53cf85dcb4
Use 20 seconds as default timeout
...
* Because it's the default timeout on Rex::Proto::SunRPC::Client
2014-11-18 11:03:20 -06:00
e453f1dd11
Dont shadow methods with local variables, just in case...
2014-11-18 11:02:27 -06:00
4d81a9da65
Allow sunrpc_create to raise on its own
2014-11-17 11:58:26 -08:00
9e2513d4de
Update solaris_kcms_readfile to gracefully handle RPC errors
2014-11-17 10:41:17 -08:00
364315122a
Clean up nfs mount scanner to *print_* better
2014-11-17 10:41:17 -08:00
1fda9a36b7
vprint # of RPC programs, since the table comes right after
2014-11-17 10:41:17 -08:00
151df3ae05
Introduce a user-controlled timeout for SunRPC stuff
2014-11-17 10:41:17 -08:00
7098d89058
Introduce new ::Rex::Proto::SunRPC::RPCError, making run_host cleaner
2014-11-17 10:41:17 -08:00
91abe6f7c7
Clean up Ruby style in sunrpc_portmapper
2014-11-17 10:41:17 -08:00
47c7df96c5
More consistent *print_* and Rex::Ui::Text::Table for sunrpc_portmapper
2014-11-17 10:41:16 -08:00
07c3c41269
Land #4211 , Ruby version bump
2014-11-17 10:38:34 -06:00
6f5183afec
Land #4216 , @hmoore-r7 additions to the tftp dictionary
...
* Changes originally submitted by Chris McNab
2014-11-17 08:48:16 -06:00
1d8b746d89
Adds new TFTP file names, submitted by Chris McNab
2014-11-16 18:47:11 -06:00
a521d469ed
Land #4194 , Quake protocol support
2014-11-15 17:44:19 -06:00
d207345778
Land #4200 - report_note handling incorrect protocol names
2014-11-15 13:16:58 -06:00
28135bcb09
Land #4159 , MantisBT PHP code execution by @itseco
2014-11-15 07:49:54 +01:00
9c4614f73c
Oh good, another Ruby version bump
...
DoS Security issue in Ruby 1.9.3-p550 and prior, described here:
https://www.ruby-lang.org/en/news/2014/11/13/ruby-1-9-3-p551-is-released/
Not a hair-on-fire kind of deal, but should update at the earliest
opportunity to avoid getting DoS'ed by a malicious target.
2014-11-14 17:28:16 -06:00
0477c5f8fe
Land #4191 , merge_check_key update for Ruby 2.1.4
2014-11-14 15:33:47 -06:00
3b558624f3
Merge branch 'landing/4129' into upstream-master
...
Landing #4129
* Detect leaked constants in spec runs
2014-11-14 12:55:56 -06:00
723028d5bc
Land #4204 , add missing migration
2014-11-14 10:32:35 -06:00
40c49cefd8
Update db/schema.rb
...
MSP-11615
To get type column on metasploit_credential_publics.
2014-11-14 09:39:26 -06:00
57aef9a6f5
Land #4177 , @hmoore-r7's fix for #4169
2014-11-13 18:29:57 -08:00
2abc636f16
Merge pull request #7 from jhart-r7/landing-4177-jhart
...
Clean up failure messaging when bad CHOST
2014-11-13 18:56:12 -06:00
77e5043be9
Merge pull request #1 from FireFart/pr1
...
some changes
2014-11-13 19:54:14 -05:00
386a1912e5
Land #4201 , release fixes
2014-11-13 15:52:24 -06:00
3faa48d810
small bugfix
2014-11-13 22:51:41 +01:00
7d6b6cba43
some changes
2014-11-13 22:46:53 +01:00
651beb9acb
Land #4192 , enable specifying mode for Rex output file
2014-11-13 14:57:48 -06:00
812aa9bc1a
Reduce number of calls to to_s and downcase
2014-11-13 14:56:17 -06:00
e2dc862121
Fix newly introduced typo.
2014-11-13 14:53:57 -06:00
dd1920edd6
Minor typos and grammar fixes
2014-11-13 14:48:23 -06:00
e72d9bd21f
Fix report_note handling incorrect protocol names
2014-11-13 14:30:43 -06:00
714ce2f3ce
Land #4198 , @trosen-r7's fixes to XML import.
2014-11-13 14:07:12 -06:00
5a54537cbc
Land #4196 - MS14-064 bypassing UAC
2014-11-13 13:55:31 -06:00
0959ef3d13
Fixes lack of support for MetasploitV5 tag
...
#4184
* Appears to have been overlooked somehow in the pre-BlackHat crunch
* V5 will not support credentials
* We are implementing full-workspace zip import/export for credentials
2014-11-13 13:01:55 -06:00
cd7b69b699
Land #4197 , blank username failure fix
2014-11-13 12:59:22 -06:00
768d7477d7
metasploit-credential bump to 0.13.3
...
MSP-11609
2014-11-13 12:56:58 -06:00
49f10e6ed8
use latest version of metasploit-credential
...
MSP-11609
2014-11-13 11:26:05 -06:00
ccc5bbd745
this spec needs to use the username factory
...
:metasploit-credential_public factory will randomly
return either a Username or BlankUsername and thus is
not appropriate for when you want tos et an explicit Username.
The :metasploit_credential_username factory should be used for this
instead
MSP-11609
2014-11-13 10:58:03 -06:00
17032b1eed
Fix issue reported by FireFart
2014-11-13 04:48:45 -05:00
31f3aa1f6d
Refactor create packager methods
2014-11-13 01:16:15 -06:00
38a96e3cfc
Update target info
2014-11-13 00:56:42 -06:00
e25b6145f9
Add module for MS14-064 bypassing UAC through python for windows
2014-11-13 00:56:10 -06:00
f081ede2aa
Land #4155 , @pedrib's module for CVE-2014-8499
...
* Password Manager Pro privesc + password disclosure
2014-11-12 23:56:26 -06:00
ebf6fe4e56
Minor style cleanup
2014-11-12 16:44:43 -08:00
a5009170e7
Land #4185 - Add CVE-2014-6352 (ms14-060 aka sandworm)
2014-11-12 17:11:43 -06:00
f658efe144
Add the ability to specify mode in Rex output file
...
* Because sometimes you might want to append
* Preserves original hardcoded 'wb' as default
* http://pubs.opengroup.org/onlinepubs/009695399/functions/fopen.html
2014-11-12 16:08:03 -06:00
07a1653e57
Add gather module for Quake servers
2014-11-12 13:32:56 -08:00
9df31e950f
Add OSVDB id
2014-11-12 21:32:33 +00:00
bfc7bfdd9a
Land #4179 , Meterpreter_bins update
...
Actually fixes #3787 as well, since this is the last component needed to
fix that.
See rapid7/meterpreter#102
Also see
055eddeb18
2014-11-12 15:14:20 -06:00
jvazquez-r7
Jon Hart
William Vu
HD Moore
sinn3r
Christian Mehlmauer
Tod Beardsley
Trevor Rosen
Luke Imhoff
Juan
Matt Buck
Julio Auto
Joe Vennix
Samuel Huckins
David Maloney
Pedro Ribeiro