William Vu
53ab2aefaa
Land #3386 , a few datastore msftidy error fixes
2014-05-29 10:44:37 -05:00
William Vu
325e75b72f
Land #3380 , datastore msftidy errors set to INFO
...
[SeeRM #8498 ]
2014-05-29 10:19:59 -05:00
Christian Mehlmauer
21d5e630f4
Land #3400 , last msftody set-cookie warnings
2014-05-29 12:07:37 +02:00
William Vu
8a2236ecbb
Fix the last of the Set-Cookie msftidy warnings
2014-05-29 04:42:49 -05:00
William Vu
3f86aebabf
Land #3398 , CAPWAP DoS description cleanup
2014-05-28 14:55:22 -05:00
William Vu
785b53820e
Land #3399 , print_error instead of print_status
2014-05-28 14:53:00 -05:00
joev
c89cd24621
Rewire some snmp modules to use print_error instead of print_status.
2014-05-28 13:31:00 -05:00
Tod Beardsley
4b5c62ba8d
Dress up CAPWAP DoS desc a little.
2014-05-28 12:19:17 -05:00
William Vu
832d22cdb8
Land #3395 , sqlite3 gem for some post modules
2014-05-27 19:22:46 -05:00
jvazquez-r7
55ef5dd484
Land #3115 , @silascutler's module for elasticsearch indeces enumeration
2014-05-27 11:28:34 -05:00
jvazquez-r7
2271afc1a5
Change module filename
2014-05-27 11:25:39 -05:00
jvazquez-r7
3de8beb5fd
Clean code
2014-05-27 11:22:40 -05:00
James Lee
cc1e81ecb7
Add sqlite3 to Gemfile
...
Fixes all the post modules that require it to parse pilfered sqlite DB
files.
2014-05-27 10:29:55 -05:00
jvazquez-r7
69e8286838
Fix title
2014-05-27 10:29:32 -05:00
jvazquez-r7
1316365c2f
Fix description
2014-05-27 10:22:39 -05:00
jvazquez-r7
abe1d6ffc7
Land #3190 , @Karmanovskii's module to fingerprint MyBB database
2014-05-27 10:20:24 -05:00
jvazquez-r7
86221de10e
Fix message
2014-05-27 10:18:27 -05:00
jvazquez-r7
b96c2dd0ca
Change module filename
2014-05-27 10:15:39 -05:00
jvazquez-r7
1d8c46155b
Do last code cleaning
2014-05-27 10:14:55 -05:00
William Vu
704e4d78ca
Fix typo in client_request.rb comment
2014-05-26 23:55:48 -05:00
William Vu
0133e861f8
Fix typo
2014-05-26 23:55:20 -05:00
William Vu
352e14c21a
Land #3391 , all vars_get msftidy warning fixes
2014-05-26 23:41:46 -05:00
William Vu
936c29e69b
Land #3387 , some Set-Cookie msftidy warning fixes
2014-05-26 23:37:33 -05:00
Karmanovskii
eacf70af83
Update mybb_get_type_db.rb
...
26.05.2014 23:26
I deleted mimicking IE11
2014-05-26 23:26:28 +04:00
Meatballs
1914e0abd3
Land 3393, Add session and framework vars to irb
2014-05-26 18:50:20 +01:00
jvazquez-r7
994891e9c5
Land #3383 , @wchen-r7's [FixRM #8804 ] Fix / URIPATH for BrowserExploitServer
2014-05-25 19:51:30 -05:00
jvazquez-r7
217a14e4d7
Land #3366 , @jholgui's module for CVE-2013-4074
2014-05-25 18:53:30 -05:00
jvazquez-r7
33ba134147
Clean msftidy warnings and metadata
2014-05-25 18:52:01 -05:00
jvazquez-r7
d3c17d8e3e
Delete wireshark_capwap_dos
2014-05-25 18:39:53 -05:00
Spencer McIntyre
77e70d8bbe
Add 2 more variables for meterpreter irb
2014-05-25 16:28:40 -04:00
Spencer McIntyre
c559483176
Land #3392 , @TomSellers patch to use python constants
2014-05-25 16:18:42 -04:00
Tom Sellers
77f66f8510
Update reverse_tcp.rb
2014-05-25 14:04:54 -05:00
Tom Sellers
b5c567c462
Update bind_tcp.rb
2014-05-25 14:03:45 -05:00
Christian Mehlmauer
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
JoseMi
9f166b87f6
Changed the description
2014-05-24 18:58:36 +01:00
JoseMi
71e2d19040
Adapted to auxiliary modules structure
2014-05-24 18:53:10 +01:00
Christian Mehlmauer
df97c66ff5
Fixed check
2014-05-24 00:37:52 +02:00
Christian Mehlmauer
8d4d40b8ba
Resolved some Set-Cookie warnings
2014-05-24 00:34:46 +02:00
Tod Beardsley
1aee0f3305
Warn if it's not UPPERCASE method (@wchen-r7)
...
See the discussion on f7bfab5a26
, PR #3386
2014-05-23 17:10:27 -05:00
Tod Beardsley
9f78bec457
Use normalize_uri (@wchen-r7)
...
Instead of editing the datastore['PATH'], use normalize_uri.
Since the purpose of this module is quite fuzz-like, I didn't want to
apply the normalize_uri to the whole uri -- the original code merely
applied to datastore['PATH'] (which seems like it should be
datastore['URI'] really) and then added on a bunch of other stuff to
test for traversals.
2014-05-23 15:43:50 -05:00
Tod Beardsley
f7bfab5a26
HTTP traversal shouldnt upcase METHOD (@wchen-r7)
...
If the user wants to use downcased or mixed case HTTP methods, heck,
more power to them. If it doesn't work, it doesn't work. No other HTTP
module makes this call.
2014-05-23 15:32:04 -05:00
Tod Beardsley
7f59cf5035
Ora XID HTTP needn't edit DBUSER (@cellabosm)
...
Looks like copypasta artifacts. DBUSER and DBPASS aren't ever set as
options in the module, and the module doesn't include MC's
Exploit::ORACLE mixin. It's also from four years ago and doesn't
report_auth or anything useful like that, but that's out of scope for
this branch.
2014-05-23 15:20:46 -05:00
Tod Beardsley
efffbf751a
PHP module shouldnt zap CMD option (@wchen-r7)
...
As far as I can tell, there is no purpose for this cleanup. No other CMD
exec module takes pains to clear out CMD after run, and it looks like a
bad idea -- what happens when you rexploit?
2014-05-23 15:09:18 -05:00
Tod Beardsley
f189033e8a
OWA bruteforce shouldnt edit datastore (@wchen-r7)
...
This module was written in an era where the defaults for bruteforcing
included a lot of lock-inducing behavior, thus, it was quite serious
about setting datastore options directly. Also, there was apparently a
bug in USER_AS_PASS that this module attempted to avoid by setting the
datastore directly, rather than fixing the bug directly. As far as I
know, this bug has been long since resolved.
2014-05-23 15:08:19 -05:00
William Vu
dc7ec450da
Land #3384 , AIX ibstat exploit interface detection
2014-05-22 16:25:06 -05:00
mercd
28459299b2
Update ibstat_path.rb
...
Add interface detection, defaulting to en0.
2014-05-22 14:16:04 -07:00
sinn3r
1dbe972377
Fix URIPATH / for BrowserExploitServer
...
[SeeRM #8804 ] Fix URIPATH / for BrowserExploitServer
2014-05-22 12:18:49 -05:00
William Vu
ebd70cbd8f
Land #3382 , references for IBM Sametime modules
2014-05-22 12:12:18 -05:00
William Vu
d31908b72e
Land #3374 , RPC deadlock fix
...
[FixRM #8794 ]
2014-05-22 12:07:23 -05:00
Tod Beardsley
fa353e6bd9
Add CVE, IBM ref for SameTime modules
2014-05-22 11:34:04 -05:00