47097ecf69
Fix typo
2013-04-23 15:39:02 -05:00
b0ac7a7b47
Landing #1752 - Removes msfgui and armitage
...
[Closes #1752 ] - Stable releases can be tracked here:
MSFGui: http://www.scriptjunkie.us/msfgui/
Armitage: http://www.fastandeasyhacking.com/download
2013-04-23 12:28:49 -05:00
a5c102d11e
Landing #1753 - Updates references for java_jre17_reflection_types
2013-04-23 08:03:30 -05:00
ece36c0610
Update references for the las Java exploit
2013-04-22 21:55:04 -05:00
1529dff3f3
Do final cleanup for sap_configservlet_exec_noauth
2013-04-22 21:43:41 -05:00
8c9715c2ed
Land #1751 , @andrewkabai's SAP Portal remote OS command exec
2013-04-22 21:41:53 -05:00
80fb7b85ef
Drop msfgui.jar, too.
2013-04-22 16:03:38 -05:00
a09b3b8023
Lands #1169 - Adds a check
...
[Closes #1169 ]
Conflicts:
modules/auxiliary/dos/http/apache_range_dos.rb
2013-04-22 15:50:15 -05:00
882b084cba
Changes the default action
2013-04-22 15:47:38 -05:00
7e28a4ddb0
Uses "ACTIONS" keys instead of datastore options
...
It's better to use ACTIONS instead of datastore in this case. Also,
did some cleanup.
2013-04-22 15:41:47 -05:00
1112daaff2
Remove msfgui and armitage
...
This removes the Armitage and MSFGui components from the Metasploit
distribution. You can track the latest stable releases of these
alternate GUIs here:
MSFGui: http://www.scriptjunkie.us/msfgui/
Armitage: http://www.fastandeasyhacking.com/download
2013-04-22 15:26:44 -05:00
dfff20a3fc
Landing #1692 - Handles OSQL banners and responses
...
[Close #1692 ]
2013-04-22 13:58:44 -05:00
b10b2c60d8
Landing #1746 - Adds some friendlier defaults to database.yml
...
[Closes #1746 ]
2013-04-22 12:54:24 -05:00
79eb2ff62d
add EDB ID to references
2013-04-22 18:37:28 +02:00
ab976bcf63
Landing #1749 - Fixes Ruby 1.8 Syntax errors
...
[Closes #1749 ]
2013-04-22 11:20:54 -05:00
15b06c43aa
sap_configservlet_exec_noauth auxiliary module
...
the final module was moved from my master branch to here because of the
pull request needs
2013-04-22 17:40:27 +02:00
b4f1f3efbb
remove aux module from master branch
2013-04-22 17:34:01 +02:00
0115833724
SyntaxError fixes
2013-04-21 20:22:41 +00:00
1365dfe68c
Add Oracle url
2013-04-20 01:43:14 -05:00
9fca89f70b
fix small issues
2013-04-20 01:43:14 -05:00
b99fc06b6f
description updated
2013-04-20 01:43:14 -05:00
19f2e72dbb
Added module for Java 7u17 sandboxy bypass
2013-04-20 01:43:13 -05:00
49b055e5fd
make msftidy happy
2013-04-20 00:26:04 +02:00
e4d9c45ce9
remove unnecessary rank rating
2013-04-20 00:23:55 +02:00
c7fcd6931a
Use vprint_error
2013-04-19 16:22:07 -05:00
4ef33197dc
Land #1745 - @FireFart's improvement for MediaWiki aux module
2013-04-19 16:20:33 -05:00
19a158dce9
Do final cleanup for netgear_dgn2200b_pppoe_exec
2013-04-19 15:50:23 -05:00
c1819e6ecc
Land #1700 , @m-1-k-3's exploit for Netgear DGN2200B
2013-04-19 15:49:30 -05:00
881d16e701
Add some friendlier defaults to database.yml
...
Actually let people get going out of the gate without forcing them to
puzzle out database.yml configurations. Also gives some hints on how to
set up a database.
Today, if you merely copy and paste from database.yml.example, you'll
get yelled at:
````
$ ./msfconsole -L -y config/database.yml
[-] No database definition for environment production
````
2013-04-19 15:43:25 -05:00
eaff87879e
added text
2013-04-19 22:03:05 +02:00
a6be72b019
fixes for mediawiki aux module
2013-04-19 21:43:12 +02:00
763d1ac2f1
remove unnecessary option declaration
2013-04-19 21:42:28 +02:00
85932a2445
improve URI path and parameter handling
...
switch from PATH to TARGETURI datastore;
use normalize_uri to build uri;
use query in send_request_cgi to to prepare query string (instead of
vars_get that escapes the necessary semicolons)
2013-04-19 21:37:39 +02:00
c52588f579
remove Scanner mixin
...
remove Scanner mixin because this module is not a scanner modul
2013-04-19 20:28:44 +02:00
7fdf84ac45
Landing #1744 - Checks nil before using resp.headers['Server']
...
[Closes #1744 ]
2013-04-19 10:37:05 -05:00
7f21239713
Landing #1741 - MediaWiki SVG File Access Auxiliary module
...
[Closes #1741 ]
2013-04-19 10:30:16 -05:00
31586770a0
Added module for OSVDB 92490
2013-04-18 14:34:02 -05:00
8f76c436d6
SAP ConfigServlet OS Command Execution module
...
This module allows execution of operating system commands throug the
SAP ConfigServlet without any authentication.
2013-04-18 20:26:48 +02:00
15c6df1482
Check for nil before calling on value
2013-04-18 00:32:37 -04:00
2713991c64
timeout and HTTP_Delay
2013-04-17 20:25:59 +02:00
59045f97fb
more testing, reworking of config restore, rework of execution
2013-04-17 18:10:27 +02:00
4e8d32a89a
cleanup for freefloatftp_user
2013-04-16 20:43:38 -05:00
eedeb37047
Landing #1731 , @dougsko's freefloat ftp server bof exploit
2013-04-16 20:42:01 -05:00
c23cf47d74
Fix RM7896, global show opts has non-eval #{text}
...
thx to mudge for reporting & jduck for properly blaming me.
This change also causes the actual DefaultPromptChar to be displayed vs a hard coded ">"
2013-04-15 22:07:28 -05:00
25fcbd4e70
Landing #1733 , setting a sensible heapsray offset
...
@wchen-r7 says that nobody's using it today, much less relying on the
default, so this should make no functional difference to any browser
exploits.
2013-04-15 16:32:48 -05:00
d5e717a36c
Alphabetized .mailmap
2013-04-15 15:40:26 -05:00
a36c6d2434
Lands #1730 , adds a VERBOSE option checker
...
Also removes VERBOSE options from extant modules. There were only 5 of
them, and one was a commented option.
2013-04-15 15:32:56 -05:00
29101bad41
Removing VERBOSE offenders
2013-04-15 15:29:56 -05:00
be39079830
Trailing whitespace fix
...
Note that this commit needed a --no-verify because of the erroneous
check in msftidy for writing to stdout. The particular syntax of this
payload makes it look like we're doing that when we're really not.
So don't sweat it.
2013-04-15 13:58:06 -05:00
efdf4e3983
Lands #1485 , fixes for Windows-based Ruby targets
2013-04-15 13:56:41 -05:00
Brandon Turner
sinn3r
jvazquez-r7
Tod Beardsley
Andras Kabai
Antoine
Christian Mehlmauer
RageLtMan
m-1-k-3
Josh
Tod Beardsley