James Lee
05e24326a6
Style compliance
2014-05-28 14:31:34 -05:00
James Lee
3ac2182984
First stab at axis2 login scanner
2014-05-27 23:53:04 -05:00
dmaloney-r7
85737d1235
Merge pull request #22 from rapid7/feature/MSP-9646/afp-loginscanner
...
AFP login scanner
2014-05-22 15:05:24 -05:00
dmaloney-r7
e062e88081
Merge pull request #23 from rapid7/feature/MSP-9671/tomcat-loginscanner
...
Add Tomcat login scanner
2014-05-22 15:01:47 -05:00
David Maloney
75d19e198b
Merge branch 'staging/electro-release' of github.com:rapid7/metasploit-framework-private into staging/electro-release
2014-05-22 14:38:53 -05:00
David Maloney
dcc6ed5351
Merge branch 'master' into staging/electro-release
2014-05-22 14:37:09 -05:00
William Vu
ebd70cbd8f
Land #3382 , references for IBM Sametime modules
2014-05-22 12:12:18 -05:00
William Vu
d31908b72e
Land #3374 , RPC deadlock fix
...
[FixRM #8794 ]
2014-05-22 12:07:23 -05:00
Tod Beardsley
fa353e6bd9
Add CVE, IBM ref for SameTime modules
2014-05-22 11:34:04 -05:00
James Lee
5d1a0397ed
Add Tomcat login scanner
2014-05-21 14:28:54 -05:00
Spencer McIntyre
e3630278ce
Land #3379 , [FixRM #8803 ] - Improve fb_cnct_group check
2014-05-21 11:39:10 -04:00
jvazquez-r7
b9464e626e
Delete unnecessary line
2014-05-21 10:18:03 -05:00
sinn3r
a22c089aa0
Land #3378 - Add Reference for katello_satellite_priv_esc
2014-05-21 01:30:59 -05:00
jvazquez-r7
af415c941b
[SeeRM #8803 ] Avoid false positives when checking fb_cnct_group
2014-05-20 18:44:28 -05:00
James Lee
8be35b90f4
Add some more specs for AFP login scanner
2014-05-20 17:44:41 -05:00
jvazquez-r7
8a9c005f13
Add URL
2014-05-20 17:43:07 -05:00
James Lee
d061d36229
Merge branch 'staging/electro-release' into feature/MSP-9646/afp-loginscanner
2014-05-20 17:25:42 -05:00
James Lee
21de14ac3d
Initial stab at AFP login scanner
2014-05-20 17:08:12 -05:00
jvazquez-r7
727054df0b
Land #3375 , @bugch3ck's support for Safari
2014-05-20 16:38:55 -05:00
Samuel Huckins
62bae8e23b
Merge pull request #21 from rapid7/feature/MSP-9687/winrm-loginscanner
...
Specs and functional steps passing.
MSP-9687 #land
2014-05-20 11:32:37 -05:00
David Maloney
0b1d9d8cd0
Merge branch 'master' into staging/electro-release
2014-05-20 10:27:55 -05:00
Jonas Vestberg
7cabfacfa3
Test adobe_flash_pixel_bender_bof on Safari 5.1.7
...
Added browser-requirement for Safari after successful test using Safari 5.1.7 with Adobe Flash Player 13.0.0.182 running on Windows 7 SP1.
2014-05-20 01:43:19 +02:00
Meatballs
52b182d212
Add a small note to bypassuac_injection concerning EXE::Custom
2014-05-19 22:00:35 +01:00
Meatballs
b84379ab3b
Note about EXE::Custom
2014-05-19 22:00:09 +01:00
Meatballs
eeae071468
Land #3363 , Workstation Length Auth Bug
2014-05-19 21:46:57 +01:00
William Vu
a30d6b1f2d
Quick cleanup for sap_icm_urlscan
2014-05-19 09:21:26 -05:00
William Vu
dc0e649a10
Clean up case statement
2014-05-19 09:21:07 -05:00
William Vu
bc64e47698
Land #3370 , cleanup for sap_icm_urlscan
2014-05-19 09:16:18 -05:00
William Vu
8235556cec
Land #3372 , release fixes
2014-05-19 09:10:38 -05:00
Tod Beardsley
0ef2e07012
Minor desc and status updates, cosmetic
2014-05-19 08:59:54 -05:00
Tod Beardsley
1ef16fb722
Land #3367 , new wordlists from unhash
...
Thanks @tkisason!
2014-05-19 08:44:54 -05:00
Meatballs
848227e18a
401 should be a valid url
2014-05-19 10:59:38 +01:00
Meatballs
5d96f54410
Be verbose about 307
2014-05-19 10:52:06 +01:00
Meatballs
88b7dc3def
re-add content length
2014-05-19 10:46:47 +01:00
Meatballs
e59f104195
Use unless
2014-05-19 10:41:01 +01:00
sinn3r
bf52c0b888
Land #3364 - Symantec Workspace Streaming Arbitrary File Upload
2014-05-19 00:25:33 -05:00
jvazquez-r7
2fb0dbb7f8
Delete debug print_status
2014-05-18 23:34:04 -05:00
jvazquez-r7
d35ba208ed
Land #3369 @bugch3ck's support for plugin flash exploitation on adobe_flash_pixel_bender
2014-05-18 23:25:08 -05:00
jvazquez-r7
975cdcb537
Allow exploitation also on FF
2014-05-18 23:24:01 -05:00
Jonas Vestberg
033757812d
Updates to adobe_flash_pixel_bender_bof:
...
1. Added embed-element to work with IE11 (and Firefox). Removed browser-requirements for ActiveX (clsid and method).
2. Added Cache-Control header on SWF-download to avoid AV-detection (no disk caching = no antivirus-analysis :).
Testing performed:
Successfully tested with Adobe Flash Player 13.0.0.182 with IE9, IE10 and IE11 running on Windows 7SP1. (Exploit will trigger on FF29, although sandboxed.)
2014-05-18 22:43:51 +02:00
Tonimir Kisasondi
9b29c572a7
Comments dont work with auth_brute.rb
2014-05-18 21:14:17 +02:00
Tonimir Kisasondi
c9bb2d5165
Added headers to files
2014-05-18 20:55:50 +02:00
Tonimir Kisasondi
97b63d708c
Corrected naming to be in line with msf convention
2014-05-18 18:18:23 +02:00
Tonimir Kisasondi
7d79f8a4c2
Removed wrongly named list.
2014-05-18 18:15:17 +02:00
Tonimir Kisasondi
d7bf66973c
Fixed userpass delimiters.
2014-05-18 18:13:03 +02:00
Tonimir Kisasondi
6ec926b573
Added separate users/pass/userpass dictionaries
2014-05-18 10:18:07 +02:00
William Vu
a97d9ed54f
Land #3148 , check_urlprefixes for sap_icm_urlscan
2014-05-17 16:10:52 -05:00
sappirate
dd1a47f31f
Modified sap_icm_urlscan to check for authentication of custom URLs
...
Fixed ruby coding style
2014-05-17 22:47:49 +02:00
Tonimir Kisasondi
af82ae262c
Added a large default password list for services.
2014-05-16 23:27:18 +02:00
James Lee
d2ebab09aa
Add timeout for SSL renegotiation after migrating
...
[SeeRM #8794 ]
2014-05-16 15:42:46 -05:00