Brendan Coles
154951cd37
minor update
2018-04-11 01:45:41 +10:00
Dhiraj Mishra
8be159bdc7
Fixing space-tab mixed
2018-04-10 20:45:38 +05:30
Dhiraj Mishra
7cbba34c83
Parsing IP address only
...
Changed title name and description, however few things still needs to fix.
2018-04-10 20:32:52 +05:30
Dhiraj Mishra
201cdfb189
Handling execption by MSFTIDY
2018-04-06 22:54:21 +05:30
Dhiraj Mishra
4e6afd49ed
Update browser_getprivateip.rb
2018-04-06 21:10:29 +05:30
Dhiraj Mishra
f6cfcefbae
Some tweaks suggested by bcoles.
2018-04-06 17:44:43 +05:30
Dhiraj Mishra
582eb2e61c
Create browser_getprivateip.rb
2018-04-06 14:42:57 +05:30
Jacob Robles
8d0e3ada74
Change option names and module type
2018-03-21 06:49:50 -05:00
Jacob Robles
fc9005df8a
Add External License Support
2018-03-21 06:26:25 -05:00
Jacob Robles
8d12118d1f
Add get_user_spns external module and documentation
2018-03-21 06:26:15 -05:00
Brent Cook
04d305feb3
update SSL Labs scanner with new API, be robust
...
This updates the SSL Labs scanner to know about new additions to the API, and prevents the module from breaking again just because there is new JSON in the output. I couldn't figure out how to get the Api class to print messages normally, and there is some other output that needs to be added. But the module does work again.
2018-01-22 16:32:16 -06:00
William Vu
736d438813
Address second round of feedback
...
Brain fart on guard clauses when I've been using them all this time...
Updating the conditions made the ternary fall out of favor.
Changed some wording in the doc to suggest the domain name for a
particular NIS server may be different from the bootparamd client's
configuration.
2018-01-13 22:55:01 -06:00
William Vu
1a8eb7bf2a
Update nis_ypserv_map after bootparam feedback
...
Yes, yes, I see the off-by-one "error." It's more accurate this way.
Basically, we want to ensure there's actually data to dump.
2018-01-13 15:40:17 -06:00
William Vu
c080329ee6
Update module after feedback
...
Looks like I can't decide on certain style preferences.
Not keen on using blank?, but I've used it before. Time to commit?
Also, fail_with has been fixed for aux and post since #8643 . Use it!
2018-01-13 15:40:11 -06:00
William Vu
2916c5ae45
Rescue Rex::Proto::SunRPC::RPCTimeout
...
Coincidentally, this also fixes the rescue in the library, since
rescuing Timeout instead of Timeout::Error does nothing.
2018-01-12 19:34:59 -06:00
William Vu
0c9f1d71d3
Add NIS bootparamd domain name disclosure
2018-01-12 19:34:53 -06:00
William Vu
f66b11f262
Nix an unneeded variable declaration
2018-01-10 20:24:02 -06:00
William Vu
b66889ac86
Rescue additional errors and refactor code
...
https://jvns.ca/blog/2015/11/27/why-rubys-timeout-is-dangerous-and-thread-dot-raise-is-terrifying/
2018-01-10 20:11:25 -06:00
William Vu
4a5a17a8e1
Add NIS ypserv map dumper
2018-01-08 14:27:53 -06:00
Tod Beardsley
f0df1750de
Land #9180
...
Land @RootUp's Samsung browser SOP module
2017-12-18 17:28:03 -06:00
RootUp
917dd8e846
Update samsung_browser_sop_bypass.rb
2017-12-16 22:10:02 +05:30
RootUp
8f91377acb
Update samsung_browser_sop_bypass.rb
2017-12-16 22:09:21 +05:30
Tod Beardsley
3b3b0e6e96
And this is why I hate using single quotes
...
Also, restored the store_cred call.
This will fix up RootUp/metasploit-framework#3 for PR #9180
2017-12-14 14:28:25 -06:00
Tod Beardsley
5226181d6d
Better conditionals from @bcoles
2017-12-13 16:48:05 -06:00
Tod Beardsley
966060d470
Nits picked by @bcoles: commas, quotes, and <head>
2017-12-13 16:38:17 -06:00
Tod Beardsley
622050ddfc
Oops, leftover comment
2017-12-12 14:48:00 -06:00
Tod Beardsley
efa46efb48
Actually save creds, or fail through sanely
...
This incidentally also allows for a custom collector to be implemented
by the user -- for example, if they'd rather pick up a session ID or
inject a browser hook or something along those lines. It's a little
clunky, using the advanced option of CUSTOM_JS, but it seems to work
fine.
2017-12-12 14:06:18 -06:00
RootUp
5f70199218
Update samsung_browser_sop_bypass.rb
2017-12-12 15:52:55 +05:30
Tod Beardsley
cba5c7cb0f
Rename to actually call out the browser name
2017-12-08 13:53:13 -06:00
Tod Beardsley
0a9dcafb77
Actually collect the creds, sort of
...
Instead of an alert() (which the attacker won't see), this collects the
offered credentials in a POST action, and displays them in the console.
This should further store the creds somewhere handy, but this is good
enough for now for testing from @RootUp
2017-12-08 13:51:02 -06:00
Tod Beardsley
aee883a706
Fixed up description to be descriptive
2017-12-08 12:24:58 -06:00
Patrick Webster
2f6da89674
Change author name to nick.
2017-11-09 03:00:24 +11:00
RootUp
03cd8af29a
Update browser_sop_bypass.rb
2017-11-08 12:50:49 +05:30
RootUp
0c247d5635
Update browser_sop_bypass.rb
2017-11-08 12:38:37 +05:30
RootUp
872894f743
Update browser_sop_bypass.rb
2017-11-07 21:29:16 +05:30
RootUp
2fad61101e
Update browser_sop_bypass.rb
2017-11-07 21:13:06 +05:30
RootUp
3dad025b8c
Create browser_sop_bypass.rb
2017-11-07 14:24:50 +05:30
Brent Cook
62ee4ed708
update modules to use inherited SSLVersion option
2017-09-25 09:03:22 -05:00
Adam Cammack
b0dc44fb86
Land #8909 , Avoid saving some invalid creds
2017-09-05 12:43:03 -05:00
Tod Beardsley
86db2a5771
Land #8888 from @h00die, with two extra fixes
...
Fixes spelling and grammar in a bunch of modules. More to come!
2017-08-31 14:37:02 -05:00
Pearce Barry
2bbba9c500
Avoid some ActiveRecord validation errors.
...
Per discussion with @bcoles in [PR 8759](https://github.com/rapid7/metasploit-framework/pull/8759#issuecomment-325028479 ), setting a login data's last_attempted_at value while also setting the status to UNTRIED will cause a validation error when there's a running+connected MSF DB.
This PR removes the handful of existing cases we're doing this (thx, @bcoles!).
2017-08-30 15:31:36 -05:00
Pearce Barry
d5124fdc94
Land #8759 , Add TeamTalk Gather Credentials auxiliary module
2017-08-29 13:17:28 -05:00
Brendan Coles
c9e32fbb18
Remove last_attempted_at
2017-08-29 05:05:04 +00:00
h00die
bd7ea1f90d
more updates, 465 more pages to go
2017-08-26 21:01:10 -04:00
h00die
3420633f29
@NickTyrer corrected my correction
2017-08-26 08:43:10 -04:00
h00die
32a4436ecd
first round of spelling/grammar fixes
2017-08-24 21:38:44 -04:00
Brent Cook
cbd7790e95
Land #8751 , Add Asterisk Gather Credentials auxiliary module
2017-08-20 18:34:27 -05:00
Brent Cook
26193216d1
Land #8686 , add 'download' and simplified URI request methods to http client mixin
...
Updated PDF author metadata downloader to support the new methods.
2017-08-14 01:40:17 -04:00
Brent Cook
5d05ca154a
added http client 'download' method and updates to pdf author module from @bcoles
2017-08-14 01:08:53 -04:00
Brendan Coles
d66e8062e7
Add TeamTalk Gather Credentials auxiliary module
2017-07-24 14:24:38 +00:00