031bb2eb0b
Fix a backwards disasm bug which stomps on the depth option
2013-05-15 22:08:50 -04:00
c82bb73347
Avoid super verbose output
2013-05-15 17:45:37 -05:00
90f987de38
Merge branch 'release' to upgrade MDM to 0.12.1
2013-05-15 11:48:35 -05:00
88732bb1f4
Merge pull request #1832 from bug/shell_session_fix2
...
[Story #49893835 ]
2013-05-15 11:48:12 -05:00
3c278c2b50
Fix shell session record creation
...
use latest mdm version to fix issue with creation of Mdm::Session
objects for non-meterpreter sessions.
[Story #49893835 ]
2013-05-15 11:10:28 -05:00
61afe1449e
Landing #1275 , bash cmdstager
...
Conflicts:
lib/rex/exploitation/cmdstager.rb
Conflict was just the $Id$ tag, which is no longer used anyway.
2013-05-15 10:44:05 -05:00
2504aa4550
Land #1812 , mailvelope chrome extension key grabber
2013-05-15 10:10:36 -05:00
649a8829d3
Add modules for Mutiny vulnerabilities
2013-05-15 09:02:25 -05:00
6457a968c9
Land #1829 , uninvert note searching.
2013-05-15 07:14:19 -05:00
34085e43eb
Merge pull request #1828 from limhoff-r7/bug/mdm-host-os-name-validation
...
Update to metasploit_data_models 0.12.0
2013-05-14 15:58:35 -07:00
063ef487e2
Fix typo in cmd_notes
2013-05-14 18:58:31 -04:00
3828458ccc
Update to metasploit_data_models 0.12.0
...
[#49878349 ]
0.12.0 removes validation on Mdm::Host#os_name.
2013-05-14 15:44:48 -05:00
2454862496
Land #1827 , @wchen-r7's modification to add MS ref to ie_cgenericelement_uaf
2013-05-14 15:18:17 -05:00
e1111928c2
Adds patch info for ie_cgenericelement_uaf
...
This one is MS13-038
2013-05-14 14:55:02 -05:00
1e90f71360
Landing #1826 - Add Python format support to msfvenom
2013-05-14 14:50:12 -05:00
41e9f35f3f
Landing #1819 - Convert sap_mgmt_con_osexec_payload to multi platform
2013-05-14 14:48:16 -05:00
00fd00167a
Add Python format support to msfvenom
2013-05-14 14:39:52 -05:00
9427dfa483
Landing #1823 - Kloxo Local Privilege Escalation
2013-05-14 14:20:52 -05:00
5e925f6629
Description update
2013-05-14 14:20:27 -05:00
2ee11f70f8
Landing #1824 - Support Python when generating payloads via msfpayload
...
We love Python users too.
2013-05-14 14:14:31 -05:00
a3fc44980e
Merge pull request #1814 from tasos-r7/bug/web-match_and_log_fingerprint
...
PT 48672475
2013-05-14 11:57:34 -07:00
0a55c7e4b6
Proofs can be omitted if they contain sensitive data
2013-05-14 20:46:17 +03:00
96104c5860
Fix hard vs soft tabs
2013-05-13 20:44:51 -05:00
c71b57764e
Add a Python buffer formatter and update msfpayload to enable using it
2013-05-13 20:41:15 -05:00
42cfa72f81
Update data after test kloxo 6.1.12
2013-05-13 19:09:06 -05:00
58f2373171
Added module for EDB 25406
2013-05-13 18:08:23 -05:00
a12e59ef1f
Merge branch 'master' into bug/web-match_and_log_fingerprint
2013-05-14 01:55:37 +03:00
5e997aaf80
Landing #1816 - lists essential information about CouchDB
2013-05-13 16:46:20 -05:00
cba045a604
Make additional changes to the module
2013-05-13 16:42:33 -05:00
e3384439ed
64-bit, not '64 bits'
2013-05-13 15:40:17 -05:00
e71e0c1c28
Land #1822 , @wchen-r7's module for Coldfusion HTP disclosed exploit
2013-05-13 12:41:54 -05:00
f04ca17bb9
Fix default action
2013-05-13 11:56:02 -05:00
5b64379553
Add Coldfusion 9 target, OSVDB ref and review
2013-05-13 11:55:11 -05:00
e605318726
Merge pull request #1813 from limhoff-r7/feature/mdm-module-namespace
...
Updates to MDM 0.11.2
2013-05-13 08:09:52 -07:00
60299c2adb
Add EDB-25305 - That ColdFusion 10 sub0 0day stuff
...
This is just an aux module that extract passwords from
password.properties. Yes, this can leverage a shell too, but
obviously that's best implemented in #1737 , or as a new exploit.
We'll see.
2013-05-12 21:23:53 -05:00
feac292d85
Clean up for dlink_dsl320b_password_extractor
2013-05-12 17:35:59 -05:00
ee46771de5
Land #1799 , @m-1-k-3's auth bypass module for Dlink DSL320
2013-05-12 17:34:08 -05:00
4461aefaa2
Update to metasploit_data_models 0.11.2
...
[#47979793 ]
2013-05-12 13:36:13 -05:00
ce594a3ba2
Deprecate modules/exploits/windows/http/sap_mgmt_con_osexec_payload
2013-05-12 08:46:40 -05:00
495f1e5013
Add multi platform module for SAP MC exec exploit
2013-05-12 08:46:00 -05:00
9730abd669
Land #1818 , @wchen-r7's change to Exploit Rank
2013-05-11 11:51:49 -05:00
7fcf20201b
Ranking should be the same (to GoodRanking)
2013-05-11 09:19:25 -05:00
a94d078bfd
Added the statement return to condition: if res.nil?
2013-05-11 00:59:05 -03:00
18ee9af59f
Added couchdb_enum.rb to list essential information about CouchDB
2013-05-10 23:18:48 -03:00
5123b91bd1
Merge pull request #3 from jlee-r7/landing-1812-mailvelope-keys
...
Simplify and clean up some
2013-05-10 15:09:44 -07:00
55fc1458de
Simplify and clean up some
...
I'd really love to make this work on Linux as well, since it's really
just a file grabber/parser. Unfortunately, the Post API for enumerating
users and homedirs isn't great for cross-platform stuff like this.
A few small changes, all verified on Windows 7:
* Reuse the key storing code instead of copy-paste with minor changes
* Use binary mode when opening the stored prefs
* Don't bother checking for incognito since we're using `steal_token`
anyway
* Check for existence of directories instead of guessing based on OS
match
2013-05-10 16:58:35 -05:00
d9ff629e17
Land #1815 , typo fix.
2013-05-10 15:36:52 -05:00
ac3fe4c84e
Update CONTRIBUTING.md
2013-05-10 23:15:29 +03:00
f4bc3096b2
#match_and_log_fingerprint: store match not fingerprint
2013-05-10 19:59:12 +03:00
84ff72eb92
use file_exist? instead of fs.file.stat
2013-05-10 11:17:42 -04:00
bannedit
jvazquez-r7
Brandon Turner
David Maloney
James Lee
Tod Beardsley
John Sherwood
Luke Imhoff
sinn3r
Joshua J. Drake
Samuel Huckins
Tasos Laskos
Roberto Soares Espreto
Rob Fuller
Nick Rivera