3101564a0a
Enable support for windows 8 in the exploit
2016-10-04 16:27:33 +10:00
a4efa77878
Support driver list, adjust capcom exploit
...
This commit adds MSF-side support for listing currently loaded drivers
on the machine that Meterpreter is running on. It doesn't add a UI-level
command at this point, as I didn't see the need for it. It is, however,
possible to enumerate drivers on the target using the client API.
Also, the capcom exploit is updated so that it no longer checks for the
existence of the capcom.sys file in a fixed location on disk. Instead,
it enumerates the currently loaded drivers using the new driver listing
function, and if found it checks to make sure the MD5 of the target file
is the same as the one that is expected. The has is used instead of file
version information because the capcom driver doesn't have any version
information in it.
2016-10-04 11:27:20 +10:00
9853daeb4e
Land #7376 , mysql_writable_dir module #2
...
some comits got missed here somehow
2016-10-03 10:42:37 -05:00
2d361fabc6
No need to interpolate when using .to_s
2016-10-03 11:38:36 -04:00
e13a9667c2
Land #7376 , mysql_writable dirs mdoule
...
Lands avgsecurityguy's new mysql_writable_dirs module
2016-10-03 10:34:03 -05:00
95f9b778bd
Use standard status messages instead of verbose.
2016-10-03 11:01:51 -04:00
d088005d95
TABLE_NAME option not needed.
2016-10-03 10:58:13 -04:00
5f12c8e026
Incorrect warning message
...
The filename is not always test so the warning message and the note in the description are incorrect.
2016-10-03 10:57:25 -04:00
25996a16bb
Fixed file read block.
2016-10-03 10:47:03 -04:00
708eb0eb4f
Fixed syntax error.
2016-10-03 10:17:29 -04:00
fac03570d1
Use File.open block.
2016-10-03 10:09:45 -04:00
bc57537205
Add warning statement.
2016-10-03 10:07:40 -04:00
a627c3cd5e
Removed unnecessary return statements.
2016-10-03 10:02:26 -04:00
6fa8f40b31
Use unless instead of if (not ...)
2016-10-03 10:00:56 -04:00
039357a714
Land #7387 , checksum command for Meterpreter
2016-10-02 21:35:34 -05:00
f6b2a3a173
bump gems
2016-10-02 21:23:34 -05:00
3afe1538ef
Land #7392 , stance check fix for HttpServer
2016-10-02 20:21:47 -05:00
63d13f0f49
check if there is a stance set before checking the value
2016-10-02 19:48:49 -05:00
8e09b172f6
Add a meterpreter checksum command
2016-10-01 14:29:35 -04:00
63c0b6f569
Login failure message.
2016-09-30 17:09:41 -04:00
30d5b22914
Land #7093 , nessus_scan_workspace
...
lands sjcaldwell's pr for the nessus_scan_workspace
command
2016-09-30 15:15:57 -05:00
3f9540d906
fix trailing whitespace
...
this commit got dropped during landing
2016-09-30 14:30:31 -05:00
72bd75e681
Land #7253 , x64 xor encoder fix
...
Land fullmetalcache's fix for the x64 xor encoder
2016-09-30 14:28:10 -05:00
5a05bd6a16
Land #7385 , Add post module to enumerate AWS EC2 instance metadata
2016-09-30 14:01:01 -05:00
7996c4b048
Warning about leaving files on disk.
2016-09-30 14:53:15 -04:00
3e4a23cdf6
Removed unnecessary require statement.
2016-09-30 14:51:43 -04:00
73c11a63b4
Bump version of framework to 4.12.30
2016-09-30 10:03:42 -07:00
cf20ccaccd
Add kb for aws_ec2_instance_metadata
2016-09-30 07:02:33 -07:00
b3c6ec09a0
Show status when gathering, which can take a bit
2016-09-30 06:42:22 -07:00
abed3bf6c2
Rename
2016-09-30 06:35:26 -07:00
9ee6e1931a
target_uri simplification, cleanup
2016-09-30 06:24:50 -07:00
60cfe6216a
mstfidy
2016-09-29 22:00:35 -07:00
558adb5e1e
Uncork module and address style issues
2016-09-29 21:59:19 -07:00
b2e06bed66
Initial commit of post module to gather AWS EC2 instance metadata
2016-09-29 21:52:22 -07:00
e628fab86e
Land #7378 , run zipalign during apk injection process
2016-09-30 12:27:27 +08:00
6241e48b34
Land #7350 , add 'sess' command for direct session switching support
2016-09-29 23:18:53 -05:00
de9434870c
Land #7375 , mock some rex tests for DNS lookups
...
Fixes #6467 , as far as @lsato-r7 and I can tell.
2016-09-29 16:37:38 -05:00
e0cd4d082a
Bump MDM ver to get pro and msf back in sync.
...
Per discussion with @dmaloney-r7
2016-09-29 13:42:13 -05:00
b06a3d3c68
Refactor code that calls zipalign on injected APK
2016-09-29 07:49:50 -07:00
e8d99fb3f5
Run zipalign as last step during APK injection process
...
Running zipalign on an APK after signing and before distribution
is considered general best practice. Also, properly aligning an APK
makes it less likely to be flagged as suspicious by mobile security
solutions.
More on zipalign from Google:
https://developer.android.com/studio/command-line/zipalign.html
2016-09-28 20:05:17 -07:00
bcb040c1ac
Land #7377 , read_file for some modules
2016-09-28 18:00:23 -05:00
2272e15ca2
Remove some anti-patterns, in the same spirit than #7372
2016-09-29 00:15:01 +02:00
075401d702
Update dynamic_size for andterp spec
2016-09-28 16:58:34 -05:00
988471b860
Land #7372 , useless use of cat fix
...
Obligatory: modules/exploits/linux/local/kloxo_lxsuexec.rb.
2016-09-28 16:37:11 -05:00
3033c16da6
Add missing rank
2016-09-28 16:37:04 -05:00
21ec4915a7
Land #7292 , android stageless with new payload gem
2016-09-28 16:31:45 -05:00
b46073b34a
Replace `cat` with Ruby's `read_file`
...
Thanks to wvu-r7 for the comment
2016-09-28 23:22:19 +02:00
a457f64e2a
update to latest release payload gem
2016-09-28 16:14:29 -05:00
1689f10890
Land #7292 , add android stageless meterpreter_reverse_tcp
2016-09-28 16:05:22 -05:00
45ee59581b
Fix inverted logic in Docker exploit
...
Positive condition should be tested first, imo. Confusing otherwise. My
bad, though.
Credit to @fslavin-r7.
2016-09-28 15:36:09 -05:00
OJ
David Maloney
Stephen Haywood
William Vu
Brent Cook
Spencer McIntyre
dmohanty-r7
Metasploit
Jon Hart
Tim
Tod Beardsley
Pearce Barry
dana-at-cp
jvoisin
Jeffrey Martin