Christian Mehlmauer
|
c603430228
|
fix version check
|
2015-12-15 18:26:21 +01:00 |
Christian Mehlmauer
|
9ae2c53c1f
|
Merge pull request #7 from wchen-r7/update_6355
Add a check for joomla
|
2015-12-15 18:22:21 +01:00 |
wchen-r7
|
b9b280954b
|
Add a check for joomla
|
2015-12-15 11:03:36 -06:00 |
Christian Mehlmauer
|
e4309790f5
|
renamed module because X-FORWARDED-FOR header is also working
|
2015-12-15 17:37:45 +01:00 |
Christian Mehlmauer
|
84d5067abe
|
add joomla RCE module
|
2015-12-15 17:20:49 +01:00 |
wchen-r7
|
ab3fe64b6e
|
Add method peer for jenkins_java_deserialize.rb
|
2015-12-15 01:18:27 -06:00 |
Jon Hart
|
b78f7b4d55
|
Land #6319, @all3g's module for abusing redis to achieve file uploads
|
2015-12-14 18:00:44 -08:00 |
Vex Woo
|
c9e596bc31
|
Merge pull request #4 from jhart-r7/pr/fixup-6319
Rename redis file upload module; remove the 'auth' part
|
2015-12-15 09:08:26 +08:00 |
Gregory Mikeska
|
9a2268fc1c
|
Land #6350, make sure MSF_DATABASE_CONFIG is unset
|
2015-12-14 14:48:19 -06:00 |
Brent Cook
|
eccf61bec5
|
ensure that the metasploit database environment variable is unset
|
2015-12-14 14:29:25 -06:00 |
Gregory Mikeska
|
e9a3f58788
|
Land #6348 remove bundler 1.10 fingerprint
from Gemfile.lock
|
2015-12-14 13:48:17 -06:00 |
Brent Cook
|
ee208570a2
|
remove bundler 1.10 fingerprint from Gemfile.lock
|
2015-12-14 13:22:38 -06:00 |
Jon Hart
|
e448bc3e27
|
If saving fails, print_error and mention permissions
|
2015-12-14 10:47:05 -08:00 |
Jon Hart
|
19acd366d6
|
Rename redis file upload module; remove the 'auth' part
|
2015-12-14 10:40:28 -08:00 |
Tod Beardsley
|
30c805d9c7
|
Land #6344, R7-2015-22 / CVE-2015-8249
|
2015-12-14 12:30:51 -06:00 |
Tod Beardsley
|
b25aae3602
|
Add refs to module
See rapid7#6344.
|
2015-12-14 12:05:46 -06:00 |
Brent Cook
|
c00f05faba
|
Land #6346, jenkins_java_deserialize check reliability fixes
|
2015-12-14 11:44:33 -06:00 |
William Vu
|
b085989923
|
Land #6266, rsync creds scraper
|
2015-12-14 11:37:30 -06:00 |
David Maloney
|
08acac6c25
|
Lands #6326, Rspec 3 upgrade
lands the work to upgrade framework
to RSpec 3
MS-673
|
2015-12-14 11:27:17 -06:00 |
wchen-r7
|
bd8aea2618
|
Fix check for jenkins_java_deserialize.rb
This fixes the following:
* nil return value checks
* handle missing X-Jenkins-CLI-Port scenario more properly
* proper HTTP path normalization
|
2015-12-14 11:25:59 -06:00 |
Brent Cook
|
a0e8878508
|
Land #6343, update nokogiri to 1.6.7
|
2015-12-14 10:55:04 -06:00 |
wchen-r7
|
5ffc80dc20
|
Add ManageEngine ConnectionId Arbitrary File Upload Vulnerability
|
2015-12-14 10:51:59 -06:00 |
Gregory Mikeska
|
b620e0d1c9
|
bump nokogiri to 1.6.7
|
2015-12-14 09:23:06 -06:00 |
William Vu
|
92bbc09b61
|
Land #6340, SVG badges for README.md
|
2015-12-14 00:33:06 -06:00 |
Spencer McIntyre
|
da64493b43
|
Land #6339, spelling fix for arp poisoning listener opt
|
2015-12-13 12:06:08 -05:00 |
Spencer McIntyre
|
4e492a1b0c
|
Add an additional grammar change to the listener option
|
2015-12-13 12:04:20 -05:00 |
Elia Schito
|
3bf5b106ae
|
Use SVG badges to please the eyes 👀
Switched the CodeClimate one to the one that shows the score.
|
2015-12-13 00:28:14 +01:00 |
radekk
|
90a523fb0a
|
Typos inside parameters description.
|
2015-12-12 22:48:20 +01:00 |
Vex Woo
|
dee23e4bda
|
Merge pull request #3 from jhart-r7/pr/fixup-6319
Cleanup redis unauth_file_upload, move redis stuff to mixin
|
2015-12-12 03:32:05 +00:00 |
Jon Hart
|
6611da9239
|
strip, not stripgit diff. strip! returns nil if the string was unmodified
|
2015-12-11 19:22:57 -08:00 |
Jon Hart
|
dcdc21e2db
|
Correct unbalanced quotes
You down with OCD (Yeah you know me).
|
2015-12-11 18:44:14 -08:00 |
Jon Hart
|
e23908d672
|
Improve verbose output related to authentication handling
|
2015-12-11 18:32:00 -08:00 |
Jon Hart
|
1a0f71b6fa
|
Try to catch case where post-auth commands are failing
|
2015-12-11 17:23:03 -08:00 |
Jon Hart
|
9cec3d9e6b
|
Move redis password option to non-advanced
|
2015-12-11 17:03:49 -08:00 |
dmohanty-r7
|
62d6950edc
|
Land #6338, Jenkins Java Deserilization Vuln
|
2015-12-11 15:13:07 -06:00 |
dmohanty-r7
|
eb4611642d
|
Add Jenkins CLI Java serialization exploit module
CVE-2015-8103
|
2015-12-11 14:57:10 -06:00 |
Jon Hart
|
1fecd9846c
|
Bury some helper methods behind private
|
2015-12-11 10:13:13 -08:00 |
Jon Hart
|
9ef46140c0
|
Improve output when success
|
2015-12-11 10:10:44 -08:00 |
Jon Hart
|
32a64c3d8e
|
Make auth easier, work automatically and on older redis versions
Also, improve check
|
2015-12-11 10:04:47 -08:00 |
Jon Hart
|
ac47c87af4
|
Move Password option to redis mixin
|
2015-12-11 08:53:11 -08:00 |
Jon Hart
|
38d0b0a0f2
|
Wire in @all3g's redis auth code
|
2015-12-11 08:42:59 -08:00 |
Brent Cook
|
6551df6446
|
update bitlocker for rspec3
|
2015-12-10 21:52:15 -06:00 |
Brent Cook
|
fb578e9063
|
use explicit exceptions for raise_error
|
2015-12-10 21:47:22 -06:00 |
Brent Cook
|
f59446851f
|
update namespace
|
2015-12-10 21:47:22 -06:00 |
Gregory Mikeska
|
99931aff44
|
Call stance only if module implements stance
|
2015-12-10 21:47:22 -06:00 |
Greg Mikeska
|
b29459747b
|
stub out private meterpreter accessor method net
|
2015-12-10 21:47:22 -06:00 |
Greg Mikeska
|
2a6db4092d
|
fix stub on Database specs
|
2015-12-10 21:47:22 -06:00 |
Greg Mikeska
|
a96445b302
|
switch out expect with a proper mock by allow
|
2015-12-10 21:47:22 -06:00 |
Greg Mikeska
|
d0d09097d5
|
stub out name on foo_inst in the option_container_spec
|
2015-12-10 21:47:22 -06:00 |
Greg Mikeska
|
9a59671330
|
switch expect to allow on runas_spec cases
|
2015-12-10 21:47:22 -06:00 |