fe86325fd4
Fixed memory alignment for x64 reverse_http stager
2013-09-16 16:43:20 -04:00
f89af79223
Correct OSVDB for sophos sblistpack exploit
2013-09-16 15:41:50 -05:00
d4f2e72b9c
updated module to include msftidy.rb
2013-09-16 12:46:13 -07:00
82e3910959
added PCMan's FTP Server Crafted Multiple Command Handling Remote Buffer Overflow (OSVDB 94624)
2013-09-16 12:40:36 -07:00
92cf886e49
updated module to include msftidy.rb
2013-09-16 12:38:00 -07:00
4c83336944
Delete pcman_stor_msf.rb
...
delete because of commit issues.
2013-09-16 12:25:39 -07:00
2d936fb67c
Bail from payload if require() is not available.
...
* TODO: test on windows
2013-09-16 14:05:26 -05:00
08f0abafd6
Add nodejs single payloads, thanks to RageLtMan.
2013-09-16 13:38:42 -05:00
e1e1cab797
Module gets me a shell, yay
2013-09-16 13:37:16 -05:00
f657f4d145
added PCMan's FTP Server Crafted Multiple Command Handling Remote Buffer Overflow (OSVDB 94624)
2013-09-16 09:57:27 -07:00
c18c41d8ea
Don't hidde exceptions
2013-09-16 09:26:13 -05:00
86e5163cad
Fix Indentation and cleanup
2013-09-16 09:19:26 -05:00
62cf9cb07c
Retab changes for PR #2188
2013-09-16 09:09:16 -05:00
842dba20b9
Merge for retab
2013-09-16 09:08:36 -05:00
299860b09d
Land #2329 , @kaospunk auxiliary module to enumerate ntlm info
2013-09-16 08:16:30 -05:00
4040fe4b6b
Fix style
2013-09-16 08:15:46 -05:00
af873b7349
added OpenEMR 4.1.1 Patch 14 SQLi Privesc Upload RCE
2013-09-16 16:19:35 +07:00
b2b629f932
added WD Arkeia Appliance RCE
2013-09-16 14:38:50 +07:00
67cd62f306
Land #2366 - HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
2013-09-16 01:44:23 -05:00
b993a4bda9
Land #2367 - HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload
2013-09-16 01:43:07 -05:00
2741983158
Update description
2013-09-13 18:31:11 -05:00
40aeaf445b
Add auxiliary module for HP SNAC Auth Bypass
2013-09-13 18:29:57 -05:00
54e9cd81f3
Add module for ZDI-13-226
2013-09-13 17:31:51 -05:00
10303a8c2a
Delete debug print_status
2013-09-13 17:05:23 -05:00
dca4351303
Add check function
2013-09-13 16:51:14 -05:00
f7c4e081bb
Add module for ZDI-13-225
2013-09-13 16:40:28 -05:00
813290cd68
Land #2357
2013-09-13 14:26:30 -05:00
b2ba4b445f
Land #2362 , update description
2013-09-13 12:56:04 -05:00
4847976995
Update information about original discovery
...
Update info about original discovoery. See #2337 too.
2013-09-13 10:42:11 -05:00
c665f41cd6
Fix description
2013-09-13 09:09:14 -05:00
84f015320a
Probably helps to use the right alternate exploit name.
2013-09-12 16:16:49 -05:00
14577441ca
Deprecates windows persistence post module.
2013-09-12 16:10:48 -05:00
76f27ecde8
Require the deprecation mixin in all modules
...
Because rememberin to require it, and hoping against a race is not how we
roll any more.
2013-09-12 15:49:33 -05:00
761042f14b
require the deprecated mixin
2013-09-12 15:42:01 -05:00
968f299772
Deprecate A-PDF exploit for filename change
...
See PT 56796034
See PT 56795804
2013-09-12 15:30:26 -05:00
ac90cd1263
Land #2248 - Fix dlink upnp exec noauth
2013-09-12 15:10:20 -05:00
149312a4c0
Correct wordpress_login_enum for #2301
...
tabassassin created a mess and I failed to resolve it properly.
Attempt #2 . See #2301 .
2013-09-12 14:56:46 -05:00
91b8ca8f22
Merge branch 'pr2301' into upstream-master
...
Conflicts:
modules/auxiliary/scanner/http/wordpress_login_enum.rb
2013-09-12 14:52:34 -05:00
58b634dd27
Remove unnecessary requires from post mods
2013-09-12 14:36:01 -05:00
b7dec23a1d
Update meterpreter.rb
...
Meterpreter Error: Uninitialized Constant Error Prevents a 32bit Meterpreter session from migrating to a 64bit process.
Discovered: September 9th 2013
Fixed: September 11th 2013 By MosDefAssassin
Contact:ara1212@gmail.com
Tested on Windows 2008 R2 SP1 Running as a Domain Controller
Issue:
An issue has been discovered when you have created a simple 32bit windows/meterpreter/reverse_tcp payload and have launched the payload on the victim to obtain a remote meterpreter session. While in this session you attempt to migrate your 32bit process over to a 64bit process in order to take advantage of tools like hashdump or mimikatz or obtain system level access under a 64bit process that runs as system such as dns.exe. However when you attempt to migrate to a 64bit process you receive the following error:
Error running command migrate: NameError uninitialized constant Msf::Payload::Windows::ReflectiveDllInject_x64
Cause and Resolution:
This issue occurs because the meterpreter.rb file that is being called from within
“/opt/metasploit/apps/pro/msf3/modules/payloads/stages/windows/” folder
does not contain the following classes:
require 'msf/core/payload/windows/x64/reflectivedllinject'
require 'msf/base/sessions/meterpreter_x64_win'
Once you add these two classes to the meterpreter.rb file, you will be able to migrate to 64bit processes from a basic msfpayload generated 32bit meterpreter payload.
2013-09-12 14:32:13 -05:00
34383661cb
Land #2351 - Agnitum Outpost Internet Security Local Privilege Escalation
2013-09-12 14:21:05 -05:00
5aa6a0dd6b
Land #2346 - Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
2013-09-12 14:19:02 -05:00
f42e6e8bca
Land #2345 - Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
2013-09-12 14:17:24 -05:00
8db66aeb98
Yes, clearly it is.
2013-09-12 14:16:34 -05:00
d781f447db
Merge branch 'pr2345' into upstream-master
2013-09-12 14:15:18 -05:00
d006ee52b1
Land #2344 - Sophos Web Protection Appliance patience.cgi Directory Traversal
2013-09-12 14:13:32 -05:00
d47de46d94
Deprecate brightstor/tape_engine_8A
...
This module is getting renamed to 8a, instead of 8A.
2013-09-12 13:59:44 -05:00
41f23d5268
Fix merge fail
...
The whitespace fixes from @tabassassin somehow hosed this change.
See
845bf7146b6daa90a4a5
2013-09-11 16:22:35 -05:00
9ad1be7318
Make junk easier
2013-09-11 09:33:01 -05:00
825eb9d1ca
Add module for OSVDB 96208
2013-09-11 00:11:00 -05:00
4f1db80c24
Fix requires in new post modules
2013-09-10 11:13:07 -05:00
df3aae0cae
Land #2341 , @todb-r7's grammar fixes
2013-09-10 09:20:29 -05:00
02a073a8fe
Change module filename
2013-09-09 23:30:37 -05:00
64348dc020
Update information
2013-09-09 23:29:48 -05:00
bf40dc02ce
Add module for CVE-2013-4984
2013-09-09 23:27:24 -05:00
c3ff9a03d8
Add module for CVE-2013-4983
2013-09-09 23:26:10 -05:00
06f7abc552
Helps to put the rand() wrapper in
2013-09-09 20:26:11 -05:00
baff3577e5
FixRM #8034 Pick a valid certificate expiration
2013-09-09 20:24:52 -05:00
93c0b02b3b
Land #2342 , fix for smb_enumshares Array-ness
2013-09-09 16:55:01 -05:00
f73c18ccd9
Store the Array, not human-readable version
...
[SeeRM #8389 ]
2013-09-09 16:44:47 -05:00
aff35a615b
Grammar fixes in descriptions
2013-09-09 15:09:53 -05:00
2252aee398
Fix ltype on store_loot
2013-09-09 14:02:28 -05:00
ce769b0c78
Add module for CVE-2013-2641
2013-09-09 13:56:45 -05:00
791b6f69c2
Land #2337 , @wchen-r7's exploit for MS13-055
2013-09-09 11:12:03 -05:00
0ee0168556
Retabbed
...
One kills a man, one is an assassin; one kills millions, one is a
conqueror; one kills a tab, one is a Metasploit dev.
2013-09-09 10:01:01 -05:00
6ab905e9e0
Less alignment
2013-09-09 09:39:02 -05:00
992bdcf530
Not from the future
2013-09-09 00:36:28 -05:00
ae659507d2
Land #2336 - GE Proficy Cimplicity WebView Directory Traversal
2013-09-08 23:05:57 -05:00
3d48ba5cda
Escape dot on regex
2013-09-08 20:26:20 -05:00
47147444af
Land #2327 HP SiteScope Remote Code Execution
2013-09-08 20:14:27 -05:00
c3db41334b
Add MS13-055 Internet Explorer Use-After-Free Vulnerability
...
In IE8 standards mode, it's possible to cause a use-after-free condition by first
creating an illogical table tree, where a CPhraseElement comes after CTableRow,
with the final node being a sub table element. When the CPhraseElement's outer
content is reset by using either outerText or outerHTML through an event handler,
this triggers a free of its child element (in this case, a CAnchorElement, but
some other objects apply too), but a reference is still kept in function
SRunPointer::SpanQualifier. This function will then pass on the invalid reference
to the next functions, eventually used in mshtml!CElement::Doc when it's trying to
make a call to the object's SecurityContext virtual function at offset +0x70, which
results a crash. An attacker can take advantage of this by first creating an
CAnchorElement object, let it free, and then replace the freed memory with another
fake object. Successfully doing so may allow arbitrary code execution under the
context of the user.
This bug is specific to Internet Explorer 8 only. It was originally discovered by
Orange Tsai at Hitcon 2013, but was silently patched in the July 2013 update, so
no CVE as of now.
2013-09-08 20:02:23 -05:00
02cc53e893
Land #2298 , @dzruyk's DoS aux module for CVE-2013-4124
2013-09-07 16:11:49 -05:00
a40e0ba704
Clean up read_nttrans_ea_list
2013-09-07 16:11:00 -05:00
be9b0da595
Update print message
2013-09-06 16:09:38 -05:00
3da9c4a685
Cleans up timeouts, wait before dropping payload, actually call #cleanup#super to kill the dropped file
2013-09-06 13:05:17 -05:00
830bc2ae64
Update OSVDB reference
2013-09-06 13:01:39 -05:00
4e3d4994c3
Update description
2013-09-06 12:58:54 -05:00
45821a505b
Add module for CVE-2013-0653
2013-09-06 12:42:34 -05:00
ffa600ff8b
Fix really the check method
2013-09-06 10:21:18 -05:00
9b9e1592fd
Retab changes
2013-09-06 10:13:38 -05:00
a64f960bfc
Merge for retab
2013-09-06 10:12:55 -05:00
d9fed860a5
Fix check method
2013-09-06 10:11:06 -05:00
94cc3f0e49
Retab changes
2013-09-06 09:51:14 -05:00
73a66819ea
Merge for retab
2013-09-06 09:50:37 -05:00
7ce9d38eba
Fix module
2013-09-06 09:49:52 -05:00
2aed293d9a
Handle locked date and time preference pane
...
If the date and time preference pane is locked, effects are:
1. systemsetup takes 30 seconds to return
added a 30-second timeout to cmd_exec
2. Unable to change system date and time settings
added additional check to see if date change was successful
2013-09-06 10:17:09 -04:00
7d4bf0c739
Retab changes for PR #2327
2013-09-05 23:25:41 -05:00
34b499588b
Merge for retab
2013-09-05 23:24:22 -05:00
eb745af12f
Land #1054 , @Meatballs1 exploit for IPsec Keying and more
2013-09-05 16:53:20 -05:00
473f08bbb6
Register cleanup and update check
2013-09-05 22:43:26 +01:00
400b433267
Sort out exception handling
2013-09-05 22:21:44 +01:00
adfb31e30a
Land #2316 , don't modify datastore in authbrute
2013-09-05 16:04:15 -05:00
07060e4e69
Add return in check
2013-09-05 16:57:47 -04:00
2e9096d427
Retab changes for PR #1734
2013-09-05 14:59:41 -05:00
322ed35bb4
Merge for retab
2013-09-05 14:59:34 -05:00
2846a5d680
Retab changes for PR #1770
2013-09-05 14:57:40 -05:00
269c1a26cb
Merge for retab
2013-09-05 14:57:32 -05:00
d4043a6646
Spaces and change to filedropper
2013-09-05 20:41:37 +01:00
c5daf939d1
Stabs tabassassin
2013-09-05 20:36:52 +01:00
f780a41f87
Retab changes for PR #2248
2013-09-05 14:12:24 -05:00
554d1868ce
Merge for retab
2013-09-05 14:12:18 -05:00
f5a4c05dbc
Retab changes for PR #2267
2013-09-05 14:11:03 -05:00
4703a10b64
Merge for retab
2013-09-05 14:10:58 -05:00
9787bb80e7
Address @jlee-r7's feedback
2013-09-05 19:57:05 +01:00
597f337d1b
Retab changes for PR #2298
2013-09-05 13:52:10 -05:00
acfef429c2
Merge for retab
2013-09-05 13:52:05 -05:00
206b52ea30
Land #2325 , @jlee-r7's Linux PrependFork addition
2013-09-05 13:50:59 -05:00
845bf7146b
Retab changes for PR #2304
2013-09-05 13:41:25 -05:00
adf9ff356c
Merge for retab
2013-09-05 13:41:23 -05:00
86ceadc53d
Fix target description
2013-09-05 13:37:01 -05:00
d43326d0f4
Check 302 while checking too
2013-09-05 13:36:35 -05:00
ab83a12354
Check 302 on anonymous access too
2013-09-05 13:35:52 -05:00
abb52a086c
Retab changes for PR #2316
2013-09-05 13:33:59 -05:00
8665de0261
Merge for retab
2013-09-05 13:33:49 -05:00
896bb129cd
Retab changes for PR #2325
2013-09-05 13:24:09 -05:00
5ff25d8b96
Merge for retab
2013-09-05 13:23:25 -05:00
c9c6f84668
Retab changes for PR #2328
2013-09-05 13:16:15 -05:00
9bdc274904
Merge for retab
2013-09-05 13:15:07 -05:00
0a1a202fb5
Retab changes for PR #2329
2013-09-05 13:04:23 -05:00
760943af2f
Merge for retab
2013-09-05 13:02:51 -05:00
50c6f26329
Don't deregister PrependFork
2013-09-05 10:50:36 -05:00
c44be42cf5
Merge the check for Sentry in just one request
2013-09-05 10:41:20 -05:00
d280d45964
Revert "Updated module - 1 req action"
...
This reverts commit f85b9aa780
2013-09-05 10:35:13 -05:00
f85b9aa780
Updated module - 1 req action
...
Modified the code to have it work with 1 request instead of 3. Thanks Meatballs1!
2013-09-05 20:04:02 +05:30
9f628b8b63
Add URI where information was discovered
...
This adds the URI where the information was enumerated from to the
scanner output.
One more place where target_uri was being used was also corrected.
2013-09-05 10:06:11 -04:00
afaab5e0a6
Fixes issues raised by jvazquez-r7
...
This commit fixes the following issues raised by jvazquez-r7:
* The local target_uri variable has been renamed to test_uri
* Logic to prepend a "/" to the uri has been removed
* The timeout of 10 for send_request_cgi has been removed to use the
default
2013-09-05 09:34:35 -04:00
5c06a471f9
Get the call result
2013-09-05 08:33:35 -05:00
3681955f68
Use Msf::Config.data_directory
2013-09-05 08:28:50 -05:00
6b1d7545d6
Refactor, avoid duplicate code
2013-09-05 08:26:49 -05:00
533643fe2c
Host Information Enumeration via NTLM Authentication
...
This aux module makes requests to resources on the target server in
an attempt to find resources which permit NTLM authentication. For
resources which permit NTLM authentication a blank NTLM type 1 message
is sent to enumerate a a type 2 message from the target server. The type
2 message is then parsed for information such as the Active Directory
domain and NetBIOS name.
The user can provide their own TARGETURIS file which contains URIs
to request to attempt to get a 401 with NTLM. This PR also includes
a list of URLs that can be used as the default.
2013-09-04 21:39:02 -04:00
84e4b42f6b
allow 302 redirects
2013-09-04 16:59:42 -05:00
66d5af5a11
remove dependency on tmpl=component
2013-09-04 16:58:49 -05:00
b6245eea72
Update target info
2013-09-04 16:43:26 -05:00
34b3ee5e17
Update ranking and description
2013-09-04 16:10:15 -05:00
94125a434b
Add module for ZDI-13-205
2013-09-04 15:57:22 -05:00
9f3a5dc5d0
Retab new modules
2013-09-04 12:32:53 -05:00
999b802468
Merge branch 'master' into retab/rumpus
2013-09-04 12:32:05 -05:00
b913fcf1a7
Add a proper PrependFork for linux
...
Also fixes a typo bug for AppendExit
2013-09-04 00:15:07 -05:00
3066e7e19d
ReverseConnectRetries ftw
2013-09-04 00:16:19 +01:00
a8e77c56bd
Updates
2013-09-03 22:46:20 +01:00
cc838401fb
Land #2314 , metasploit_pcaplog title correction
2013-09-03 15:21:00 -06:00
b9ceed0c53
Land #2313 , lockout_keylogger title correction
2013-09-03 15:20:20 -06:00
ac0c493cf9
Merge branch 'master' of github.com:rapid7/metasploit-framework into local_win_priv_keyring
2013-09-03 21:33:11 +01:00
cbb9984358
Merge branch 'master' into retab/rumpus
2013-09-03 14:11:16 -05:00
84aaf2334a
Retab new material
2013-09-03 11:47:26 -05:00
4259bc6211
Merge pull request #2323 from jvazquez-r7/fix_python_load
...
Fix require on Python bind_tcp stager
2013-09-03 09:47:06 -07:00
0c1e6546af
Update from master
2013-09-03 11:45:39 -05:00
ff6ee5b145
Fix require
2013-09-03 10:52:52 -05:00
6daa90a4a5
Msftidy: use binary on File.open always
...
msftidy is complaining, here:
keylog_recorder.rb:116 - [WARNING] File.open without binary mode
Not sure how this managed to hit upstream/master with msftidy warnings.
Protip, use an msftidy pre-commit hook. We have just such a hook script
in tools/dev, as a matter of fact, so it's just a symlink away:
https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb
2013-09-03 10:35:50 -05:00
a23c1f1ad4
added additional "include"
2013-09-03 19:34:37 +04:00
8acabe457c
Trailing whitespace fixup
2013-09-03 10:32:48 -05:00
ca8dacb93b
Minor module description updates for grammar.
2013-09-03 10:31:45 -05:00
3786376b42
Aux module for Sentry CDU enum
2013-09-03 14:44:03 +05:30
9a33c674aa
RHOST, RPORT removed, Tries option added
2013-09-01 22:58:22 +04:00
560d384633
Do first modification to Auxiliary::Login and Auxiliary::AuthBrute
2013-08-31 23:38:04 -05:00
ac0b14e793
Add the missing CVE reference
...
Was looking at all the 2013 exploit modules for missing CVE references
2013-08-31 18:54:16 -05:00
bcc0152274
Correct metasploit_pcaplog's naming style
...
The naming style nazi is in town. ph33r.
2013-08-31 18:25:06 -05:00
a4bcc1f82f
Correct module naming style
...
You know what it is.
2013-08-31 18:17:06 -05:00
28ca62d60f
New option added. Names now random. Dos check added
2013-08-31 13:18:22 +04:00
0736677a01
Land #2299 - Add powershell support & removes ADODB.Stream requirement
2013-08-31 00:32:23 -05:00
c4aa557364
Land #2292 - Fix the way to get a session over a telnet connection
2013-08-31 00:29:25 -05:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
5b32c63a42
Land #2308 , @wchen-r7's exploit for MS13-059
2013-08-30 10:59:36 -05:00
ea8cd2dc46
Update authors list
2013-08-30 10:52:39 -05:00
a283f1d4fa
Correct module title
2013-08-30 10:50:35 -05:00
f4e09100bd
Correct file name
2013-08-30 10:50:05 -05:00
38dbab9dd0
Fix typos
2013-08-30 10:43:26 -05:00
1ea3d91f48
Lands #2244 Python Meterpreter
...
[Closes #2244 ]
2013-08-30 14:33:35 +01:00
7401f83d8e
Land #2305 - HP LoadRunner lrFileIOService ActiveX WriteFileString Bug
2013-08-30 03:23:47 -05:00
0a1b078bd8
Add CVE-2013-3184 (MS13-058) CFlatMarkupPointer Use After Free
...
Please see module description for more info.
2013-08-30 03:16:28 -05:00
2176f0b91c
Land #2303 , @todb-r7's patch to avoid loading order issues on sudo_password_bypass
2013-08-29 14:52:17 -05:00
657be3a3d9
Fix typo
2013-08-29 14:42:59 -05:00
4a6bf1da7f
Add module for ZDI-13-207
2013-08-29 14:09:45 -05:00
63adde2429
Fix load order in posts, hopefully forever
2013-08-29 13:37:50 -05:00
7b9314763c
Add the require boilerplate
...
Fixes a bug that sometimes comes up with load order on this module. I
know @jlee-r7 is working on a better overall solution but this should
solve for the short term.
Note, since the problem is practically machine-specific. @jlee-r7
suggested rm'ing all modules but the one under test. Doing that exposes
the bug, and I've verified this fix in that way.
2013-08-29 13:03:11 -05:00
a574b548b2
Updated wordpress_login_enum auxilary module.
...
Update wordoress_login_enum to work when the wordpress site redirects
to /author/[authorname]/ rather than displaying the author's name in
the page contents.
2013-08-29 15:28:46 +01:00
66886eed7a
Land #2283 , @bmerinofe's post module for PortProxy Port Forwarding
2013-08-28 17:34:14 -05:00
f477711268
Provide more information about installing IPv6
2013-08-28 17:22:50 -05:00
43badfaa1c
Move the check_ipv6 call to the run metod
2013-08-28 17:20:11 -05:00
05863cb1cc
Delete vague exception handling only done on one place
2013-08-28 17:17:05 -05:00
6b8c7cbe24
Omit parentheses for method call with no args
2013-08-28 17:15:28 -05:00
c04e6b2b14
Reduce code complexity on check_ipv6
2013-08-28 17:13:21 -05:00
f339510816
Use OptPort
2013-08-28 17:10:22 -05:00
ad8b6ec1ef
Avoid redefine builtin datastore options
2013-08-28 17:08:22 -05:00
ad1b9fbaef
Use datastore options to avoid complex logic around args
2013-08-28 17:00:10 -05:00
c68986e6eb
Favor unless over if not
2013-08-28 16:50:44 -05:00
3a2a2a9cc0
Beautify metadata
2013-08-28 16:48:36 -05:00
a12f5092dd
Encode the powershell cmd
2013-08-28 22:37:11 +01:00
aa0563244b
Update unsafe scripting module
2013-08-28 22:30:46 +01:00
b3ec8f741f
File moved to auxiliary with some bug fixes
2013-08-29 00:11:34 +04:00
d71b2bd3a4
Samba CVE 2013-4124 integer overflow exploit added
2013-08-28 23:05:26 +04:00
c31a2332be
Juan changes applied
2013-08-28 19:53:54 +02:00
feae4a41e7
I don't like end-of-line comments
2013-08-28 12:42:26 -05:00
57c7d0679a
Land #2295 - Add platform info
2013-08-28 10:38:50 -05:00
1042dbe56a
Land #2108 , @jiuweigui's post module to get info from prefetch files
2013-08-28 10:01:06 -05:00
0fbe411be7
Ensure use Ruby File
2013-08-28 09:55:21 -05:00
5c32bb4a8e
Beautify metadata
2013-08-28 09:32:23 -05:00
4f8ba82d02
Make gather_pf_info return a prefetch entry
2013-08-28 09:29:49 -05:00
904bd12663
Fix print over nil or empty string
2013-08-28 09:27:18 -05:00
ef3085823c
Use default timeout value
2013-08-28 09:26:46 -05:00
8ac82b8b18
Beautify timezone_key_values function
2013-08-28 09:25:49 -05:00
bc593aab4f
Avoid confusion between variable and method name
2013-08-28 09:24:32 -05:00
26531dbaa7
Land #2100 , @ddouhine's exploit for OSVDB 83543
2013-08-28 08:55:59 -05:00
ab572d7d72
Fix Authors metadata section
2013-08-28 08:53:48 -05:00
b702a0d353
Fix "A payload has not been selected."
...
Since platform definition is missing, exploitation fails.
2013-08-28 12:53:08 +02:00
f823290a4c
Add nc check. Prints successful binary match.
...
* kills session nil check
2013-08-27 17:21:18 -05:00
13996b98cf
Correct action description for recording
...
The correct description is recording
2013-08-27 12:39:46 -05:00
a91b38cbf4
Land #2276 - osx webcam and record_mic post modules
2013-08-27 12:28:14 -05:00
067b8f3c59
Adds session existence check. Moves error log path to datastore option.
2013-08-27 11:44:21 -05:00
8a8f80e097
Move error log path to datastore option.
2013-08-27 11:43:20 -05:00
0bfc12ada1
Fix the way to get a session over a telnet connection
2013-08-27 11:38:49 -05:00
728d0a0e65
Land #2240 - OSX keylogger
2013-08-27 11:36:58 -05:00
a9459ef703
Update module title for naming style consistency
2013-08-27 11:36:26 -05:00
16ace44f2d
Move keylogger.rb to post/osx/capture/keylog_recorder
...
To match the naming consistency with Windows
2013-08-27 11:35:00 -05:00
5cc4ef09d1
Move previous error log path to method. Renames the #check method.
2013-08-27 11:25:00 -05:00
e4a567b2b5
Land #2284 - Fix description
2013-08-27 11:20:58 -05:00
b0226cab79
Land #2290 - HP LoadRunner lrFileIOService ActiveX Vulnerability
2013-08-27 11:19:43 -05:00
2e4e3fdbe6
Land #2237 - Fix check function
2013-08-27 11:11:54 -05:00
997c5e5516
Land #2291 , @todb-r7's patch for oracle_endeca_exec's requires
2013-08-27 11:01:21 -05:00
15b741bb5f
Require the powershell mixin explicitly
2013-08-27 10:36:51 -05:00
f59f57e148
Randomize object id
2013-08-27 10:35:06 -05:00
66fa1b41aa
Fix logic to spray correctly IE9
2013-08-27 09:57:55 -05:00
7efe85dbd6
php_include - added @wchen-r7's code improvements
2013-08-27 14:00:13 +01:00
87c03237a9
Fix discrepencies between unix/osx with whereis cmd.
2013-08-27 03:17:14 -05:00
98b21471ed
fix some bugs in cups_root_file_read module.
2013-08-27 03:03:08 -05:00
93c46c4be5
Complete the Author metadata
2013-08-26 23:29:16 -05:00
8efe2d9206
Land #2289 , @jlee-r7's exploit for CVE-2013-1662
2013-08-26 23:27:19 -05:00
e1e889131b
Add references and comments
2013-08-26 23:26:13 -05:00
63786f9e86
Add local exploit for taviso's vmware privesc
2013-08-26 21:06:40 -05:00
7a4d781538
Land #2274 - Firefox XMLSerializer Use After Free
2013-08-26 20:53:42 -05:00
b9360b9de6
Land #2286 , @wchen-r7's patch for undefined method errors
2013-08-26 20:46:05 -05:00
4cbdf38377
updated contact info
...
MASTER OF DISASTER
ULTRA LASER
:::::::-. :::::::.. :::::::-. ... ... . :
;;, `';,;;;;``;;;; ;;, `';, .;;;;;;;. .;;;;;;;. ;;,. ;;;
`[[ [[ [[[,/[[[' `[[ [[,[[ \[[,,[[ \[[,[[[[, ,[[[[,
$$, $$ $$$$$$c $$, $$$$$, $$$$$$, $$$$$$$$$$$"$$$
888_,o8P' 888b "88bo,d8b 888_,o8P'"888,_ _,88P"888,_ _,88P888 Y88" 888o
MMMMP"` MMMM "W" YMP MMMMP"` "YMMMMMP" "YMMMMMP" MMM M' "MMM
2013-08-26 16:14:49 -07:00
85ed9167f2
Print target endpoint
...
If a module consistently print the target endpoint in all its print
functions, then we'll follow that.
2013-08-26 17:51:43 -05:00
9f8051161f
Properly implement normalize_uri
2013-08-26 17:18:00 -05:00
7fad26968c
More fix to jboss_seam_exec
2013-08-26 17:16:15 -05:00
c660279963
Land #2259 , @wchen-r7's patch for [SeeRM #8319 ]
2013-08-26 16:36:45 -05:00
a58750fbbb
Land #2266 , @wchen-r7's patch forn [SeeRM #8345 ] and [SeeRM #8344 ]
2013-08-26 16:14:50 -05:00
6b15a079ea
Update for grammar in descriptions on new modules.
2013-08-26 14:52:51 -05:00
5b4890f5b9
Fix caps on typo3_winstaller module
2013-08-26 14:47:42 -05:00
3769da2722
Better fixes
2013-08-26 14:02:45 -05:00
6b8feaff8c
Type conversion
2013-08-26 13:56:11 -05:00
8c7f4b3e1f
Avoid using inline rescue
2013-08-26 13:54:06 -05:00
252f48aeee
Land #2272 , @jvennix-r7's exploit for CVE-2013-1775
2013-08-26 13:21:58 -05:00
0baaf989fb
Delete on_new_session cleanup, as discusses with @jlee-r7
2013-08-26 13:20:43 -05:00
9cb8ec950f
Fix module description
2013-08-26 11:40:05 -05:00
2b577552a2
OptEnum option changed
2013-08-26 15:25:23 +02:00
64d21c7216
added portproxy post meterpreter module
2013-08-26 14:44:41 +02:00
f8d1d29648
Add module for ZDI-13-182
2013-08-25 23:07:08 -05:00
34404ee067
Commit cups module. Tested on osx 10.7, 10.8, and unpatched ubuntu 12.0.4.
2013-08-25 14:30:11 -05:00
45ad043102
moderated comments are now also working (even for unauthenticated users)
2013-08-25 11:02:15 +02:00
Ryan Wincey
Tod Beardsley
Rick Flores (nanotechz9l)
Joe Vennix
RageLtMan
jvazquez-r7
xistence
sinn3r
James Lee
MosDefAssassin
HD Moore
Tyler Krpata
Meatballs
Tab Assassin
Karn Ganeshen
kaospunk
jgor
William Vu
Brandon Turner
Boris
rbsec
bmerinofe
Vlatko Kosturjak
g0tmi1k
violet
Christian Mehlmauer