adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
28,052 Commits 27 Branches 1,043 Tags
fafbc4db3f73e46df48deae207cacd6ff4ae84bf
Commit Graph

685 Commits

Author SHA1 Message Date
URI Assassin 35d3bbf74d Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
Tod Beardsley b1223165d4 Trivial grammar fixes 2014-10-14 12:00:50 -05:00
jvazquez-r7 411f6c8b2d Land #3793, @mfadzilr's exploit for CVE-2014-6287, HFS remote code execution 2014-10-08 12:16:09 -05:00
jvazquez-r7 98b69e095c Use %TEMP% and update ranking 2014-10-08 12:12:00 -05:00
jvazquez-r7 d90fe4f724 Improve check method 2014-10-08 12:03:16 -05:00
jvazquez-r7 25344aeb6a Change filename 2014-10-08 11:55:33 -05:00
jvazquez-r7 909f88680b Make exploit aggressive 2014-10-08 11:08:01 -05:00
jvazquez-r7 d02f0dc4b9 Make minor cleanup 2014-10-08 10:36:56 -05:00
jvazquez-r7 d913bf1c35 Fix metadata 2014-10-08 10:29:59 -05:00
mfadzilr a2a2ca550e add test result on different windows version 2014-09-20 20:06:30 +08:00
mfadzilr dd71c666dc added osvdb reference and software download url, use FileDropper method 
for cleanup
 2014-09-20 15:31:28 +08:00
mfadzilr 19ed594e98 using FileDropper method for cleanup 2014-09-20 10:52:21 +08:00
mfadzilr 677d035ce8 added proper regex for check function 
add comment for changed code
 2014-09-19 11:30:51 +08:00
mfadzilr 978803e9d8 add proper regex 2014-09-16 21:49:02 +08:00
mfadzilr 783b03efb6 change line 84 as mubix advice, update disclosure date according to 
bugtraq security list.
 2014-09-15 17:21:05 +08:00
mfadzilr 9860ed340e run msftidy, make correction for CVE format and space at EOL (line 77) 2014-09-15 13:13:25 +08:00
mfadzilr f1d3c44f4f exploit module for HTTP File Server version 2.3b, exploiting HFS scripting commands 'save' and 'exec'. 2014-09-15 12:59:27 +08:00
mfadzilr 74ef83812a update module vulnerability information 2014-09-15 01:43:18 +08:00
mfadzilr 8b4b66fcaa initial test 2014-09-14 12:26:02 +08:00
sinn3r 0a6ce1f305 Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP 2014-09-09 17:21:03 -05:00
jvazquez-r7 f063dcf0f4 Land #3741, @pedrib's module for CVE-2014-5005 Desktop Central file upload 2014-09-04 15:44:21 -05:00
jvazquez-r7 f466b112df Minor cleaning on check 2014-09-04 15:43:59 -05:00
jvazquez-r7 74b8e8eb40 Change module filename 2014-09-04 15:39:34 -05:00
jvazquez-r7 7563c0bd0e Use Gem::Version 2014-09-04 14:40:13 -05:00
jvazquez-r7 2615a7a3be Favor \&\& and || operands 2014-09-04 14:35:37 -05:00
Pedro Ribeiro f0e3fa18a3 Restore the original filename 2014-09-03 21:32:05 +01:00
Pedro Ribeiro d69049008c Refactor and rename desktopcentra_file_upload 
- Rewrite check method
- Declare that v7 is also exploitable (tested and it works)
- Rename to dc_agentlogupload_file_upload to match the other DC module's naming convention
- Add CVE / OSVDB / Full disclosure references
 2014-09-02 23:12:33 +01:00
Pedro Ribeiro 05856016c9 Add exploit for CVE-2014-5005 2014-09-02 23:09:10 +01:00
jvazquez-r7 8b1791da22 Modify modules to keep old behavior 2014-08-31 01:18:53 -05:00
Meatballs 474ee81807 Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-20 21:01:54 +01:00
sinn3r 8733dcb2f8 Land #3531 - Windows 2008 Update for HP AutoPass License 2014-07-16 15:13:05 -05:00
William Vu ff6c8bd5de Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
William Vu b6ded9813a Remove EOL whitespace 2014-07-16 14:56:34 -05:00
Meatballs 7583ed4950 Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-16 20:34:34 +01:00
jvazquez-r7 6d05a24653 Add target information 2014-07-15 17:45:45 -05:00
jvazquez-r7 604a612393 Have into account differences between windows default installs 2014-07-15 15:03:07 -05:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
Tod Beardsley 9fef2ca0f3 Description/whitespace changes (minor) 
Four modules updated for the weekly release with minor cosmetic fixes.

- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
 2014-07-07 12:39:05 -05:00
sinn3r 79c433e7ea Land #3480 - Oracle Event Processing FileUploadServlet Arbitrary File Upload 2014-07-03 14:09:12 -05:00
sinn3r c207d14d1f Update description 2014-07-03 14:08:31 -05:00
jvazquez-r7 5e0211016d Merge to solve conflicts 2014-07-03 09:16:04 -05:00
sinn3r 449fde5e7c Description update 2014-07-01 10:26:52 -05:00
sinn3r c43006f820 Update cogent module description, fix msftidy warnings 2014-07-01 10:06:33 -05:00
jvazquez-r7 1acd5e76cb Add check code for event processing 12 2014-06-29 15:47:57 -05:00
jvazquez-r7 a94396867c Add module for ZDI-14-106, Oracle Event Processing 2014-06-29 15:44:20 -05:00
Spencer McIntyre 748589f56a Make cmdstager flavor explicit or from info 
Every module that uses cmdstager either passes the flavor
as an option to the execute_cmdstager function or relies
on the module / target info now.
 2014-06-28 17:40:49 -04:00
HD Moore c8e44c341c Fix use of sock.get vs sock.get_once 2014-06-28 16:10:18 -05:00
HD Moore 6e80481384 Fix bad use of sock.get() and check() implementations 
Many of these modules uses sock.get() when they meant get_once()
and their HTTP-based checks were broken in some form. The response
to the sock.get() was not being checked against nil, which would
lead to stack traces when the service did not reply (a likely
case given how malformed the HTTP requests were).
 2014-06-28 16:05:05 -05:00
jvazquez-r7 45248dcdec Add YARD documentation for methods 2014-06-27 08:34:56 -04:00
jvazquez-r7 870fa96bd4 Allow quotes in CmdStagerFlavor metadata 2014-06-27 08:34:56 -04:00