c83a763150
Fix IPv6 issues in staged and stageless
...
* Stageless payloads weren't adding brackets around IPv6 hosts.
* Staged HTTP handler was using an undefined function to check for IPv6
addresses when host header overriding was disabled.
2015-04-09 23:33:10 +10:00
ae62d00ee4
Land #5111 , mimikatz typo fix
2015-04-09 01:50:36 -05:00
2b5ba7d12d
fixed a typo
...
a typo fixed in help.
command and not commannd
2015-04-09 12:11:46 +05:30
b6e750d7eb
Nessus auxiliary scanner for updated REST API
2015-04-09 11:36:17 +05:00
d98841d157
Land #5109 , uictl enable/disable all
2015-04-09 01:35:01 -05:00
1591c92547
Add the "all" option for the uictl
2015-04-09 01:04:50 -03:00
c9bf8f3140
Land #5105 , @joevennix's cable modem 0day
2015-04-08 16:09:46 -05:00
831a59b10b
Fix whitespace
2015-04-08 16:09:28 -05:00
52f1b95222
Add disclosure link
2015-04-08 16:07:33 -05:00
1bfda9e78f
Land #5101 , Add Directory Traversal for GoAhead Web Server
2015-04-08 15:30:23 -05:00
e03f2df691
Land #5002 , RMI/JMX improvements
2015-04-08 15:23:29 -05:00
7ed1655976
Adding module for R7-2015-01
...
Disclosure coming soon, will update this module with a pointer to the
correct reference.
2015-04-08 12:34:31 -05:00
dc14c770be
Changed the traversal variable to just one line
2015-04-08 02:26:59 -03:00
441042ed37
Removed the segments variable
2015-04-08 01:29:45 -03:00
b22ff676e2
Land #5090 : remove unused partial openssh compat code
2015-04-07 23:14:07 -05:00
27fa8791f9
Land #5095 - OJ adds stageless http transports
2015-04-07 22:58:36 -05:00
d399d05383
Add Directory Traversal for GoAhead Web Server
2015-04-07 20:22:06 -03:00
9fd40870d0
Update http(s) generator functions
...
Methods now require a hash. I went with the hash because 1) that's what
we seem to use everywhere else, and 2) I couldn't get the new keyword
arguments working nicely with the block syntax (I'm clearly stupid).
2015-04-08 07:56:54 +10:00
a54182a562
Land #5088 : @rwhitcroft fix premature close on connect -i
2015-04-07 14:00:16 -05:00
84411be606
Land #5097 : resolve UUID namespace issues with pro
2015-04-07 13:16:28 -05:00
8cc48e05a8
Make Polyglot happy
2015-04-07 13:08:58 -05:00
9bce08b813
This change avoids namespace collisions around the Abbrev class
2015-04-07 13:06:26 -05:00
bac3c80d7e
Land 5093, workaround for when cache is being built
2015-04-07 12:02:30 -05:00
890b1515ae
Land #5046 , meterpreter transport mobility support
2015-04-07 10:52:03 -05:00
53d5b97634
Add support for UUID generation in transport switching
...
If the session doesn't have a payload UUID we now generate one as best
we can. This code will probably go away when TCP related transports have
had the UUID stuf baked in.
2015-04-07 17:25:55 +10:00
15313243cc
Use UUID instead of old skool URIs
...
This uses HD's UUID stuff to generate a new URI for the transport.
Currently we don't have UUID support for TCP connections, but that's
coming.
Still do to: generation of a valid UUID for payloads that don't already
have one.
2015-04-07 16:00:30 +10:00
2977cbd42a
Merge branch 'upstream/master' into dynamic-transport
2015-04-07 14:30:48 +10:00
84397f5db0
Remove unused commented-out code
2015-04-07 12:47:18 +10:00
5ab0204b24
Update spec for new payloads
2015-04-07 11:32:00 +10:00
8f58e08c13
Add support for stageless reverse_http payloads
...
This includes both x64 and x86.
2015-04-07 11:01:24 +10:00
38a77c930e
Land #5072 : Support and embed payload UUIDs
2015-04-07 10:10:36 +10:00
83cf1ad8ce
Instantiate to get name if we don't have cache yet
...
Fixes #5086
2015-04-06 18:59:38 -05:00
21d0d6ceb3
Remove dead code from Net::SSH
...
Triggers uninitialized constant COMPAT_OLD_DHGEX, which was removed in
1664a4b5e8
2015-04-06 15:59:09 -05:00
8cbc98fc47
fix #5074 - missing thread join
2015-04-06 16:21:07 -04:00
ee13c07c95
Fix stack trace from %W prompt format
...
Should have been framework.db.active.
2015-04-06 14:08:52 -05:00
5f8d58f214
Use framework.db.active
2015-04-06 14:08:10 -05:00
bc4d6c2545
Land #5083 , %W prompt format for current workspace
2015-04-06 13:48:52 -05:00
7a2d3f5ebd
Land #5082 , firefox_proxy_prototype autopwn_info
2015-04-06 13:36:03 -05:00
efebe1cd0f
Land #5084 , @todb-r7's release fixes
2015-04-06 13:08:54 -05:00
e1af495d21
Add extra release fixes
2015-04-06 13:08:40 -05:00
b62011121b
Minor word choice fix on Solarwinds exploit
...
Removing the second person pronoun usage.
[See #5050 ]
2015-04-06 12:40:22 -05:00
5be5b6097c
Minor grammar on #5030 , Adobe Flash
...
[See #5030 ]
2015-04-06 12:36:25 -05:00
1e6d895975
Description fixes on #4784 , jboss exploit
...
Also, needed to run through msftidy.
[See #4784 ]
2015-04-06 12:34:49 -05:00
6811aebb1c
Merge pull request #11 from OJ/hd-payload-uuids
...
Add trailing slash to stageless URI
2015-04-06 10:57:41 -05:00
98c95104da
Use ||= for consistency
2015-04-06 10:55:14 -05:00
566c330b83
Add workspace to prompt format options
2015-04-06 09:19:49 -05:00
9b502b904f
Add trailing slash to stageless URI
...
Without the trailing slash, stageless payloads take a nasty turn.
2015-04-06 19:53:02 +10:00
cd65e6f282
Add browser_autopwn info to firefox_proxy_prototype
2015-04-06 10:42:32 +05:00
4635bb83c3
Implement ssl verification toggling
...
Add support to meterpreter that allows for the querying and toggling of
SSL certificate verification on the fly.
In order to verify that the socket was SSL-enabled, some rejigging had
to be done of the type? method in the ssl socket class.
2015-04-06 14:40:59 +10:00
3c59519811
Add PayloadUUIDRaw for manual PUID specification
2015-04-05 23:25:52 -05:00
OJ
William Vu
Anant Shrivastava
root
Roberto Soares
Tod Beardsley
sinn3r
Brent Cook
HD Moore
Samuel Huckins
James Lee
rwhitcroft