Commit Graph

27861 Commits (0c00c7cc5099b0ab38ba605a0888394020dbb9d3)

Author SHA1 Message Date
William Vu 056ee4f207
Land #3958, kill command for pyterp 2014-10-07 10:58:37 -05:00
Spencer McIntyre 766a69e310 Add sys_process_kill to the python meterpreter 2014-10-07 10:10:22 -04:00
nullbind 031fb19153 requested updates 2014-10-06 23:52:30 -05:00
William Vu 3e92892c8b
Land #3954, file:// for the check command 2014-10-06 22:05:51 -05:00
William Vu 399a61d52e
Land #3946, ntp_readvar updates 2014-10-06 21:57:57 -05:00
nstarke e1b0ba5d3d Removing 'require pry'
I accidentally left a reference to pry in my code.
Removing
2014-10-06 21:40:39 -05:00
nstarke b8c2643d56 Converting Module to LoginScanner w/ Specs
The previous commits for this Jenkins CI module relied on an
obsolete pattern.  Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
2014-10-06 21:14:10 -05:00
Spencer McIntyre 6ea5d20b11
Land #3955, fix NoMethodError for wordpress_login_enum 2014-10-06 17:22:29 -04:00
sinn3r d3354d01f0 Fix #3808 - NoMethodError undefined method `map'
NoMethodError undefined method `map' due to an incorrect use of
load_password_vars
2014-10-06 15:42:51 -05:00
sinn3r 17f278effd Fix #3822 - Support file:// syntax for check() 2014-10-06 13:37:14 -05:00
Jon Hart 8c8ccc1d54
Update Authors 2014-10-06 11:30:39 -07:00
us3r777 03888bc97b Change the check function
Use regex based detection
2014-10-06 18:56:01 +02:00
us3r777 29111c516c Wordpress Infusionsoft Gravity Forms CVE-2014-6446
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for
WordPress does not properly restrict access, which allows remote
attackers to upload arbitrary files and execute arbitrary PHP
code via a request to utilities/code_generator.php.
2014-10-06 14:10:01 +02:00
agix 12cd686bc4 Delete Encoder possibility in msfpayload 2014-10-06 11:22:53 +02:00
nstarke 69400cf280 Fixing Author Declaration
I had accidentally listed myself three times as the author.
Fixing that issue so that I am only declaring myself once.
2014-10-05 23:17:28 -05:00
nstarke c0a3691817 Adding Jenkins-CI Login Scanner
Per Github issue #3871 (RM8774), I have added a
login scanner module for Jenkins-CI installations.
2014-10-05 22:08:34 -05:00
James Lee a65ee6cf30
Land #3373, recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
Tod Beardsley 097d2bfbb5
Land #3922: Metasploit Park banner 2014-10-03 16:32:56 -05:00
Jon Hart a341756e83
Support spoofing source IPs for NTP readvar, include status messages 2014-10-03 14:05:57 -07:00
Jon Hart fa4414155a
Only include the exact readvar payload, not any padding 2014-10-03 13:58:13 -07:00
Jon Hart 65c1a8230a
Address most Rubocop complaints 2014-10-03 13:47:29 -07:00
Jon Hart 0715c671c6
Update NTP readvar module to detect DRDoS, UDPScanner to be faster 2014-10-03 13:28:30 -07:00
Tod Beardsley d048bb7725 Add some color to the msfpark banner
It looks kind of naked without some color compared to all the other
banners.
2014-10-03 14:52:54 -05:00
Samuel Huckins f2fc0d88ef Lands #3943, changes to engine require 2014-10-03 14:26:50 -05:00
Matt Buck 0bb4eac259
Rename the method for optional requires
MSP-11412
2014-10-03 14:06:13 -05:00
Matt Buck 88cbf22ef0
Optionally require mdm, as well
MSP-11412
2014-10-03 13:49:39 -05:00
Matt Buck 478dbd32f2
Bump to newly-released versions of gems
MSP-11412
2014-10-03 12:07:23 -05:00
Matt Buck f748256e47
Use the prerelease versions of the gems
MSP-11412
2014-10-03 10:29:10 -05:00
William Vu f7e709dcb3
Land #3941, new WPVDB reference 2014-10-03 10:17:02 -05:00
Christian Mehlmauer f45b89503d change WPVULNDBID to WPVDB 2014-10-03 17:13:18 +02:00
Spencer McIntyre 7da22d064d Remove an unnecessary var and fix process_close 2014-10-02 20:52:45 -04:00
Matt Buck 04dbfb9ad6
Bump metasploit gem dependencies
MSP-11412
2014-10-02 18:11:13 -05:00
Brandon Perry 2c9446e6a8 Update f5_icontrol_exec.rb 2014-10-02 17:56:24 -05:00
sinn3r 6f50ef581c
Land #3935 - Fix SNMP scanners on OS X/FreeBSD 2014-10-02 16:38:36 -05:00
sinn3r 6d7870a4ac
Land #3934 - New :vuln_test option to BES 2014-10-02 16:31:50 -05:00
Christian Mehlmauer 33b37727c7 Added wpvulndb links 2014-10-02 23:03:31 +02:00
Matt Buck dabec92e61
Ensure require of metasploit/credential/engine is optional 2014-10-02 14:46:56 -05:00
Matt Buck 7ed1977d0b
Specific require all metasploit gem dependencies' engines
MSP-11412
2014-10-02 14:20:10 -05:00
Matt Buck 71efeb0c26
Also PATH out the deps for metasploit-credential and metasploit_data_models
MSP-11412
2014-10-02 14:08:35 -05:00
sinn3r 0820a4fe6a
Land #3933 - Fix cmd_exec with Python Meterpreter on OS X 2014-10-02 13:48:19 -05:00
Matt Buck 05c71af03c PATH out the deps to metasploit-concern and metasploit-model, for the moment 2014-10-02 13:29:50 -05:00
Samuel Huckins 0dfd8e25b8
Land #3846, Rex::ImageSource specs 2014-10-02 12:33:56 -05:00
William Vu ee92648693
Land #3906, Zsh completion for Metasploit 2014-10-02 11:06:10 -05:00
HD Moore 24eec0e2a6 Swap to recog ~> 1.0 pre Luke's comment 2014-10-02 09:51:41 -05:00
Joe Vennix 7861b17e16
Use write() to fix SNMP on osx/freebsd. 2014-10-02 09:15:43 -05:00
HD Moore 5f4098f650 Bump recog to ~> 1.0.0 2014-10-02 00:51:37 -05:00
Joe Vennix 6571213f1c
Remove un-truthy doc string. 2014-10-01 23:41:02 -05:00
Joe Vennix 5a8eca8946
Adds a :vuln_test option to BES, just like in BAP.
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.

This commit also does some mild refactoring of un-
useful behavior in BES.
2014-10-01 23:34:31 -05:00
Joe Vennix b1b8cba4c5
Rescue an IOError on channel double-close.
This was causing output from python meterpreter
commands run on OSX to be discarded when the error
was raised, making cmd_exec not-so-useful.
2014-10-01 22:35:41 -05:00
HD Moore 0380c5e887 Add CVE-2014-6278 support, lands #3932 2014-10-01 18:25:41 -05:00