Tod Beardsley
ba2c52c5de
Fixed up some more weird splat formatting.
2013-10-16 16:25:48 -05:00
James Lee
721ce8f6b7
Land #2526 , use Find.find in msftidy
...
[SeeRM #8497 ]
2013-10-16 16:17:33 -05:00
James Lee
ca2620f0f6
Land #2527 , addonsdetect
2013-10-16 16:15:31 -05:00
James Lee
4fa3b8f820
Add support for IE7 on XP
2013-10-16 15:56:34 -05:00
James Lee
d13fa7e9a5
Land #2528 , base64 for ms13-080
2013-10-16 15:54:56 -05:00
Karn Ganeshen
cc42fbc59e
Added ext .rb
...
... ext .rb why you no save.
2013-10-17 01:40:05 +05:30
Karn Ganeshen
f3d4229ed4
Updated code
...
msftidy compliant now. Have run it thru retab.rb, hence the indent like this.
2013-10-17 01:36:26 +05:30
Tod Beardsley
2833d58387
Add OSVDB for vbulletin exploit
2013-10-16 15:01:28 -05:00
Tod Beardsley
3c2dddd7aa
Update reference with a non-plagarised source
2013-10-16 14:44:18 -05:00
Tod Beardsley
3fc1a75a6b
Simplify msftidy with Find.find and add fixed()
...
Also, enforce binary encoding like the other Metasploit tools.
This opens the door to fixing files that have things that could be fixed
programmatically.
[SeeRM #8497 ]
2013-10-16 10:40:42 -05:00
sinn3r
06a212207e
Put PrependMigrate on hold because of #1674
...
But I will probably still want this.
2013-10-16 09:24:46 -05:00
sinn3r
0081e186f7
Make sure i var is local
2013-10-15 23:59:23 -05:00
sinn3r
ac78f1cc5b
Use Base64 encoding for OS parameter
...
I didn't even realize we already added this in server.rb. So instead
of just escaping the OS parameter, we also encode the data in base64.
I also added prependmigrate to avoid unstable conditions for the payload.
2013-10-15 23:37:11 -05:00
William Vu
ad8af02021
Add my wonderfully simplistic Outpost24 parser
2013-10-15 16:34:46 -05:00
sinn3r
4c91f2e0f5
Add detection code MS Office
...
Add detection code for MS Office XP, 2003, 2007, 2010, and 2012.
[SeeRM #8413 ]
2013-10-15 16:27:23 -05:00
William Vu
38965f91ee
Add Outpost24 importer code to core/db.rb
2013-10-15 15:32:28 -05:00
sinn3r
41ab4739e3
Land #2520 - Add detection for FF 22 - 24
2013-10-15 15:17:43 -05:00
Tod Beardsley
e4d5960853
Land #2524 , correct author name
2013-10-15 15:05:35 -05:00
Tod Beardsley
2f2b93cf61
Avoid resplatting resplat.rb
2013-10-15 14:59:56 -05:00
Tod Beardsley
f57032636e
Straggler on a weird boilerplate format
2013-10-15 14:57:04 -05:00
Tod Beardsley
5d86ab4ab8
Catch mis-formatted bracket comments.
2013-10-15 14:52:12 -05:00
Tod Beardsley
ed0b84b7f7
Another round of re-splatting.
2013-10-15 14:14:15 -05:00
Tod Beardsley
40106b3f22
Sometimes splats point at a /framework/ URL
2013-10-15 14:12:49 -05:00
Tod Beardsley
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
Tod Beardsley
01fbbf16de
Add another line to the resplat regex.
2013-10-15 14:06:53 -05:00
Tod Beardsley
81d145ad81
At least offer a solution with msftidy
...
I would go ahead and fix it for the user, but due to #8497 , I can't
yet.
2013-10-15 13:53:38 -05:00
Tod Beardsley
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
Tod Beardsley
e9e6fb7e26
Add msftidy check.
2013-10-15 13:35:52 -05:00
Tod Beardsley
56d4ba8ab8
Add a re-splatting tool for updating comments.
2013-10-15 13:13:00 -05:00
jvazquez-r7
c68319d098
Fix author
2013-10-15 12:59:19 -05:00
jvazquez-r7
f60b29c7a6
Land #2503 , @MrXors's local exploit using VSS
2013-10-15 12:35:26 -05:00
MrXors
f345414832
Added correct spelling in info
2013-10-15 10:13:18 -07:00
jvazquez-r7
0b9cf24103
Convert vss_persistence to Local Exploit
2013-10-15 11:11:04 -05:00
jvazquez-r7
3b7be50d50
Fix typos
2013-10-15 10:03:00 -05:00
jvazquez-r7
18b4f80ca9
Add minor cleanup for vss_persistence
2013-10-15 09:56:18 -05:00
MrXors
6a1b1f35a8
Msftidy done.
2013-10-14 19:41:10 -07:00
MrXors
d444ed054f
Fixed RUNKEY, Fixed SCHTASKS, merged code
2013-10-14 19:36:44 -07:00
Meatballs
63e850505e
Land #2523 , WDS use read_response
...
This is more robust at correctly receiving the entire DCERPC response.
[Closes #2511 ]
2013-10-14 23:54:56 +01:00
Tod Beardsley
d0b1479d5b
Use the real timeout option for DCERPC
2013-10-14 17:41:51 -05:00
Tod Beardsley
e8d0292118
Use read_response class method
...
Looks like this was never implemented in other modules, but it collects
data from the socket in the usual get_once sort of way.
2013-10-14 17:24:22 -05:00
Tod Beardsley
14be85ea5d
Land #2511 , fix up NoMethodError and hanging connx
2013-10-14 16:30:19 -05:00
Meatballs
a3af5d681b
Ensure TCP connection is closed
2013-10-14 21:53:22 +01:00
William Vu
31dc7c0c08
Land #2522 , @todb-r7's pre-release module fixes
2013-10-14 15:37:23 -05:00
Tod Beardsley
63e40f9fba
Release time fixes to modules
...
* Period at the end of a description.
* Methods shouldn't be meth_name! unless the method is destructive.
* "Setup" is a noun, "set up" is a verb.
* Use the clunky post module naming convention.
2013-10-14 15:17:39 -05:00
James Lee
29ae6be403
Land #2521 , nil fix for ms13_069
2013-10-14 15:15:47 -05:00
kaospunk
4b4804538f
Fixes issues based on feedback
...
This commit addresses comments made by @jvazquez-r7.
2013-10-14 16:02:29 -04:00
joev
711fac08b7
Don't throw exception if createElement is missing.
2013-10-14 14:15:13 -05:00
sinn3r
15e8c3bcd6
[FixRM #8470 ] - can't convert nil into String
...
Target selection bug in ms13_069_caret.rb. Happens when the target
is Win 7 + IE8, which actually isn't a suitable target.
[FixRM #8470 ]
2013-10-14 14:10:08 -05:00
jvazquez-r7
75aaded842
Land #2471 , @pyoor's exploit for CVE-2013-5743
2013-10-14 14:03:28 -05:00
jvazquez-r7
a6f17c3ba0
Clean zabbix_sqli
2013-10-14 14:01:58 -05:00