Commit Graph

22403 Commits (131bfcaf41f55675508803d4bff9a589a99edee7)

Author SHA1 Message Date
William Vu 131bfcaf41 Refactor away leftover get_rdymsg 2014-01-09 01:03:01 -06:00
William Vu d3bbe5b5d0 Add filesystem commands and new PoC modules
This commit also refactors some of the code.
2014-01-09 01:03:01 -06:00
William Vu af66310e3a Address @jlee-r7's comments 2014-01-09 01:03:01 -06:00
William Vu bab32d15f3 Address @wchen-r7's comments 2014-01-09 01:03:00 -06:00
William Vu 1c889beada Add Rex::Proto::PJL and PoC modules 2014-01-09 01:03:00 -06:00
joev 59890ae7bd
Merge branch 'landing-2849' into upstream-master
e aborts
ge aborts
2014-01-08 23:06:51 -06:00
jvazquez-r7 4e581a35ac Fix encoder architecture 2014-01-08 16:18:30 -06:00
jvazquez-r7 21b146fab3
Land #2834, @joev-r7's linksys_wrt110_cmd_exec update 2014-01-07 13:01:35 -06:00
jvazquez-r7 590547ebc7 Modify title to avoid versions 2014-01-07 13:01:10 -06:00
Joe Vennix c34af35230 Add wrt100 to the description and title.
* The wrt110 and wrt100 share the same firmware, and are both vulnerable to this
bug.
2014-01-07 10:26:15 -06:00
William Vu db8eeac82c
Land #2830, vtiger_soap_upload title fix 2014-01-06 14:03:21 -06:00
Tod Beardsley c0a82ec091
Avoid specific versions in module names
They tend to be a lie and give people the idea that only that version is
vulnerable.
2014-01-06 13:47:24 -06:00
sinn3r 185e15c50c
Land #2829 - Fix Travis's build failure 2014-01-06 13:21:19 -06:00
Tod Beardsley 5c77f4dc0f
Don't try to bundle exec before bundle install 2014-01-06 12:47:36 -06:00
Tod Beardsley e168b92b0c
Add bundle exec rake to avoid system rake 2014-01-06 12:29:50 -06:00
Tod Beardsley 5ae4215229
Hey Travis what's up with your rake version? 2014-01-06 12:11:07 -06:00
William Vu 0a60e77265
Land #2826, reverse_http{,s} address:port fix 2014-01-06 11:52:51 -06:00
sinn3r 1cdfbfeed5
Land #2820 - vTigerCRM SOAP AddEmailAttachment Arbitrary File Upload 2014-01-06 10:36:02 -06:00
OJ 8898486820 Change display message to show actual bind address
When running a http/https listener the address:port that was being
shown in the output was that which was passed to the victim as part
of the stager and not the actual listener address:port.

This commit fixes this so that the display is correct.
2014-01-05 11:28:51 +10:00
OJ 6bfe6d6c5c
Landing #2825 [FixRM #8726] 2014-01-05 11:05:50 +10:00
Raphael Mudge 6034c26fa7 Honor LPORT as callback port for HTTP/S handler
This commit completes our quest to (optionally) decouple the stage's
callback parameters from the interface/port our handler binds to.

LPORT is now patched into the stage over ReverseListenerBindPort.
2014-01-04 18:52:19 -05:00
Raphael Mudge 3c9d684759 Cleanup - Remove bind_address from reverse_http.rb
This commit removes the now unused bind_address function from
reverse_http.rb. This function returns an array of hosts the handler
should attempt to bind to (e.g., [LHOST value, any])

Other handlers (e.g., reverse_tcp.rb) loop through these values until
they're able to start a server with that bind address.

The HTTP server doesn't work this way. It's setup to try one address
and that's it. It makes sense to have the HTTP server always bind to
0.0.0.0 by default as future modules run by the user may register
resources with the same HTTP server.
2014-01-04 16:02:32 -05:00
Raphael Mudge 6f55579acd HTTP Handler Bind to 0.0.0.0 or ReverseListenerBindAddress
This commit returns the HTTP/S handler to its former semantic glory.
By default the HTTP/S handler will bind to :: or 0.0.0.0. If the
user specifies a ReverseListenerBindAddress then, instead, the
server will bind to that address.

The previous commit to change the URL to always reference LHOST
should go with this too. LHOST is always my intent of where the
stage should call home too. ReverseListenerBindAddress would make
sense as my intent as to where I want to bind to. The two options
shouldn't take on each other's meanings.
2014-01-04 15:50:06 -05:00
Raphael Mudge f93210ca74 Always Use LHOST for Full URL in HTTP/S Stage
Redmine #8726 documents a change where the reverse HTTP/S
tries to bind LHOST and if it can not it does a hard stop

If it's expected that users will use ReverseListenerBind-
-Address then this commit addresses #8726 by patching the
HTTP/S stage with the host provided by the user in LHOST.

Currently ReverseListenerBindAddress (if used) is patched
into the stage. This makes for a broken HTTP/S session if
the user sets this option to 0.0.0.0.

With this commit--users can provide any LHOST they like
and set ReverseListenerBindAddress to 0.0.0.0 and things
will work.

This commit does not attempt to bring the HTTP/S handler
back to the old behavior of falling back to 0.0.0.0 when
it can't bind LHOST. I'd welcome the old behavior but I
leave it to you to decide what makes sense. :)
2014-01-04 15:16:22 -05:00
jvazquez-r7 165728cd40
Land #2824, @todb-r7's small fixes for recent modules 2014-01-03 16:57:26 -06:00
Tod Beardsley cd38f1ec5d
Minor touchups to recent modules. 2014-01-03 13:39:14 -06:00
Tod Beardsley bd2033c587
Land #2814, streaming webcam STDAPI add 2014-01-03 12:09:25 -06:00
William Vu 2d25781cf0
Land #2804 for real (thanks, @jvazquez-r7!)
It was the wrong time to mess with my workflow.
2014-01-02 16:39:02 -06:00
jvazquez-r7 e8a9b880cb
Land #2821, @OJ's mod for the getenv API 2014-01-02 16:29:37 -06:00
William Vu 67a796021d
Land #2804, IBM Forms Viewer 4.0 exploit 2014-01-02 16:10:02 -06:00
jvazquez-r7 eaeb457d5e Fix disclosure date and newline as pointed by @wvu-r7 2014-01-02 16:08:44 -06:00
OJ ef281bf31d Adjust the getenv API
The getenv call in sys/config was renamed to getenvs and now uses
the splat operator so that arrays don't have to be passed in. A
new function called getenv was added which takes a single argument
and returns a single value back (for ease of use).
2014-01-03 08:05:45 +10:00
jvazquez-r7 d0c4f1bb20
Land #2763, @bmerinofe's driver_loaded post meterpreter module 2014-01-02 15:38:56 -06:00
jvazquez-r7 3f0ee081d9 Beautify description 2014-01-02 15:37:58 -06:00
Borja Merino dfe4e334fc Merge pull request #4 from jvazquez-r7/review_2763
Update against upstream
2014-01-02 13:02:46 -08:00
jvazquez-r7 d5e196707d Include Msf::Post::Windows::Error 2014-01-02 13:41:37 -06:00
jvazquez-r7 ec8d24c376 Update against upstream 2014-01-02 12:55:46 -06:00
jvazquez-r7 3bccaa407f Beautify use of Regexp 2014-01-02 12:54:54 -06:00
jvazquez-r7 90158b9932
Land #2791, @morisson's support to remote dns resolution on sap_router_portscanner 2014-01-02 12:19:50 -06:00
jvazquez-r7 f75782bc2f Use RHOST, RPORT for the SAPROUTER options 2014-01-02 12:18:54 -06:00
jvazquez-r7 1b893a5c26 Add module for CVE-2013-3214, CVE-2013-3215 2014-01-02 11:25:52 -06:00
sinn3r e6823c39c2 Incorrect variable used 2014-01-02 00:50:32 -06:00
William Vu d291cd92d7
Land #2817, icofx_bof random things 2014-01-01 22:01:48 -06:00
William Vu 5805ee17bd
Land #2818, .mailmap de-dupe and update 2014-01-01 21:57:13 -06:00
William Vu 2554ad9b79
Land #2800, lib/msf/base YARD comments 2014-01-01 21:51:54 -06:00
William Vu 59be4316fe
Land #2793, Msf::Util::EXE RSpec failure fix 2014-01-01 21:50:18 -06:00
Tod Beardsley 83547b5c91
Land #2819, fix icmp_exfil 2014-01-01 20:56:51 -06:00
Tod Beardsley b8e17c2d8e
Don't use Pcap.lookupaddrs any more 2014-01-01 18:50:15 -06:00
Timothy Swartz 3ad8b0d530 Removed space from readable_text.rb 2013-12-31 16:38:40 -08:00
Timothy Swartz cce354762d Altered case by request 2013-12-31 16:09:11 -08:00