8c8ccc1d54
Update Authors
2014-10-06 11:30:39 -07:00
03888bc97b
Change the check function
...
Use regex based detection
2014-10-06 18:56:01 +02:00
29111c516c
Wordpress Infusionsoft Gravity Forms CVE-2014-6446
...
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for
WordPress does not properly restrict access, which allows remote
attackers to upload arbitrary files and execute arbitrary PHP
code via a request to utilities/code_generator.php.
2014-10-06 14:10:01 +02:00
12cd686bc4
Delete Encoder possibility in msfpayload
2014-10-06 11:22:53 +02:00
69400cf280
Fixing Author Declaration
...
I had accidentally listed myself three times as the author.
Fixing that issue so that I am only declaring myself once.
2014-10-05 23:17:28 -05:00
c0a3691817
Adding Jenkins-CI Login Scanner
...
Per Github issue #3871 (RM8774), I have added a
login scanner module for Jenkins-CI installations.
2014-10-05 22:08:34 -05:00
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
097d2bfbb5
Land #3922 : Metasploit Park banner
2014-10-03 16:32:56 -05:00
a341756e83
Support spoofing source IPs for NTP readvar, include status messages
2014-10-03 14:05:57 -07:00
fa4414155a
Only include the exact readvar payload, not any padding
2014-10-03 13:58:13 -07:00
65c1a8230a
Address most Rubocop complaints
2014-10-03 13:47:29 -07:00
0715c671c6
Update NTP readvar module to detect DRDoS, UDPScanner to be faster
2014-10-03 13:28:30 -07:00
d048bb7725
Add some color to the msfpark banner
...
It looks kind of naked without some color compared to all the other
banners.
2014-10-03 14:52:54 -05:00
f2fc0d88ef
Lands #3943 , changes to engine require
2014-10-03 14:26:50 -05:00
0bb4eac259
Rename the method for optional requires
...
MSP-11412
2014-10-03 14:06:13 -05:00
88cbf22ef0
Optionally require mdm, as well
...
MSP-11412
2014-10-03 13:49:39 -05:00
478dbd32f2
Bump to newly-released versions of gems
...
MSP-11412
2014-10-03 12:07:23 -05:00
f748256e47
Use the prerelease versions of the gems
...
MSP-11412
2014-10-03 10:29:10 -05:00
f7e709dcb3
Land #3941 , new WPVDB reference
2014-10-03 10:17:02 -05:00
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
7da22d064d
Remove an unnecessary var and fix process_close
2014-10-02 20:52:45 -04:00
04dbfb9ad6
Bump metasploit gem dependencies
...
MSP-11412
2014-10-02 18:11:13 -05:00
2c9446e6a8
Update f5_icontrol_exec.rb
2014-10-02 17:56:24 -05:00
6f50ef581c
Land #3935 - Fix SNMP scanners on OS X/FreeBSD
2014-10-02 16:38:36 -05:00
6d7870a4ac
Land #3934 - New :vuln_test option to BES
2014-10-02 16:31:50 -05:00
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
dabec92e61
Ensure require of metasploit/credential/engine is optional
2014-10-02 14:46:56 -05:00
7ed1977d0b
Specific require all metasploit gem dependencies' engines
...
MSP-11412
2014-10-02 14:20:10 -05:00
71efeb0c26
Also PATH out the deps for metasploit-credential and metasploit_data_models
...
MSP-11412
2014-10-02 14:08:35 -05:00
0820a4fe6a
Land #3933 - Fix cmd_exec with Python Meterpreter on OS X
2014-10-02 13:48:19 -05:00
05c71af03c
PATH out the deps to metasploit-concern and metasploit-model, for the moment
2014-10-02 13:29:50 -05:00
0dfd8e25b8
Land #3846 , Rex::ImageSource specs
2014-10-02 12:33:56 -05:00
ee92648693
Land #3906 , Zsh completion for Metasploit
2014-10-02 11:06:10 -05:00
24eec0e2a6
Swap to recog ~> 1.0 pre Luke's comment
2014-10-02 09:51:41 -05:00
7861b17e16
Use write() to fix SNMP on osx/freebsd.
2014-10-02 09:15:43 -05:00
5f4098f650
Bump recog to ~> 1.0.0
2014-10-02 00:51:37 -05:00
6571213f1c
Remove un-truthy doc string.
2014-10-01 23:41:02 -05:00
5a8eca8946
Adds a :vuln_test option to BES, just like in BAP.
...
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.
This commit also does some mild refactoring of un-
useful behavior in BES.
2014-10-01 23:34:31 -05:00
b1b8cba4c5
Rescue an IOError on channel double-close.
...
This was causing output from python meterpreter
commands run on OSX to be discarded when the error
was raised, making cmd_exec not-so-useful.
2014-10-01 22:35:41 -05:00
0380c5e887
Add CVE-2014-6278 support, lands #3932
2014-10-01 18:25:41 -05:00
c1b0acf460
Add CVE-2014-6278 support to the exploit module
...
Same thing.
2014-10-01 17:58:25 -05:00
5df614d39b
Land #3928 , release fixes
2014-10-01 17:21:08 -05:00
77bb2df215
Adds support for both CVEs, lands #3931
2014-10-01 17:06:59 -05:00
3ec6166193
Land #3927 - Shellshock PureFPTd extauth
2014-10-01 17:00:55 -05:00
4dd285c319
Merge pull request #4 from jlee-r7/feature/recog
...
Feature/recog
2014-10-01 16:43:18 -05:00
51bc5f52c1
Add CVE-2014-6278 support
...
Going with an OptEnum to simplify the code for now...
2014-10-01 16:40:55 -05:00
8cf718e891
Update pureftpd bash module rank and description
2014-10-01 17:19:31 -04:00
5cb016c1b1
Use Match constant in BES as well
2014-10-01 16:17:13 -05:00
7e05ff343e
Fix smbdirect
...
Also some whitespace and a typo in output message
2014-10-01 16:02:59 -05:00
a21752bc9c
Fix NoMethodError on os, mark DCs as 'server'
2014-10-01 16:02:46 -05:00
Jon Hart
us3r777
agix
nstarke
James Lee
Tod Beardsley
Samuel Huckins
Matt Buck
William Vu
Christian Mehlmauer
Spencer McIntyre
Brandon Perry
sinn3r
HD Moore
Joe Vennix