Commit Graph

36616 Commits (58635be23716d141dd24e443bd622d77efceed25)

Author SHA1 Message Date
Stuart Morgan 58635be237 Try to unpack the SID from hex to normal cut/paste format. Its a mess. 2015-12-16 22:27:52 +00:00
Stuart Morgan 421a29d998 Added the trust types from MSDN 2015-12-16 22:18:28 +00:00
Stuart Morgan fbe0cfde8f Fixed URL for trustDirection reference 2015-12-16 22:16:33 +00:00
Stuart Morgan fd8405f52d added trustDirection 2015-12-16 22:15:10 +00:00
Stuart Morgan 4da8859e57 added trustAttributes 2015-12-16 22:13:00 +00:00
Stuart Morgan 207a964117 Loop through results 2015-12-16 21:52:30 +00:00
Stuart Morgan 087a01f27f Templated table 2015-12-16 21:40:49 +00:00
Stuart Morgan fdf1a8c235 Updated with the LDAP fields to retrieve 2015-12-16 21:39:33 +00:00
Stuart Morgan ed4cf71ca8 Initial add (templated from Ben's bitlocker module) 2015-12-16 21:26:02 +00:00
Stuart Morgan c9c1dd22ee Added custom LDAP filter to ad_groups and ad_users to save having to use meterpreter's adsi interface 2015-12-16 10:38:38 +00:00
Jon Hart b78f7b4d55
Land #6319, @all3g's module for abusing redis to achieve file uploads 2015-12-14 18:00:44 -08:00
Vex Woo c9e596bc31 Merge pull request #4 from jhart-r7/pr/fixup-6319
Rename redis file upload module; remove the 'auth' part
2015-12-15 09:08:26 +08:00
Gregory Mikeska 9a2268fc1c
Land #6350, make sure MSF_DATABASE_CONFIG is unset 2015-12-14 14:48:19 -06:00
Brent Cook eccf61bec5 ensure that the metasploit database environment variable is unset 2015-12-14 14:29:25 -06:00
Gregory Mikeska e9a3f58788
Land #6348 remove bundler 1.10 fingerprint
from Gemfile.lock
2015-12-14 13:48:17 -06:00
Brent Cook ee208570a2 remove bundler 1.10 fingerprint from Gemfile.lock 2015-12-14 13:22:38 -06:00
Jon Hart e448bc3e27
If saving fails, print_error and mention permissions 2015-12-14 10:47:05 -08:00
Jon Hart 19acd366d6 Rename redis file upload module; remove the 'auth' part 2015-12-14 10:40:28 -08:00
Tod Beardsley 30c805d9c7
Land #6344, R7-2015-22 / CVE-2015-8249 2015-12-14 12:30:51 -06:00
Tod Beardsley b25aae3602
Add refs to module
See rapid7#6344.
2015-12-14 12:05:46 -06:00
Brent Cook c00f05faba
Land #6346, jenkins_java_deserialize check reliability fixes 2015-12-14 11:44:33 -06:00
William Vu b085989923
Land #6266, rsync creds scraper 2015-12-14 11:37:30 -06:00
David Maloney 08acac6c25
Lands #6326, Rspec 3 upgrade
lands the work to upgrade framework
to RSpec 3

MS-673
2015-12-14 11:27:17 -06:00
wchen-r7 bd8aea2618 Fix check for jenkins_java_deserialize.rb
This fixes the following:

* nil return value checks
* handle missing X-Jenkins-CLI-Port scenario more properly
* proper HTTP path normalization
2015-12-14 11:25:59 -06:00
Brent Cook a0e8878508
Land #6343, update nokogiri to 1.6.7 2015-12-14 10:55:04 -06:00
wchen-r7 5ffc80dc20 Add ManageEngine ConnectionId Arbitrary File Upload Vulnerability 2015-12-14 10:51:59 -06:00
Gregory Mikeska b620e0d1c9 bump nokogiri to 1.6.7 2015-12-14 09:23:06 -06:00
William Vu 92bbc09b61
Land #6340, SVG badges for README.md 2015-12-14 00:33:06 -06:00
Spencer McIntyre da64493b43
Land #6339, spelling fix for arp poisoning listener opt 2015-12-13 12:06:08 -05:00
Spencer McIntyre 4e492a1b0c
Add an additional grammar change to the listener option 2015-12-13 12:04:20 -05:00
Elia Schito 3bf5b106ae Use SVG badges to please the eyes 👀
Switched the CodeClimate one to the one that shows the score.
2015-12-13 00:28:14 +01:00
radekk 90a523fb0a Typos inside parameters description. 2015-12-12 22:48:20 +01:00
Vex Woo dee23e4bda Merge pull request #3 from jhart-r7/pr/fixup-6319
Cleanup redis unauth_file_upload, move redis stuff to mixin
2015-12-12 03:32:05 +00:00
Jon Hart 6611da9239
strip, not stripgit diff. strip! returns nil if the string was unmodified 2015-12-11 19:22:57 -08:00
Jon Hart dcdc21e2db
Correct unbalanced quotes
You down with OCD (Yeah you know me).
2015-12-11 18:44:14 -08:00
Jon Hart e23908d672
Improve verbose output related to authentication handling 2015-12-11 18:32:00 -08:00
Jon Hart 1a0f71b6fa
Try to catch case where post-auth commands are failing 2015-12-11 17:23:03 -08:00
Jon Hart 9cec3d9e6b
Move redis password option to non-advanced 2015-12-11 17:03:49 -08:00
dmohanty-r7 62d6950edc
Land #6338, Jenkins Java Deserilization Vuln 2015-12-11 15:13:07 -06:00
dmohanty-r7 eb4611642d Add Jenkins CLI Java serialization exploit module
CVE-2015-8103
2015-12-11 14:57:10 -06:00
Jon Hart 1fecd9846c
Bury some helper methods behind private 2015-12-11 10:13:13 -08:00
Jon Hart 9ef46140c0
Improve output when success 2015-12-11 10:10:44 -08:00
Jon Hart 32a64c3d8e
Make auth easier, work automatically and on older redis versions
Also, improve check
2015-12-11 10:04:47 -08:00
Jon Hart ac47c87af4
Move Password option to redis mixin 2015-12-11 08:53:11 -08:00
Jon Hart 38d0b0a0f2
Wire in @all3g's redis auth code 2015-12-11 08:42:59 -08:00
Brent Cook 6551df6446 update bitlocker for rspec3 2015-12-10 21:52:15 -06:00
Brent Cook fb578e9063 use explicit exceptions for raise_error 2015-12-10 21:47:22 -06:00
Brent Cook f59446851f update namespace 2015-12-10 21:47:22 -06:00
Gregory Mikeska 99931aff44 Call stance only if module implements stance 2015-12-10 21:47:22 -06:00
Greg Mikeska b29459747b stub out private meterpreter accessor method net 2015-12-10 21:47:22 -06:00