Commit Graph

38506 Commits (16030cda303dd2af047d352b9a2e8acaba8caed9)

Author SHA1 Message Date
David Maloney 11a672e31d
use raw file write for cuke
the write_file method from aruba
was not working properly anymore, replaced it
with a raw ruby file write
2016-05-12 11:17:53 -05:00
wchen-r7 8f9762a3e5 Fix some comments 2016-05-12 00:19:18 -05:00
wchen-r7 756673fcd7 Fix another typo 2016-05-12 00:13:53 -05:00
wchen-r7 da293081a9 Fix a typo 2016-05-11 22:48:23 -05:00
wchen-r7 9d128cfd9f Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection 2016-05-11 22:27:18 -05:00
Nicholas Starke 4b23d2dc58 Adjusting exception handling
This commit adjusts the error handling to close the socket before
calling fail_with and adds specific exceptions to catch
2016-05-11 17:18:51 -05:00
David Maloney 7edaa2abcc
still trying to fix these migrations
seeing odd behaviour with mgirations in
rspec
2016-05-11 14:54:40 -05:00
David Maloney 4c2fed37f9
tweak cucumber scenario
tweak the database.yml scenario slightly
2016-05-11 14:28:02 -05:00
David Maloney 2fb3123ef2
fix migration crazieness
MS-1486
2016-05-11 14:05:34 -05:00
David Maloney 993709e076
Land #6862, jar payloads
lands FireFarts jar payload pr
2016-05-11 09:56:41 -05:00
HD Moore 32e1a19875 Fix up the disclosure date 2016-05-11 00:18:22 -05:00
HD Moore ded79ce1ff Fix CVE syntax 2016-05-10 23:18:45 -05:00
HD Moore 4a5d150716 Fixups to continue supporting Rails 4.2.x 2016-05-10 23:12:48 -05:00
HD Moore 04bb493ccb Small typo fixed 2016-05-10 23:07:51 -05:00
Nicholas Starke 32ae3e881e Adding save_cred and exception handling to module
This commit adds a save_cred method for saving off the credentials
upon a successful login attempt.  Also, exception handling surrounding
the opening of the telnet socket has been added to avoid any accidental
resource leaking.
2016-05-10 20:54:44 -05:00
HD Moore 7c6958bbd8 Rework rails_web_console_v2_code_exec to support CVE-2015-3224 2016-05-10 11:08:02 -05:00
Brent Cook af84e85174 fix exception suspending channels from meterpreter 2016-05-10 04:21:31 -05:00
wchen-r7 3db72e9b4b
Land #6853, use send_request_cgi! for CVE-2016-0854 exploit 2016-05-09 16:10:04 -05:00
Christian Mehlmauer e2dd844e34
reenable jar format 2016-05-09 21:25:23 +02:00
David Maloney 6142d2cef1
Merge branch 'master' into staging/rails-upgrade 2016-05-09 09:27:17 -05:00
Nicholas Starke 8eb3193941 Adding TP-Link sc2020n Module
This module exploits a command injection vulnerability in
TP-Link sc2020n network video cameras in order to start the
telnet daemon on a random port.  The module then connects to
the telnet daemon, which returns a root shell on the device.
2016-05-08 14:02:50 -05:00
Jenkins 805f98f599
Bump version of framework to 4.11.27 2016-05-06 11:32:46 -07:00
Kyle Gray 2a546d191f
Land #6854, smtp header fix
Fixes an issue with duplicate headers when sending emails.

Fixes MS-1476
2016-05-06 12:07:12 -05:00
William Vu c15403a426
Fix #6838, web-console module cleanup
ommit.
2016-05-06 12:01:21 -05:00
David Maloney b6c1aae505
supress banners in cuke tests 2016-05-06 12:00:17 -05:00
David Maloney 1ffab935cc
pull dep mgirations from credential
credential pulls mdm, so we don't combine these
2016-05-06 11:57:40 -05:00
William Vu 2abb062070 Clean up module 2016-05-06 11:51:29 -05:00
David Maloney 0b89277394
update deps 2016-05-06 11:49:07 -05:00
David Maloney 5a360be459
Merge branch 'master' into staging/rails-upgrade 2016-05-06 10:56:17 -05:00
David Maloney e4e6246692 Merge branch 'master' of github.com:rapid7/metasploit-framework 2016-05-06 10:55:52 -05:00
David Maloney 3f4d0479aa
Land #6848, ImageMagick Exploit
lands wvu's imagemaick exploit
2016-05-06 10:54:38 -05:00
David Maloney a763863ff3
remove #truncate_session_desc
this method was absed around a char limit
for the desc column which no longer exists
trying to perform this operation generates an error
removing the method since it is not needed
2016-05-06 09:36:12 -05:00
Louis Sato 8dc7de5b84
Land #6838, add Rails web-console module 2016-05-05 15:53:52 -05:00
William Vu 2bac46097f Remove url() for MVG
Technically unnecessary here.
2016-05-05 14:18:42 -05:00
William Vu 1bc2ec9c11 Update vulnerable versions to include 6.x (legacy) 2016-05-05 14:18:42 -05:00
William Vu 334c432901 Force https://localhost for SVG and MVG
https: is all that's needed to trigger the bug, but we don't want wget
and curl to gripe. localhost should be a safe host to request.
2016-05-05 14:18:42 -05:00
William Vu 26b749ff5a Add default LHOST
This is a massive workaround and probably shouldn't be done. :-)
2016-05-05 14:18:42 -05:00
William Vu 5c713d9f75 Set default payload
Land #6849 for this to be effective.
2016-05-05 14:18:42 -05:00
William Vu decd770a0b Encode the entire SVG string
Because why not? Not like people care about what's around the command.
2016-05-05 14:18:42 -05:00
William Vu 232cc114de Change placeholder text to something useful
A la Shellshock. :)
2016-05-05 14:18:42 -05:00
William Vu f32c7ba569 Add template generation details 2016-05-05 14:18:42 -05:00
William Vu 23a0517a01 Update description 2016-05-05 14:18:42 -05:00
William Vu d7b76c3ab4 Add more references 2016-05-05 14:18:42 -05:00
William Vu 5c04db7a09 Add ImageMagick exploit 2016-05-05 14:18:42 -05:00
Adam Cammack 2e460a87dd
Remove extra assignment 2016-05-05 11:24:19 -05:00
Adam Cammack f75009a9c6
Don't duplicate headers when sending emails
If Date: and Subject: are present, we should not try to add them again.
This made Amazon SES puke, and that made us sad :(.

MS-1476
2016-05-05 10:47:21 -05:00
David Maloney 19af279ce9
Merge branch 'master' into staging/rails-upgrade 2016-05-05 10:46:12 -05:00
David Maloney 891a788ad4
Land #6849, mknod to mkfifo
lands wvu's pr to switch from mknod to
mkfifo for netcat payloads
2016-05-05 10:34:41 -05:00
Vex Woo 35a780c6a8 fix send_request_cgi redirection issues #6806 2016-05-05 09:55:32 -05:00
dmohanty-r7 f096c3bb99
Land #6821 Fix send_request_cgi! redirection 2016-05-05 09:09:30 -05:00