Commit Graph

23517 Commits (2086224a4cb305b88e5a3d4e3747233ff89ebd3e)

Author SHA1 Message Date
Tod Beardsley 2086224a4c
Minor fixes. Includes a test module. 2014-03-10 14:49:45 -05:00
Tod Beardsley 26be236896
Pass MSFTidy please 2014-03-10 14:45:56 -05:00
Tod Beardsley 368df03ae1
Land #3081, Yokogawa SCADA vulns
I know it looks like I'm landing my own PR, but it's an illusion; I am
merely shoving bits around on @jvazquez-r7's behalf while he is
technically (and now actually) on vacation.
2014-03-10 12:44:00 -05:00
Tod Beardsley 6e279da6bd
Land todb-r7#13 for rapid7#3081 credit update 2014-03-10 10:24:05 -05:00
jvazquez-r7 8cfa5679f2 More nick instead of name 2014-03-10 16:12:44 +01:00
jvazquez-r7 bc8590dbb9 Change DoS module location 2014-03-10 16:12:20 +01:00
jvazquez-r7 1061036cb9 Use nick instead of name 2014-03-10 16:11:58 +01:00
Tod Beardsley 5485028501
Add 3 Yokogawa SCADA vulns
These represent our part for public disclosure of the issues listed
here:

http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf

Yokogawa is calling these YSAR-14-0001E, and I think that they map
thusly:

YSAR-14-0001E Vulnerability 1 :: R7-2013-19.1
YSAR-14-0001E Vulnerability 2 :: R7-2013-19.3
YSAR-14-0001E Vulnerability 3 :: R7-2013-19.4

@jvazquez-r7 if you could confirm, I'd be delighted to land these and
get your disclosure blog post published at:

https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities

Thanks for all the work on these!
2014-03-10 09:33:54 -05:00
sinn3r e32ff7c775
Land #3077 - Allow TFTP server to take a host/port argument 2014-03-08 00:58:52 -06:00
Tod Beardsley 151e2287b8
OptPath, not OptString. 2014-03-07 10:52:45 -06:00
Tod Beardsley 5cf1f0ce4d
Since dirs are required, server will send/recv
This does change some of the meaning of the required-ness of the
directories. Before, if you wanted to serve files, but not receive any,
you would just fail to set a OUTPUTPATH.

Now, since both are required, users are required to both send and
recieve. This seems okay, you can always just set two different
locations and point the one you don't want at /dev/null or something.
2014-03-07 10:49:11 -06:00
Tod Beardsley 37fa4a73a1
Make the path options required and use /tmp
Otherwise it's impossible to run this module without setting the options
which were not otherwise validated anyway.
2014-03-07 10:41:18 -06:00
sinn3r c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack 2014-03-07 10:29:56 -06:00
Spencer McIntyre ebee365fce
Land #2742, report_vuln for MongoDB no auth 2014-03-06 19:34:45 -05:00
Spencer McIntyre 84f280d74f
Use a more descriptive MongoDB vulnerability title 2014-03-06 19:20:52 -05:00
Tod Beardsley 8a0531650c
Allow TFTP server to take a host/port argument
Otherwise you will tend to listen on your default ipv6 'any' address and
bound to udp6 port 69, assuming you haven't bothered to disable your
automatically-enabled ipv6 stack.

This is almost never correct.
2014-03-06 16:13:20 -06:00
Joe Vennix 9638bc7061 Allow a custom .app bundle.
* adds a method to Rex::Zip::Archive to allow recursive packing
2014-03-06 16:11:30 -06:00
Joe Vennix 5abb442757 Adds more descriptive explanation of 10.8+ settings. 2014-03-06 15:15:27 -06:00
William Vu ee0aa20955
Land #3013, Metasm update 2014-03-06 14:15:42 -06:00
Joe Vennix 43d315abd5 Hardcode the platform in the safari exploit. 2014-03-06 13:04:47 -06:00
sinn3r 3c2eb29762
Land #3068 - require msf/core/exploit/powershell 2014-03-05 21:32:10 -06:00
Brendan Coles df2bdad4f9 Include 'msf/core/exploit/powershell'
Prevent:

```
[-] 	/pentest/exploit/metasploit-framework/modules/exploits/windows/misc/hp_dataprotector_exec_bar.rb: NameError uninitialized constant Msf::Exploit::Powershell
```
2014-03-06 12:57:43 +11:00
Joe Vennix 38a2e6e436 Minor fixes. 2014-03-05 19:03:54 -06:00
Joe Vennix dca807abe9 Tweaks for BES. 2014-03-05 19:00:15 -06:00
Joe Vennix 12cf5a5138 Add BES, change extra_plist -> plist_extra. 2014-03-05 18:51:42 -06:00
sinn3r 9d0743ae85
Land #3030 - SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write 2014-03-05 16:34:54 -06:00
sinn3r 2015c56699
Land #3066 - HP Data Protector Backup Client Service Remote Code Execution 2014-03-05 16:18:28 -06:00
William Vu 096d6ad951
Land #3055, heapLib2 integration 2014-03-05 15:48:13 -06:00
bcoles 1ea35887db Add OSVDB reference 2014-03-06 01:40:15 +10:30
jvazquez-r7 4e9350a82b Add module for ZDI-14-008 2014-03-05 03:25:13 -06:00
Joe Vennix cd3c2f9979 Move osx-app format to EXE. 2014-03-04 22:54:00 -06:00
OJ a1aef92652
Land #2431 - In-memory bypass uac 2014-03-05 11:15:54 +10:00
sinn3r 7cb6e7e261
Land #3057 - MantisBT Admin SQL Injection Arbitrary File Read 2014-03-04 17:52:29 -06:00
sinn3r f0e97207b7 Fix email format 2014-03-04 17:51:24 -06:00
Joe Vennix 32c27f6be0 Tweak timeouts. 2014-03-04 17:16:23 -06:00
Joe Vennix 40047f01d3 Adds Safari User Assisted download launch module. 2014-03-04 17:02:51 -06:00
sinn3r caaa419ef8
Land #3054 - Fix crash in osx/x64/exec on 10.9 Mavericks 2014-03-04 15:24:02 -06:00
William Vu 4c4a931fa4
Land #3064, naughty talk cleanup 2014-03-04 15:01:34 -06:00
William Vu f50d6c8709 Remove a couple more instances of "shit" 2014-03-04 15:00:48 -06:00
Tod Beardsley a3d72567f3
That one, too. 2014-03-04 14:38:25 -06:00
Tod Beardsley 60d0667d9f
Land #3063, make CONTRIBUTING and HACKING useful 2014-03-04 14:36:12 -06:00
Tod Beardsley 6e88bbd827
No need for that kind of language 2014-03-04 14:34:50 -06:00
William Vu 9338b43e22 Merge remote-tracking branch 'origin/pr/5' into feature/contributing 2014-03-04 14:21:17 -06:00
Tod Beardsley d27b47a078
Update HACKING along with CONTRIBUTING.md 2014-03-04 14:12:42 -06:00
Tod Beardsley 45086d01ce
Add a link to common coding mistakes 2014-03-04 14:06:34 -06:00
Brandon Perry c86764d414 update default password to root 2014-03-04 11:55:30 -08:00
William Vu 3491a93f0a Add note about descriptive titles in bug reports 2014-03-04 13:16:55 -06:00
William Vu 3bbb2d628e Add note about topic branches 2014-03-04 13:05:50 -06:00
William Vu 79aa14235a Add note about the 50/72 rule 2014-03-04 12:46:42 -06:00
William Vu e8979ff892 Add note about PR titles 2014-03-04 12:44:12 -06:00