ff72f0af62
Land #2461 , GestioIP module
2013-10-04 11:07:08 -05:00
9b79bb99e0
Add references, correct disclosure date
2013-10-04 09:59:26 -05:00
ab786d1466
Imply authentication when a password is set
2013-10-04 09:54:04 -05:00
0112d6253c
add gestio ip module
2013-10-04 06:39:30 -07:00
db11e88255
Land #2321 , @juushya's aux module for Sentry CDU enumeration
2013-10-04 08:35:54 -05:00
7414dff958
Add fault tolerance for resolve_hosts.
2013-10-04 08:51:13 -04:00
41e87d83a6
Add rspec for Rex::Exploitation::RopDb
2013-10-04 00:54:07 -05:00
81d4a8b8c1
added clipbucket_upload_exec RCE
2013-10-04 11:43:38 +07:00
bc8604f151
Use safe_negate_size for hxds
2013-10-03 23:15:29 -05:00
63d7b8c309
Use safe_negate_size for java
2013-10-03 23:13:57 -05:00
ab62af220b
Use safe_negate_size key for msvcrt (XP)
2013-10-03 23:12:58 -05:00
29d1c75d1c
Update RopDb mixin to allow dynamic payload size for neg
...
This adds a new key to allow a "safe" integer value to NEG. "Safe"
means the value does not have any null bytes after the NEG instruction,
which is typically used to calculate the payload size.
2013-10-03 23:09:23 -05:00
9df676ca7e
Land #2447 , @wchen-r7's new msvcrt ROP chains without nulls
2013-10-03 22:38:29 -05:00
646429b4dd
Put ready to pull request
2013-10-03 22:15:17 -05:00
21afa9defe
Meterpreter railgun multi call fix
...
Modifications accommodate changes in the multi-call railgun code that
were made to Meterpreter.
This also includes a fix for Redmine 8269, so the Windows constants
now work correctly with the multi-calls.
2013-10-04 12:04:18 +10:00
5971fe87f5
Improve reliability
2013-10-03 17:19:53 -05:00
39eb20e33a
Add module for ZDI-13-169
2013-10-03 16:52:20 -05:00
8059c59f15
Land #2452 - Ignore unexpected DNS answers
2013-10-03 15:54:22 -05:00
c87e7b3cc1
Land #2451 - Don't overwrite default timeout on get_once
2013-10-03 15:44:40 -05:00
6499178ccb
Fix Microsoft typo
2013-10-03 12:21:15 -05:00
539a22a49e
Typo on Microsoft
2013-10-03 12:20:47 -05:00
f1e299460f
Land #2454 , EOL spaces fix for astium_sqli_upload
2013-10-03 11:09:22 -05:00
fcba424308
Kill off EOL spaces on astium_sqli_upload.
2013-10-03 11:01:27 -05:00
ecf286a8c4
Add support for stdapi_net_resolve_host.
2013-10-03 10:31:54 -04:00
581e27f151
Merge pull request #2 from jvazquez-r7/review-pr2321
...
Retab and fix PR2321
2013-10-03 04:20:18 -07:00
1fe0c50df0
Ignore unexpected answers
2013-10-02 20:41:02 -05:00
0db93111de
Land #2445 , @todb-r7's new tab warning for msftidy
2013-10-02 17:19:12 -05:00
773abf0567
Pow, tab assassinated.
2013-10-02 17:16:38 -05:00
3d6b3a4e21
Empty commit to try to sober up Travis-CI
...
Travis, you're drunk. You need help. Don't try to build f123cd1, because
that commit doesn't exist.
Try this one, it'll make you feel better.
2013-10-02 16:58:01 -05:00
77d0236b4e
Don't overwrite defaul timeout
2013-10-02 16:15:14 -05:00
427b4b262a
Land #2441 - Update .mailmap
2013-10-02 13:20:08 -05:00
40c313b711
Land #2450 , fix UDPSweep modules for Windows
2013-10-02 12:29:52 -05:00
758fd02619
Windows 7 SP1 and newer fail when forcing IPv6 sockets
2013-10-02 09:45:51 -05:00
7436ea0281
Land #2449 , @wchen-r7's references update
2013-10-02 08:17:12 -05:00
56b6f0be02
Add bins for #2443
...
See #740 and meterpreter#26
2013-10-01 23:47:24 -05:00
9436b6df08
Land #2443 , railgun error messages
...
See #740 and meterpreter#26
2013-10-01 23:44:43 -05:00
23b0c3b723
Add Metasploit blog references
...
These modules have blogs from the Rapid7 community, we should add them.
2013-10-01 20:50:16 -05:00
932ed0a939
Land #2444 - Add SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Vuln
2013-10-01 20:35:17 -05:00
81365855fc
Land #2446 - Use ROP chains from ROPDb
...
Now that we have successfully imported the Office 2007/2010 ROP chains
to ROPDb, this exploit can be the first to use it.
2013-10-01 20:28:59 -05:00
cd1f023f72
Update msvcrt.dll ROP chain for Windows Server 2003
2013-10-01 16:18:57 -05:00
14d99ffbdb
Update Win XP msvcrt.dll ROP
...
This updated ROP chain for msvcrt.dll does not have any null bytes.
2013-10-01 15:00:43 -05:00
ed82be6fd8
Use RopDB
2013-10-01 13:23:09 -05:00
981212a034
Land #2442 , @wchen-r7's rop chains for Office
2013-10-01 13:21:30 -05:00
36d058b28c
Warn for tabbed indentation
2013-10-01 12:22:46 -05:00
6483c5526a
Add module for OSVDB 93696
2013-10-01 11:42:36 -05:00
82162ef486
Add error message support to railgun
...
This code was lost in the transition when the meterpreter source was
removed from the metasploit-framework source. I'm pulling this in by
request of @dmaloney-r7 who originally requested this code be inculded
as part of https://github.com/rapid7/metasploit-framework/pull/740
I added an extra bit of code to free up memory that is allocated by the
call to FormatMessage and forced the ASCII-version (FormatMessageA) of
the call.
This PR is the MSF side of https://github.com/rapid7/meterpreter/pull/26
2013-10-01 17:23:08 +10:00
7c6c8291e2
Add ROP chains for Office 2007 and Office 2010 (hxds.dll)
...
This adds two ROP chains for Office 2007 and Office 2010 based on
hxds.dll.
2013-10-01 01:33:35 -05:00
301c370b68
Add William and alphabetize correctly
2013-09-30 17:04:57 -05:00
9abf727fa6
Land #2439 - Update description
2013-09-30 16:03:15 -05:00
7118f7dc4c
Land #2422 - rm methods peer & rport
...
Because they're already defined in the HttpClient mixin
2013-09-30 16:01:59 -05:00
Tod Beardsley
Brandon Perry
jvazquez-r7
Spencer McIntyre
sinn3r
xistence
OJ
William Vu
Karn Ganeshen
Tabassassin
James Lee