OJ
0c59c885c4
Fix metsrv.dll name issue
...
As mentioned here https://community.rapid7.com/thread/3788 the metsvc
script was still looking for the old file name for metsrv.dll, which
was causing the script to fail.
This commit fixes this issue. A hash is used to indicate local and remote
file names so that the remote can continue to use metsrv.dll, but it
is correctly located on disk locally.
2013-11-28 11:48:11 +10:00
William Vu
77b036ce5d
Land #2703 , uninit const fix for MSSQL_SQLI
2013-11-27 13:50:48 -06:00
William Vu
05dfc161e4
Land #2702 , uninit const fix for HttpClient
2013-11-27 13:47:13 -06:00
jvazquez-r7
a5aca618e2
fix fail_with usage on Exploit::Remote::MSSQL_SQLI
2013-11-27 11:33:19 -06:00
jvazquez-r7
a32c9e5efc
Fix fail_with on Exploit::Remote::HttpClient
2013-11-27 11:19:46 -06:00
jvazquez-r7
6c8df4be27
Land #2699 , @wvu fix for Linux download_exec post module
2013-11-27 10:22:35 -06:00
jvazquez-r7
0343aef7c8
Land #2695 , @wchen-r7's support to detect silverlight
2013-11-27 09:40:12 -06:00
William Vu
f3e71c2c9d
Be more specific
...
Perl!
2013-11-27 01:03:41 -06:00
William Vu
b202b98a42
Anchor the scheme
2013-11-27 00:57:45 -06:00
William Vu
e8da97aa17
Fix extraneous use of which and cmdsub
...
I don't even.
2013-11-27 00:43:07 -06:00
William Vu
288476441f
Fix improper use of expand_path
...
I don't even.
2013-11-27 00:42:09 -06:00
James Lee
25b1ec5b75
Land #2689 , getenv
2013-11-26 23:33:25 -06:00
OJ
72813c1f3e
Merge branch 'egypt/feature/getenv-php' into getenv_cmd
2013-11-27 15:22:15 +10:00
James Lee
a3337e5de5
Add PHP side for meterpreter getenv
2013-11-26 23:16:28 -06:00
OJ
a0f703ee44
Add getenv support to python meterpreter
...
This change adds support for `getenv` to python meterpreter. Nothing too
complex going on here. I tidied up the definitions of the TLVs as well
so that they look nice.
2013-11-27 11:19:26 +10:00
William Vu
ee201a82cd
Land #2673 , -x and -s for uploadexec meterp script
2013-11-26 16:26:38 -06:00
OJ
5fc9706268
Use Rex.sleep instead of sleep
2013-11-27 07:51:11 +10:00
sinn3r
5d10b44430
Add support for Silverlight
...
Add support for Silverlight exploitation. [SeeRM #8705 ]
2013-11-26 14:47:27 -06:00
William Vu
be86a29048
Land #2694 , indentation fixes for Gemfile
2013-11-26 13:47:00 -06:00
sinn3r
a914fbc400
Land #2693 - case sensitive
2013-11-26 11:16:57 -06:00
Tod Beardsley
671c0d9473
Fix nokogiri typo
...
[SeeRM #8730 ]
2013-11-26 10:54:31 -06:00
James Lee
a2743e4493
Land #2692 , fix title for ms13_022
2013-11-26 10:51:00 -06:00
Tab Assassin
c7d4cd9be2
Fix indendation on Gemfile
2013-11-26 10:48:50 -06:00
jvazquez-r7
253719d70c
Fix title
2013-11-26 08:11:29 -06:00
sinn3r
f1c5ab95bf
Land #2690 - typo
2013-11-25 23:53:34 -06:00
William Vu
70139d05ea
Fix missed title
2013-11-25 22:46:35 -06:00
jvazquez-r7
6cb63cdad6
Land #2679 , @wchen-r7's exploit for cve-2013-3906
2013-11-25 22:04:26 -06:00
jvazquez-r7
0079413e81
Full revert the change
2013-11-25 22:04:02 -06:00
sinn3r
fa97c9fa7c
Revert this change
2013-11-25 20:54:39 -06:00
sinn3r
3247106626
Heap spray adjustment by @jvazquez-r7
2013-11-25 20:50:53 -06:00
jvazquez-r7
4c249bb6e9
Fix heap spray
2013-11-25 20:06:42 -06:00
OJ
1a65566005
Add the getenv command which pulls env vars from the victim
...
This command will allow the attacker to grab environment variables from the
target, if they exist. Calling this function allows for one or more values
to be passed in, which should match the name of the variable required. If
the variable is found, it is returned. If it is not found, the variable
is not returned (ie. it's not present in the resulting hash).
Note 1: POSIX environment vars are case-senstive, whereas Windows is not.
Note 2: POSIX doesn't seem to cough up user environment vars, it only returns
system vars. I'm not sure why this is, but it could be because of the way
we do linking on POSIX.
2013-11-26 10:05:50 +10:00
sinn3r
385381cde2
Change target address
...
This one tends to work better with our boxes
2013-11-25 17:21:39 -06:00
jvazquez-r7
a7e6a79b15
Land #2685 , @wchen-r7's update for the word injector description
2013-11-25 15:47:57 -06:00
William Vu
c7c97c9543
Land #2688 , TaskManager spec timeout increase
2013-11-25 15:42:43 -06:00
jvazquez-r7
92807d0399
Land #2676 , @todb-r7 module for CVE-2013-4164
2013-11-25 15:40:33 -06:00
sinn3r
57f4f68559
Land #2652 - Apache Roller OGNL Injection
2013-11-25 15:14:35 -06:00
sinn3r
8005826160
Land #2644 - MS13-090 CardSpaceClaimCollection vuln
2013-11-25 13:06:09 -06:00
sinn3r
4773270ff0
Land #2677 - MS12-022 COALineDashStyleArray vuln
2013-11-25 12:58:45 -06:00
Tod Beardsley
23448b58e7
Remove timeout checkers that are rescued anyway
2013-11-25 12:37:23 -06:00
Tod Beardsley
f311b0cd1e
Add user-controlled verbs.
...
GET, HEAD, POST, and PROPFIND were tested on WebRick, all successful.
2013-11-25 12:29:05 -06:00
Tod Beardsley
764fd09cc3
Increase duration timeout task manager
...
Sometimes, Jenkins or Travis is slow, and can't hit that 1 second
timeout. This increases to 5 seconds to account for local slowness.
2013-11-25 10:26:51 -06:00
jvazquez-r7
cc60ca2e2a
Fix module title
2013-11-25 09:33:43 -06:00
jvazquez-r7
cc261d2c25
Land #2670 , @juushya's aux brute forcer mod for OpenMind
2013-11-25 09:29:41 -06:00
sinn3r
48578c3bc0
Update description about suitable targets
...
The same technique work for Microsoft Office 2013 as well. Tested.
2013-11-24 23:02:37 -06:00
jvazquez-r7
49441875f3
Land #2683 , @wchen-r7's module name consistency fix
2013-11-24 16:51:22 -06:00
Meatballs
b015dd4f1c
Land #2532 Enum LSA Secrets
...
With refactoring of common methods from smart_hashdump, hashdump,
cachedump to Windows::Post::Privs
2013-11-24 18:09:33 +00:00
sinn3r
ce8b63f240
Update module name to stay consistent
...
This module is under the windows/gather, so must be named the same
way like the rest.
2013-11-24 01:01:29 -06:00
sinn3r
fc14a6c149
Land #2576 - NETGEAR ReadyNAS Perl Code Evaluation Vulnerability
2013-11-24 00:47:14 -06:00
jvazquez-r7
31b4e72196
Switch to soft tabs the cs code
2013-11-23 23:06:52 -06:00