Commit Graph

28346 Commits (41800163dd94db1ec5fbecc6fea84ce60a852ab1)

Author SHA1 Message Date
nullbind 036d43ba37 fixed logic bug 2014-10-19 20:56:29 -05:00
Martin Vigo a7dc0b9f07 Merge pull request #3 from jhart-r7/landing-4004-jhart
Final cleanup of LastPass module -- track account, more *print_ cleaning
2014-10-19 17:19:48 -07:00
Jon Hart 2985b39267
Land #3980, @wchen-r7 fixed #3975 2014-10-19 17:11:06 -07:00
Jon Hart 88c1647c80 Loot the passwords, obviously 2014-10-19 13:11:10 -07:00
Jon Hart 0971d7c3ac Remove ... from prints, only map a browser if we found something 2014-10-19 13:05:11 -07:00
Jon Hart 967800eed0 Track account name for more useful table and prints 2014-10-19 12:59:51 -07:00
Jon Hart 5a05246682 Consistent case in *print_* 2014-10-19 12:30:50 -07:00
William Vu 08715791ed
Land #4048, rsync scanner version check 2014-10-19 14:14:02 -05:00
fmunozs 4976b9a2d9 Merge pull request #1 from zeroSteiner/fix-pr4020-login
Retry the script page request to get the token
2014-10-19 13:51:18 -05:00
Spencer McIntyre 005baa7f7e Retry the script page request to get the token
After logging in to Jenkins the script console page
needs to be requested again to get the CSRF token.
2014-10-19 14:04:16 -04:00
ikkini c2174c7910 return if no version response received 2014-10-19 00:29:36 +02:00
nullbind 1e2f1eaee0 cleaning up 2014-10-18 12:00:11 -05:00
Martin Vigo 09faf2584f Merge pull request #2 from jhart-r7/landing-4004-jhart
Fix multiuser LastPass extraction, print/vprint cleanup
2014-10-17 20:22:20 -07:00
sinn3r d1523c59a9
Land #3965 - BMC Track-It! Arbitrary File Upload 2014-10-17 19:47:42 -05:00
Jon Hart a30663e412
Fix multiuser LastPass extraction, print/vprint cleanup 2014-10-17 17:40:19 -07:00
James Lee 329a600b84
Add tcp evasion options to mssql_login 2014-10-17 17:40:21 -05:00
James Lee 6498ed0dc8
Report the actual host that failed to connect
Instead of the eventual target where our proxy chain will connect. In
the usual case (no Proxies set), this will be the same output as before.
When proxies are given, the user will see that the first proxy
connection is actually what failed.
2014-10-17 17:37:04 -05:00
sinn3r 8b5a33c23f
Land #4044 - MS14-060 "Sandworm" 2014-10-17 16:46:32 -05:00
William Vu d5b698bf2d
Land #3944, pkexec exploit 2014-10-17 16:30:55 -05:00
William Vu ce40c1152a
Land #4014, msfconsole spinnerz 2014-10-17 16:25:31 -05:00
jvazquez-r7 70f8e8d306 Update description 2014-10-17 16:17:00 -05:00
jvazquez-r7 e52241bfe3 Update target info 2014-10-17 16:14:54 -05:00
jvazquez-r7 7652b580cd Beautify description 2014-10-17 15:31:37 -05:00
jvazquez-r7 d831a20629 Add references and fix typos 2014-10-17 15:29:28 -05:00
Martin Vigo afed6a0b8a Merge pull request #1 from jhart-r7/landing-4004-jhart
Refactoring of LastPass post module
2014-10-17 12:54:04 -07:00
Jon Hart d2a00b208e Minor style cleanup to appease Rubocop 2014-10-17 12:50:18 -07:00
jvazquez-r7 c39e7c1472 Land #20, @wchen-r7's description update 2014-10-17 14:02:47 -05:00
sinn3r ef1556eb62 Another update 2014-10-17 13:56:37 -05:00
jvazquez-r7 8fa648744c Add @wchen-r7's unc regex 2014-10-17 13:46:13 -05:00
William Vu 10f3969079
Land #4043, s/http/http:/ splat
What is a splat?
2014-10-17 13:41:07 -05:00
Jon Hart d97fe548b9 Store the browser name in LastPass loot 2014-10-17 11:33:31 -07:00
Joshua Smith 19e8a50573
Land 3847, specs for Rex::Oui 2014-10-17 13:22:51 -05:00
Jon Hart 43238c7324 Simplify LastPass extraction. Track what browser that puked creds 2014-10-17 11:19:36 -07:00
Joshua Smith 32faa0bc62
Land 3796, specs for Rex::Encoder::Alpha2 encoders 2014-10-17 13:15:00 -05:00
Tod Beardsley a431bff13f
@wvu-r7 is a skilled negotiator. s/stdout/stderr/ 2014-10-17 13:13:44 -05:00
Trevor Rosen 22f5347660
Merge branch 'landing/4042' into upstream-master
Land #4042

 the commit.
2014-10-17 12:51:50 -05:00
Tod Beardsley 5978bd5e62
Control the startup msg with -q, too 2014-10-17 12:41:58 -05:00
William Vu dbfe398e35
Land #4037, Drupageddon exploit 2014-10-17 12:39:59 -05:00
William Vu a514e3ea16
Fix bad indent (should be spaces)
msftidy is happy now.
2014-10-17 12:39:25 -05:00
William Vu f2328e679f
Land #4034, POODLE scanner 2014-10-17 12:36:48 -05:00
William Vu 367ea5d3db
Add disclosure date 2014-10-17 12:35:28 -05:00
Tod Beardsley a45b21b6bf
-q will quiet the animation, too 2014-10-17 12:32:28 -05:00
Tod Beardsley ccdaf2b576
Fix the banner
Turns out these will be broken in outstanding PRs for a while. At least
they won't be merge conflicts.
2014-10-17 12:23:23 -05:00
Jon Hart 9177b931fd Refactoring of LastPass module to use correct Firefox path on *nix 2014-10-17 10:20:55 -07:00
Luke Imhoff 200d64040d
Fully-qualify Msf::ServiceState
MSP-11152

Replace unqualified `ServiceState` with `Msf::ServiceState`.
2014-10-17 11:58:11 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Tod Beardsley ad501b25e4
Filename move to be less redundant 2014-10-17 11:25:14 -05:00
jvazquez-r7 e5903562ee Delete bad/incomplete validation method 2014-10-17 10:36:01 -05:00
nullbind bf92769ba2 added mssql_escalate_dbowner_sqli 2014-10-17 10:25:20 -05:00
Luke Imhoff 9f32cbd476
Use :: to force top-level constant resolution
MSP-11152

When `Msf::DBManager::Import::MetasploitFramework` is included in
`Msf::DBManager::Import`, it's child namespace of
`Msf::DBManager::Import::MetasploitFramework::Zip becomes resolvable as
`Zip` in `Msf::DBManager::Import` methods, so need to use `::Zip` to
cause `Zip` to be resolved from rubyzip gem.
2014-10-17 10:15:59 -05:00