62c98710ad
Reword vulnerable commit range
2020-02-06 11:03:20 -06:00
e053ed7a1e
Add Msf::Exploit::Expect mixin and refactor again
2020-02-05 21:16:24 -06:00
95fa8602bc
Refactor modules that use Expect
2020-02-05 21:16:21 -06:00
81f9fc7608
Refactor arbitrary payload support
2020-02-05 17:01:54 -06:00
dae06ab0c9
Reword comments in morris_sendmail_debug
...
Not sure why I used singular, but it was probably reading too much RFC.
2020-02-05 14:23:29 -06:00
e2d0d8f011
Cleanup module and permit alternate payload scheme
...
The original Qualys exploit uses an inline-shell for loop to read
and thereby consume lines from the input stream preceeding the
intended script for execution in the body section. Payloads which
do not contain bad characters (encoded or coincidentally simple)
can be placed directly into the FROM field and executed in place
of the original for loop filter.
2020-02-01 15:04:22 -05:00
312a3466ee
Update 2020-7247 to execute from body
...
Using method from
https://www.openwall.com/lists/oss-security/2020/01/28/3
Attempted several other line readers via awk, while, for. Tried
without pipes or `>` in the strings. It appears other characters
are also illegal (conditional brackets likely culprits).
Initial testing on wide-open-configured opensmtpd on OpenBSD 6.6
libvirt Vagrant image produces shells, python meterpreter sessions,
and executes generic commands.
2020-01-31 04:32:03 -05:00
81b8d5b58a
Add OpenSMTPD MAIL FROM RCE
2020-01-29 05:10:43 -06:00
01b6bc112d
Rescue EOFError for good measure
2019-12-23 19:02:13 -06:00
81f8f4f67f
Add ForceExploit to 4.3BSD (VAX) exploits
2019-12-23 18:17:09 -06:00
32334c2386
Update all module splats from http:// to https://
2019-08-15 18:10:44 -05:00
90b9204703
Update DisclosureDate to ISO 8601 in my modules
...
Basic msftidy fixer:
diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
# Check disclosure date format
if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
d = $1 #Captured date
+ File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+ fixed('Probably updated traditional DisclosureDate to ISO 8601')
# Flag if overall format is wrong
if d =~ /^... (?:\d{1,2},? )?\d{4}$/
# Flag if month format is wrong
2018-11-16 12:18:28 -06:00
458f635159
Add supported payloads to module description
2018-10-24 01:30:27 -05:00
839c4e0467
Drop rank to AverageRanking for now
2018-10-24 01:30:17 -05:00
37560760df
Add RequiredCmd for generic and telnet
2018-10-24 01:23:15 -05:00
58a6c4137d
Add a better timeout than expect can provide
2018-10-20 13:56:37 -05:00
a965abaf36
Add full payload support by setting $PATH
2018-10-20 13:56:33 -05:00
60c4b87ad1
Prefer expect over sleeping between writes
2018-10-20 13:15:15 -05:00
ad6f15c8ca
Add Morris worm sendmail debug mode exploit
2018-10-20 13:15:01 -05:00
4c036e70c1
Fix http://seclists.org links to https://
...
I have no idea how this happened in my own code. I was seeing https://.
2018-09-15 18:54:45 -05:00
3d0d8f7773
Update false negatives on post auth information
2018-08-20 15:43:07 -05:00
2f6da89674
Change author name to nick.
2017-11-09 03:00:24 +11:00
9b75ef7c36
Land #8343 , qmail Shellshock module
2017-09-29 00:28:30 -05:00
daedf0d904
Clean up module
2017-09-29 00:27:22 -05:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
a8983c831d
Updated links and authors
2017-05-04 18:25:45 -04:00
afe801b9e8
Updated target to 'universal'
2017-05-04 16:25:41 +02:00
073cd59cd3
Added qmail_bash_env_exec exploit module, which exploit the ShellShock flaw via Qmail.
2017-05-04 15:44:18 +02:00
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
f703fa21d6
Revert "change Metasploit3 class names"
...
This reverts commit 666ae14259
2016-03-07 13:19:55 -06:00
666ae14259
change Metasploit3 class names
2016-03-07 09:56:58 +01:00
203c231b74
Fix #5659 : Update CMD exploits payload compatibility options
2015-08-10 17:12:59 -05:00
245b76477e
Fix issue with execution of perl due to gsub not matching across newlines
2014-12-10 21:38:04 +00:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
14850cd387
reference updates for multiple modules
2013-06-22 07:28:04 -05:00
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
8b3d200986
Add a check for nil
2012-11-28 23:50:29 -06:00
e5dd6fc672
Update milw0rm references.
...
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links. Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
fb7f6b49f0
This mega-diff adds better error classification to existing modules
2012-06-19 12:59:15 -05:00
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
81cb99c7ab
A better fix
...
git-svn-id: file:///home/svn/framework3/trunk@13605 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-21 19:26:41 +00:00
William Vu