16daa935dd
Do minor code cleanup
2015-04-20 13:08:51 -05:00
aa4489dd21
Land #5196 , fix incorrect yardoc annotations
2015-04-20 11:50:43 -05:00
4f59abe842
Land #5203 , @Meatballs1 fixes #5199 by using the correct namespace
...
* Fixes web_delivery
2015-04-20 11:20:48 -05:00
d9d8451b9f
Updated tools/msftidy.rb issues
2015-04-20 16:03:34 +01:00
eb1c01417a
Bogus :
2015-04-20 11:00:26 +01:00
aa4f913800
Resolves #5199
...
Fix Powershell namespace in web_delivery module
2015-04-20 09:37:42 +01:00
a60fe4af8e
Land #5201 , Change module wording to conform with other WP modules
2015-04-20 10:07:05 +02:00
1a32cf7fc0
Change module wording to conform with other WP modules.
2015-04-20 16:48:35 +10:00
ead57849f2
Merge pull request #1 from Meatballs1/powershell_interactive_mods
...
Powershell interactive mods
2015-04-20 06:48:11 +01:00
b622aae97f
Update wordpress_contus_video_gallery_sqli.rb
2015-04-19 18:24:12 -05:00
ac1f03b1de
Use fail_with if unknown exception
2015-04-20 00:11:23 +01:00
c393f7c398
add contus video gallery scanner
2015-04-19 17:58:08 -05:00
1cc08a56a8
Additional tidyup
2015-04-19 23:55:55 +01:00
b0d50dc2be
Create our own Rex connection to the endpoint
...
Ensure powershell process closes when module completes
Add a windows cmd interact payload
2015-04-19 23:41:28 +01:00
668961b69d
fix some yarddoc issues
2015-04-20 00:06:59 +02:00
103b8297ba
Land #5183 , Improve developer experience for fail_with
2015-04-19 23:57:36 +02:00
ed9175d73f
Land #5167 , WordPress CP Multi-View Calendar SQLI Scanner
2015-04-19 23:36:23 +02:00
8c0bcd2e03
Update wordpress_cp_calendar_sqli.rb
...
Use the new WPVDB
2015-04-19 16:32:57 -05:00
a5583debdc
Land #5131 , WordPress Slideshow Upload
2015-04-19 23:12:26 +02:00
8bd0da580d
Move script out of module
2015-04-19 21:12:44 +01:00
9fd3d3aa8c
Move to exploit module
2015-04-19 20:58:20 +01:00
1ee850246a
Interactive powershell post module that allows a user to gain an
...
interactive powershell prompt from a compromised session. It opens a TCP
listener for Powershell and automatically creates the handler. You can
also pass this other powershell files in the LOAD_MODULE option to go
ahead and download using the download cradle once the session is
established.
2015-04-19 20:51:41 +01:00
2010e966b3
Add non-httponly cookie theft module for ios/osx safari.
2015-04-19 11:32:37 -05:00
e7babc4acb
Fix persistence script to support x64 payloads
2015-04-19 12:41:51 +10:00
c1a1143377
Remove line in description and output line in fail_with
2015-04-18 15:38:42 -03:00
3417c3f5ab
Land #5181 , Revert unwanted URI encoding
2015-04-18 11:55:19 +02:00
43e9244b4c
Fix #5134 , Put store_loot back
...
Fix #5134
store_loot was used at one point, but we ended up removing it.
Turns out store_loot is handy in some cases so we're brining it back.
2015-04-17 16:33:51 -05:00
37613adebb
Improve developer experience for fail_with
...
The fail_with for an exploit is used differently than a non-exploit,
so it would be nice to document about this. Also, be strict about
the reason for the exploit one, because this can affect other
components of Metasploit.
2015-04-17 15:55:22 -05:00
4f903a604c
Fix #5103 , Revert unwanted URI encoding
...
Fix #5103 . By default, Httpclient will encode the URI but
we don't necessarily want that. These modules originally
didn't use URI encoding when they were written so we should
just keep them that way.
2015-04-17 13:59:49 -05:00
2a327b7c91
Land #5116 , better handle platform and arch in msfvenom
2015-04-17 10:55:41 -05:00
e73d2cf6a7
Land #5179 , workaround crash with OS X system python
2015-04-17 10:44:05 -05:00
e3ce4eb88e
Update mcafee_vse_hashdump.rb
2015-04-17 09:47:02 -04:00
15eef6e8de
Dont fork on OSX
2015-04-17 11:43:07 +01:00
85ba60b6d3
Land #5138 : Cleanup http(s) sessions when all closed
2015-04-17 20:15:02 +10:00
bba0927c7e
Land #5163 , WordPress Reflex Gallery Plugin File Upload
2015-04-17 11:26:34 +02:00
6653c9e33d
Land #5162 , WordPress Dukapress File Read Vulnerability
2015-04-17 11:20:55 +02:00
6c77b64dae
wrong method name
2015-04-17 11:20:14 +02:00
aef464fc2e
Land #5159 , WordPress Mobile Edition Plugin File Read Vuln
2015-04-17 11:13:00 +02:00
3107d99b9a
Use the same URI that was registered when we deregister
...
The original URI is registered as '/foobar/' but is deregistered as
'//foobar/', causing it to never get deregistered. Changing this fixes
unregistration of the service handler for staged payloads, but stageless
doesn't work properly if the URI actually gets deregistered.
2015-04-17 03:20:24 -05:00
18225780da
cleanup HTTP and HTTPS listeners when sessions are closed
...
Rather than listening forever after a session shuts down, close the session if
there are no other URI's registered on the listener. This allows reconfiguring
the listener without restarting framework, but should be safe for situations
where multiple modules share the same listener.
2015-04-17 02:41:24 -05:00
3300845c99
Land #5171 , fail_with check for msftidy
2015-04-16 23:35:23 -05:00
d494bdd5e3
Merge pull request #6 from wvu-r7/pr/5171
...
Consolidate on one check and fix false positives
2015-04-17 06:20:57 +02:00
753978fc7a
Land #5141 , stageless unique URIs with the same UUID
2015-04-16 22:21:32 -05:00
2ee28916f7
bump meterpreter_bins to 0.0.22
2015-04-16 22:21:12 -05:00
e0cd4a4d44
Merge branch 'upstream/master' into multi-session-stageless
2015-04-17 12:46:20 +10:00
3927024f79
Land #5154 , CVE-2015-0556 (Flash copyPixelsToByteArray int overflow)
...
sage aborts
2015-04-16 21:21:09 -05:00
f280e5191b
I forgot to move this require statement
2015-04-16 21:11:09 -05:00
3493d25ff9
Move all this to Rex
2015-04-16 21:07:23 -05:00
832487cad7
Consolidate on one check and fix false positives
2015-04-16 18:01:28 -05:00
3422501d91
Land #5174 , deprecated module cleanup
2015-04-16 17:43:28 -05:00
jvazquez-r7
Brent Cook
benpturner
Meatballs
Christian Mehlmauer
aushack
Brandon Perry
Brandon Perry
joev
OJ
Roberto Soares
wchen-r7
karllll
William Vu
Christian Mehlmauer