58091b9e2b
Land #3708 , @pedrib fix for manage_engine_dc_pmp_sqli
2014-08-28 10:47:03 -05:00
d8c15766bd
Land #3567 @OJ's fixes to the MQAC local exploit solving conflicts
2014-08-28 10:19:47 -05:00
9d3d25a3b3
Solve conflicts
2014-08-28 10:19:12 -05:00
dd8690323a
Land #3722 , fix typos in openssl ccs scanner
2014-08-28 10:50:18 -04:00
784ece574e
Found additional typos.
2014-08-28 09:03:19 -05:00
cb634cfef3
Fixed annoying typo that shows up in validation screenshots
2014-08-28 08:50:30 -05:00
f4965ec5cf
Create railo_cfml_rfi.rb
2014-08-28 08:42:07 -05:00
188f5d012a
Add scenario for no database.yml
...
MSP-11153
2014-08-27 22:02:16 -05:00
7453f6fa3a
Project "database.yml" scenario
...
MSP-11153
2014-08-27 21:47:31 -05:00
e6750b985c
Add 'the' to make steps read better
...
MSP-11153
2014-08-27 21:38:46 -05:00
972470c241
Ensure a fake project database.yml is used for scenarios
...
MSP-11153
Ensures that cucumber still works if config/database.yml is not set and
so other location is being used to run cucumber.
2014-08-27 21:36:23 -05:00
496865e591
Order database.yml definitions to match precedence
...
MSP-11153
2014-08-27 21:15:00 -05:00
d752cdccf6
Remove unneeded command_line.yml
...
MSP-11153
Remove definition of command_line.yml in scenarios that don't use --yaml
flag.
2014-08-27 21:09:49 -05:00
b701ba5dcf
~/.msf4/database.yml scenario
...
MSP-11153
2014-08-27 20:57:08 -05:00
b1e745aa16
MSF_DATABASE_CONFIG scenario
...
MSP-11153
2014-08-27 20:33:52 -05:00
6d45f75b47
Land #3690 , credential_collect refactor
...
@TomSellers strikes again!
2014-08-27 18:31:59 -05:00
9b0c5dfb0c
Minor fix
2014-08-27 18:31:13 -05:00
0ba2f1e457
Leave a note about the old empty password issue
2014-08-27 17:06:11 -05:00
275fa5cb50
Remove unnecessary return
...
MSP-11153
Leftover from earlier design.
2014-08-27 16:58:45 -05:00
83b6f268b4
Remove unnecessary realpath
...
MSP-11153
Causes errors on machines that don't have ~/.msf4 like travis-ci.
2014-08-27 16:58:05 -05:00
d5b70cca24
"Auth bypass" does not really describe what the feature actually does
2014-08-27 16:56:07 -05:00
2b2d9085d3
Add cucumber to test matrix
...
MSP-11153
2014-08-27 16:50:25 -05:00
bfc509c18a
Add feature that tests --yaml is favored over others
...
MSP-11153
2014-08-27 16:46:23 -05:00
df215a380d
Do not send 2 content-length headers
2014-08-27 16:05:08 -05:00
a32ffc4c26
Add the final portion for Glassfish login module
2014-08-27 15:09:11 -05:00
1857c6ae39
Add aruba
...
MSP-11153
aruba adds steps for testing commandline applications with cucumber.
2014-08-27 14:22:20 -05:00
2f48f7c48c
rails generate cucumber:install
...
MSP-11153
Add cucumber-rails for testing msfconsole's loading of database.yml from
different paths.
2014-08-27 14:10:04 -05:00
984f073c7d
changing from cucumber to cucumber-rails
...
using the MSF_DATABASE_CONFIG to tell msfconsole where to find the database.yml
2014-08-27 13:44:34 -05:00
1da7ab9bda
Rake will only show the load error when features are called
...
if you dont have cucumber installed it will only display the message if you call
rake features
2014-08-27 12:13:30 -05:00
951ce15b44
Move database.yml selection to Metasploit::Framework::Database
...
MSP-11153
Test the following paths in order and only return them if the path
exists:
1. MSF_DATABASE_CONFIG environment variable
2. ~/.msf4/database.yml
3. <project>/config/database.yml
2014-08-27 12:01:43 -05:00
633eaab466
Land #3714 - Firefox 22-27 WebIDL Privileged Javascript Injection
2014-08-27 01:45:18 -05:00
5d8cbe0544
Early version of Glassfish using LoginScanner
2014-08-27 01:23:02 -05:00
26cfed6c6a
Rename exploit module.
2014-08-26 23:05:41 -05:00
bf2c390ff4
Land fix for #3712 typo
2014-08-26 20:38:00 -05:00
96276aa6fa
Get the disclosure date right.
2014-08-26 20:36:58 -05:00
c045c9606c
Fix typo in PR #3712
...
Fixes the typo pointed out in
rapid7#3712#discussion_r16750554
Derp
2014-08-26 20:36:28 -05:00
52f33128cd
Add Firefox WebIDL Javascript exploit.
...
Also removes an incorrect reference from another FF exploit.
2014-08-26 20:35:17 -05:00
1f35c0ff1c
Merge #3713 , @hmoore-r7's SIP cleanup of my SIP cleanup
2014-08-26 17:52:35 -07:00
316a952e9c
Make SIP note, service and print output more similar
2014-08-26 17:47:31 -07:00
8d26b66e2f
Merge pull request #3689 from TomSellers/loginpalooza/vmauthd-creds-update
...
Credential Gem: LoginScanner - vmauthd_login ( Rebase of PR 3608)
2014-08-26 18:43:12 -05:00
4a1b037af0
Remaining files..
2014-08-26 18:15:58 -05:00
d5e39ae284
Adjustments for new LoginScanner code
2014-08-26 18:13:00 -05:00
b37e1a5421
Solve conflicts
2014-08-26 17:51:37 -05:00
fe99f4b6e7
Land #3712 , a nicer exploit-checker for msftidy
2014-08-26 16:59:56 -05:00
0d9d722525
skip examples pending of pivotaltracker 38730815
2014-08-26 16:49:13 -05:00
073c668cd8
Merge pull request #12 from todb-r7/commit-hooks-should-only-check-modules
...
Land 12 from todb, only pre-commit-hook on actual modules
2014-08-26 16:47:23 -05:00
2d2606aeaf
Update sip note format, small tweaks to output, service.info
2014-08-26 16:42:00 -05:00
dbdb4afb8c
Add a top anchor to the file match regex.
2014-08-26 16:19:29 -05:00
622e8a7714
adds better exploit module detection to msftidy
2014-08-26 15:30:08 -05:00
49adde2095
Land 3702, prefer be_falsey and cleanup specs
2014-08-26 15:24:41 -05:00
jvazquez-r7
Spencer McIntyre
Matt Andreko
Brandon Perry
Luke Imhoff
Tod Beardsley
Tom Sellers
sinn3r
darkbushido
Joe Vennix
Jon Hart
dmaloney-r7
Josh
HD Moore
Joshua Smith