0cc41b1e92
Land #4680 , {CONTRIBUTING,README}.md fixes
2015-01-30 14:43:52 -06:00
dc7aff446a
Fix up README.md and CONTRIBUTING.md
...
* Specifically disclaim scripts
* Prefer end note links
* Pre-fill the issue submission form (check it out:
http://r-7.co/MSF-BUGSv1 )
2015-01-30 14:28:39 -06:00
cb076adb19
Land #4675 , @Firefart's scanner for ghost through wordpress xmlrpc
2015-01-30 10:27:18 -06:00
03169f231b
Handle one redirection on wordpress_and_online?
2015-01-30 10:26:23 -06:00
c098de27ee
Do safer body check
2015-01-30 10:22:43 -06:00
bc65d2f526
Make filename compatible with namespace
2015-01-30 10:22:07 -06:00
7504358db3
code style and typos
2015-01-30 15:57:32 +01:00
9ce2dd9815
msftidy
2015-01-30 15:41:11 +01:00
a0eaf2f626
add wordpress ghost scanner module
2015-01-30 15:29:51 +01:00
aec0067d14
Land #4673 , screenshot -v hardcoded false fix
2015-01-29 19:40:15 -06:00
59eec8f81e
Land #4666 - Improve utility of meterpreter file upload command
...
Fix #4665
2015-01-29 19:12:31 -06:00
823c75908d
Fix #4672 - Fix Hardcoded false for screenshot -v
...
Fix #4672
2015-01-29 16:54:41 -06:00
7c793f9bbf
Land #4663 , greppable msfvenom -l
...
And --payload-options.
2015-01-29 14:27:46 -06:00
4ad4765350
Merge pull request #25 from wvu-r7/pr/4663
...
Change "Options for" line to stderr
2015-01-29 14:00:23 -06:00
212aeb9106
Improve utility of meterpreter file upload command
...
Rather than assume that the destination argument is a directory, check
first, and then do the same thing that 'cp' would do.
- If dest exists and is a directory, copy to the directory.
- If dest exists and is a file, copy over the file.
- If dest does not exist and is a directory, fail.
- If dest does not exist and is a file, create the file.
2015-01-29 13:45:15 -06:00
6fdd2abc8d
Change "Options for" line to stderr
2015-01-29 13:38:29 -06:00
6ecb36df52
Land #4653 , get/set/unset description improvement
2015-01-29 13:28:06 -06:00
b1b59dac7c
Almost forgot this one again
2015-01-28 19:43:56 -06:00
f6238f1ffb
Auto-trim descriptions
2015-01-28 19:42:06 -06:00
ae0214517a
Fix #4662 - Change stderr to stdout so people can grep
...
Fix #4662
2015-01-28 18:23:36 -06:00
9d8d17805d
Land #4661 - Replace direct class comparison with kind_of?
2015-01-28 18:06:43 -06:00
bb17d75425
Replace direct class comparison with kind_of?
2015-01-28 17:00:15 -06:00
8c55b660fc
Using latest MDM and credential gems
...
* Had to revert changes related to service uniqueness validation
(MSP-11643) due to newly discovered regressions
2015-01-28 16:14:48 -06:00
53af758a03
Land #4660 - Add a check() for mssql_payload
2015-01-28 15:47:33 -06:00
0f88d0ad75
Change print_* to vprint_*
...
According to our wiki doc, all print_* should be vprint_* for check()
2015-01-28 15:44:14 -06:00
cc7be4a9c1
Land #4643 - Fix blank username bug in creds -u
...
Fix #4634
2015-01-28 15:31:54 -06:00
51764eb207
Add a check() for mssql_payload
2015-01-28 13:44:16 -06:00
f0742a38e2
The get command too
2015-01-28 12:59:51 -06:00
5475cf50aa
Land #4655 , @wchen-r7's custom 404 for BrowserExploitServer
2015-01-27 23:03:08 -06:00
457598eb02
print_error about unknown request.uri
2015-01-27 20:21:18 -06:00
acf02647fb
Add a check for Custom404
2015-01-27 20:18:10 -06:00
66703bfe5a
Allow custom 404 as an option for BrowserExploitServer
...
When something fails, the target is given a hardcoded 404 message
generated by the framework. But the user (attacker) now can configure
this. When the Custom404 option is set, the mixin will actually
redirect (302) to that URL.
There are several scenarios that can trigger a 404 by BES (custom or
default):
* When the browser doesn't allow javascript
* When the browser directly visits the exploit URL, which is forbidden.
If this actually happens, it probably means the attacker gave the
wrong URL.
* The attacker doesn't allow the browser auto-recovery to retry the
URL.
* If some browser requirements aren't met.
* The browser attempts to go to access a resource not set up by the
mixin.
2015-01-27 18:53:02 -06:00
895284cd12
Fix logic around empty usernames or passwords
...
See #4634 and #4642
2015-01-27 14:16:26 -06:00
9f4daa4e03
Add a couple more specs
2015-01-27 14:09:00 -06:00
68fec0fee5
Update output for set/unset
2015-01-27 13:58:54 -06:00
465b4a5c1b
Land #4652 , @wchen-r7's ms13-037 svg exploit update to use BES
2015-01-27 13:47:35 -06:00
d29a74cd8f
Fix #4641 - Explain the set/unset command a little bit better
...
Sometimes we forget the set command is context specific. For example,
if run from a module's context, it will set the value in the module's
datastore.
Fix #4641
2015-01-27 13:35:05 -06:00
ffd1257bff
Make sure this branch is up to date.
2015-01-27 12:16:15 -06:00
bb9c961847
Change description a bit
2015-01-27 12:14:55 -06:00
b030327965
Land #4647 , get_module_resource NilClass fix
2015-01-27 12:07:08 -06:00
2dedaee9ca
Working version after the upgrade
2015-01-27 12:02:36 -06:00
ae22cf1b47
Land #4650 , #strip NilClass fix
2015-01-27 11:13:33 -06:00
7d7139d769
Consistent-ize whitespace
2015-01-27 11:11:02 -06:00
d8200c65a8
Strip safely, avoid nil.strip errors
2015-01-27 11:06:55 -06:00
5b3d877b25
Land #4648 , for real
2015-01-27 11:00:22 -06:00
2b706f222a
Land #4648 , YAML parsing fix
...
Prefer regex. For reasons...
2015-01-27 10:59:05 -06:00
a88a631b66
Fix #strip
2015-01-27 10:58:24 -06:00
d2bf1a73ff
Don't need to require YAML anymore either
2015-01-27 10:40:57 -06:00
bf39a7a933
Land #4648 , YAML parsing fix
...
Prefer regex. For reasons...
2015-01-27 10:39:03 -06:00
cafbd1af51
Prefer a regex over YAML parsing
...
Fixes a bug introduced in #4645
2015-01-27 10:34:56 -06:00
William Vu
Tod Beardsley
jvazquez-r7
Christian Mehlmauer
sinn3r
Brent Cook
James Lee
Samuel Huckins