d955c6a8f6
style fixes
2016-02-29 14:06:49 -06:00
a6a37b3089
Land #6612 , missing commits included
2016-02-29 14:06:21 -06:00
f5ad1286d2
Fix #6615 , fix typo "format"
...
Fix #6615
2016-02-29 12:44:25 -06:00
300fdc87bb
Move Fortinet backdoor to module and library
2016-02-29 12:06:33 -06:00
2950996cb8
Land #6612 , Add aux module for Fortinet backdoor
2016-02-29 12:02:49 -06:00
53d703355f
Move Fortinet backdoor to module and library
2016-02-29 11:57:42 -06:00
bff4b4d5fc
Fix #6609 and #6587 - Change Content-Length behavior in Rex HTTP
...
This patches changes two things:
1. If a module has a custom Content-Length, it will respect that
instead of forcing its own.
2. If a request does not have anything in the body, the
Content-Length header will not be set.
Fix #6609
Fix #6587
2016-02-29 10:50:21 -06:00
b7ba38a4c6
update mdm version
2016-02-26 14:32:03 -06:00
53ff3051e1
Land #6531 , NETGEAR ProSafe Network Management System 300 auth'd File Download
2016-02-26 10:53:16 -06:00
bc050410a6
Allow max traversal depth as an option, and report cred
2016-02-26 10:52:30 -06:00
7731fbf48f
Land #6530 , NETGEAR ProSafe Network Management System 300 File Upload
2016-02-26 10:39:09 -06:00
7acba69e37
Land #6577 , add controls for Android ringer
2016-02-26 07:02:49 -06:00
1427887efe
update payloads
2016-02-26 06:10:02 -06:00
5899b8afc8
make help show up when things are not specified correctly
2016-02-26 06:09:05 -06:00
89b0c8a27a
Land #6571 , use intent to unlock Android screens, support <= 4.3
2016-02-26 05:55:35 -06:00
d891e27cdd
Land #6597 , prefer Timeout.timeout since Object#timeout is deprecated
2016-02-25 22:17:49 -06:00
051506694f
Land #6574 , add Linknat Vos Manager Traversal aux module
2016-02-25 22:02:56 -06:00
83fad3e328
Add Fortinet backdoor
2016-02-25 21:29:08 -06:00
5314dae9ae
Land #6601 , clarify preferred licensing for new code
2016-02-25 20:26:54 -06:00
a87cf02b50
Land #6524 , fix reverse_http to try binding to LHOST first
2016-02-25 20:25:02 -06:00
3422bd1646
Land #6374 , Update the Lastpass creds module with new attack vectors
2016-02-25 14:52:51 -06:00
f3cf5a8a41
Resolve merge conflict with upstream-master
...
Out of date author field
2016-02-25 14:49:53 -06:00
d14ec657e2
Land #6564 , Add Apache Karaf Command Execution Module
2016-02-25 14:47:40 -06:00
1d2ec7a239
Rescue OpenSSL::Cipher::CipherError
...
Our current net/ssh library is out of date, so we need to rescue
OpenSSL::Cipher::CipherError.
2016-02-25 14:46:53 -06:00
2e268a25da
Land #6596 , Apache Karaf Login Utility
2016-02-25 14:39:51 -06:00
aa7c3f01a8
Update name and description
2016-02-25 14:39:19 -06:00
7e25c7b87b
Handle OpenSSL::Cipher::CipherError
...
Our current net/ssh is petty outdated, so it is possible not being
able to connect to certain SSH servers.
2016-02-25 14:35:37 -06:00
c4d80a7c16
Merge pull request #1 from wvu-r7/pr/6596
...
Fix some things
2016-02-25 13:57:14 -06:00
17447bea35
Put the code in the wrong block.
2016-02-25 13:39:04 -06:00
2366a7baa8
Use the correct step definition.
2016-02-25 13:26:11 -06:00
e3c5708363
Support for tests that require the DB. Also update ms08-067 script with a few flags.
2016-02-25 12:41:40 -06:00
7d20e26a35
Move to aux/scanner/ssh
2016-02-25 11:22:50 -06:00
f52f44cde0
Remove session_setup, since we're not in a shell
...
A real shell. A real human bean.
2016-02-25 11:21:45 -06:00
b32f474e99
Bump version of framework to 4.11.13
2016-02-24 11:37:42 -08:00
ff3a554b4d
added an unless to wrap around the print and report_creds func for nas module to only execute if ftpuser and ftppass is non-blank
2016-02-24 13:53:30 -05:00
1029627a1f
Merge pull request #5 from timwr/ringer-mode
...
fixes for android set_audio_mode
2016-02-23 21:44:13 -06:00
16d7b2e6ff
cleaned up unless code for nas module and setup ftpuser and ftppass to only if non blank
2016-02-23 17:37:47 -05:00
6aa6280eff
Try USERNAME before DEFAULTCRED
2016-02-23 13:44:44 -06:00
4eabe43273
fixed issues with capturing regex
2016-02-23 12:27:07 -05:00
c191e5b8e1
corrected authors file and cleaned up debug statements
2016-02-23 11:41:12 -05:00
c79eab2c7f
Land #6241 , @talos-arch3y's aux module for Dahua DVR CVE-2013-6117
2016-02-23 08:20:54 -08:00
5710c85a9e
Style changes
2016-02-23 15:15:57 +07:00
044b12d3a4
Made style changes requested by OJ and others
2016-02-23 15:14:04 +07:00
07ac13326e
Allow user to try other login credentials
2016-02-22 17:47:32 -06:00
aea68adb77
Clarify that contributed code should be BSD/MIT
2016-02-22 16:29:13 -06:00
340a8d1687
Merge pull request #15 from bcook-r7/land-6524-bind
...
update to use the common bind_addresses method
2016-02-22 10:16:07 -06:00
56fed01ff0
Land #6599 , fix silent failures in aux HttpServers
2016-02-22 08:41:11 -06:00
d7ba37d2e6
Msf::Exploit::Remote::HttpServer print_* fix
...
Exploit::Remote::HttpServer and every descendant utilizes the
print_prefix method which checks whether the module which mixes in
these modules is aggressive. This is done in a proc context most
of the time since its a callback on the underlying Rex HTTP server.
When modules do not define :aggressive? the resulting exceptions
are quietly swallowed, and requestors get an empty response as the
client object dies off.
Add check for response to :aggressive? in :print_prefix to address
this issue.
2016-02-21 20:20:22 -05:00
cef1b77e26
fixes for android set_audio_mode
2016-02-20 12:01:10 +00:00
27af59ea7c
minor tweaks
2016-02-20 08:35:56 +00:00
Brent Cook
William Vu
wchen-r7
David Maloney
Dev Mohanty
James Barnett
Metasploit
Tyler Bennett
Jon Hart
Pedro Ribeiro
HD Moore
James Lee
RageLtMan
Tim