011-12-20 12:19:34 -06:00
c2d59f0307
Fix issue #6133
2011-12-20 11:32:33 -06:00
c83c3d5128
TFTP forgot to commit my rename.
...
Fixes #5291 for real.
2011-12-20 10:45:29 -06:00
1a396ba955
Merge pull request #70 from rapid7/tftp_client
...
Tftp client
2011-12-20 08:42:42 -08:00
11a27a1e61
Renaming TFTP transfer util.
...
See #5291 . Just renaming the file.
2011-12-20 10:06:44 -06:00
24d53efa7c
Final touches on TFTP client
...
See #5291 . Adds an option to mess with the block size in case someone
wants to write a fuzzer or exploit that leverages that. Adds a cleanup
method to the module (pretty much required, it turns out). Looking
nearly final, just need to rename the module and I think we're good to
push to master.
2011-12-20 10:03:04 -06:00
0200b6367a
Add OKI Scanner (Feature #6125 )
2011-12-20 03:09:09 -06:00
Brandon Perry