Commit Graph

21020 Commits (4ea48a87cb0512d671b507805491f3505565b3cd)

Author SHA1 Message Date
William Vu 4eb42a9171
Fix broken ternary in phoenix_command 2016-11-07 00:12:04 -06:00
Tijl Deneut 92964c1f95 Update phoenix_command.rb 2016-11-06 21:22:54 +01:00
Tijl Deneut 2c2729f0b2 Update phoenix_command.rb
Coded was messed up by MS Edge, don't use it :)
2016-11-06 21:21:20 +01:00
Tijl Deneut 1b4409f950 Update phoenix_command.rb
Style fix: replace "ractionport == nil ?" with "ractionport.nil?"

Is it OK? Did not find time to install and run rubocop ...
2016-11-06 21:15:31 +01:00
Tijl Deneut 4ea9214466 Fixed a small bug 2016-11-06 16:20:55 +01:00
Jon Hart 5b810fae41
Update atg_client to identify responses that indicate the command was not understood 2016-11-04 10:12:02 -07:00
wchen-r7 ca5610ccde
Land #7511, Update jenkins_script_console to support newer versions 2016-11-04 11:24:25 -05:00
William Vu 5ed030fcf6
Land #7529, nil.downcase fix for tomcat_mgr_deploy
Don't think it was ever needed, since the password is case-sensitive.

Fixed a minor merge conflict where PASSWORD became HttpPassword.
2016-11-03 15:39:46 -05:00
Jin Qian 2f8d3c3cf3 Remove the bug where downcase() is invoked on password which is optional and can be empty. 2016-11-03 15:23:19 -05:00
Brendan dae1f26313
Land #7521, Modernize TLS protocol configuration for SMTP / SQL Server 2016-11-03 12:56:50 -05:00
William Vu eca4b73aab
Land #7499, check method for pkexec exploit 2016-11-03 10:59:06 -05:00
William Vu 1c746c0f93 Prefer CheckCode::Detected 2016-11-03 11:14:48 +01:00
William Vu 2cdff0f414 Fix check method 2016-11-03 11:14:48 +01:00
Brendan 5169341f62
Land #7522, Fix psh template to avoid 100% cpu spike on CTRL+C 2016-11-02 16:40:34 -05:00
OJ 7895ba810d
Update payload cached size for the powershell payload 2016-11-03 02:50:13 +10:00
William Vu a651985b4f
Land #7498, Joomla account creation and privesc 2016-11-01 22:46:36 -05:00
William Vu f414db5d6d Clean up module 2016-11-01 22:46:28 -05:00
h00die a924981369
Landing #7516, X11 print fixes 2016-11-01 19:50:05 -04:00
Brendan 05e2aad837
Land #7497, Add Kerberos domain user enumeration module 2016-11-01 14:34:47 -05:00
OJ e4b4264d79
Fix psh template to avoid 100% cpu spike on CTRL+C
Fixes #7293
2016-11-02 05:19:52 +10:00
attackdebris 1b4cef10d1 Change creds_name to Kerberos 2016-11-01 17:59:51 +00:00
William Webb 31b593ac67
Land #7402, Add Linux local privilege escalation via overlayfs 2016-11-01 12:46:40 -05:00
Brent Cook f8912486df fix typos 2016-11-01 05:43:03 -05:00
William Vu 5c065459ae print_{good,error} more specifically in open_x11 2016-10-31 11:29:00 -05:00
Pearce Barry 6b264ce6c4
Land #7508, Fix typo PAYLOAD_OVERWRITE vs PAYLOAD_OVERRIDE
Fixes #7504.
2016-10-30 17:58:43 -05:00
Alex Flores 45d6012f2d fix check method 2016-10-30 14:57:42 -04:00
Spencer McIntyre ccce361768 Remove accidentally included debug output 2016-10-29 18:46:51 -04:00
Spencer McIntyre fa7cbf2c5a Fix the jenkins exploit module for new versions 2016-10-29 18:19:14 -04:00
Konrads Smelkovs f754adad0c Fix typo PAYLOAD_OVERWRITE vs PAYLOAD_OVERRIDE 2016-10-29 11:20:32 +01:00
Pearce Barry 5c12d55c84
Land #7484, Add Telpho10 Credentials Dump Exploit 2016-10-28 17:41:46 -05:00
Pearce Barry 991a3fe448
Markdown docs added. 2016-10-28 17:38:00 -05:00
dmohanty-r7 d918e25bde
Land #7439, Add Ghostscript support to ImageMagick Exploit 2016-10-28 17:07:13 -05:00
Jan Rude 971c8207bd Update telpho10_credential_dump.rb
Code improvements suggested by @h00die
2016-10-28 16:45:14 -05:00
Jan Rude c9574a4707 Update telpho10_credential_dump.rb
output correction
2016-10-28 16:44:52 -05:00
Jan Rude 05ee51a832 Update telpho10_credential_dump.rb
do not write to stdout
2016-10-28 16:44:40 -05:00
Jan Rude fb534a9e85 add telpho10_exploit
telpho10 credential dump exploit
2016-10-28 16:44:27 -05:00
Filipe Reis 88a2a770a3 Update to have checks in place
Add: added checks to the code
2016-10-28 11:24:39 +01:00
Brendan 9eaaba1dea Added user logging into the db and humored rubocop 2016-10-27 15:50:17 -05:00
mr_me 16b7c77851 satisfying travis 2016-10-27 13:37:04 -05:00
mr_me a8ab7b09b0 Added Bassmaster batch Arbitrary JavaScript Injection Remote Code Execution Vulnerability (CVE-2014-720) 2016-10-27 13:22:39 -05:00
attackdebris c2af2ab214 Move kerberos_enumusers module to aux/gather & add documentation 2016-10-27 19:11:22 +01:00
Filipe Reis 88beea0c56 updating code
Fix: changing to seggested fixes
2016-10-27 14:30:59 +01:00
Julien (jvoisin) Voisin 23ab4f1fc1 Remove one last tab 2016-10-27 12:32:40 +02:00
Julien (jvoisin) Voisin d9f07183bd Please h00die ;) 2016-10-27 12:18:33 +02:00
Julien (jvoisin) Voisin 2ac54f5028 Add a check for the linux pkexec module 2016-10-27 10:28:13 +02:00
Filipe Reis 2851faefe8 Update module info
Fix: removed info that didn't belong
2016-10-27 03:11:38 +01:00
Filipe Reis e522d7f5a4 Fixing issues regarding travis checks
Fix: EOL spaces;
2016-10-27 02:50:20 +01:00
Filipe Reis 8ad1c66bd3 Code update and file rename
Fix: clean up and improving code using all the comments.
Fix: rename file to a more meaning and more easy to search
2016-10-27 02:46:40 +01:00
Filipe Reis 0af47ef411 Fixing warning from travis checks
Fixing: Auxiliary modules have no 'Rank': Rank = ExcellentRanking
Fixing: Spaces at EOL
2016-10-26 23:29:17 +01:00
Filipe Reis 5a127886bb Fixing issues regarding travis checks
Fixing unicode issues;
Fixing CVE format;
Fixing EOL spaces;
Fixing the way cookies are read.
2016-10-26 23:24:09 +01:00