5a8eca8946
Adds a :vuln_test option to BES, just like in BAP.
...
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.
This commit also does some mild refactoring of un-
useful behavior in BES.
2014-10-01 23:34:31 -05:00
b1b8cba4c5
Rescue an IOError on channel double-close.
...
This was causing output from python meterpreter
commands run on OSX to be discarded when the error
was raised, making cmd_exec not-so-useful.
2014-10-01 22:35:41 -05:00
0380c5e887
Add CVE-2014-6278 support, lands #3932
2014-10-01 18:25:41 -05:00
c1b0acf460
Add CVE-2014-6278 support to the exploit module
...
Same thing.
2014-10-01 17:58:25 -05:00
5df614d39b
Land #3928 , release fixes
2014-10-01 17:21:08 -05:00
77bb2df215
Adds support for both CVEs, lands #3931
2014-10-01 17:06:59 -05:00
3ec6166193
Land #3927 - Shellshock PureFPTd extauth
2014-10-01 17:00:55 -05:00
4dd285c319
Merge pull request #4 from jlee-r7/feature/recog
...
Feature/recog
2014-10-01 16:43:18 -05:00
51bc5f52c1
Add CVE-2014-6278 support
...
Going with an OptEnum to simplify the code for now...
2014-10-01 16:40:55 -05:00
8cf718e891
Update pureftpd bash module rank and description
2014-10-01 17:19:31 -04:00
5cb016c1b1
Use Match constant in BES as well
2014-10-01 16:17:13 -05:00
7e05ff343e
Fix smbdirect
...
Also some whitespace and a typo in output message
2014-10-01 16:02:59 -05:00
a21752bc9c
Fix NoMethodError on os, mark DCs as 'server'
2014-10-01 16:02:46 -05:00
a75d47aad9
Use yardoc for new methods
...
Also substitute '&&' for 'and', and fix some whitespace
2014-10-01 16:02:33 -05:00
4fbab43f27
Release fixes, all titles and descs
2014-10-01 14:26:09 -05:00
cf6029b2cf
Remove the less stable echo stager from the exploit
2014-10-01 15:15:07 -04:00
632edcbf89
Add CVE-2014-6271 exploit via Pure-FTPd ext-auth
2014-10-01 14:57:40 -04:00
9bfd013e10
Land #3923 , mv misc/pxexploit to local/pxeexploit
...
Also renamed typo'd pxexploit -> pxeexploit.
2014-09-30 17:48:06 -05:00
5fc57f7ed5
Land #3924 , rm dlink_upnp_exec_noauth_telnetd
...
Deprecated.
2014-09-30 17:46:07 -05:00
039e544ffa
Land #3925 , rm indeces_enum
...
Deprecated.
2014-09-30 17:45:38 -05:00
be1df68563
Remove auxiliary/scanner/elasticsearch/indeces_enum.rb
...
Time is up, so good bye.
2014-09-30 17:24:21 -05:00
9e67beb396
Remove modules/exploits/linux/http/dlink_upnp_exec_noauth_telnetd.rb
...
Time is up, so good bye.
2014-09-30 17:21:55 -05:00
b17396931f
Fixes #3876 - Move pxeexploit to local directory
2014-09-30 17:16:13 -05:00
909ac522d1
Add metasploit-park.txt banner to msfconsole
...
Obviously a homage to Jurassic Park. :)
2014-09-30 16:28:23 -05:00
c1cb8bcfdd
Land #3918 , bugfix on self.rhost mssql_login
2014-09-30 13:36:42 -05:00
296a51f661
Land #3917 - Description & module title update
2014-09-30 12:37:38 -05:00
5ea968f3ee
Update description to prefer the exploit module
2014-09-30 11:34:28 -05:00
7163b8c55a
Fixes #3915 - NoMethodError private method `rhost'
...
There's no self.rhost, but rhost is defined
2014-09-30 11:34:16 -05:00
162e42080a
Update title to reflect scanner status
2014-09-30 11:04:17 -05:00
10dc6ed2fe
Land #3912 - Update check method and additional references
2014-09-30 10:18:56 -05:00
de65ab0519
Fix broken check in exploit module
...
See 71d6b37088
2014-09-29 23:03:09 -05:00
12d7073086
Use idiomatic Ruby for the marker
2014-09-29 22:32:07 -05:00
71d6b37088
Fix bad header error from pure Bash CGI script
2014-09-29 22:25:42 -05:00
df44dfb01a
Add OSVDB and EDB references to Shellshock modules
2014-09-29 21:39:07 -05:00
b2d2101be2
Land #3913 - Change hardcoded table prefixes
2014-09-29 17:55:45 -05:00
8f3e03d4f2
Land #3903 - ManageEngine OpManager / Social IT Arbitrary File Upload
2014-09-29 17:53:43 -05:00
b266233e95
fix bug
2014-09-30 00:21:52 +02:00
533b807bdc
Add OSVDB id
2014-09-29 21:52:44 +01:00
3b5eb42b55
Switch to Msf::OperatingSystems::Match::WINDOWS
2014-09-29 15:50:25 -05:00
878f3d12cd
Remove kind_of? per @trosen-r7
2014-09-29 15:39:10 -05:00
77efa7c19a
Change if/else to case statement
2014-09-29 15:37:58 -05:00
bfadfda581
Fix typo on match string for opera_configoverwrite
2014-09-29 15:34:35 -05:00
ffe5aafb2f
Land #3905 - Update exploits/multi/http/apache_mod_cgi_bash_env_exec
2014-09-29 15:19:35 -05:00
21b2d9eb3f
Land #3899 - WordPress custom-contact-forms Plugin SQL Upload
2014-09-29 14:40:28 -05:00
9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits
2014-09-29 11:15:14 -05:00
ababc3d8ff
Land #3869 - HP Network Node Manager I PMD Buffer Overflow
2014-09-29 11:00:12 -05:00
d5959d6bd6
Land #2585 , Refactor Bypassuac with Runas Mixin
2014-09-28 09:24:22 +01:00
e14dd9900b
Land #3896 , Change Max LOGLEVEL to 3
2014-09-28 09:18:29 +01:00
67c25c20ca
Land #3357 , Run Local Exploits in AutoRunScript
2014-09-28 09:12:26 +01:00
3fc57109e6
Dont rescue Exception
2014-09-28 09:12:03 +01:00
Joe Vennix
HD Moore
William Vu
sinn3r
Spencer McIntyre
James Lee
Tod Beardsley
Christian Mehlmauer
Pedro Ribeiro
Meatballs