Commit Graph

37589 Commits (242ea8d9cd194ccf9333efb453cf0e5a8f2199ca)

Author SHA1 Message Date
wchen-r7 bc050410a6 Allow max traversal depth as an option, and report cred 2016-02-26 10:52:30 -06:00
wchen-r7 7731fbf48f
Land #6530, NETGEAR ProSafe Network Management System 300 File Upload 2016-02-26 10:39:09 -06:00
Brent Cook 7acba69e37
Land #6577, add controls for Android ringer 2016-02-26 07:02:49 -06:00
Brent Cook 1427887efe update payloads 2016-02-26 06:10:02 -06:00
Brent Cook 5899b8afc8 make help show up when things are not specified correctly 2016-02-26 06:09:05 -06:00
Brent Cook 89b0c8a27a
Land #6571, use intent to unlock Android screens, support <= 4.3 2016-02-26 05:55:35 -06:00
HD Moore 9010dac7bc Wrap up the current WIP, still not functional 2016-02-26 05:36:40 +00:00
HD Moore 5bf308e720 WIP checkin 2016-02-26 05:36:40 +00:00
wchen-r7 6188da054d Remove // 2016-02-25 22:20:48 -06:00
Brent Cook d891e27cdd
Land #6597, prefer Timeout.timeout since Object#timeout is deprecated 2016-02-25 22:17:49 -06:00
wchen-r7 051506694f
Land #6574, add Linknat Vos Manager Traversal aux module 2016-02-25 22:02:56 -06:00
William Vu 83fad3e328 Add Fortinet backdoor 2016-02-25 21:29:08 -06:00
Brent Cook 5314dae9ae
Land #6601, clarify preferred licensing for new code 2016-02-25 20:26:54 -06:00
Brent Cook a87cf02b50
Land #6524, fix reverse_http to try binding to LHOST first 2016-02-25 20:25:02 -06:00
wchen-r7 3422bd1646
Land #6374, Update the Lastpass creds module with new attack vectors 2016-02-25 14:52:51 -06:00
wchen-r7 f3cf5a8a41 Resolve merge conflict with upstream-master
Out of date author field
2016-02-25 14:49:53 -06:00
wchen-r7 d14ec657e2
Land #6564, Add Apache Karaf Command Execution Module 2016-02-25 14:47:40 -06:00
wchen-r7 1d2ec7a239 Rescue OpenSSL::Cipher::CipherError
Our current net/ssh library is out of date, so we need to rescue
OpenSSL::Cipher::CipherError.
2016-02-25 14:46:53 -06:00
wchen-r7 2e268a25da
Land #6596, Apache Karaf Login Utility 2016-02-25 14:39:51 -06:00
wchen-r7 aa7c3f01a8 Update name and description 2016-02-25 14:39:19 -06:00
wchen-r7 7e25c7b87b Handle OpenSSL::Cipher::CipherError
Our current net/ssh is petty outdated, so it is possible not being
able to connect to certain SSH servers.
2016-02-25 14:35:37 -06:00
Dev Mohanty c4d80a7c16 Merge pull request #1 from wvu-r7/pr/6596
Fix some things
2016-02-25 13:57:14 -06:00
James Barnett 17447bea35
Put the code in the wrong block. 2016-02-25 13:39:04 -06:00
James Barnett 2366a7baa8
Use the correct step definition. 2016-02-25 13:26:11 -06:00
James Barnett e3c5708363
Support for tests that require the DB. Also update ms08-067 script with a few flags. 2016-02-25 12:41:40 -06:00
William Vu 7d20e26a35 Move to aux/scanner/ssh 2016-02-25 11:22:50 -06:00
William Vu f52f44cde0 Remove session_setup, since we're not in a shell
A real shell. A real human bean.
2016-02-25 11:21:45 -06:00
Gregory Mikeska 2277a97065
Modify gemfile to point to topic branch on metasploit-concern 2016-02-25 11:12:49 -06:00
Gregory Mikeska cbc5b296e4
implement engines method locally instead of adding refinement 2016-02-25 11:05:17 -06:00
darkbushido 2ec7149ae7
Logging deprecations to STDERR 2016-02-25 10:59:50 -06:00
Metasploit b32f474e99
Bump version of framework to 4.11.13 2016-02-24 11:37:42 -08:00
Tyler Bennett ff3a554b4d added an unless to wrap around the print and report_creds func for nas module to only execute if ftpuser and ftppass is non-blank 2016-02-24 13:53:30 -05:00
Brent Cook 1029627a1f Merge pull request #5 from timwr/ringer-mode
fixes for android set_audio_mode
2016-02-23 21:44:13 -06:00
Tyler Bennett 16d7b2e6ff cleaned up unless code for nas module and setup ftpuser and ftppass to only if non blank 2016-02-23 17:37:47 -05:00
dmohanty-r7 6aa6280eff
Try USERNAME before DEFAULTCRED 2016-02-23 13:44:44 -06:00
Tyler Bennett 4eabe43273 fixed issues with capturing regex 2016-02-23 12:27:07 -05:00
Tyler Bennett c191e5b8e1 corrected authors file and cleaned up debug statements 2016-02-23 11:41:12 -05:00
Jon Hart c79eab2c7f
Land #6241, @talos-arch3y's aux module for Dahua DVR CVE-2013-6117 2016-02-23 08:20:54 -08:00
Pedro Ribeiro 5710c85a9e Style changes 2016-02-23 15:15:57 +07:00
Pedro Ribeiro 044b12d3a4 Made style changes requested by OJ and others 2016-02-23 15:14:04 +07:00
dmohanty-r7 07ac13326e
Allow user to try other login credentials 2016-02-22 17:47:32 -06:00
HD Moore aea68adb77 Clarify that contributed code should be BSD/MIT 2016-02-22 16:29:13 -06:00
James Lee b2187d3399
Fix link
I wonder why download.rapid7.com doesn't exist.

[ci skip]
2016-02-22 15:14:38 -06:00
James Lee 77ee84e0ab
Add pull request template 2016-02-22 12:45:02 -06:00
James Lee 18784b0b5b
Add issue template 2016-02-22 12:45:02 -06:00
David Maloney c0c6dc7a18
point to other staging brnaches for gems
the gem dependencies that have been modified
so far are being pulled in from their staging branches
on github instead of rubygems for this branch
2016-02-22 11:31:58 -06:00
wvu-r7 340a8d1687 Merge pull request #15 from bcook-r7/land-6524-bind
update to use the common bind_addresses method
2016-02-22 10:16:07 -06:00
James Lee 56fed01ff0
Land #6599, fix silent failures in aux HttpServers 2016-02-22 08:41:11 -06:00
RageLtMan d7ba37d2e6 Msf::Exploit::Remote::HttpServer print_* fix
Exploit::Remote::HttpServer and every descendant utilizes the
print_prefix method which checks whether the module which mixes in
these modules is aggressive. This is done in a proc context most
of the time since its a callback on the underlying Rex HTTP server.

When modules do not define :aggressive? the resulting exceptions
are quietly swallowed, and requestors get an empty response as the
client object dies off.

Add check for response to :aggressive? in :print_prefix to address
this issue.
2016-02-21 20:20:22 -05:00
Tim cef1b77e26 fixes for android set_audio_mode 2016-02-20 12:01:10 +00:00