jvazquez-r7
c1234e05e2
Delete parenthesis from condition
2015-04-20 14:56:37 -05:00
jvazquez-r7
0283ac05e5
Do minor style fixes
2015-04-20 14:54:39 -05:00
jvazquez-r7
69b8edda4a
Use single quotes
2015-04-20 14:53:38 -05:00
jvazquez-r7
16daa935dd
Do minor code cleanup
2015-04-20 13:08:51 -05:00
Brent Cook
aa4489dd21
Land #5196 , fix incorrect yardoc annotations
2015-04-20 11:50:43 -05:00
jvazquez-r7
4f59abe842
Land #5203 , @Meatballs1 fixes #5199 by using the correct namespace
...
* Fixes web_delivery
2015-04-20 11:20:48 -05:00
benpturner
d9d8451b9f
Updated tools/msftidy.rb issues
2015-04-20 16:03:34 +01:00
Meatballs
eb1c01417a
Bogus :
2015-04-20 11:00:26 +01:00
Meatballs
aa4f913800
Resolves #5199
...
Fix Powershell namespace in web_delivery module
2015-04-20 09:37:42 +01:00
Christian Mehlmauer
a60fe4af8e
Land #5201 , Change module wording to conform with other WP modules
2015-04-20 10:07:05 +02:00
aushack
1a32cf7fc0
Change module wording to conform with other WP modules.
2015-04-20 16:48:35 +10:00
benpturner
ead57849f2
Merge pull request #1 from Meatballs1/powershell_interactive_mods
...
Powershell interactive mods
2015-04-20 06:48:11 +01:00
Brandon Perry
b622aae97f
Update wordpress_contus_video_gallery_sqli.rb
2015-04-19 18:24:12 -05:00
Meatballs
ac1f03b1de
Use fail_with if unknown exception
2015-04-20 00:11:23 +01:00
Brandon Perry
c393f7c398
add contus video gallery scanner
2015-04-19 17:58:08 -05:00
Meatballs
1cc08a56a8
Additional tidyup
2015-04-19 23:55:55 +01:00
Meatballs
b0d50dc2be
Create our own Rex connection to the endpoint
...
Ensure powershell process closes when module completes
Add a windows cmd interact payload
2015-04-19 23:41:28 +01:00
Christian Mehlmauer
668961b69d
fix some yarddoc issues
2015-04-20 00:06:59 +02:00
Christian Mehlmauer
103b8297ba
Land #5183 , Improve developer experience for fail_with
2015-04-19 23:57:36 +02:00
Christian Mehlmauer
ed9175d73f
Land #5167 , WordPress CP Multi-View Calendar SQLI Scanner
2015-04-19 23:36:23 +02:00
Brandon Perry
8c0bcd2e03
Update wordpress_cp_calendar_sqli.rb
...
Use the new WPVDB
2015-04-19 16:32:57 -05:00
Christian Mehlmauer
a5583debdc
Land #5131 , WordPress Slideshow Upload
2015-04-19 23:12:26 +02:00
Meatballs
8bd0da580d
Move script out of module
2015-04-19 21:12:44 +01:00
Meatballs
9fd3d3aa8c
Move to exploit module
2015-04-19 20:58:20 +01:00
benpturner
1ee850246a
Interactive powershell post module that allows a user to gain an
...
interactive powershell prompt from a compromised session. It opens a TCP
listener for Powershell and automatically creates the handler. You can
also pass this other powershell files in the LOAD_MODULE option to go
ahead and download using the download cradle once the session is
established.
2015-04-19 20:51:41 +01:00
joev
2010e966b3
Add non-httponly cookie theft module for ios/osx safari.
2015-04-19 11:32:37 -05:00
OJ
e7babc4acb
Fix persistence script to support x64 payloads
2015-04-19 12:41:51 +10:00
Roberto Soares
c1a1143377
Remove line in description and output line in fail_with
2015-04-18 15:38:42 -03:00
Christian Mehlmauer
3417c3f5ab
Land #5181 , Revert unwanted URI encoding
2015-04-18 11:55:19 +02:00
wchen-r7
43e9244b4c
Fix #5134 , Put store_loot back
...
Fix #5134
store_loot was used at one point, but we ended up removing it.
Turns out store_loot is handy in some cases so we're brining it back.
2015-04-17 16:33:51 -05:00
wchen-r7
37613adebb
Improve developer experience for fail_with
...
The fail_with for an exploit is used differently than a non-exploit,
so it would be nice to document about this. Also, be strict about
the reason for the exploit one, because this can affect other
components of Metasploit.
2015-04-17 15:55:22 -05:00
wchen-r7
4f903a604c
Fix #5103 , Revert unwanted URI encoding
...
Fix #5103 . By default, Httpclient will encode the URI but
we don't necessarily want that. These modules originally
didn't use URI encoding when they were written so we should
just keep them that way.
2015-04-17 13:59:49 -05:00
Brent Cook
2a327b7c91
Land #5116 , better handle platform and arch in msfvenom
2015-04-17 10:55:41 -05:00
Brent Cook
e73d2cf6a7
Land #5179 , workaround crash with OS X system python
2015-04-17 10:44:05 -05:00
karllll
e3ce4eb88e
Update mcafee_vse_hashdump.rb
2015-04-17 09:47:02 -04:00
Meatballs
15eef6e8de
Dont fork on OSX
2015-04-17 11:43:07 +01:00
OJ
85ba60b6d3
Land #5138 : Cleanup http(s) sessions when all closed
2015-04-17 20:15:02 +10:00
Christian Mehlmauer
bba0927c7e
Land #5163 , WordPress Reflex Gallery Plugin File Upload
2015-04-17 11:26:34 +02:00
Christian Mehlmauer
6653c9e33d
Land #5162 , WordPress Dukapress File Read Vulnerability
2015-04-17 11:20:55 +02:00
Christian Mehlmauer
6c77b64dae
wrong method name
2015-04-17 11:20:14 +02:00
Christian Mehlmauer
aef464fc2e
Land #5159 , WordPress Mobile Edition Plugin File Read Vuln
2015-04-17 11:13:00 +02:00
Brent Cook
3107d99b9a
Use the same URI that was registered when we deregister
...
The original URI is registered as '/foobar/' but is deregistered as
'//foobar/', causing it to never get deregistered. Changing this fixes
unregistration of the service handler for staged payloads, but stageless
doesn't work properly if the URI actually gets deregistered.
2015-04-17 03:20:24 -05:00
Brent Cook
18225780da
cleanup HTTP and HTTPS listeners when sessions are closed
...
Rather than listening forever after a session shuts down, close the session if
there are no other URI's registered on the listener. This allows reconfiguring
the listener without restarting framework, but should be safe for situations
where multiple modules share the same listener.
2015-04-17 02:41:24 -05:00
William Vu
3300845c99
Land #5171 , fail_with check for msftidy
2015-04-16 23:35:23 -05:00
Christian Mehlmauer
d494bdd5e3
Merge pull request #6 from wvu-r7/pr/5171
...
Consolidate on one check and fix false positives
2015-04-17 06:20:57 +02:00
Brent Cook
753978fc7a
Land #5141 , stageless unique URIs with the same UUID
2015-04-16 22:21:32 -05:00
Brent Cook
2ee28916f7
bump meterpreter_bins to 0.0.22
2015-04-16 22:21:12 -05:00
OJ
e0cd4a4d44
Merge branch 'upstream/master' into multi-session-stageless
2015-04-17 12:46:20 +10:00
wchen-r7
3927024f79
Land #5154 , CVE-2015-0556 (Flash copyPixelsToByteArray int overflow)
...
sage aborts
2015-04-16 21:21:09 -05:00
wchen-r7
f280e5191b
I forgot to move this require statement
2015-04-16 21:11:09 -05:00