nullbind
036d43ba37
fixed logic bug
2014-10-19 20:56:29 -05:00
Martin Vigo
a7dc0b9f07
Merge pull request #3 from jhart-r7/landing-4004-jhart
...
Final cleanup of LastPass module -- track account, more *print_ cleaning
2014-10-19 17:19:48 -07:00
Jon Hart
2985b39267
Land #3980 , @wchen-r7 fixed #3975
2014-10-19 17:11:06 -07:00
Jon Hart
88c1647c80
Loot the passwords, obviously
2014-10-19 13:11:10 -07:00
Jon Hart
0971d7c3ac
Remove ... from prints, only map a browser if we found something
2014-10-19 13:05:11 -07:00
Jon Hart
967800eed0
Track account name for more useful table and prints
2014-10-19 12:59:51 -07:00
Jon Hart
5a05246682
Consistent case in *print_*
2014-10-19 12:30:50 -07:00
William Vu
08715791ed
Land #4048 , rsync scanner version check
2014-10-19 14:14:02 -05:00
fmunozs
4976b9a2d9
Merge pull request #1 from zeroSteiner/fix-pr4020-login
...
Retry the script page request to get the token
2014-10-19 13:51:18 -05:00
Spencer McIntyre
005baa7f7e
Retry the script page request to get the token
...
After logging in to Jenkins the script console page
needs to be requested again to get the CSRF token.
2014-10-19 14:04:16 -04:00
ikkini
c2174c7910
return if no version response received
2014-10-19 00:29:36 +02:00
nullbind
1e2f1eaee0
cleaning up
2014-10-18 12:00:11 -05:00
Martin Vigo
09faf2584f
Merge pull request #2 from jhart-r7/landing-4004-jhart
...
Fix multiuser LastPass extraction, print/vprint cleanup
2014-10-17 20:22:20 -07:00
sinn3r
d1523c59a9
Land #3965 - BMC Track-It! Arbitrary File Upload
2014-10-17 19:47:42 -05:00
Jon Hart
a30663e412
Fix multiuser LastPass extraction, print/vprint cleanup
2014-10-17 17:40:19 -07:00
James Lee
329a600b84
Add tcp evasion options to mssql_login
2014-10-17 17:40:21 -05:00
James Lee
6498ed0dc8
Report the actual host that failed to connect
...
Instead of the eventual target where our proxy chain will connect. In
the usual case (no Proxies set), this will be the same output as before.
When proxies are given, the user will see that the first proxy
connection is actually what failed.
2014-10-17 17:37:04 -05:00
sinn3r
8b5a33c23f
Land #4044 - MS14-060 "Sandworm"
2014-10-17 16:46:32 -05:00
William Vu
d5b698bf2d
Land #3944 , pkexec exploit
2014-10-17 16:30:55 -05:00
William Vu
ce40c1152a
Land #4014 , msfconsole spinnerz
2014-10-17 16:25:31 -05:00
jvazquez-r7
70f8e8d306
Update description
2014-10-17 16:17:00 -05:00
jvazquez-r7
e52241bfe3
Update target info
2014-10-17 16:14:54 -05:00
jvazquez-r7
7652b580cd
Beautify description
2014-10-17 15:31:37 -05:00
jvazquez-r7
d831a20629
Add references and fix typos
2014-10-17 15:29:28 -05:00
Martin Vigo
afed6a0b8a
Merge pull request #1 from jhart-r7/landing-4004-jhart
...
Refactoring of LastPass post module
2014-10-17 12:54:04 -07:00
Jon Hart
d2a00b208e
Minor style cleanup to appease Rubocop
2014-10-17 12:50:18 -07:00
jvazquez-r7
c39e7c1472
Land #20 , @wchen-r7's description update
2014-10-17 14:02:47 -05:00
sinn3r
ef1556eb62
Another update
2014-10-17 13:56:37 -05:00
jvazquez-r7
8fa648744c
Add @wchen-r7's unc regex
2014-10-17 13:46:13 -05:00
William Vu
10f3969079
Land #4043 , s/http/http:/ splat
...
What is a splat?
2014-10-17 13:41:07 -05:00
Jon Hart
d97fe548b9
Store the browser name in LastPass loot
2014-10-17 11:33:31 -07:00
Joshua Smith
19e8a50573
Land 3847, specs for Rex::Oui
2014-10-17 13:22:51 -05:00
Jon Hart
43238c7324
Simplify LastPass extraction. Track what browser that puked creds
2014-10-17 11:19:36 -07:00
Joshua Smith
32faa0bc62
Land 3796, specs for Rex::Encoder::Alpha2 encoders
2014-10-17 13:15:00 -05:00
Tod Beardsley
a431bff13f
@wvu-r7 is a skilled negotiator. s/stdout/stderr/
2014-10-17 13:13:44 -05:00
Trevor Rosen
22f5347660
Merge branch 'landing/4042' into upstream-master
...
Land #4042
the commit.
2014-10-17 12:51:50 -05:00
Tod Beardsley
5978bd5e62
Control the startup msg with -q, too
2014-10-17 12:41:58 -05:00
William Vu
dbfe398e35
Land #4037 , Drupageddon exploit
2014-10-17 12:39:59 -05:00
William Vu
a514e3ea16
Fix bad indent (should be spaces)
...
msftidy is happy now.
2014-10-17 12:39:25 -05:00
William Vu
f2328e679f
Land #4034 , POODLE scanner
2014-10-17 12:36:48 -05:00
William Vu
367ea5d3db
Add disclosure date
2014-10-17 12:35:28 -05:00
Tod Beardsley
a45b21b6bf
-q will quiet the animation, too
2014-10-17 12:32:28 -05:00
Tod Beardsley
ccdaf2b576
Fix the banner
...
Turns out these will be broken in outstanding PRs for a while. At least
they won't be merge conflicts.
2014-10-17 12:23:23 -05:00
Jon Hart
9177b931fd
Refactoring of LastPass module to use correct Firefox path on *nix
2014-10-17 10:20:55 -07:00
Luke Imhoff
200d64040d
Fully-qualify Msf::ServiceState
...
MSP-11152
Replace unqualified `ServiceState` with `Msf::ServiceState`.
2014-10-17 11:58:11 -05:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Tod Beardsley
ad501b25e4
Filename move to be less redundant
2014-10-17 11:25:14 -05:00
jvazquez-r7
e5903562ee
Delete bad/incomplete validation method
2014-10-17 10:36:01 -05:00
nullbind
bf92769ba2
added mssql_escalate_dbowner_sqli
2014-10-17 10:25:20 -05:00
Luke Imhoff
9f32cbd476
Use :: to force top-level constant resolution
...
MSP-11152
When `Msf::DBManager::Import::MetasploitFramework` is included in
`Msf::DBManager::Import`, it's child namespace of
`Msf::DBManager::Import::MetasploitFramework::Zip becomes resolvable as
`Zip` in `Msf::DBManager::Import` methods, so need to use `::Zip` to
cause `Zip` to be resolved from rubyzip gem.
2014-10-17 10:15:59 -05:00