adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,216 Commits 27 Branches 1,043 Tags
f3e03ddb4233ea4f4011d29fa7025dffefde6dfd
Commit Graph

201 Commits

Author SHA1 Message Date
Christian Mehlmauer 3752c10ccf Adding FireFart's RPORT(80) cleanup 
This was tested by creating a resource script to load every changed
module and displaying the options, like so:

````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````

...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.

Thanks FireFart!

Squashed commit of the following:

commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Fri May 25 22:09:42 2012 +0200

    Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
 2012-06-02 09:53:19 -05:00
James Lee 4681ed1c1e Whitespace, thanks msftidy.rb! 2012-05-31 18:18:27 -06:00
Steve Tornio 5105c1a4df add osvdb ref 2012-05-31 08:49:58 -05:00
Tod Beardsley 7e6c2f340e Minor updates; added BID, fixed grammar 
Modules should not refer to themselves in the first person unless they
are looking for Sarah Connor.
 2012-05-30 16:16:41 -05:00
sinn3r 54e14014c3 Merge pull request #428 from wchen-r7/php_volunteer 
Add PHP Volunteer Management System exploit
 2012-05-30 09:33:32 -07:00
sinn3r 59ea8c9ab9 Print IP/Port for each message 2012-05-30 11:30:55 -05:00
sinn3r 43dffbe996 If we don't get a new file, we assume the upload failed. This is 
possible when we actually don't have WRITE permission to the
'uploads/' directory.
 2012-05-30 11:26:06 -05:00
sinn3r efdcda55ef Don't really care about the return value for the last send_request_raw 2012-05-30 11:00:31 -05:00
sinn3r 13ba51db34 Allow the login() function to be a little more verbose for debugging purposes 2012-05-30 10:56:59 -05:00
sinn3r b81315790d Add PHP Volunteer Management System exploit 2012-05-30 10:38:45 -05:00
sinn3r ac0d22453a Merge pull request #414 from wchen-r7/apprain 
Add CVE-2012-1153
 2012-05-23 16:34:30 -07:00
sinn3r 8d837f5d20 Module description update. TARGETURI description update. 2012-05-23 18:33:32 -05:00
sinn3r fab3bfcea1 Add CVE-2012-1153 2012-05-23 17:50:13 -05:00
Tod Beardsley 5dd866ed4a Fixed print_status to include rhost:rport 
Also don't let the failed user:pass be a mystery to the user.
 2012-05-21 11:11:34 -05:00
Tod Beardsley 1fc7597a56 Msftidy fixes. 
Fixed up activecollab_chat, batik_svg_java, and foxit_reader_launch

All whitespace fixes.
 2012-05-21 10:59:52 -05:00
Steve Tornio ba2787df8a add osvdb ref 2012-05-20 07:13:56 -05:00
sinn3r 964a6af423 Add Active Collab chat module PHP injection exploit, by mr_me 2012-05-19 02:06:30 -05:00
sinn3r 2b13330483 Merge pull request #376 from wchen-r7/wikkawiki 
Add CVE-2011-4449
 2012-05-10 10:13:56 -07:00
sinn3r 6e8c3ad1e3 It's "inject", not "upload"... because technically that's what really happens. 2012-05-10 12:06:02 -05:00
sinn3r c69e34d407 Update description 2012-05-10 12:02:55 -05:00
sinn3r 86c3ad5e0c Add CVE-2011-4449 2012-05-10 11:57:40 -05:00
Steve Tornio cef2da6110 add osvdb ref 2012-05-05 10:13:42 -05:00
James Lee 18a44148dc Randomize case for ini true/false values 2012-05-04 17:32:32 -06:00
HD Moore 423437c620 Woops, small typo in disable_functions 2012-05-04 12:17:41 -05:00
HD Moore c6b39e8e5c Add additional definitions to disable safe_mode, open_basedir, suhosin. (thanks @i0n1c) 2012-05-04 12:15:46 -05:00
HD Moore 2ce3558bb4 Bump the rank 2012-05-04 10:19:37 -05:00
HD Moore bed4846763 A little more module cleanup 2012-05-04 10:06:18 -05:00
HD Moore d668e2321d Rename this to a more suitable location 2012-05-04 09:59:40 -05:00
sinn3r 5bebd01eb0 Tabs vs spaces war round 2 2012-04-24 16:06:08 -05:00
sinn3r bc42375565 Fix spaces to proper hard tabs. Not very fun to do. 2012-04-24 16:03:41 -05:00
Chris John Riley f4f1ec70bc Altered regex to detect Jetty hosts 
Added in detection for 401 Authentication responses
Added alternative REST based run method (seen in Axis2 1.1.1)
Added check to prevent // from appearing at the start of the URI (causes issues on Jetty hosts)

There should be a default method for URI to prevent double / from appearing at the start of the path (can cause unknown issues).
 2012-04-15 15:13:21 +02:00
andurin 4e955e5870 replace spaces with tabs 2012-04-06 10:45:10 -05:00
andurin 67e6c7b850 tomcat_mgr_deploy may report successful creds 
Using following code for 'check' as 'exploit':
               report_auth_info(
                       :host   => rhost,
                       :port   => rport,
                       :sname  => (ssl ? "https" : "http"),
                       :user   => datastore['BasicAuthUser'],
                       :pass   => datastore['BasicAuthPass'],
                       :proof  => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
                       :active => true
               )

Resulting in:

Credentials
===========

host           port  user    pass    type      active?
----           ----  ----    ----    ----      -------
192.168.x.xxx  8080  tomcat  s3cret  password  true
 2012-04-06 10:45:10 -05:00
Tod Beardsley 14e3cd75dc Revert "tomcat_mgr_deploy may report successful creds" 
This reverts commit 937f8f035a.
 2012-04-05 16:17:06 -05:00
andurin 937f8f035a tomcat_mgr_deploy may report successful creds 2012-04-05 11:09:56 +02:00
Tod Beardsley 2f3bbdc00c Sed replacement of exploit-db links with EDB refs 
This is the result of:

find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/\([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
 2012-03-21 16:43:21 -05:00
Tod Beardsley 23c9c51014 Fixing CVE format on sit_file_upload. 2012-03-21 09:59:20 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
sinn3r 7c77fe20cc Some variables don't need to be in a double-quote. 2012-03-17 20:37:42 -05:00
Tod Beardsley e3f2610985 Msftidy run through on the easy stuff. 
Still have some hits, but that requires a little more code contortion to
fix.
 2012-03-15 17:06:20 -05:00
Tod Beardsley 9144c33345 MSFTidy check for capitalization in modules 
And also fixes up a dozen or so failing modules.
 2012-03-15 16:38:12 -05:00
sinn3r 5250b179c8 Add CVE and OSVDB ref 2012-03-15 04:40:27 -05:00
James Lee 8d93e3ad44 Actually use the password we were given... 2012-03-08 10:17:39 -07:00
James Lee 02ea38516f Add a check method for tomcat_mgr_deploy 2012-03-06 23:22:44 -07:00
sinn3r 22a12a6dfc Add Lotus CMS exploit (OSVDB-75095) 2012-03-06 11:36:28 -06:00
James Lee 464cf7f65f Normalize service names 
Downcases lots and standardizes a few.  Notably, modules that reported a
service name of "TNS" are now "oracle".  Modules that report http
now check for SSL and report https instead.

[Fixes #6437]
 2012-02-21 22:59:20 -07:00
HD Moore 4932a9ca25 Dont dump an HTML document to the console 2012-02-21 23:45:25 -06:00
Tod Beardsley 4a631e463c Module title normalization 
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/

The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
 2012-02-21 11:07:44 -06:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
HD Moore af56807668 Cleanup the titles of many exploit modules 2012-02-20 19:25:55 -06:00