Commit Graph

18562 Commits (5c8053491f943da2a01dd16325db2bd15aa4635d)

Author SHA1 Message Date
jvazquez-r7 5c8053491f Add DEP bypass for ntdll ms12-001 2013-06-12 10:41:05 -05:00
jvazquez-r7 a1c7961cbc Suport js obfuscation for the trigger 2013-06-12 08:06:12 -05:00
jvazquez-r7 5240c6e164 Add module for MS13-037 CVE-2013-2551 2013-06-12 07:37:57 -05:00
Brandon Turner 132769d415 Merge branch 'release' 2013-06-11 18:52:11 -05:00
Brandon Turner 72b3ea2be0 Merge pull request #1943 from shuckins-r7:bug/nx-asset-group-push 2013-06-11 18:41:49 -05:00
Samuel Huckins d5be41617e Uses raw-xml-v2 Nexpose export for Nexpose import as this adds device-id
back to XML schema and will result in hosts that can be pushed back to
Nexpose.

[Bug #51521175]
2013-06-11 18:37:02 -05:00
James Lee 7601152640 Land #1942 2013-06-11 16:29:19 -05:00
Tod Beardsley 6a5d1d06b2 Make the conditional correct for print_prefix
Fixes a bug introduced on #1936.
2013-06-11 16:16:17 -05:00
sinn3r 5dfb3de4f3 Land #1940 - Update firefox svg exploit description to be more accurate 2013-06-11 12:16:23 -05:00
Joe Vennix 45da645717 Update ff svg exploit description to be more accurate. 2013-06-11 12:12:18 -05:00
sinn3r 2874aead2e Land #1938 - Change sevone_enum because it's an Scanner 2013-06-11 11:42:18 -05:00
jvazquez-r7 430511cbff Land #1937, @wchen-r7's fix for heap spray js code 2013-06-11 09:17:40 -05:00
jvazquez-r7 0578572d98 Change sevone_enum because it's an Scanner 2013-06-11 08:51:15 -05:00
sinn3r 081baad68c Remove variable 'overflow' because it's not used
The 'overflow' variable isn't needed
2013-06-11 02:26:45 -05:00
William Vu fe32a747a3 Land #1936, prefer PacketFu and pcaprub gems 2013-06-10 17:28:43 -05:00
Tod Beardsley d7e3c5cdb3 Rspec: Ensure PacketFu is actually still available
PacketFu should be required from the gem, not from the shipped msf
library. Several modules depend on it being available, so this rspec
test mostly just ensures that Msf::Exploit::Capture mixin is still
around.
2013-06-10 16:02:50 -05:00
Tod Beardsley 9a08090b0f Inch toward making modules more testable 2013-06-10 16:02:19 -05:00
Tod Beardsley d4e9431633 Add Gemfile entry for PacketFu 2013-06-10 14:18:05 -05:00
Tod Beardsley 7dafcc76df Remove packetfu and pcaprub libaries
These should be handled by bundler's Gemfile.
2013-06-10 14:12:18 -05:00
sinn3r 5b61f99ee6 Land #1933 - Update smart_hashdump Regular Expressions for Win 8 & 2012 2013-06-10 13:28:04 -05:00
jvazquez-r7 0c6dbe9885 Add final cleanup for sevone_enum 2013-06-10 13:16:22 -05:00
jvazquez-r7 6765a911a4 Land #1921, @juushya brute force login module for SevOne 2013-06-10 13:15:14 -05:00
sinn3r 622dc27d95 Land #1925 - fix SNMP enum module failing to catch some fail cases
[FixRM:#7945]
2013-06-10 12:51:02 -05:00
Tod Beardsley 31faf65271 Land #1929, spool ui fix from @jsherwood0 2013-06-10 12:30:50 -05:00
Tod Beardsley fee804a074 Land #1926, Auxiliary::Web changes
Since none of these changes appear to be reachable from Metasploit
Framework, this seems like a nop for me.
2013-06-10 11:59:19 -05:00
KarnGaneshen 5c988d99fe more updates to sevone.rb. hopefully all is covered.. 2013-06-10 21:59:18 +05:30
sinn3r 0895184e1f Land #1932 - Actually support OUTPUTPATH datastore option 2013-06-10 11:22:28 -05:00
KarnGaneshen 04171c46ec more updates to sevone.rb. hopefully all is covered. 2013-06-10 21:47:56 +05:30
William Vu 7ae6383803 Land #1935, @todb-r7's description cleanup 2013-06-10 11:14:04 -05:00
Tod Beardsley f58e279066 Cleanup on module names, descriptions. 2013-06-10 10:52:22 -05:00
jvazquez-r7 3fbbe3e7b3 Make msftidy happy 2013-06-10 08:16:15 -05:00
jvazquez-r7 3c05cf4382 Land #1842, @viris DoS module for cve-2013-0229 2013-06-10 08:15:45 -05:00
Dejan Lukan 154894bda6 Added comments and merged jvazquez-r7-miniupnp_dos_clean branch. 2013-06-10 10:18:26 +02:00
Carlos Perez a9df55c27a Add Windows 2012 to regex matching 2013-06-09 20:46:44 -04:00
Carlos Perez 8e83f0ee30 Add Windows 8 and 2012 to regex matching 2013-06-09 20:41:46 -04:00
John Sherwood 7ac5b6de53 Fix prompt and color issue with cmd_spool
Changing spool setting caused problems with prompt and color. This
fix makes the following changes:

- Saves the color setting and re-applies it to the new output console
- Sets the prompt in the same way that cmd_use does
2013-06-09 13:35:35 -04:00
Ruslaideemin cb79aa252a Fix output path in ms10_004_textbytesatom.rb
ms10_004_textbytesatom.rb does not write to the local data directory,
instead it writes to the metasploit path (at least, that's where I
started msfrpcd).

This fixes it by using Msf::Config.local_directory
2013-06-09 07:28:48 +10:00
sinn3r c8c331c290 Land #1928 - Devecot with Exim sender_address param command exec 2013-06-07 22:39:32 -05:00
sinn3r f55edac0ca Title and description update 2013-06-07 22:38:53 -05:00
sinn3r a510084f1c Description change. 2013-06-07 22:35:46 -05:00
jvazquez-r7 600494817d Fix typo and target name 2013-06-07 21:08:38 -05:00
jvazquez-r7 9025b52951 make the payload build more clear 2013-06-07 18:05:11 -05:00
jvazquez-r7 d76e14fc9c Add module for OSVDB 93004 - Exim Dovect exec 2013-06-07 17:59:04 -05:00
Karn Ganeshen 74bddcf339 Update sevone_enum.rb
New updates as per review comments
2013-06-08 02:28:09 +05:30
sinn3r 19a6f310cd Land #1927 - Add common passwords from xato.net 2013-06-07 15:24:09 -05:00
Tod Beardsley dc680e7106 Underscores because the rest are. 2013-06-07 15:16:39 -05:00
sinn3r aefcc51704 Land #1924 - Java pwn2own 2013: java_jre17_driver_manager (CVE-2013-1488) 2013-06-07 15:12:09 -05:00
Tod Beardsley 0265dd8860 Add common passwords from xato.net
Mark Burnett publishes lists of top passwords occasionally. This PR adds
the top 500 and top 1024 passwords, as of 2011-06-20, linked from this
blog post:

http://xato.net/passwords/more-top-worst-passwords/

He also does a fair bit of frequency analysis there.

The 1024 list, should probably used instead of the original
unix_password.txt file. unix_password.txt  was added on 2010 from an
unknown source (and since edited occasionally to add known good default
passwords). Pulling those changes into this list probably would be
helpful to guess better.

As far as I can tell, there are no special licensing terms for these
lists.
2013-06-07 15:10:14 -05:00
Karn Ganeshen 1ca8fd2cf1 Update sevone_enum.rb
Updated as per initial review comments.
2013-06-08 01:14:43 +05:30
David Maloney 6aa7c74fdd make anemone also rspect domain 2013-06-07 14:24:14 -05:00