Pedro Ribeiro
0a9795216a
Add OSVDB id and full disclosure URL
2014-10-08 08:25:41 +01:00
Pedro Ribeiro
d328b2c29d
Add exploit for Track-It! file upload vuln
2014-10-07 23:50:10 +01:00
Pedro Ribeiro
f2f4f91af5
Merge pull request #4 from rapid7/master
...
merge
2014-10-07 23:48:16 +01:00
William Vu
056ee4f207
Land #3958 , kill command for pyterp
2014-10-07 10:58:37 -05:00
Spencer McIntyre
766a69e310
Add sys_process_kill to the python meterpreter
2014-10-07 10:10:22 -04:00
William Vu
3e92892c8b
Land #3954 , file:// for the check command
2014-10-06 22:05:51 -05:00
William Vu
399a61d52e
Land #3946 , ntp_readvar updates
2014-10-06 21:57:57 -05:00
Spencer McIntyre
6ea5d20b11
Land #3955 , fix NoMethodError for wordpress_login_enum
2014-10-06 17:22:29 -04:00
sinn3r
d3354d01f0
Fix #3808 - NoMethodError undefined method `map'
...
NoMethodError undefined method `map' due to an incorrect use of
load_password_vars
2014-10-06 15:42:51 -05:00
sinn3r
17f278effd
Fix #3822 - Support file:// syntax for check()
2014-10-06 13:37:14 -05:00
Jon Hart
8c8ccc1d54
Update Authors
2014-10-06 11:30:39 -07:00
James Lee
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
Tod Beardsley
097d2bfbb5
Land #3922 : Metasploit Park banner
2014-10-03 16:32:56 -05:00
Jon Hart
a341756e83
Support spoofing source IPs for NTP readvar, include status messages
2014-10-03 14:05:57 -07:00
Jon Hart
fa4414155a
Only include the exact readvar payload, not any padding
2014-10-03 13:58:13 -07:00
Jon Hart
65c1a8230a
Address most Rubocop complaints
2014-10-03 13:47:29 -07:00
Jon Hart
0715c671c6
Update NTP readvar module to detect DRDoS, UDPScanner to be faster
2014-10-03 13:28:30 -07:00
Tod Beardsley
d048bb7725
Add some color to the msfpark banner
...
It looks kind of naked without some color compared to all the other
banners.
2014-10-03 14:52:54 -05:00
Samuel Huckins
f2fc0d88ef
Lands #3943 , changes to engine require
2014-10-03 14:26:50 -05:00
Matt Buck
0bb4eac259
Rename the method for optional requires
...
MSP-11412
2014-10-03 14:06:13 -05:00
Matt Buck
88cbf22ef0
Optionally require mdm, as well
...
MSP-11412
2014-10-03 13:49:39 -05:00
Matt Buck
478dbd32f2
Bump to newly-released versions of gems
...
MSP-11412
2014-10-03 12:07:23 -05:00
Matt Buck
f748256e47
Use the prerelease versions of the gems
...
MSP-11412
2014-10-03 10:29:10 -05:00
William Vu
f7e709dcb3
Land #3941 , new WPVDB reference
2014-10-03 10:17:02 -05:00
Christian Mehlmauer
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
Spencer McIntyre
7da22d064d
Remove an unnecessary var and fix process_close
2014-10-02 20:52:45 -04:00
Matt Buck
04dbfb9ad6
Bump metasploit gem dependencies
...
MSP-11412
2014-10-02 18:11:13 -05:00
sinn3r
6f50ef581c
Land #3935 - Fix SNMP scanners on OS X/FreeBSD
2014-10-02 16:38:36 -05:00
sinn3r
6d7870a4ac
Land #3934 - New :vuln_test option to BES
2014-10-02 16:31:50 -05:00
Christian Mehlmauer
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
Matt Buck
dabec92e61
Ensure require of metasploit/credential/engine is optional
2014-10-02 14:46:56 -05:00
Matt Buck
7ed1977d0b
Specific require all metasploit gem dependencies' engines
...
MSP-11412
2014-10-02 14:20:10 -05:00
Matt Buck
71efeb0c26
Also PATH out the deps for metasploit-credential and metasploit_data_models
...
MSP-11412
2014-10-02 14:08:35 -05:00
sinn3r
0820a4fe6a
Land #3933 - Fix cmd_exec with Python Meterpreter on OS X
2014-10-02 13:48:19 -05:00
Matt Buck
05c71af03c
PATH out the deps to metasploit-concern and metasploit-model, for the moment
2014-10-02 13:29:50 -05:00
Samuel Huckins
0dfd8e25b8
Land #3846 , Rex::ImageSource specs
2014-10-02 12:33:56 -05:00
William Vu
ee92648693
Land #3906 , Zsh completion for Metasploit
2014-10-02 11:06:10 -05:00
HD Moore
24eec0e2a6
Swap to recog ~> 1.0 pre Luke's comment
2014-10-02 09:51:41 -05:00
Joe Vennix
7861b17e16
Use write() to fix SNMP on osx/freebsd.
2014-10-02 09:15:43 -05:00
HD Moore
5f4098f650
Bump recog to ~> 1.0.0
2014-10-02 00:51:37 -05:00
Joe Vennix
6571213f1c
Remove un-truthy doc string.
2014-10-01 23:41:02 -05:00
Joe Vennix
5a8eca8946
Adds a :vuln_test option to BES, just like in BAP.
...
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.
This commit also does some mild refactoring of un-
useful behavior in BES.
2014-10-01 23:34:31 -05:00
Joe Vennix
b1b8cba4c5
Rescue an IOError on channel double-close.
...
This was causing output from python meterpreter
commands run on OSX to be discarded when the error
was raised, making cmd_exec not-so-useful.
2014-10-01 22:35:41 -05:00
HD Moore
0380c5e887
Add CVE-2014-6278 support, lands #3932
2014-10-01 18:25:41 -05:00
William Vu
c1b0acf460
Add CVE-2014-6278 support to the exploit module
...
Same thing.
2014-10-01 17:58:25 -05:00
William Vu
5df614d39b
Land #3928 , release fixes
2014-10-01 17:21:08 -05:00
HD Moore
77bb2df215
Adds support for both CVEs, lands #3931
2014-10-01 17:06:59 -05:00
sinn3r
3ec6166193
Land #3927 - Shellshock PureFPTd extauth
2014-10-01 17:00:55 -05:00
HD Moore
4dd285c319
Merge pull request #4 from jlee-r7/feature/recog
...
Feature/recog
2014-10-01 16:43:18 -05:00
William Vu
51bc5f52c1
Add CVE-2014-6278 support
...
Going with an OptEnum to simplify the code for now...
2014-10-01 16:40:55 -05:00