adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,216 Commits 27 Branches 1,043 Tags
f3e03ddb4233ea4f4011d29fa7025dffefde6dfd
Commit Graph

5873 Commits

Author SHA1 Message Date
Chris John Riley f3e03ddb42 Concrete5 CMS member list scanner 2012-11-02 16:32:34 +01:00
Christian Mehlmauer 3752c10ccf Adding FireFart's RPORT(80) cleanup 
This was tested by creating a resource script to load every changed
module and displaying the options, like so:

````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````

...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.

Thanks FireFart!

Squashed commit of the following:

commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Fri May 25 22:09:42 2012 +0200

    Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
 2012-06-02 09:53:19 -05:00
Christian Mehlmauer 6ae17db7d3 Adding FireFart's hashcollision DoS module 
Have some minor edits below, looks like it all works now though.

Squashed commit of the following:

commit b7befd4889f12105f36794b1caca316d1691b335
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Jun 1 14:31:32 2012 -0500

    Removing ord in favor of unpack.

    Also renaming a 'character' variable to 'c' rather than 'i' which is
    easy to mistake for an Integer counter variable.

commit e80f6a5622df2136bc3557b2385822ba077e6469
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Jun 1 14:24:41 2012 -0500

    Cleaning up print msgs

commit 5fd65ed54cb47834dc646fdca8f047fca4b74953
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Jun 1 14:19:10 2012 -0500

    Clean up hashcollision_dos description

    Caps, mostly. One sentence I still don't get but it's not really a show
    stopper.

commit bec0ee43dc9078d34a328eb416970cdc446e6430
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Thu May 24 19:11:32 2012 +0200

    Removed RPORT, ruby 1.8 safe, no case insensitive check, error handling

commit 20793f0dfd9103c4d7067a71e81212b48318d183
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Tue May 22 23:11:53 2012 +0200

    Hashcollision Script (again)
 2012-06-01 14:51:11 -05:00
Tod Beardsley ced5b9916e Whitespace fix for script-fu module 
This is really just to check the GitHub IRC bot thinger.
 2012-06-01 12:24:52 -05:00
sinn3r 353d49d05b Modify the description 2012-06-01 12:04:46 -05:00
jvazquez-r7 abbd8c8cd5 Added module for CVE-2012-2763 2012-06-01 18:53:25 +02:00
David Maloney 92dafd4d17 Bringin in new version of pcanywhere_login 2012-06-01 11:15:12 -05:00
David Maloney 933949a6b0 trying to work around wierd git issue 2012-06-01 11:13:28 -05:00
David Maloney 28bf017ca9 Fix nil responses 2012-05-31 23:12:17 -05:00
James Lee 4681ed1c1e Whitespace, thanks msftidy.rb! 2012-05-31 18:18:27 -06:00
Tod Beardsley c463bd7c6d Fixing description for citrix module 2012-05-31 16:37:35 -05:00
Tod Beardsley 17e41b2e39 Fixing description for citrix module 2012-05-31 16:36:21 -05:00
Juan Vazquez a0b491355c Merge pull request #436 from jvazquez-r7/citrix_streamprocess_get_footer 
Added module for Citrix Provisioning Services 5.6 SP1
 2012-05-31 14:35:22 -07:00
Tod Beardsley 02a41afb2b Fixing description for juan's Citrix module 2012-05-31 16:34:13 -05:00
Juan Vazquez 00bb216927 Merge pull request #435 from jvazquez-r7/citrix_streamprocess_get_boot_record_request 
Added module for Citrix Streamprocess Opcode 0x40020004 Buffer Overflow
 2012-05-31 14:33:20 -07:00
jvazquez-r7 47c5745673 Fixed name module 2012-05-31 23:23:11 +02:00
jvazquez-r7 e324ed5251 Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020002 Buffer Overflow 2012-05-31 23:21:43 +02:00
jvazquez-r7 1c11b1b1b7 Added module for Citrix Streamprocess Opcode 0x40020002 Buffer Overflow 2012-05-31 23:17:38 +02:00
jvazquez-r7 b5f5804d94 description updated 2012-05-31 23:14:25 +02:00
jvazquez-r7 198070361b Added module for ZDI-12-010 2012-05-31 22:45:55 +02:00
HD Moore 2ad17299e2 Handle cisco devices better with ssh logins 2012-05-31 14:59:24 -05:00
David Maloney e93a6ddf83 Adds thelightcosine's pcanywhere module 
Adds PCAnywhere bruteforce capabilities

Squashed commit of the following:

commit 5354fd849f0c009c534d7ce18369382dd56de550
Author: David Maloney <DMaloney@rapid7.com>
Date:   Thu May 31 14:35:23 2012 -0500

    Add explicit pack to encrypted header

commit 7911dd309a94df2729c8247c3817cf5de6b99aad
Author: David Maloney <DMaloney@rapid7.com>
Date:   Thu May 31 13:11:19 2012 -0500

    adds pcanywhere_login module
 2012-05-31 14:46:26 -05:00
Steve Tornio 5105c1a4df add osvdb ref 2012-05-31 08:49:58 -05:00
sinn3r 4d94eeb79d Merge pull request #430 from wchen-r7/s40_traversal 
Add s40 dir traversal vuln
 2012-05-31 02:46:53 -07:00
sinn3r a19583624e Add s40 dir traversal vuln 
I can't believe I stayed up all night, and this is all I could find.
 2012-05-31 04:43:57 -05:00
Tod Beardsley 7e6c2f340e Minor updates; added BID, fixed grammar 
Modules should not refer to themselves in the first person unless they
are looking for Sarah Connor.
 2012-05-30 16:16:41 -05:00
sinn3r 54e14014c3 Merge pull request #428 from wchen-r7/php_volunteer 
Add PHP Volunteer Management System exploit
 2012-05-30 09:33:32 -07:00
sinn3r 59ea8c9ab9 Print IP/Port for each message 2012-05-30 11:30:55 -05:00
sinn3r 43dffbe996 If we don't get a new file, we assume the upload failed. This is 
possible when we actually don't have WRITE permission to the
'uploads/' directory.
 2012-05-30 11:26:06 -05:00
sinn3r efdcda55ef Don't really care about the return value for the last send_request_raw 2012-05-30 11:00:31 -05:00
sinn3r 13ba51db34 Allow the login() function to be a little more verbose for debugging purposes 2012-05-30 10:56:59 -05:00
sinn3r b81315790d Add PHP Volunteer Management System exploit 2012-05-30 10:38:45 -05:00
David Maloney 1d63cd6f6b Revert " Sets the passive flag on the JtR modules" 
This reverts commit e70ccddc9a.
 2012-05-29 21:28:23 -05:00
David Maloney 9e7acf3a57 left debug statement in module 2012-05-29 20:23:56 -05:00
David Maloney 5496beebbc fix bad proto name in winscp post mod 
The service name would get set as SCP instead of SSH
this screws up bruteforce options later
 2012-05-29 18:17:28 -05:00
David Maloney e70ccddc9a Sets the passive flag on the JtR modules 2012-05-29 17:16:07 -05:00
David Maloney 54fb6d2f7a Fixes unreal ircd race condition 
Handler would exit before finishing staging
 2012-05-29 17:16:07 -05:00
jvazquez-r7 065d3187d3 Added module for OSVDB 74604 2012-05-29 21:10:51 +02:00
Steve Tornio fe86ab9914 =Add osvdb ref 2012-05-29 13:31:20 -05:00
jvazquez-r7 db5b3c8259 Added module for OSVDB 82000 2012-05-28 08:51:36 +02:00
sinn3r d615e3bcb8 Print target IP/Port when restoring currencies.php 2012-05-28 01:33:45 -05:00
sinn3r 712a21717a Totally forgot about disclosure date, damn it 2012-05-28 01:31:13 -05:00
sinn3r 7c1442c4b4 Merge pull request #421 from wchen-r7/symantec_web_gateway 
Add CVE-2012-0297 Symantec Web Gateway
 2012-05-27 23:28:59 -07:00
sinn3r 34c93d8e44 Fix check 2012-05-28 00:51:46 -05:00
sinn3r 96d70e5fb6 Add CVE-2012-0297 Symantec Web Gateway 2012-05-27 22:47:39 -05:00
sinn3r 86ba759c07 Oops, I left one more anonymous out. 2012-05-26 15:30:20 -05:00
sinn3r 18c8314d79 Change unknown authors to "Unknown". 
Since "Anonymous" has become a well known organization, the meaning of the
term also may cause confusion.  In order to clarify, we correct unknown
authors to simply "Unknown".
 2012-05-26 15:23:09 -05:00
sinn3r 8f537653b4 Merge pull request #420 from wchen-r7/quickshare 
Add OSVDB-70776 - QuickShare File Share
 2012-05-26 01:04:21 -07:00
sinn3r 0b86ceb528 Add OSVDB-70776 2012-05-26 03:00:32 -05:00
jvazquez-r7 e774df5c32 target info plus relocation 2012-05-25 20:16:13 +02:00