f311b0cd1e
Add user-controlled verbs.
...
GET, HEAD, POST, and PROPFIND were tested on WebRick, all successful.
2013-11-25 12:29:05 -06:00
764fd09cc3
Increase duration timeout task manager
...
Sometimes, Jenkins or Travis is slow, and can't hit that 1 second
timeout. This increases to 5 seconds to account for local slowness.
2013-11-25 10:26:51 -06:00
cc60ca2e2a
Fix module title
2013-11-25 09:33:43 -06:00
cc261d2c25
Land #2670 , @juushya's aux brute forcer mod for OpenMind
2013-11-25 09:29:41 -06:00
e157ff73d3
Oracle ILOM Login utility
2013-11-25 13:55:31 +05:30
a03cfce74c
Add table prefix and doc root as fallback options
2013-11-25 17:44:26 +10:30
48578c3bc0
Update description about suitable targets
...
The same technique work for Microsoft Office 2013 as well. Tested.
2013-11-24 23:02:37 -06:00
49441875f3
Land #2683 , @wchen-r7's module name consistency fix
2013-11-24 16:51:22 -06:00
86b6d647bf
Merge branch 'upstream/master' into ext_server_extapi
2013-11-25 07:43:36 +10:00
b015dd4f1c
Land #2532 Enum LSA Secrets
...
With refactoring of common methods from smart_hashdump, hashdump,
cachedump to Windows::Post::Privs
2013-11-24 18:09:33 +00:00
ce8b63f240
Update module name to stay consistent
...
This module is under the windows/gather, so must be named the same
way like the rest.
2013-11-24 01:01:29 -06:00
fc14a6c149
Land #2576 - NETGEAR ReadyNAS Perl Code Evaluation Vulnerability
2013-11-24 00:47:14 -06:00
31b4e72196
Switch to soft tabs the cs code
2013-11-23 23:06:52 -06:00
d8700314e7
Add Kimai v0.9.2 'db_restore.php' SQL Injection module
2013-11-24 02:32:16 +10:30
9987ec0883
Hmm, change ranking
2013-11-23 00:51:58 -06:00
6ccc3e3c48
Make payload execution more stable
2013-11-23 00:47:45 -06:00
8e23119e17
Land #2678 , DB_ALL_CREDS should default to false
2013-11-22 23:42:00 -06:00
d748fd4003
Final commit
2013-11-22 23:35:26 -06:00
8fc0a8199e
DB_ALL_CREDS should be disabled by default
...
[SeeRM #8699 ]
2013-11-22 22:16:40 -06:00
f871452b97
Slightly change the description
...
Because it isn't that slow
2013-11-22 19:27:00 -06:00
eddedd4746
Working version
2013-11-22 19:14:56 -06:00
9f539bafae
Add README on the source code dir
2013-11-22 17:56:05 -06:00
7e4487b93b
Update description
2013-11-22 17:37:23 -06:00
25eb13cb3c
Small fix to interface
2013-11-22 17:02:08 -06:00
c8fd761c53
Progress
2013-11-22 16:57:29 -06:00
288a1080db
Add MS13-022 Silverlight app code
2013-11-22 16:53:06 -06:00
6a28aa298e
Module for CVE-2013-4164
...
So far, just a DoS. So far, just tested on recent Rails with Webrick and
Thin front ends -- would love to see some testing on ngix/apache with
passenger/mod_rails but I don't have it set up at the moment.
2013-11-22 16:51:02 -06:00
136c18c070
Add binary objects for MS13-022
2013-11-22 16:45:07 -06:00
a7ad107e88
Add ruby code for ms13-022
2013-11-22 16:41:56 -06:00
266de2d27f
Updated
2013-11-23 00:01:03 +03:00
b712c77413
capitalization
2013-11-22 14:37:54 -06:00
52a3b93f24
Hopefully final commit.
...
ALL issues mentioned by todb in https://github.com/rapid7/metasploit-framework/pull/2663/ have been fixed or erased.
Only exception is comment https://github.com/rapid7/metasploit-framework/pull/2663/#discussion_r7837036 which if omitted as recommended, breaks the module.
2013-11-22 14:17:20 -06:00
9addd37458
minor changes:
...
s/grab/gather/g
2013-11-22 14:03:54 -06:00
d670b7c972
Land #2674 , Ruby 1.9.3-p484 (CVE-2013-4164)
2013-11-22 13:21:32 -06:00
b742ed13b9
junk commit
2013-11-22 12:38:06 -06:00
953a96fc2e
This one looks promising
2013-11-22 12:27:10 -06:00
b69a67251f
Revert CVE-2013-4164 test
...
This reverts commit 7688211009
2013-11-22 12:26:51 -06:00
994d4e94c6
Revert "Force Travis to Ruby 1.9.3-p484"
...
This reverts commit 25b0c86855
2013-11-22 12:26:05 -06:00
25b0c86855
Force Travis to Ruby 1.9.3-p484
2013-11-22 12:21:29 -06:00
7688211009
Add a test for CVE-2013-4164. Will crash old Ruby!
...
If you are not on a recent version of Ruby, you will segfault.
2013-11-22 12:14:51 -06:00
8476ca872e
More progress
2013-11-22 11:53:57 -06:00
fd009f1e46
Update default ruby to 1.9.3-p484 (CVE-2013-4164)
...
See
https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/
2013-11-22 11:20:21 -06:00
4a6511311d
Code improvements according to feedback
2013-11-22 15:35:45 +01:00
f1d181afc7
Progress
2013-11-22 04:51:55 -06:00
6d5c1c230c
Progress
2013-11-22 03:55:40 -06:00
388064b78b
Add -x and -s parameters to uploadexec
...
Added -x parameter to the script which indicates that the underlying
meterpreter session should be terminated when the execution has
finished.
Added -s parameter which takes a floating point number as an arg
which indicates the number of seconds to sleep between uploading
and executing. This helps in the case where http(s) payloads are
used for meterpreter and a time delay is needed to make sure that
the file has been written to disk and the lock released prior to
attempting to executing it.
2013-11-22 18:59:01 +10:00
bcf0954fd8
Land #2672 , multi_console_command default usage
2013-11-22 02:55:07 -06:00
3c9d33eb3b
Land #2671 , desktopcentral_file_upload name change
2013-11-22 02:51:55 -06:00
4d2253fe35
Diet
2013-11-22 02:25:09 -06:00
19ea29c6e7
Add usage when -rc -cl or -h are not passed
...
While testing stuff earlier today I had to use this script and I made the
mistake of not passing in the -rc flag to the script. I was confused for ages!
This change prints the usage message in the case where you don't pass proper
parameters to the script.
2013-11-22 12:47:04 +10:00
Tod Beardsley
jvazquez-r7
Karn Ganeshen
bcoles
sinn3r
OJ
Meatballs
William Vu
Tod Beardsley
jonvalt
Peter Toth