bd0a20a717
Update outlook.rb execute_script time_out
...
I have been using the script in real life cases which have bigger e-mailboxes then in the testing environment. Because of execute_script default time_out no results return, as the powershell scripts run longer then 15 seconds. Changed the timeout to 120.
2015-01-20 11:16:37 +01:00
f7aaad1cf1
Delete some extraneous commas
2015-01-19 17:25:45 -06:00
dbc77a2857
Land #4517 , @pedrib's exploit for ManageEngine Multiple Products Authenticated File Upload
...
* CVE-2014-5301
2015-01-19 17:23:39 -06:00
6403098fbc
Avoid sleep(), survey instead
2015-01-19 17:22:04 -06:00
a6e351ef5d
Delete unnecessary request
2015-01-19 17:14:23 -06:00
ed26a2fd77
Avoid modify datastore options
2015-01-19 17:11:31 -06:00
3c0efe4a7e
Do minor style changes
2015-01-19 15:36:05 -06:00
ddda0b2f4b
Beautify metadata
2015-01-19 14:59:31 -06:00
43e0afeaed
Delete 's' typo
2015-01-19 12:55:35 -06:00
79a24f80b8
Use constant for play options
2015-01-19 12:50:40 -06:00
652400451e
Delete extra k
2015-01-19 12:35:26 -06:00
50d43f118b
Make URLs better
...
Removes YouTube logo, loops, hides video controls at bottom, disables keyboard controls, doesn't show info about the video on the top, hides video annotations, and doesn't show related videos at the end.
2015-01-19 12:27:18 -05:00
5813c639d1
Initial commit
2015-01-19 17:23:48 +01:00
354e952841
fix msftidy warnings
2015-01-18 23:55:57 +01:00
5b964bba6a
Land #4518 , Wordpress long password DoS
2015-01-18 23:55:06 +01:00
6014ff8a31
fix msftidy warnings
2015-01-18 23:54:16 +01:00
affc661524
Add module for CVE-2014-4936
2015-01-18 17:18:05 +01:00
7a2f0553a8
Update reverse_tcp.rb
...
prevent over-reading from socket
2015-01-18 17:32:53 +02:00
9c12fcc2f1
Update bind_tcp.rb
...
Read exactly l bytes
2015-01-18 15:42:09 +02:00
18e15a109a
Update bind_tcp.rb
...
Prevent over reading from socket
2015-01-18 15:35:56 +02:00
84ecde30d1
Land #4586 , mcafee_epo_xxe aux module
2015-01-18 00:50:10 -06:00
57ca285f8a
Fix msftidy warnings
2015-01-18 00:49:52 -06:00
db3185231a
add maxkeys option, dont store loot if localhost and improve streaming
2015-01-17 09:25:32 -08:00
3a5d6b4717
Store password hash as loot
2015-01-17 14:17:41 +00:00
375a7e1fe9
Typo. Filtering.
2015-01-16 16:30:52 -06:00
8889f95920
Correct McAfee credential storage, prepare for store_loot
2015-01-16 12:10:01 -08:00
f1bcbb7d78
Merge remote-tracking branch 'live/master' into feature/memcached-module
2015-01-16 09:57:17 -08:00
a2a1a90678
Land #4316 , Meatballs1 streamlines payload execution for exploits/windows/local/wmi
...
also fixes a typo bug in WMIC
2015-01-16 11:16:22 -06:00
6a68888712
Land #4590 , jvennix-r7's fix for same-scheme URLs
...
made a trivial string formatting tweak
2015-01-16 09:10:56 -06:00
7ef721bdd6
Might as well format the url all at once.
2015-01-16 09:01:25 -06:00
488847cecc
Split smb_cmd_session_setup into with/without esn
...
Extended Security Negotiation
2015-01-16 07:05:10 -06:00
6b6a7e81c9
Style fixes
2015-01-16 06:39:21 -06:00
273ba54a21
Fix server/capture/smb to use create_credential
2015-01-15 22:39:11 -06:00
1929f36050
Update mcafee_epo_xxe.rb
2015-01-15 16:50:14 -06:00
8c3d4c8d07
Spelling tweak.
2015-01-15 15:19:46 -06:00
35c9a13199
Handle the usage of // (same-scheme) URLs.
2015-01-15 15:09:50 -06:00
c1e604f201
Land #4562 : wchen-r7's CVE addition
2015-01-15 14:34:37 -06:00
bc895ab4d1
Land #4582 , jhart-r7's Apple Airport Authentication Avalanche
2015-01-15 14:07:18 -06:00
47cd5a3e59
Land #4562 , wchen-r7's Win8 NtApphelpCacheControl privilege escalation
2015-01-15 13:52:07 -06:00
09eaf80a90
Add CVE
2015-01-15 13:22:00 -06:00
68dc3ce876
Minor code formatting
2015-01-15 19:33:08 +01:00
507050b316
rescue from down memcached server or timeout
2015-01-15 09:51:42 -08:00
0e893cd772
Merge remote-tracking branch 'live/master' into feature/memcached-module
2015-01-15 09:40:21 -08:00
4d2ad8865f
remove debug line
2015-01-15 09:37:51 -08:00
154eb7956c
fix storing of loot and support localhost session
2015-01-15 09:36:15 -08:00
4e4ca15422
Update mcafee_epo_xxe.rb
2015-01-15 11:02:11 -06:00
e53522b64b
Update mcafee_epo_xxe.rb
2015-01-15 10:28:52 -06:00
57904773e7
Configurable resource
2015-01-15 10:28:03 -06:00
86d5358299
Update mcafee_epo_xxe.rb
2015-01-15 09:56:02 -06:00
ef0be946b1
Use HttpServer instead of TcpServer
2015-01-15 10:39:17 +01:00
53e1304afb
Update mcafee_epo_xxe.rb
2015-01-14 18:19:27 -06:00
f4f4787efe
Move run method
2015-01-14 23:54:02 +00:00
3768cf0a69
Change version to int and add proper timestamp
2015-01-14 22:59:11 +00:00
da0fce1ea8
Add module for CVE-2014-2206
2015-01-14 22:04:30 +01:00
f42bda1a51
refactor parsing the results
...
moved the result parsing into its own method
cleaned up run method a bit more, added YARD docs
to the new methods
2015-01-14 14:15:57 -06:00
c687ecca2e
refactor filter building
...
move the filter_string into a seperate method
and use shovel oeprator to keep it a little cleaner
2015-01-14 14:04:28 -06:00
9b344a9605
move query fields to a constant
...
these fields should never change, so put the array
in a constant and freeze it to prevent accidental tampering
2015-01-14 13:20:00 -06:00
82939595f8
Merge branch 'master' into feature/metaballs1/enum_ad_users
2015-01-14 13:06:18 -06:00
1ed07bac32
Update mcafee_epo_xxe.rb
2015-01-14 11:01:14 -06:00
794bb65817
Create mcafee_epo_xxe.rb
2015-01-14 10:54:58 -06:00
b7eb4d24aa
Squash another rogue 5009
2015-01-13 10:36:43 -08:00
ac4eb3bb90
Land #4578 , @dlanner's fix for rails_secret_deserialization
2015-01-13 09:37:28 -08:00
c5cfc11d84
fix cookie regex by removing a space
2015-01-12 23:13:18 -05:00
69f03f5c5d
Move ACPP default port into Rex
2015-01-12 19:43:57 -08:00
01a9fb1483
Spelling
2015-01-12 19:29:41 -08:00
a076a9ab89
report_vuln
2015-01-12 19:23:08 -08:00
d5cdfe73ed
Big style cleanup
2015-01-12 19:11:14 -08:00
9721993b8f
Allow blank password, remote more unused opts, print private
2015-01-12 18:43:54 -08:00
99cf668441
add memcached extractor module
2015-01-12 16:40:06 -08:00
44059a6e34
Disable more unused options
2015-01-12 14:15:40 -08:00
ec506af8ea
Make ACPP login work
2015-01-12 14:01:23 -08:00
e9557ffe58
Simplify module in prep for some authbrute cleanups
2015-01-12 13:08:12 -08:00
97f5cbdf08
Add initial Airport ACPP login scanner
2015-01-12 13:08:12 -08:00
7876401419
Land #4476 - Lexmark MarkVision Enterprise Arbitrary File Upload
2015-01-12 10:44:23 -06:00
34bbc5be90
print error message about limitation
2015-01-11 20:12:40 -06:00
52b929c5ca
Fix https://github.com/m7x/metasploit-framework/pull/1#issuecomment-69454590
2015-01-10 14:15:53 +00:00
46d1616994
Hello ARCH_X86_64
2015-01-10 06:16:22 -06:00
05d364180b
Beautify descriptions
2015-01-10 01:10:08 -06:00
a2d479a894
Refactor run method
2015-01-10 01:06:56 -06:00
cf9d7d583e
Do first code cleanup
2015-01-10 00:51:31 -06:00
000d7dd1eb
Minor beautification
2015-01-10 00:32:10 -06:00
1d0e9a2dca
Use snake_case filename
2015-01-10 00:29:28 -06:00
070e833d46
Use snake_case filename
2015-01-10 00:28:01 -06:00
59d602f37d
Refactor cisco_cucdm_callforward
2015-01-10 00:27:31 -06:00
511a7f8cca
send_request_cgi already URI encodes
2015-01-10 00:06:26 -06:00
5d8167dca6
Beautify description
2015-01-10 00:02:42 -06:00
9fb4cfb442
Do First callforward cleanup
2015-01-10 00:00:27 -06:00
f7af0d9cf0
Test landing #4065 into up to date branch
2015-01-09 23:40:16 -06:00
bedbffa377
Land #3700 , @ringt fix for oracle_login
...
* Avoid retrying logins when connection cannot be stablished
2015-01-09 22:59:32 -06:00
38c36b49fb
Report when nothing is rescued
2015-01-09 22:58:19 -06:00
5c12f9da75
More cleanup
...
Handle multiple versions
Better print_
Actually extract
2015-01-09 18:01:17 -08:00
3c8be9e36d
Just x86
2015-01-09 19:12:51 -06:00
74e8e057dd
Use RDL
2015-01-09 19:02:08 -06:00
d4d1a53533
fix invalid url
2015-01-09 21:57:52 +01:00
fd2307680d
Land #4550 , wp-symposium file upload
2015-01-09 21:55:02 +01:00
35fd17c4f1
Cleanup style
2015-01-09 11:00:25 -08:00
d65ed54e0c
Check STARTUP_FOLDER option
2015-01-09 12:21:01 -06:00
2c633e403e
Do code cleanup
2015-01-09 12:07:59 -06:00
d52e9d4e21
Fix metadata again
2015-01-09 11:20:00 -06:00
9dbf163fe7
Do minor style fixes
2015-01-09 11:17:16 -06:00
8f09e0c20c
Fix metadata by copying the mysql_mof data
2015-01-09 11:15:32 -06:00
da6496fee1
Test landing #2156 into up to date branch
2015-01-09 11:04:47 -06:00
ee5c249c89
Add EDB reference
2015-01-09 00:19:12 -06:00
75de792558
Add a basic check
2015-01-09 00:03:39 -06:00
4911127fe2
Match the title and change the description a little bit
2015-01-08 21:48:01 -06:00
b7b3ae4d2a
A little randomness
2015-01-08 21:25:55 -06:00
e4547eb474
Land #4537 , @wchen-r7's fix for #4098
2015-01-08 17:57:16 -08:00
f13e56aef8
Handle bracketed and unbracketed results, add more useful logging
2015-01-08 17:51:31 -08:00
14db112c32
Add logging to show executed Java and result
2015-01-08 16:53:12 -08:00
b65013c5c5
Another update
2015-01-08 18:39:04 -06:00
b2ff5425bc
Some changes
2015-01-08 18:33:30 -06:00
53e6f42d99
This works
2015-01-08 17:57:14 -06:00
c76aec60b0
Add OSVDB id and full disclosure URL
2015-01-08 23:29:38 +00:00
7ed6b3117a
Update
2015-01-08 17:18:14 -06:00
fb5170e8b3
Land #2766 , Meatballs1's refactoring of ExtAPI services
...
- Many code duplications are eliminated from modules in favor of shared
implementations in the framework.
- Paths are properly quoted in shell operations and duplicate operations are
squashed.
- Various subtle bugs in error handling are fixed.
- Error handling is simpler.
- Windows services API is revised and modules are updated to use it.
- various API docs added
- railgun API constants are organized and readable now.
2015-01-08 16:54:01 -06:00
e447a17795
bump deprecated date
2015-01-08 16:20:06 -06:00
50ecfbf64c
Land #4553 - Update bypass UAC to work on 7, 8, 8.1, and 2012
2015-01-08 16:19:55 -06:00
82e6183136
Add Msf::Exploit::FileDropper mixin
2015-01-08 21:07:00 +00:00
93dc90d9d3
Tidied up some code with existing mixins
2015-01-08 20:53:56 +00:00
0e6c7181b1
"Stash" it
2015-01-08 14:13:14 -06:00
a9fee9c022
Fall back to runas if UAC disabled
2015-01-08 11:07:57 +00:00
ea793802cc
Land #4528 , mantisbt_php_exec improvements
2015-01-08 04:50:00 -06:00
3c3d28b475
Land #4551 , correct spelling in dns_bruteforce
2015-01-08 10:03:28 +00:00
844460dd87
Update bypass UAC to work on 8.1 and 2012
...
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.
I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
0604b2ecc7
Land #4542 , invalid splat URL fix
2015-01-07 22:54:22 -06:00
0496bb16bc
Minor spelling fix
2015-01-07 23:43:59 -05:00
7b92c6c2df
Add WP Symposium Shell Upload module
2015-01-07 22:02:39 +00:00
da2e088118
Land #4536 , Ruby 2.2 compat fixes
...
Note that ActiveRecord 3.2.21 still has a similar warning that will
probably cause bugs, preventing full support for 2.2 until that's fixed.
2015-01-07 15:33:23 -06:00
0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
...
Conflicts:
test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
82d129bfc4
Merge branch 'master' into feature/jtr-korelogic-rules-update
2015-01-07 12:42:23 -06:00
df70678762
tell suer KoreLogic rules have been applied
...
make sure to rpovide console feedback that we are
actually applying the KoreLogic rules to wordlist mode
2015-01-07 12:36:07 -06:00
4ad7021336
give user option to turn on KoreLogic rules
...
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
2015-01-07 12:32:26 -06:00
ef97d15158
Fix msftidy and make sure all print_*s in check() are vprint_*s
2015-01-07 12:12:25 -06:00
a5f48b23df
Add use of Msf::ThreadManager
2015-01-07 17:27:06 +00:00
3e80efb5a8
Land #4521 , Pandora FMS upload
2015-01-07 11:13:57 -06:00
1ccef7dc3c
Shorter timeout so we get shell sooner
...
The request to execute our payload will never return, so waiting for the
default timeout (20 seconds) is pointless.
2015-01-07 11:11:33 -06:00
e90e98547b
Add configurable timeout to WordPress login
2015-01-07 17:06:31 +00:00
4c240e8959
Fix #4098 - False negative check for script_mvel_rce
...
Fix #4098 , thanks @arnaudsoullie
2015-01-07 10:40:58 -06:00
c60b6969bc
Oh so that's it
2015-01-07 10:39:46 -06:00
efe83a4f31
Whitespace
2015-01-07 10:19:17 -06:00
89699d1549
Typo workspace_id
2015-01-07 10:58:59 +00:00
09bd0465cf
fix regex
2015-01-07 11:54:55 +01:00
b3def856fd
Applied changes recommended by jlee-r7
...
used Rex::ConnectionError
refactor begin/rescue blocks
removed ::URI::InvalidURIError
changed @peer with peer
used Exploit::CheckCode:Appears instead of Exploit::CheckCode::Vulnerable
2015-01-07 18:38:19 +08:00
eaad4e0bea
fix check method
2015-01-07 11:01:08 +01:00
8c23e8c2e8
ruby 2.2 compatibility
...
Fix circular argument reference warnings for ruby 2.2
2015-01-07 12:00:50 +02:00
862af074e9
fix bug
2015-01-07 09:10:50 +01:00
d007b72ab3
favor include? over =~
2015-01-07 07:33:16 +01:00
4277c20a83
use include?
2015-01-07 06:51:28 +01:00
39e33739ea
support for anonymous login
2015-01-07 00:08:04 +01:00
bf0bdd00df
added some links, use the res variable
2015-01-06 23:25:11 +01:00
2ed05869b8
Make Msf::Exploit::PDF follow the Ruby method naming convention
...
Just changing method names.
It will actually also fix #4520
2015-01-06 12:42:06 -06:00
f9f2bc07ac
some improvements to the mantis module
2015-01-06 11:33:45 +01:00
0bece137c1
Land #4494 , Object.class.to_s fix
2015-01-06 02:27:35 -06:00
f2710f6ba7
Land #4443 , BulletProof FTP client exploit
2015-01-06 02:10:42 -06:00
482cfb8d59
Clean up some stuff
2015-01-06 02:10:25 -06:00
46aa165ca5
Land #4481 , enum_users_history improvements
2015-01-06 01:52:38 -06:00
745bfb2f35
Clean things up
2015-01-06 01:48:18 -06:00
dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post
2015-01-05 22:18:44 +00:00
44dfa746eb
Resolve #4513 - Change #inspect to #to_s
...
Resolve #4513
2015-01-05 11:50:51 -06:00
4257fef91b
Land #4101 - Konica MFP FTP and SMB credential gathering module
2015-01-05 10:31:28 -06:00
547b7f2752
Syntax and File Upload BugFix
...
Fix unexpected ) in line 118
Fix file cleanup missing _
Fix more robust version check script
Fix file upload
2015-01-05 19:23:22 +08:00
e7affb9048
Land #4493 , @pedrib's module for ManageEngine Central Desktop create admin
2015-01-04 23:46:31 -06:00
c5e72fb324
Change module filename
2015-01-04 23:14:12 -06:00
4798f2328d
Change module filename
2015-01-04 23:13:17 -06:00
6bb3171328
Do minor cleanup
2015-01-04 23:12:42 -06:00
711b97ecc5
Beautify metadata
2015-01-04 23:08:46 -06:00
92015ac124
Replace custom login with wordpress_login mixin
2015-01-04 23:07:07 +00:00
39412c4a48
Add WordPress long password DoS module
2015-01-04 18:50:23 +00:00
c9b76a806a
Create manageengine_auth_upload.rb
2015-01-04 17:05:53 +00:00
32d4bf03c3
Add OSVDB id and full disclosure URL
2015-01-04 12:36:51 +00:00
d45cdd61aa
Resolve #4507 - respond_to? + send = evil
...
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.
Resolve #4507
2015-01-02 13:29:17 -06:00
3c755a6dfa
Template
2015-01-02 11:31:28 -06:00
c348663204
Add McAfee Hashdump
2015-01-02 10:22:11 +00:00
c1718fa490
Land #4440 , git client exploit from @jhart-r7
...
Also fixes #4435 and makes progress against #4445 .
2015-01-01 13:18:43 -06:00
d7564f47cc
Move Mercurial option to advanced, update ref url
...
See #4440
2015-01-01 13:08:36 -06:00
914c724abe
Rename module
...
See rapid7#4440
2015-01-01 13:03:17 -06:00
65977c9762
Add some more useful URLs
2014-12-31 10:54:04 -08:00
264d3f9faa
Minor grammar fixes on modules
2014-12-31 11:45:14 -06:00
6d966dbbcf
Land #4203 , @jvazquez-r7's cleanup for java_rmi_server
2014-12-31 11:25:19 -05:00
4f11dc009a
fixes #4490 , class.to_s should not be used for checks
2014-12-31 10:46:24 +01:00
e81e68bdaf
Create me_dc9_admin.rb
2014-12-31 02:02:52 +00:00
cc75c33d60
Use user home directories
...
Replace hard-coded '/home/' and '/root/' with `~username` shorthand.
2014-12-31 09:12:35 +11:00
013e45e83d
Add support for MongoDB history
2014-12-31 08:38:58 +11:00
d2e6f90569
Use a list of users
2014-12-31 08:12:16 +11:00
48919eadb6
Land #4444 - i-FTP BoF
2014-12-30 12:38:28 -06:00
4fd4d51d78
Land #4485 , Drupageddon greedy regex fix
2014-12-30 10:16:57 -06:00
96fe693c54
update drupal regex
2014-12-30 09:12:39 +01:00
555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support)
2014-12-29 16:09:28 -06:00
f2130311fa
Add the MSF blog reference
2014-12-29 16:08:35 -06:00
897e993971
Update description
2014-12-30 08:05:53 +11:00
8719a36d84
DRY status messages
2014-12-30 08:03:40 +11:00
0de80e9c76
Minor changes to style
2014-12-30 07:58:54 +11:00
0085bcf075
Use `blank?' instead of `nil?'
2014-12-30 07:38:34 +11:00
a50ac4050c
Add support for PostgreSQL history
2014-12-30 07:33:22 +11:00
4ebe0fc0a8
Add support for different shells
2014-12-30 07:26:12 +11:00
d2af956b16
Do minor cleanups
2014-12-29 10:39:51 -06:00
1dd9d60e34
Land #4461 , Android cookie database theft
...
`
Thanks @jvennix-r7!
2014-12-29 08:15:21 -06:00
d10222365b
Add Rafay's blog as a reference
2014-12-29 08:12:19 -06:00
1236684954
Use get_uri instead, note lack of Rex::Text method
...
See rapid7#4461
2014-12-28 15:06:34 -06:00
788e315fd4
Fix msftidy warnings
2014-12-28 14:53:29 -06:00
wez3
jvazquez-r7
IMcPwn
Hans-Martin Münch (h0ng10)
Christian Mehlmauer
sgabe
eyalgr
William Vu
pdeardorff-r7
root
Tod Beardsley
Jon Hart
Brent Cook
James Lee
Brandon Perry
Joe Vennix
sinn3r
Pedro Ribeiro
David Maloney
David Lanner
rastating
Meatballs
OJ
EricGershman
m7x
rcnunez
dmooray
Spencer McIntyre
Brendan Coles