Commit Graph

16454 Commits (27aae87c1884740bbbb391fef9fc8960bf6652d2)

Author SHA1 Message Date
bcoles 6ae72e4d63 Add PHP-Charts v1.0 PHP Code Execution Exploit 2013-01-20 23:51:17 +10:30
jvazquez-r7 aed71f8446 linux stager plus little cleanup 2013-01-20 13:42:02 +01:00
Spencer McIntyre 6b40011a6f use target_uri and normalize_uri as well as fix a cookie problem 2013-01-19 19:10:56 -05:00
Tod Beardsley 9f42abdb95 Whitespace fixup 2013-01-18 15:44:52 -06:00
Tod Beardsley 0c3e7ee3e0 Merge remote-tracking branch 'Meatballs1/reboot_force2' 2013-01-18 15:01:51 -06:00
Tod Beardsley bfd58e9570 Add a comment doc for future parser writers 2013-01-18 14:59:41 -06:00
Tod Beardsley ef97b20cb7 Merge branch 'wds_unattend' 2013-01-18 14:42:00 -06:00
Spencer McIntyre 9f7aafccdf add module to execute commands via Jenkins Script Console 2013-01-18 14:56:52 -05:00
jvazquez-r7 3465aa00bd title updated 2013-01-18 18:42:27 +01:00
jvazquez-r7 75109114df Merge branch 'post_mod_record_mic' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-post_mod_record_mic 2013-01-18 00:25:01 +01:00
Christian Mehlmauer e613c860a5 Added Name and Emailadress 2013-01-17 23:17:14 +01:00
Charles Smith 892899acd5 Fixed loot formatting so data is under the proper column
The credentials table was defined with the columns "User", "Password", "Host", "Port", and "SSL".  Credentials were not added in that order, however. They were added in the order "host, port, user, password, ssl" in this line:

credentials << [cred['host'], cred['port'], cred['user'], cred['password'], cred['ssl']]

I changed the order the columns were defined to fix this.

The permissions table had a similar issue. The "FileWrite" column was missing, so I added it. I also moved the "Home" column to after the "AutoCreate" column. Now the line:

permissions << [perm['host'], perm['user'], perm['dir'], perm['fileread'], perm['filewrite'], perm['filedelete'], perm['fileappend'],perm['dircreate'], perm['dirdelete'], perm['dirlist'], perm['dirsubdirs'], perm['autocreate']]

works correctly.
2013-01-17 16:52:02 -05:00
jvazquez-r7 ef16a7fd24 cleanup 2013-01-17 21:45:13 +01:00
Tod Beardsley a43b218917 Line full of whitespace 2013-01-17 12:43:06 -08:00
jvazquez-r7 670b4e8e06 cleanup 2013-01-17 21:39:41 +01:00
jvazquez-r7 78279a0397 Added new module for cve-2012-5076 2013-01-17 21:27:47 +01:00
jvazquez-r7 d0b9808fc7 Added module for CVE-2012-5088 2013-01-17 21:14:49 +01:00
Charles Smith 624ef9a329 Fixed a typo in the skype_enum module.
"platfom" instead of "platform" fixed.
2013-01-17 14:04:52 -05:00
sinn3r 419b32b742 Can be used against multiple platforms since it supports java 2013-01-17 12:45:03 -06:00
sinn3r ff11cfe6e5 Avoid saying "webcam", might be misleading. 2013-01-17 12:30:02 -06:00
sinn3r f351db3621 Implements the record_mic feature as a post module
For easier deployment in the web GUI. Works for Windows meterpreter
and Java meterpreter.
2013-01-17 12:19:52 -06:00
jvazquez-r7 ffd8890ba2 Merge branch 'smb_login_option' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-smb_login_option 2013-01-17 18:15:41 +01:00
jvazquez-r7 57359304a3 Merge branch 'webcam' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webcam 2013-01-17 16:56:55 +01:00
jvazquez-r7 09b4a09ce1 module razer_synapse cleanup 2013-01-17 16:53:00 +01:00
jvazquez-r7 99296006c1 Merge branch 'razer_synapse.rb' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-razer_synapse.rb 2013-01-17 16:52:26 +01:00
sinn3r 40ba075655 Implements the webcam feature as a post mod
As a post mod, we can deploy the webcam feature more easily against
multiple sessions in the web gui.
2013-01-17 02:41:16 -06:00
kernelsmith 6e8e7a407d adds a .nil? check as well 2013-01-17 00:30:58 -06:00
kernelsmith 7090a4a82f adds check for empty data b4 sending to parser [RM7269]
[fixes RM7269]
we discussed the solution to this bug a lot on IRC and in the ticket
itself, the consensus was to fix it as far upstream as possible before
sending to the parsers so as to avoid any future bugs of the same
nature, so this commit adds a check to import_nmap_xml to see if the
data is empty before passing it on to the parser, whether that parser
is nokogiri or the legacy parser.
db_nmap -h now produces the expected output and db_nmap still works as
expected.
2013-01-17 00:18:13 -06:00
lmercer a701b5eb79 fixed an error that occurred when patching. 2013-01-16 18:21:19 -05:00
lmercer ddd2dbc17b Updated coldfusion_local_traversal as described in Redmine Feature #6822 2013-01-16 17:54:15 -05:00
James Lee 4fd4af1f43 Fix typo that breaks record_mic command 2013-01-16 16:30:38 -06:00
lmercer 481f2eb791 updated cold_fusion_version from Redmine Feature #6822 2013-01-16 17:23:35 -05:00
sinn3r 51ef369e46 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2013-01-16 15:05:53 -06:00
jvazquez-r7 51ba500b9f msftidy compliant 2013-01-16 12:28:09 +01:00
jvazquez-r7 49b36710c4 Merge branch 'freesshd_authbypass_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-freesshd_authbypass_update 2013-01-16 12:27:42 +01:00
jvazquez-r7 f6d34b52a5 Merge branch 'verb_auth_bypass_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-verb_auth_bypass_update 2013-01-16 12:19:49 +01:00
jvazquez-r7 2348a0b066 final cleanup and testing 2013-01-16 11:55:14 +01:00
jvazquez-r7 b43242d131 Merge branch 'module-nagios3_history_cgi' of https://github.com/jselvi/metasploit-framework into jselvi-module-nagios3_history_cgi 2013-01-16 11:54:51 +01:00
sinn3r cbc9281a2f Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2013-01-16 02:27:52 -06:00
sinn3r 0f24671cf7 Changes how the usernames are loaded.
Allows usernames to be loaded as a file (wordlist), that way the
it's much easier to manage.  It defaults to unix_users.txt,
because these usernames are common in any SSH hosts out there.
If the user only wants to try a specific user (which is better,
because you reduce traffic noise that way), then he/she can set
the USERNAME option, and that should be the only one tried --
similar to how AuthBrute behaves.

I also fixed the regex in check().
2013-01-16 02:14:52 -06:00
sinn3r c621e83ffe Merge branch 'feature/stage_encoding' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/stage_encoding 2013-01-15 23:31:40 -06:00
Jose Selvi 064ea63a72 Fixes 2013-01-16 05:22:43 +01:00
smilingraccoon 12e7949183 msftidy change 2013-01-15 21:23:49 -05:00
smilingraccoon b2cd65e283 adding razer_synapse.rb 2013-01-15 21:14:49 -05:00
James Lee 2ee0c0d8fb Add simple specs for Rex::Encoding::Xor* 2013-01-15 16:59:01 -06:00
James Lee 26b40666ce Merge branch 'rapid7' into feature/stage_encoding 2013-01-15 15:10:58 -06:00
sinn3r 9dc42e93e7 Reduce unnecessary indent level 2013-01-15 14:36:41 -06:00
sinn3r 5109cc97fe Add more verbs
[SeeRM: #7138] by jabra
2013-01-15 14:11:53 -06:00
sinn3r b3291c0329 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2013-01-15 14:10:47 -06:00
James Lee ee14c1c613 Merge remote-tracking branch 'R3dy/psexec-mixin2' into rapid7 2013-01-15 12:58:50 -06:00