Commit Graph

21142 Commits (0255f92e605c800d18eecfb538453b9024862599)

Author SHA1 Message Date
William Vu 0255f92e60
Land #2556, msfcli rspec failures fix for #2505 2013-10-21 12:52:05 -05:00
Tod Beardsley e7d3206dc9
Revert "Land #2505" to resolve new rspec fails
This reverts commit 717dfefead, reversing
changes made to 6430fa3354.
2013-10-21 12:47:57 -05:00
sinn3r c929fbd7f4
Land #2555 - Retry shell without thread impersonation 2013-10-21 12:25:15 -05:00
sinn3r cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow 2013-10-21 12:03:07 -05:00
sinn3r 9bfd98b001 Change plate 2013-10-21 11:54:42 -05:00
William Vu 717dfefead
Land #2505, missing source fix for sock_sendpage 2013-10-21 11:47:55 -05:00
sinn3r 6430fa3354
Land #2539 - Support Windows CMD generic payload
This also upgrades auxiliary/admin/scada/igss_exec_17 to an exploit
2013-10-21 11:26:13 -05:00
sinn3r 45d06dd28d Change plate 2013-10-21 11:24:30 -05:00
sinn3r 0670020701
Land #2553 - HP Intelligent Management BIMS DownloadServlet Directory Traversal 2013-10-21 11:20:16 -05:00
William Vu 61aff635b1
Land #2547, typo fix for Meterpreter screenspy 2013-10-21 11:15:42 -05:00
sinn3r 8c05f8cf51
Land #2550 - Add HP Intelligent Managemetn UploadServlet dir traversal 2013-10-21 11:14:22 -05:00
sinn3r d22e4ac2f1 Check timeout condition 2013-10-21 11:13:48 -05:00
sinn3r 36dace26fa
Land #2538 - Fix redirect URLs 2013-10-21 11:08:03 -05:00
OJ cf65f59a28 Retry shell without thread impersonation
In certain scenarios on Windows XP there are times when creating a
shell fails with the error `ERROR_PRIVILEGE_NOT_HELD`. When this
happens the user will usuall fallback to a non-impersonated shell
via the command: `execute -f cmd.exe -H -i -c`

This patch catches the error, warns the use of the failure and then retries
to create the interactive shell without the `-t` flag.
2013-10-21 15:29:19 +10:00
jvazquez-r7 183116c81f Make module work, and final cleanup 2013-10-20 18:39:41 -05:00
jvazquez-r7 27078eb5a6 Add support for HP imc /BIMS 5.1 2013-10-20 18:18:34 -05:00
jvazquez-r7 b0d32a308a Update version information 2013-10-19 00:52:22 -05:00
jvazquez-r7 7d8a0fc06c Add BID reference 2013-10-19 00:29:43 -05:00
jvazquez-r7 aa6a24da1b Add module template 2013-10-19 00:27:57 -05:00
jvazquez-r7 cf239c2234 Add module for ZDI-13-238 2013-10-19 00:05:09 -05:00
Henrik Kentsson efa0dcb92b Just a minor mistype
Just a minor mistype in code leading to a page that didn't exist.
2013-10-19 00:38:24 +02:00
William Vu 5a0b8095c0
Land #2382, Lua bind and reverse shells 2013-10-18 17:11:37 -05:00
William Vu b44f0f7e18
Land #2546, minor OS X persistence fixes 2013-10-18 17:07:53 -05:00
jvazquez-r7 70fced1d74 Delete unnecessary requires and make msftidy compliant 2013-10-18 16:54:20 -05:00
jvazquez-r7 2339cdc713
Land #2513, @joev-r7's osx persistence local exploit 2013-10-18 15:13:50 -05:00
joev 83f27296d3 Fix some bugs in osx persistence.
- the RUN_NOW datastore option did not work as expected
- Adds support for OSX < 10.4 KeepAlive option
- organizes private methods alphabetically.
2013-10-18 14:12:33 -05:00
Tod Beardsley ffcb86eba2
Land #2541, Outpost24 importer
Sample data is currently secret. If we get a hold of non-secret sample
data, it'll be tacked on to the Redmine bug referenced below.

[FixRM #8384]
2013-10-18 13:21:58 -05:00
Tod Beardsley f6675f3120
Reordered case statements 2013-10-18 13:21:28 -05:00
William Vu 93ff9ec501 Create methods for start_element for readability 2013-10-18 12:20:43 -05:00
William Vu ff69e9fd05 Move product info code to a better location 2013-10-18 12:07:34 -05:00
William Vu e6cccedad0 Append vuln info to vuln description 2013-10-18 11:31:54 -05:00
joev 681db6cb41 Use fully qualified constant in include. 2013-10-18 11:31:02 -05:00
joev 05bea41458 mkdir -p the dirname, not the file. 2013-10-18 11:27:37 -05:00
Meatballs 9112157897
Land #2543, Fixes Meterpreter Railgun Crashes
Sometimes FormatMessage would return null when trying to retrieve
the string for GetLastError(). This fixes the crash and attempts to
give some message feedback depending on the Error.

See:
https://github.com/rapid7/meterpreter/pull/35
https://github.com/rapid7/meterpreter/pull/33

[FixRM 8505][FixRM 8503]
2013-10-18 11:16:42 +01:00
OJ 827bf23979
Updated binaries with railgun crash fixes 2013-10-18 19:43:17 +10:00
joev 7a47059e1d Fix a couple more shellescapes. 2013-10-18 00:47:22 -05:00
joev a2e3c6244e Remove unnecessary Exe::Custom logic.
- this is handled by the exe.rb mixin.
- adds support for a RUN_NOW datastore option.
- tested working on java meterpreter and x86 shell session.
2013-10-18 00:41:18 -05:00
jvazquez-r7 7dd39ae5e6 Update ranking 2013-10-17 22:43:47 -05:00
jvazquez-r7 a00a813649 Add real device libraries base addresses 2013-10-17 22:34:54 -05:00
William Vu 12151650e4 Add product info to hosts and services :) 2013-10-17 16:18:27 -05:00
William Vu 06c7943f54 Import hostnames without breaking everything 2013-10-17 15:31:48 -05:00
William Vu 920e406526 Import CVE refs and db.emit all the things 2013-10-17 14:29:54 -05:00
sinn3r bcb584ea50
Land #2525 - Change module boilerplate 2013-10-17 14:15:15 -05:00
James Lee 94db3f511a Avoid extra slash in redirect URI
[SeeRM #8507]
2013-10-17 14:10:15 -05:00
jvazquez-r7 be1d6ee0d3 Support Windows CMD generic payload 2013-10-17 14:07:27 -05:00
Tod Beardsley 22b4bf2e94
Resplat webtester_exec.rb 2013-10-17 13:30:54 -05:00
Tod Beardsley 07ab53ab39
Merge from master to clear conflict
Conflicts:
	modules/exploits/windows/brightstor/tape_engine_8A.rb
	modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
2013-10-17 13:29:24 -05:00
sinn3r 064ebb5945
Land #2537 - Add a default Samsung community string 2013-10-17 11:35:04 -05:00
Tod Beardsley bd405277d9
Add a default Samsung community string
See http://www.kb.cert.org/vuls/id/281284

and

http://www.h-online.com/security/news/item/Samsung-network-printer-vulnerability-discovered-Update-2-1757967.html
2013-10-17 10:35:59 -05:00
jvazquez-r7 955fc4e29e
Land #2534, @bcoles's exploit for webtester 5 2013-10-17 09:32:49 -05:00