Commit Graph

44047 Commits (4dacc70b9ab59277cedc61ba235970955220760c)

Author SHA1 Message Date
Austin e0831c1053 hopefully fix header..? 2017-10-21 18:38:32 -04:00
Austin 8239d28323 fix header 2017-10-21 09:07:18 -04:00
h00die cfd7761818 wp_mobile_detector rce 2017-10-20 23:19:58 -04:00
Austin 40e508f2ad correct mistake 2017-10-20 22:26:54 -04:00
Austin ac21567743 Fix requested changes 2017-10-20 22:17:04 -04:00
mumbai 8b8bebd782 remove payload 2017-10-20 20:27:15 -04:00
mumbai b255ddf8d6 New NETGEAR module 2017-10-20 20:25:11 -04:00
Jon Hart 9658776adf
Land #9079, adding @h00die's gopher scanner 2017-10-20 17:16:08 -07:00
mumbai 2f371c9784 Netgear MODULE UNAUTH 2017-10-20 20:15:36 -04:00
mumbai 2e376a1b6a Merge remote-tracking branch 'upstream/master' into netgear_dgn1000_unauth_setup_exec 2017-10-20 20:13:29 -04:00
h00die f250e15b6e
Land #9105 rename psh to polycom for name collision 2017-10-20 20:10:57 -04:00
h00die fd028338e1 move psh to polycom so no more powershell name collision 2017-10-20 20:08:11 -04:00
h00die 5a6da487ab
Land #9043 two exploit modules for unitrends backup 2017-10-20 20:00:35 -04:00
h00die 5abdfe3e59 ueb9 style cleanup 2017-10-20 19:59:24 -04:00
h00die c517ded3ae Merge pull request #7 from jhart-r7/pr/9079-gopher
Gopher improvements
2017-10-20 19:25:03 -04:00
caleBot c26779ef54 fixed msftidy issues 2017-10-20 14:39:39 -06:00
caleBot 8f622a5003 Update ueb9_bpserverd.rb 2017-10-20 14:35:03 -06:00
caleBot cce7bf3e19 Update ueb9_bpserverd.rb 2017-10-20 14:33:46 -06:00
Brent Cook d715f53604 add MinRID to complement MaxRID, allowing continuing or starting from a higher value
from @lvarela-r7
2017-10-20 15:32:25 -05:00
caleBot 85152b5f1e added check function 2017-10-20 14:28:52 -06:00
caleBot e9ad5a7dca Update ueb9_api_storage.rb 2017-10-20 14:05:15 -06:00
caleBot 16b6248943 Update ueb9_bpserverd.rb 2017-10-20 13:58:12 -06:00
caleBot 5c0bcd8f0a Update ueb9_bpserverd.rb 2017-10-20 13:56:25 -06:00
caleBot abc749e1e8 Update ueb9_api_storage.rb 2017-10-20 13:48:29 -06:00
caleBot 8febde8291 Update ueb9_api_storage.rb 2017-10-20 12:23:53 -06:00
caleBot e8de6a46d5 Update ueb9_bpserverd.md 2017-10-20 12:21:17 -06:00
Jon Hart f938a1029b
Make note about stopping container after 2017-10-20 10:30:12 -07:00
Jon Hart e82cb4577d
Show module selection + config 2017-10-20 10:12:46 -07:00
Jon Hart a8b4d4e4a2
Link to gopher container 2017-10-20 10:04:09 -07:00
Metasploit 884b68fa60
Bump version of framework to 4.16.13 2017-10-20 10:02:23 -07:00
Jon Hart 811bae7361
Add docker go(pher) example 2017-10-20 09:59:25 -07:00
Jon Hart 664e774a33
style/rubocop cleanup 2017-10-20 09:44:07 -07:00
William Vu c795cef69f
Land #9099, disconnect option for send_request_cgi 2017-10-20 10:50:56 -05:00
Brent Cook 1319175dd8
Land #9102, Fix nil bug in setting PromptChar without Prompt 2017-10-20 08:36:53 -05:00
William Vu 8e5deac3f4 Fix nil bug in setting PromptChar without Prompt 2017-10-20 00:38:01 -05:00
William Vu e9416775d9
Land #9100, typo fix for MS07-017 exploit 2017-10-19 22:55:31 -05:00
RageLtMan a3912e4913 Provide disconnect option to send_request_cgi
The HTTP client mixin provides a #send_request_cgi method which
forcibly disconnects the client after receiving a response. This
terminates certain types of resulting sessions which depend on the
connection from the client to maintain a subprocess housing the
shell invocation.

Provide a disconnect boolean option to #send_request_cgi which
is checked in the disconnect(c) call after receiving the response.

Testing:
  Locally tested on in-house exploit module written for disclosure
report.

TODO:
  Discuss possibility of implementing fully asynchronous methods
like #send_request_cgi_async which won't bother getting a response
for cases such as the module mentioned above which is a command
injection via unfiltered POST var.
2017-10-19 21:22:31 -04:00
Kent Gruber 7cd532c384 Change targetr to target to fix small typo bug on one failure
The target object seems to have a typo where it is referred to as
“targetr” which I’d guess isn’t exactly what we’d like to do in this
case. So, I’ve changed that to “target” in order to work.

So, I’ve simply fixed that small typo.
2017-10-19 19:55:58 -04:00
Brent Cook 54d64cdcc5
Land #9064, add aggregator >= 1.0.0 with cryptTLV packet format 2017-10-19 14:51:50 -05:00
mumbai 04a24e531b New module 2017-10-18 21:37:26 -04:00
Jeffrey Martin 5458b58a74
restrict aggregator on arm for now 2017-10-18 13:21:02 -05:00
mumbai 2f98f2bc2a Merge remote-tracking branch 'upstream/master' 2017-10-17 21:16:47 -04:00
Austin 7098372f58 Update shell_bind_tcp.rb 2017-10-17 19:33:10 -04:00
William Vu 60a7a80ff0
Land #9095, default PromptTimeFormat (%T) 2017-10-17 16:50:47 -05:00
James Lee af42f517b8 Default PromptTimeFormat to %T 2017-10-17 16:39:44 -05:00
mumbai 858bb26b56 Adding python/shell_bind_tcp, for an avaialable option 2017-10-17 07:36:45 -04:00
Tim 697b8935ba
Land #9091, fix linux x86 elf-so generation 2017-10-17 14:30:01 +08:00
Evgeny Naumov d5cdd2567a add missing method 2017-10-16 16:01:53 -04:00
William Vu 7e338fdd8c
Land #9086, proxying fix for nessus_rest_login 2017-10-16 11:52:04 -05:00
William Vu df8261990d
Land #9085, proxying fix for pop3_login 2017-10-16 11:38:24 -05:00