Commit Graph

14159 Commits (10698e2f998212d3c04836f848965c25859d9d4e)

Author SHA1 Message Date
sinn3r d6accef5e6 Allow datastore options plus other things
Here's a list of things that have changed:
* Allow datastore options as argumnets.
* Allow "dry-run" mode
* Cleaner way to initialize arguments
2012-07-09 13:48:02 -05:00
HD Moore c8c3c0e3e4 Correct an issue with HTTP response header parsing 2012-07-09 10:22:12 -07:00
sinn3r 81b4cb737d Merge branch 'zenworks_preboot_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_fileaccess 2012-07-09 11:14:56 -05:00
jvazquez-r7 73fcf73419 Added module for CVE-2011-2657 2012-07-09 18:03:16 +02:00
jvazquez-r7 b33220bf90 Added module for CVE-2012-2215 2012-07-09 17:32:55 +02:00
sinn3r 0fbfa8e6f7 Merge branch 'enum_unattend_ii' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-enum_unattend_ii 2012-07-09 10:14:30 -05:00
sinn3r 5586aa6c1b Move some code around 2012-07-09 09:44:22 -05:00
sinn3r 5db26beef7 Add more features
Please see the following ticket:
http://dev.metasploit.com/redmine/issues/7041
2012-07-09 05:17:40 -05:00
James Lee 8d9186748f Fix logic fail 2012-07-08 20:46:37 -06:00
James Lee c82037d85b Add an xxd decoder 2012-07-08 20:45:25 -06:00
James Lee 6d6b4bfa92 Merge remote branch 'rapid7/master' into omg-post-exploits 2012-07-08 17:32:39 -06:00
sinn3r d626de66f7 Print out where the scheme info is stored.
This module needs to print out where the scheme is stored so the
user knows where it is, see complaint:
https://community.rapid7.com/message/4448
2012-07-08 18:24:18 -05:00
HD Moore 442eccd1d6 Merge pull request #578 from claudijd/master
Bug Fix to "Stamp Out" LM and NTLM Hash Corruption in Hashdump Code
2012-07-08 12:24:46 -07:00
Jonathan Claudius 5938771e6c Bug Fix to "Stamp Out" LM and NTLM Hash Corruption
-This commit Addresses Metasploit Bug #4402 that notes corrupted (aka:
incorrect) hashes yielded from hashdump
-Fail case can be reliably reproduced on a Windows system where (1) a
user is not storing an LM hash and (2) password histories are enabled
on the system
-This issue along with other extraction tools that are affected in a
similar way will be discussed at BlackHat USA 2012 and DEFCON 20 in 2
weeks.

If you have questions, please let us know.

-Jonathan Claudius (@claudijd)
-Ryan Reynolds (@reynoldsrb)
2012-07-08 14:02:22 -05:00
HD Moore a8266bd831 Fix up odd reference normalization cases 2012-07-08 11:25:32 -05:00
HD Moore f75edc0ca1 Correct fix for older PG support, thanks to Patrick Fitzgerald 2012-07-08 10:16:51 -05:00
HD Moore 75430a0b7e Cleanup to support v1.2 as well as 1.1 2012-07-08 01:53:32 -05:00
HD Moore 4199b67879 Prevent an exception from breaking the sql cache 2012-07-07 17:30:31 -05:00
HD Moore 1d5b7a1a69 Fix an issue with PG's handling of group by on distinct 2012-07-07 17:27:11 -05:00
HD Moore 881d0ff0c9 Add method to create an asset group 2012-07-07 17:27:11 -05:00
sinn3r 87bac91d71 Apply additional changes from #549
From pull request #549. Changes include:
* Use OptEnum to enforce the use of wpad.dat or proxy.pac
* Remove cli.peerhost:cli.peerport, the API does that already
* cleanup function to restore uripath datastore option
* More friendly error when the user doesn't have enough permission
  to bind to port 80, that way they don't blame it's a bug on msf.
* Remove unnecessary SVN stuff in modinfo
2012-07-07 15:59:16 -05:00
sinn3r 4e90da002d Merge branch 'master' of https://github.com/efraintorres/wmap-metasploit into wpad 2012-07-07 15:44:05 -05:00
HD Moore 24d6a85848 Merge pull request #575 from swtornio/tikiwiki
add osvdb ref
2012-07-07 11:10:44 -07:00
Steve Tornio 44290c2c89 add osvdb ref 2012-07-07 08:40:25 -05:00
Tod Beardsley 33bf2881cc Removing cached gem for journey. 2012-07-06 22:12:50 -05:00
Tod Beardsley 505b97b470 Adding new gem versions
Add the new gems referenced in the last commit for real.
2012-07-06 22:11:16 -05:00
Tod Beardsley 63e41ee6bb Updating gems: coderay, journey, spork, sprockets 2012-07-06 22:03:33 -05:00
Tod Beardsley 3dba8273c9 Adding journey-1.0.4. 2012-07-06 17:33:16 -05:00
sinn3r 3f58aff979 Properly handle a no-payload-selected scenario 2012-07-06 16:32:18 -05:00
sinn3r 08c6b94460 Merge branch 'auto_exploit' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-auto_exploit 2012-07-06 16:24:32 -05:00
sinn3r d859059868 Remove a whitespace 2012-07-06 16:20:17 -05:00
sinn3r 4f9028f7f9 Change description a little bit 2012-07-06 16:18:14 -05:00
sinn3r 9aeb4694f7 Add autoexploit.rc based on #561
Modified from #561.  It has gone through a lot of changes, including:

* It now relies mainly on arguments instead of datastore options.
  This is because when an user uses datadatore options, the rc
  script cannot really start automatically without some config
  in advance, which is a hassle.
* We no longer have to manually connect to a database before being
  able to use the rc script.  It can automtaically connect to it
  if the necessary arguments are supplied (user/pass/workspace)
* Better error handling
* Actually exits msfconsole when something fails or not ready
* The older script does not select a payload. This one will
  automatically select one based on compatible payloads.
* Instead of manually specifying an "identifier" for reference
  matching, this is now automatic.
* Lots of cleanup
* Update help_me
2012-07-06 15:02:28 -05:00
sinn3r 70c718a5ed Fix indent level 2012-07-06 12:44:03 -05:00
sinn3r 24c57b61a8 Add juan as an author too for improving the module a lot 2012-07-06 10:41:06 -05:00
sinn3r 757d15619f Merge branch 'umbraco_upload_aspx_rev' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-umbraco_upload_aspx_rev 2012-07-06 10:39:09 -05:00
tdoan-r7 db0ab45333 updated release number to 4.3
<test commit>
2012-07-06 10:21:00 -05:00
jvazquez-r7 9fecc80459 User of TARGETURI plus improve of description 2012-07-06 15:47:25 +02:00
jvazquez-r7 7751c54a52 references updates 2012-07-06 11:56:03 +02:00
jvazquez-r7 f8ca5b4234 Revision of pull request #562 2012-07-06 11:52:43 +02:00
sinn3r 1e6c4301b6 We worked on it, so we got credit 2012-07-06 02:12:10 -05:00
sinn3r f8123ef316 Add a "#" in the end after the payload 2012-07-06 02:09:31 -05:00
sinn3r 187731f2cb Add a check function to detect the vuln 2012-07-06 01:58:01 -05:00
sinn3r dcddc712d2 Missing a "&" 2012-07-06 01:50:18 -05:00
sinn3r 3c8a836091 Add lcashdol's module from #568
Initial version being worked on by sinn3r & juan
2012-07-06 01:41:34 -05:00
sinn3r ecb4e20c92 Instead of deleting the "/", here's a different approach 2012-07-06 01:23:41 -05:00
sinn3r 7876d7fd60 Delete the extra "/" 2012-07-06 01:20:31 -05:00
sinn3r 686f176a99 Correct path 2012-07-06 01:12:47 -05:00
sinn3r 0c18662d46 Make msftidy happy and change the traversal option 2012-07-06 01:10:39 -05:00
sinn3r 3b7e1cd73a Add Dillion's module for Wangkongbao 2012-07-06 00:54:55 -05:00