3ca440089e
Add checks for .NET requisites
...
Also standardizes print_status format to look nicer with lots of cilents
2012-04-09 01:23:44 -06:00
a6b106e867
Remove autopwn support for enjoysapgui_comp_download
...
No automatic targeting, the payload doesn't execute immediately, and
requires the browser be running as Admin. Bascially just not a great
candidate for being run automatically.
2012-04-09 01:05:37 -06:00
409ba3139b
Add bap checks for blackice exploit
2012-04-09 00:50:04 -06:00
da1cb2b81d
ActiveX controls require IE
2012-04-08 22:07:09 -06:00
f520af036f
Move next_exploit() onto window object so it's accessible everywhere
...
I swear I committed this before, not sure what happened.
2012-04-08 17:11:15 -06:00
4e955e5870
replace spaces with tabs
2012-04-06 10:45:10 -05:00
67e6c7b850
tomcat_mgr_deploy may report successful creds
...
Using following code for 'check' as 'exploit':
report_auth_info(
:host => rhost,
:port => rport,
:sname => (ssl ? "https" : "http"),
:user => datastore['BasicAuthUser'],
:pass => datastore['BasicAuthPass'],
:proof => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
:active => true
)
Resulting in:
Credentials
===========
host port user pass type active?
---- ---- ---- ---- ---- -------
192.168.x.xxx 8080 tomcat s3cret password true
2012-04-06 10:45:10 -05:00
461352f24f
Don't need to require net/ftp anymore
...
Nothing actually used it anyway.
2012-04-06 10:35:28 -05:00
56b10d4d23
Merge branch 'CVE-2012-0270_csound_getnum_bof' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2012-0270_csound_getnum_bof
2012-04-06 02:28:26 -05:00
68c81e3ae0
Add OSVDB-80661 TRENDnet SecurView ActiveX BoF
2012-04-06 02:26:04 -05:00
9c8e6ac9da
Ruby 1.8 compat for the SCADA modules.
...
But really, you should be using Ruby 1.9 by now.
2012-04-05 17:05:03 -05:00
14e3cd75dc
Revert "tomcat_mgr_deploy may report successful creds"
...
This reverts commit 937f8f035a
2012-04-05 16:17:06 -05:00
5c6856539e
.idea dir deleted
2012-04-05 22:46:43 +02:00
955de5a68c
comment fixed
2012-04-05 22:46:13 +02:00
c5f73d3d7a
added module for CVE-2012-0270_csound_getnum_bof
2012-04-05 22:35:42 +02:00
0c3f1aab77
Tell the user what actually went wrong when migrate.rb fails
2012-04-05 11:49:03 -06:00
14d9953634
Adding DigitalBond SCADA modules
2012-04-05 12:35:48 -05:00
eb39b5f6aa
Msftidy on netop
2012-04-05 10:33:57 -05:00
8628991b1d
Merge pull request #305 from jlee-r7/bap-refactor
...
Bap refactor
2012-04-05 08:02:43 -07:00
937f8f035a
tomcat_mgr_deploy may report successful creds
2012-04-05 11:09:56 +02:00
40ab362e1c
Store host details in the target cache
...
This allows us to maintain a connection between the client and the
operating system/host where it's running.
Also fixes a counting problem for modules actually started.
2012-04-05 01:33:07 -06:00
0ddfa79a34
Move javascriptosdetect out to its own file
...
Allows editors to easily highlight correctly which makes editing a
little nicer. Also makes it easier to debug because line numbers are
only off by the length of the custom_js argument.
2012-04-04 17:07:17 -06:00
6ad0f41479
Add the client to output
2012-04-03 18:27:16 -06:00
974d95b175
Both of these are obsoleted by java_atomicreferencearray
2012-04-03 18:23:42 -06:00
893430894e
Tell the user how many sploits we've picked
2012-04-03 18:22:56 -06:00
c79060915a
Add Chap0's netop exploit
2012-04-03 11:51:58 -05:00
48d6157d6e
New NetOp Guest msf module http://www.netop.com/
2012-04-02 16:53:51 -07:00
9cf896ffa1
Pre-release fixups on titles and grammar
...
Fixing squid_pivot_scanning and enum_xchat
2012-04-02 11:24:49 -05:00
7b0ee58d9f
Fixing bug spotted by troulouliou in ipv6_neighbor
...
Just check for nilness, not the :symbol.
2012-04-02 10:02:59 -05:00
bd5f43c918
Add another good reference by @mihi42
2012-04-01 01:30:50 -05:00
bab4cddd83
Add Jeroen Frijters for finding/reporting the bug
2012-03-31 03:01:09 -05:00
1853f8b0c2
Merge pull request #291 from wchen-r7/enum_xchat
...
Add post module enum_xchat.rb
2012-03-31 00:42:15 -07:00
543f5ebfe2
Only display the retry message when necessary
2012-03-31 02:40:24 -05:00
4215030eb3
Set a limit to how many times we can retry
2012-03-31 02:38:46 -05:00
6e4ccaae6b
Add post module to collect xchat's configs and chat logs
2012-03-31 00:15:21 -05:00
cc54a260f5
Merge remote branch 'upstream/master'
2012-03-30 14:31:12 -06:00
0547369966
Add bap support for flash mp4 and new java bug
...
Also fixes a silly issue where adobe_flash_mp4_cprt was adding the
/test.mp4 resource after every request instead of just once at startup.
2012-03-30 12:59:07 -06:00
e723704a32
Merge pull request #289 from wchen-r7/enum_colloquy
...
Add post module enum_colloquy.rb to collect chatlogs and the plist
2012-03-30 09:24:32 -07:00
18a13a4bfb
Correct description
2012-03-30 11:22:55 -05:00
ae21c05e69
add osvdb ref
2012-03-30 07:26:07 -05:00
e018c6604f
Modify CVE-2012-0507
2012-03-30 02:06:56 -05:00
8d2a58dfd8
Add post module enum_colloquy.rb to collect chatlogs and the preferences list
2012-03-29 16:24:43 -05:00
f069a32223
Merge pull request #288 from wchen-r7/cve_2012_0507
...
Adding sinn3r and juan's exploit for CVE-2012-0507. Blog post coming soon.
2012-03-29 08:46:49 -07:00
791ebdb679
Add CVE-2012-0507 (Java)
2012-03-29 10:31:14 -05:00
bd4819e8f2
Merge pull request #238 from mak/linux-x64-find-port
...
linux/x64/shell_find_port payload
2012-03-29 05:54:54 -07:00
220ad7875f
Merge pull request #285 from wvandevanter-r7/squid_pivot_scanning
...
Squid pivot scanning
2012-03-29 05:02:05 -07:00
f5e05461f6
changed the false positive check IP to a user set variable
2012-03-28 22:18:56 -04:00
0fcab521d2
fixed print_bad
2012-03-28 02:32:03 -04:00
5248ec87b5
Fixing EDB reference
2012-03-27 16:49:47 -05:00
b1683c94ef
Merge pull request #281 from jlee-r7/module-tests
...
Module tests
2012-03-27 10:23:20 -07:00
James Lee
andurin
Tod Beardsley
sinn3r
juan
sinn3r
chap0
Steve Tornio
Tod Beardsley
Willis Vandevanter