jvazquez-r7
1365dfe68c
Add Oracle url
2013-04-20 01:43:14 -05:00
jvazquez-r7
9fca89f70b
fix small issues
2013-04-20 01:43:14 -05:00
jvazquez-r7
b99fc06b6f
description updated
2013-04-20 01:43:14 -05:00
jvazquez-r7
19f2e72dbb
Added module for Java 7u17 sandboxy bypass
2013-04-20 01:43:13 -05:00
jvazquez-r7
c7fcd6931a
Use vprint_error
2013-04-19 16:22:07 -05:00
jvazquez-r7
4ef33197dc
Land #1745 - @FireFart's improvement for MediaWiki aux module
2013-04-19 16:20:33 -05:00
jvazquez-r7
19a158dce9
Do final cleanup for netgear_dgn2200b_pppoe_exec
2013-04-19 15:50:23 -05:00
jvazquez-r7
c1819e6ecc
Land #1700 , @m-1-k-3's exploit for Netgear DGN2200B
2013-04-19 15:49:30 -05:00
Christian Mehlmauer
eaff87879e
added text
2013-04-19 22:03:05 +02:00
Christian Mehlmauer
a6be72b019
fixes for mediawiki aux module
2013-04-19 21:43:12 +02:00
sinn3r
7fdf84ac45
Landing #1744 - Checks nil before using resp.headers['Server']
...
[Closes #1744 ]
2013-04-19 10:37:05 -05:00
sinn3r
7f21239713
Landing #1741 - MediaWiki SVG File Access Auxiliary module
...
[Closes #1741 ]
2013-04-19 10:30:16 -05:00
jvazquez-r7
31586770a0
Added module for OSVDB 92490
2013-04-18 14:34:02 -05:00
RageLtMan
15c6df1482
Check for nil before calling on value
2013-04-18 00:32:37 -04:00
m-1-k-3
2713991c64
timeout and HTTP_Delay
2013-04-17 20:25:59 +02:00
m-1-k-3
59045f97fb
more testing, reworking of config restore, rework of execution
2013-04-17 18:10:27 +02:00
jvazquez-r7
4e8d32a89a
cleanup for freefloatftp_user
2013-04-16 20:43:38 -05:00
jvazquez-r7
eedeb37047
Landing #1731 , @dougsko's freefloat ftp server bof exploit
2013-04-16 20:42:01 -05:00
Josh
c23cf47d74
Fix RM7896, global show opts has non-eval #{text}
...
thx to mudge for reporting & jduck for properly blaming me.
This change also causes the actual DefaultPromptChar to be displayed vs a hard coded ">"
2013-04-15 22:07:28 -05:00
Tod Beardsley
25fcbd4e70
Landing #1733 , setting a sensible heapsray offset
...
@wchen-r7 says that nobody's using it today, much less relying on the
default, so this should make no functional difference to any browser
exploits.
2013-04-15 16:32:48 -05:00
Tod Beardsley
d5e717a36c
Alphabetized .mailmap
2013-04-15 15:40:26 -05:00
Tod Beardsley
a36c6d2434
Lands #1730 , adds a VERBOSE option checker
...
Also removes VERBOSE options from extant modules. There were only 5 of
them, and one was a commented option.
2013-04-15 15:32:56 -05:00
Tod Beardsley
29101bad41
Removing VERBOSE offenders
2013-04-15 15:29:56 -05:00
Tod Beardsley
be39079830
Trailing whitespace fix
...
Note that this commit needed a --no-verify because of the erroneous
check in msftidy for writing to stdout. The particular syntax of this
payload makes it look like we're doing that when we're really not.
So don't sweat it.
2013-04-15 13:58:06 -05:00
Tod Beardsley
efdf4e3983
Lands #1485 , fixes for Windows-based Ruby targets
2013-04-15 13:56:41 -05:00
Tod Beardsley
4d21c7dff5
Landing #1727 , adding @jlee-r7's new fingerprints
2013-04-15 13:49:59 -05:00
Tod Beardsley
7f8040c4e4
Lands #1722 , Rex::Socket comment docs
2013-04-15 13:44:00 -05:00
Tod Beardsley
873bdbab57
Removing APSB13-03, not ready.
...
This was landed by @todb-r7 on #1709 but that was premature. #1717 was
a proposed set of fixes, but it didn't go far enough.
@jhart-r7 and @jvazquez-r7 should revisit this module for sure, there's
some good stuff in there, but it's not ready for a real release quite
yet. Take a look at the issues discussed in those PRs and open a new PR
with a new module?
Sorry for the switcheroo, not trying to be a jerk.
[Closes #1717 ]
2013-04-15 13:36:47 -05:00
Tod Beardsley
513b3b1455
Minor cleanup on DLink module
2013-04-15 13:27:47 -05:00
scriptjunkie
2c41ca6598
Merge branch 'encoding_fix' of git://github.com/rsmudge/metasploit-framework
2013-04-12 21:10:44 -05:00
sinn3r
d28db8a2a3
Forgot the comment
2013-04-12 20:21:10 -05:00
sinn3r
f2cbbf43e8
Changes default offset
...
Points to the beginning of the block
2013-04-12 20:19:47 -05:00
h0ng10
4e42ffd51e
msftidy cleanup
2013-04-12 21:39:11 +02:00
h0ng10
f6da02d907
Check for VERBOSE Option
2013-04-12 21:34:15 +02:00
James Lee
401532e93e
Land #1721 , Stage encoding for reverse_http(s)
...
This was an oversight when originally re-enabling stage encoding.
[See #1316 ]
2013-04-12 13:31:54 -05:00
Tod Beardsley
e5a7c38f66
Merges #1728 , makes some gems optional for bundler
...
Verified that pcap, db, and test can be skipped now, should make
Zero_Chaos happy.
2013-04-12 11:25:53 -05:00
Brandon Turner
e3ab2e9747
Fix specs with bundler groups
...
Also output warnings when running Rake when the db group isn't included.
2013-04-12 10:46:00 -05:00
Brandon Turner
fde119e889
Move optional gems to bundler groups
...
Some users are having trouble installing pcap. Others want postgres to
remain optional. The move to requiring bundler in a git environment has
made this hard.
This commit provides a path for these users. By default, bundler will
install all gems, including postgres and pcaprub. If it fails to
install some, Metasploit will not function. But there is hope. Users
can explicitly exclude the gem groups they don't want.
For example:
bundle install --without db pcap
will exclude the pcap and postgres gems (and their depedencies).
bundle install --without db pcap development test
will exclude all non-essential gems.
The good news is that the user only needs to use the `--without` option
once. Bundler will remember it. So future runs can still do `bundle
install` (or simply `bundle`) and the gems will still be excluded. And
if the user changes their mind and wants the optional gems, they can
remove their stored *without* preference using:
bundle config --delete without
[FIXRM #7891 ]
2013-04-12 09:47:40 -05:00
James Lee
15e2ceb749
Land #1660 , dlink backdoor wordlist
...
[Closes #1660 ][See #1648 ]
2013-04-11 23:04:02 -05:00
James Lee
2c8ec656ca
Typo
2013-04-11 22:36:08 -05:00
James Lee
7df80c7aac
Add a couple new IE fingerprints to osdetect.js
2013-04-11 22:29:02 -05:00
Luke Imhoff
960392d614
Merge pull request #1725 from bturner-r7/mdm_from_rubygems
...
Use metasploit_data_models from rubygems
2013-04-11 13:51:08 -07:00
Brandon Turner
97f4882348
Use metasploit_data_models from rubygems
2013-04-11 15:35:19 -05:00
James Lee
8376531a32
Land #1217 , java payload build system refactor
...
[Closes #1217 ]
2013-04-11 13:10:03 -05:00
James Lee
1d09d7e6e9
Java payload bins
...
Compiled with the shiny new maven system
2013-04-11 13:08:16 -05:00
jvazquez-r7
7e5d4bc893
Landing #1614 , @jwpari nagios nrpe exploit
2013-04-11 17:53:52 +02:00
James Lee
6a0b240d10
Add some better docs for Rex::Socket
2013-04-10 12:41:41 -05:00
James Lee
e3eef76372
Land #1223
...
This adds rc4-encrypting stagers for Windows.
[Closes #1223 ]
2013-04-10 12:14:52 -05:00
Rob Fuller
2949c4a339
enable stage encoding for reverse_http(s)
2013-04-10 12:10:17 -03:00
James Lee
6c980981db
Break up long lines and add magic encoding comment
2013-04-10 09:28:45 -05:00