Commit Graph

27783 Commits (4f8801eebafa69db15f07010b22302afbda65724)

Author SHA1 Message Date
cx 1b5e40ff78 New Creds model added 2014-09-08 11:42:05 +03:00
William Vu 5c1d95812c
Add verify_checksum and use it
Also fixed a YARD typo.
2014-09-08 02:19:21 -05:00
Joe Vennix 27889ea411
Add a safety fallback on js load. 2014-09-08 00:46:47 -05:00
Joe Vennix 8407d45c9c
Rework the timers. 2014-09-08 00:40:00 -05:00
Joe Vennix 5c9c8edfcf
Fix refs. 2014-09-07 23:33:45 -05:00
Joe Vennix 5efaf7d4cf
rename module, handle asyncness. 2014-09-07 23:25:08 -05:00
jvazquez-r7 10bb77af9f
Land #3716, @wchen-r7's Glassfish LoginScanner update 2014-09-07 21:54:34 -05:00
jvazquez-r7 6cdfd322f2 change should to expect 2014-09-07 21:35:33 -05:00
jvazquez-r7 e6f7b35d0d Use context to describe #attempt_login 2014-09-07 21:26:01 -05:00
jvazquez-r7 f266ca99f5 Use allow_any_instance_of as with rspec 3 2014-09-07 21:18:22 -05:00
jvazquez-r7 768b50974f Redo try_glassfish_3 specs 2014-09-07 21:04:43 -05:00
jvazquez-r7 07238ef7b3 Redo try_glassfish_2 specs 2014-09-07 20:47:54 -05:00
Joe Vennix 1bf89fb6bd Add Android <= 4.3 AOSP UXSS module. 2014-09-07 20:44:03 -05:00
jvazquez-r7 9a42e7635a Use expect instead of should on try_login 2014-09-07 20:01:44 -05:00
jvazquez-r7 06207afb12 Use expect instead of should 2014-09-07 19:37:24 -05:00
jvazquez-r7 424d1ec47f Add example to describe how send_request handles a JSESSIONID cookie 2014-09-07 19:33:56 -05:00
jvazquez-r7 28aa7429ed
Land #3751, @wchen-r7's [FixRM #8836] Use windows\\win.ini vs boot.ini 2014-09-07 01:47:10 -05:00
jvazquez-r7 c86d01a667 Fix win.ini signature 2014-09-07 01:46:38 -05:00
William Vu 422d6bd2e4
Land #3758, nil deref fix for iax2/call.rb 2014-09-06 16:08:32 -05:00
HD Moore af24e30ae9 Return instead of crashing if no challenge is received 2014-09-06 15:51:50 -05:00
sinn3r ff6cce8bd1 3rd person 2014-09-06 01:56:39 -05:00
sinn3r 6df7658267 Very small change to the doc 2014-09-06 01:54:52 -05:00
sinn3r 419b2136b1 remove the "instance methods" context 2014-09-06 01:42:48 -05:00
sinn3r c8ccb5e848 In 3rd person 2014-09-06 01:39:32 -05:00
sinn3r febf70fed1 Merge pull request #21 from jvazquez-r7/review_3716
Clean YARD documentation
2014-09-06 01:22:58 -05:00
sinn3r 44b9dc9b28 Update tmlisten_traversal 2014-09-06 01:18:11 -05:00
jvazquez-r7 78cf75c4d5 Clean YARD documentation 2014-09-06 00:24:39 -05:00
William Vu 7d942be715
Land #3755, WVE and BPS reference removal 2014-09-05 19:56:40 -05:00
sinn3r 0d56a8ee14 Merge pull request #20 from wvu-r7/pr/3755
Remove WVE references from msftidy
2014-09-05 19:55:38 -05:00
William Vu 48e098b172
Remove WVE references from msftidy 2014-09-05 19:28:27 -05:00
Samuel Huckins 643329e2c4
Land #3757, postgres login scanner nil public fix 2014-09-05 16:35:46 -05:00
jvennix-r7 671c7f1095 Merge pull request #12 from wvu-r7/pr/3691
Fix read_ack to read only the ACK
2014-09-05 16:09:38 -05:00
David Maloney 0d9fbe798a
turn nil publics and privates into blanks
don't pass nil into the credential object, pass an empty string instead
this is the expected behaviour and avoids stack traces
2014-09-05 16:06:58 -05:00
jvazquez-r7 df278dd2dc Conver to exploit 2014-09-05 14:47:33 -05:00
sinn3r ce0e7b59f5 Remove WVE and BPS reference identifiers
Reasons why they should be gone:

WVE:
* wirelessve.org is down.
* Not a single module uses WVE as a reference

BPS:
* "BreakingPoint" no longer exists
* The URL takes you to a login page to ixia. And there is no point
  of referencing something people can't see.
* Not a single module uses BPS as a reference.
2014-09-05 13:28:10 -05:00
William Vu b6e04599a7
Fix read_ack to read only the ACK
It was reading the response, too. Also removed an extraneous send_ack.
2014-09-05 12:30:59 -05:00
jvazquez-r7 d4a8b7e00d Move to exploits 2014-09-05 10:38:28 -05:00
jvazquez-r7 892f72e4ce Move module path 2014-09-05 10:30:27 -05:00
jvazquez-r7 d041ee6629 Delete exploit modules from this branch 2014-09-05 10:29:24 -05:00
William Vu 9a7d1b2390
Land #3733, "guest" for ipmi_users.txt 2014-09-04 21:11:42 -05:00
Chris Hebert abffdd8705 Update alienvault_newpolicyform_sqli.rb
cleaned up according to msftidy.rb suggestions

modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:17 - [WARNING] Spaces at EOL
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:18 - [WARNING] Tabbed indent: "\tlack of input filtering to read an arbitrary file from the file system.\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Space-Tab mixed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Tabbed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Space-Tab mixed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Tabbed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:110 - [WARNING] Spaces at EOL
2014-09-04 21:46:37 -04:00
Chris Hebert 664cc131e3 Update alienvault_newpolicyform_sqli.rb
added 'ctx' variable relating to jvazquez-r7 note added on Jun 9
2014-09-04 21:34:24 -04:00
sinn3r 08ce278cca Got these wrong 2014-09-04 17:05:51 -05:00
sinn3r cb490fc00e [SeeRM #8836] Change boot.ini to win.ini 2014-09-04 17:03:21 -05:00
jvazquez-r7 d83131f1d9
Land #3750, @wvu favoring unless 2014-09-04 16:17:07 -05:00
jvazquez-r7 ff210a7c0a delete parenthesis 2014-09-04 16:16:29 -05:00
sinn3r 85b48fd437
Land #3736 - Revert initial ff xpi prompt bypass for Firefox 22-27 2014-09-04 16:08:15 -05:00
jvazquez-r7 f063dcf0f4
Land #3741, @pedrib's module for CVE-2014-5005 Desktop Central file upload 2014-09-04 15:44:21 -05:00
jvazquez-r7 f466b112df Minor cleaning on check 2014-09-04 15:43:59 -05:00
jvazquez-r7 74b8e8eb40 Change module filename 2014-09-04 15:39:34 -05:00