jvazquez-r7
3e2a368823
Merge branch 'rails_json_yaml_scanner' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-rails_json_yaml_scanner
2013-02-13 00:07:11 +01:00
Jeff Jarmoc
846052a34d
s/URIPATH/TARGETURI/g per @jvasquez-r7 comments on another pull.
2013-02-12 15:13:06 -06:00
jvazquez-r7
e298866fdd
Merge branch 'bug/unmerge-1444-and-1476' of https://github.com/todb-r7/metasploit-framework into todb-r7-bug/unmerge-1444-and-1476
2013-02-12 15:55:30 +01:00
Brandon Turner
44d984dc48
Merge pull request #1483 from todb-r7/update-gemfile-lock
...
Update Gemfile.lock
2013-02-11 20:07:56 -08:00
Tod Beardsley
71abcdbd1a
Update Gemfile.lock
2013-02-11 21:56:56 -06:00
Tod Beardsley
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
jvazquez-r7
9040fcd5ae
Merge branch 'darkoperator-post2localexploit' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-post2localexploit
2013-02-12 01:52:05 +01:00
Carlos Perez
091322fef6
Merge pull request #2 from jvazquez-r7/persistence_vbs
...
using Post::File methods plus little more cleanup
2013-02-11 16:39:40 -08:00
jvazquez-r7
42a6d96ff4
using Post::File methods plus little more cleanup
2013-02-12 01:33:07 +01:00
Carlos Perez
7485e425ef
Merge pull request #1 from jvazquez-r7/persistence_vbs
...
using always a vbs file to drop exe
2013-02-11 16:09:59 -08:00
jvazquez-r7
97edbb7868
using always a vbs file to drop exe
2013-02-12 00:58:26 +01:00
Jeff Jarmoc
ddd7d307e6
Add a scanner aux module for Rails JSON/YAML vuln CVE-2013-0333
2013-02-11 16:48:44 -06:00
jvazquez-r7
766257d26a
pointed by @m-1-k-3 while working on #1472
2013-02-11 21:21:43 +01:00
jvazquez-r7
e5ad74f99c
Merge branch 'dmaloney-r7-bug/basic_auth', see also #1477 and #1444 , #1477 , #1472
2013-02-11 21:17:31 +01:00
jvazquez-r7
d4d41f36d4
Merge branch 'bug/basic_auth' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-bug/basic_auth
2013-02-11 21:16:35 +01:00
David Maloney
f90fdcd5eb
Missed nil check
2013-02-11 13:14:05 -06:00
David Maloney
0ccf7dd58a
trust any manualy set basic auth header
...
for now we will assume the module author knows what they are doing.
2013-02-11 13:06:26 -06:00
David Maloney
a43b902b5c
Fix tomcat_mgr_login auth
2013-02-11 12:00:40 -06:00
sinn3r
6e9232bf72
Merge branch 'addr_hex_dump' of github.com:Meatballs1/metasploit-framework into Meatballs1-addr_hex_dump
2013-02-11 11:31:54 -06:00
sinn3r
9fe75315f7
Merge branch 'gemfile-add-msgpack' of github.com:jlee-r7/metasploit-framework into jlee-r7-gemfile-add-msgpack
2013-02-11 10:54:44 -06:00
sinn3r
f3a1339a4c
Merge branch 'jvazquez-r7-novell_groupwise_gwcls1_actvx'
2013-02-11 10:40:33 -06:00
David Maloney
84534caae1
Fix expliciti basic_auth for http
2013-02-11 10:32:44 -06:00
Carlos Perez
5edb138a8f
fixed nil issue
2013-02-11 11:51:33 -04:00
jvazquez-r7
24c3f1b99d
fix msftidy
2013-02-11 15:07:49 +01:00
jvazquez-r7
991e65770c
minor cleanup for word_unc_injector
2013-02-11 15:06:19 +01:00
jvazquez-r7
41564fd51d
Merge branch 'aux-word_unc_injector.rb' of https://github.com/SphaZ/metasploit-framework into SphaZ-aux-word_unc_injector.rb
2013-02-11 15:05:27 +01:00
Meatballs
acdd952eb2
Initial commit
2013-02-09 21:50:12 +00:00
jvazquez-r7
17b349ab50
added crash to comments
2013-02-09 17:49:57 +01:00
jvazquez-r7
5b576c1ed0
fix ident and make happy msftidy
2013-02-09 17:40:45 +01:00
sinn3r
7370d7d31b
Final touchup
2013-02-08 18:21:06 -06:00
sinn3r
7b10e68a03
Merge branch 'module/titan_ftp_admin_password' of github.com:zeroSteiner/metasploit-framework into zeroSteiner-module/titan_ftp_admin_password
2013-02-08 15:02:26 -06:00
Spencer McIntyre
7522a87cf9
Adding an auxiliary scanner module for Titan FTP password disclosure.
2013-02-08 15:43:02 -05:00
Tod Beardsley
6d6e43859f
Re-Merging 'dmaloney-r7/http/auth_methods'
...
Picking up the http auth methods for real in an attempt to close PR
something.
2013-02-08 14:06:23 -06:00
Carlos Perez
fea84cad10
Fix additional typos per recomendation
2013-02-08 14:47:16 -04:00
James Lee
5b3b0a8b6d
Merge branch 'dmaloney-r7-http/auth_methods' into rapid7
2013-02-08 12:45:35 -06:00
James Lee
2b3c8a68ad
Merge remote-tracking branch 'tasos-r7/feature/web_http_request_opts_override' into rapid7
2013-02-08 12:45:02 -06:00
Carlos Perez
b8f0a94c3f
Fixed typos mentioned by Egypt
2013-02-08 14:42:10 -04:00
James Lee
d2c7dbe160
Merge remote-tracking branch 'wchen-r7/type_error_dir_scanner' into rapid7
2013-02-08 12:39:08 -06:00
sinn3r
917282c33b
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-02-08 12:27:19 -06:00
jvazquez-r7
98457c0a4d
Merge branch 'sonicwall_gms' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-sonicwall_gms
2013-02-08 19:18:57 +01:00
James Lee
9b6f2fcd1d
Use the install path to tell us the separator
...
Fixes the java target on windows victims
2013-02-08 12:10:42 -06:00
sinn3r
8798567d79
Fix bug: TypeError can't convert Fixnum into String
...
wmap_target_port is retrieved from datastore['RPORT'], and that's a
Fixnum. But wmap_base_url is treating that like a String, so when a
module uses that function, it's doomed.
See:
http://dev.metasploit.com/redmine/issues/7748
2013-02-08 12:05:27 -06:00
James Lee
5b398076ae
Couple of fixes for windows
...
* Catch IOError when chmod doesn't exist (i.e. Windows)
* Proper escaping for paths
2013-02-08 11:52:50 -06:00
James Lee
e3ee0d7913
Don't try to download '.' or '..' as files
2013-02-08 11:25:17 -06:00
SphaZ
66f0bddb54
fixed error check, a comment, manipulate_file all in memory now
2013-02-08 12:46:13 +01:00
James Lee
071df7241b
Merge branch 'rapid7' into sonicwall_gms
...
Conflicts:
modules/exploits/multi/http/sonicwall_gms_upload.rb
Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
James Lee
e535a3e93f
Guard against running broken method on non-windows
...
This just puts a bandaid around the issue and makes it so FileDropper
doesn't completely break java and posix meterpreter sessions.
[SeeRM #7721 ]
2013-02-07 21:10:27 -06:00
James Lee
1f9a09d5dd
Add a method to upload and exec in one step
2013-02-07 21:09:32 -06:00
sinn3r
0ad548a777
I expect people to know what a share is.
2013-02-07 19:16:44 -06:00
sinn3r
9415e55211
Merge branch 'feature/rm5455-patch-smb_relay' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm5455-patch-smb_relay
2013-02-07 19:12:58 -06:00