392b3bcf2f
Land #3977 , @FireFart's WPVDB reference for php_wordpress_infusionsoft module
2014-10-09 00:32:27 -05:00
df0d4f9fb2
Fix #3973 - Unneeded datastore option URI
...
When Glassfish is installed, the web root is always /, so there is
no point to make this arbitrary.
2014-10-09 00:06:15 -05:00
1584c4781c
Add reference
2014-10-09 06:58:15 +02:00
168f1e559c
fixed status
2014-10-08 21:19:50 -05:00
3ebcaa16a1
removed scanner
2014-10-08 21:18:56 -05:00
328be3cf34
Fine Tuning Jenkins Login Module
...
At the request of the maintainers, I have deregistered the
RHOST option and made the failure proof a verbose only
print.
2014-10-08 17:53:21 -05:00
4f96d88a2f
Land #3949 , @us3r777's exploit for CVE-2014-6446, wordpress infusionsoft plugin php upload
2014-10-08 16:35:49 -05:00
66a8e7481b
Fix description
2014-10-08 16:35:14 -05:00
8ba8402be3
Update timeout
2014-10-08 16:32:05 -05:00
bbf180997a
Do minor cleanup
2014-10-08 16:29:11 -05:00
aa18eb54d3
Land #3920 , @agix's removal of dead encode code from msfpayload.
...
Was originally supposed to add support for encoders, but
this was never a supported feature of msfpayload.
2014-10-08 15:03:28 -05:00
f86c0c2bb5
Land #3970 , rm jtr_unshadow
2014-10-08 14:55:15 -05:00
1d766ba95b
Rename dump_auxiliary_action{,s}
...
To dump_module_action{,s} to accommodate post modules, etc.
2014-10-08 14:49:14 -05:00
f30309fe81
Land #3919 , @wchen-r7's Fixes #3914 , Inconsistent unicode names
2014-10-08 14:46:14 -05:00
f6a9cfcc52
Break away the elsif into a separate if
...
In case exploits support actions for some crazy reason in the future.
2014-10-08 14:30:41 -05:00
b2ba6e7ae1
Make the code more maintainable
...
Despite the code around it.
Thanks for the advice, @jlee-r7!
2014-10-08 14:14:28 -05:00
dbc199ad77
space after commas
2014-10-08 13:56:59 -05:00
c0ef2c7938
Support post modules
...
I kinda hate this code.
TODO: Get rid of and/or and the extra parens.
2014-10-08 13:23:50 -05:00
7dd6a4d0d9
Merge in changes from @todb-r7.
2014-10-08 13:25:44 -04:00
411f6c8b2d
Land #3793 , @mfadzilr's exploit for CVE-2014-6287, HFS remote code execution
2014-10-08 12:16:09 -05:00
98b69e095c
Use %TEMP% and update ranking
2014-10-08 12:12:00 -05:00
d90fe4f724
Improve check method
2014-10-08 12:03:16 -05:00
25344aeb6a
Change filename
2014-10-08 11:55:33 -05:00
909f88680b
Make exploit aggressive
2014-10-08 11:08:01 -05:00
d02f0dc4b9
Make minor cleanup
2014-10-08 10:36:56 -05:00
d913bf1c35
Fix metadata
2014-10-08 10:29:59 -05:00
a901916b0b
Remove nonfunctional jtr_unshadow
...
This module hasn't been doing anything but print_error a go away message
since June, so may as well get rid of it.
2014-10-08 10:23:29 -05:00
71e883569f
Land #3969 , rm hashrockets from refs
2014-10-08 10:07:35 -05:00
e0016d4af3
Remove hash rocket from refs array #3766
...
[SeeRM #8776 ]
2014-10-08 09:16:38 +00:00
3c7be9c4c5
Remove hash rockets from references #3766
...
[SeeRM #8776 ]
2014-10-08 09:01:19 +00:00
c5494e037d
Land #3900 - Add F5 iControl Remote Root Command Execution
2014-10-08 00:30:07 -05:00
a8b5bf4625
Show selected auxiliary action
2014-10-07 14:34:41 -05:00
eed0958de5
Fixing Comment
...
Comment was incorrect and needed to be fixed.
2014-10-07 11:28:40 -05:00
056ee4f207
Land #3958 , kill command for pyterp
2014-10-07 10:58:37 -05:00
766a69e310
Add sys_process_kill to the python meterpreter
2014-10-07 10:10:22 -04:00
031fb19153
requested updates
2014-10-06 23:52:30 -05:00
3e92892c8b
Land #3954 , file:// for the check command
2014-10-06 22:05:51 -05:00
399a61d52e
Land #3946 , ntp_readvar updates
2014-10-06 21:57:57 -05:00
e1b0ba5d3d
Removing 'require pry'
...
I accidentally left a reference to pry in my code.
Removing
2014-10-06 21:40:39 -05:00
b8c2643d56
Converting Module to LoginScanner w/ Specs
...
The previous commits for this Jenkins CI module relied on an
obsolete pattern. Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
2014-10-06 21:14:10 -05:00
6ea5d20b11
Land #3955 , fix NoMethodError for wordpress_login_enum
2014-10-06 17:22:29 -04:00
d3354d01f0
Fix #3808 - NoMethodError undefined method `map'
...
NoMethodError undefined method `map' due to an incorrect use of
load_password_vars
2014-10-06 15:42:51 -05:00
17f278effd
Fix #3822 - Support file:// syntax for check()
2014-10-06 13:37:14 -05:00
8c8ccc1d54
Update Authors
2014-10-06 11:30:39 -07:00
03888bc97b
Change the check function
...
Use regex based detection
2014-10-06 18:56:01 +02:00
29111c516c
Wordpress Infusionsoft Gravity Forms CVE-2014-6446
...
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for
WordPress does not properly restrict access, which allows remote
attackers to upload arbitrary files and execute arbitrary PHP
code via a request to utilities/code_generator.php.
2014-10-06 14:10:01 +02:00
12cd686bc4
Delete Encoder possibility in msfpayload
2014-10-06 11:22:53 +02:00
69400cf280
Fixing Author Declaration
...
I had accidentally listed myself three times as the author.
Fixing that issue so that I am only declaring myself once.
2014-10-05 23:17:28 -05:00
c0a3691817
Adding Jenkins-CI Login Scanner
...
Per Github issue #3871 (RM8774), I have added a
login scanner module for Jenkins-CI installations.
2014-10-05 22:08:34 -05:00
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
jvazquez-r7
sinn3r
Christian Mehlmauer
nullbind
nstarke
Joe Vennix
William Vu
Jay Smith
Tod Beardsley
Brendan Coles
Spencer McIntyre
Jon Hart
us3r777
agix
James Lee