668d5cc3ae
Added the option to choose to run .exe
2013-10-11 07:57:15 -07:00
75c5e885f2
Land #2142 , @morisson's exploit for CVE-2013-3319
2013-10-11 09:17:58 -05:00
63349e4664
Add OSVDB and BID references
2013-10-11 09:14:59 -05:00
3c8318e001
Changed Nothing Really
2013-10-11 07:10:56 -07:00
b26085457f
Trying to prevent @jvazquez-r7 from crying when reading my code:
...
- Documented fields in the several tables;
- Fixed the "remote" field location on the fs_table (changed due to REXML parsing);
- Fixed Total Memory field on os_table (bug?);
2013-10-11 11:29:27 +01:00
d0a1b51d8d
Merge pull request #2 from jvazquez-r7/review-2142
...
merged @jvazquez-r7 Review 2142
2013-10-11 02:30:44 -07:00
49c629be5a
Land #2493 , vbulletin exploit
2013-10-10 22:11:32 -05:00
cad7329f2d
Minor updates to vbulletin admin exploit
2013-10-10 22:09:38 -05:00
171b70fa7c
Zabbix v2.0.8 SQLi and RCE Module
...
Conflicts:
modules/exploits/linux/http/zabbix_sqli.rb
Commit completed version of zabbix_sqli.rb
2013-10-10 22:50:02 -04:00
2ee1b1c1c2
VSS Persistence on Windows 7
2013-10-10 17:20:09 -07:00
b3e02d0fd8
Land #2477 , add specs for ROPDB
2013-10-10 15:05:52 -05:00
85112e8704
Land #2413 , axe callcc
...
This is the only time callcc is used in the entire codebase, too, so
this apparently removes a roadblack to non-MRI Rubies, so that's nice.
2013-10-10 14:55:55 -05:00
378f403fab
Land #2453 , Add stdapi_net_resolve_host(s) to Python Meterpreter.
...
Moves resolve_host post module to multi and depreciates Windows module.
Resolve will now return nil for failed lookups instead of an empty
string.
2013-10-10 20:13:06 +01:00
276ea22db3
Add VMware Hyperic HQ Groovy Script-Console Java Execution
2013-10-11 05:07:23 +10:30
09f0db7fdf
Switch to rexml parsing, add some comments and cleanup
2013-10-10 13:19:10 -05:00
de57cbc67d
Land #2497 , @todb-r7's author alphabetization
2013-10-10 13:00:50 -05:00
9b96351ba2
Land #2494 , OSVDB ref for flashchat_upload_exec
2013-10-10 12:58:55 -05:00
9516bc5cf7
Retab changes for PR #2142
2013-10-10 11:02:51 -05:00
cdc7b75a78
Merge for retab
2013-10-10 11:02:16 -05:00
f10078088c
Add module for ZDI-13-130
2013-10-10 10:06:17 -05:00
4870df14e6
Add another mailmap for joev.
2013-10-10 10:00:42 -05:00
c264480651
Code cleanup, tried to implement suggestions from @jvazquez-r7. Hopefully is much more readable.
2013-10-10 11:58:33 +01:00
3606aa90a6
Land Updated stdapi binaries with railgun fix
2013-10-10 01:20:57 -05:00
b477ae369b
Updated stdapi binaries with railgun fix
...
Changes are from https://github.com/rapid7/meterpreter/pull/28
2013-10-10 16:03:38 +10:00
adbcace9dd
Land #2458 , OJ's Meterpreter railgun multi call fix
...
also [FixRM #8269 ]
2013-10-10 00:38:44 -05:00
4f1e71e222
Also this isn't Lua. Deal with commas.
2013-10-09 17:30:57 -05:00
c8dc251042
Alphabetize authors
...
Because alphabetizing is cool and makes it easy for humans to find
things in long array lists quickly.
Also, I need to keep my lines changed count up.
2013-10-09 17:29:17 -05:00
be139beb20
Remove windows from title of multi module.
2013-10-09 17:11:47 -04:00
6c382c8eb7
Return nil on error, and move the module to post/multi.
2013-10-09 16:52:53 -04:00
c91816c4b2
Land #2495 , fix module ref.
2013-10-09 15:05:59 -05:00
e3014a1e91
Fix ZDI Reference
2013-10-09 14:56:42 -05:00
4fd599b7e0
Land #2483 , @wchen-r7's patch for [SeeRM #8458 ]
2013-10-09 14:32:26 -05:00
52574b09cb
Add OSVDB reference
2013-10-09 14:13:45 -05:00
4f3bbaffd1
Clean module and add reporting
2013-10-09 13:54:28 -05:00
1e3b84d39b
Update ie_cgenericelement_uaf
2013-10-09 13:40:48 -05:00
5c36533742
Add module for the vbulletin exploit in the wild
2013-10-09 13:12:57 -05:00
9d34a8c894
Land #2465 , deal with missing cpuinfo bins
...
[FixRM #8456 ]
Thanks @ZeroChaos!
2013-10-09 13:03:48 -05:00
ce3584194f
Merge pull request #1 from todb-r7/land-2465
...
Fix up PR #2465
2013-10-09 10:23:08 -07:00
356263df56
Litter some more rescue nil's in there
...
I hate them but they were there when I got there.
A more sane way to deal with this should happen someday.
2013-10-09 12:17:13 -05:00
f95da649f8
Deal with missing bins, too.
...
This could be way more DRY. At least there's a YARD-ish comment.
This fixes up https://github.com/rapid7/metasploit-framework/pull/2465
to be a more complete solution.
[SeeRM #8465 ]
2013-10-09 12:13:44 -05:00
1e78c3ca1a
Add missing require to nodejs/bind payload.
2013-10-09 11:39:05 -05:00
3cbea09cc6
Land #2492 , s/Dyn-DNS/DynDNS/
2013-10-09 10:54:43 -05:00
c2c6422078
Correct the name of "DynDNS" (not Dyn-DNS)
2013-10-09 09:56:07 -05:00
2073c4e6a7
Land #2489 , @mwulftange :noquotes option for CmdStagerPrintf
2013-10-09 08:29:11 -05:00
0acb170ee8
Bug #8419 - Added platform info missing on exploits
2013-10-08 22:41:50 -04:00
c84e5c7443
Land #2490 , new sniffer extenstion binaries
2013-10-08 17:15:54 -05:00
0a194b203d
Updated sniffer binaries
...
These updated binaries include a packet-sniffer fix which results in
sniffing working on x86 builds of Windows 8 and Windows 8.1.
2013-10-09 07:38:54 +10:00
2f0120748b
Land #2487 - Mark broken tests as pending
2013-10-08 15:10:10 -05:00
ef48a4b385
Land #2486 - Fix error message backtrace
2013-10-08 14:55:39 -05:00
e895a17722
Add 'no quotes' option for CmdStagerPrintf
...
Exploit developers can use the ':noquotes => true' option to avoid
single quotes surrounding the octal escapes argument.
2013-10-08 21:04:28 +02:00
MrXors
jvazquez-r7
Bruno Morisson
Tod Beardsley
pyoor
Meatballs
bcoles
William Vu
kernelsmith
OJ
Spencer McIntyre
sinn3r
ZeroChaos
joev
Winterspite
Markus Wulftange