Tod Beardsley
f311b0cd1e
Add user-controlled verbs.
...
GET, HEAD, POST, and PROPFIND were tested on WebRick, all successful.
2013-11-25 12:29:05 -06:00
Tod Beardsley
764fd09cc3
Increase duration timeout task manager
...
Sometimes, Jenkins or Travis is slow, and can't hit that 1 second
timeout. This increases to 5 seconds to account for local slowness.
2013-11-25 10:26:51 -06:00
jvazquez-r7
cc60ca2e2a
Fix module title
2013-11-25 09:33:43 -06:00
jvazquez-r7
cc261d2c25
Land #2670 , @juushya's aux brute forcer mod for OpenMind
2013-11-25 09:29:41 -06:00
Karn Ganeshen
e157ff73d3
Oracle ILOM Login utility
2013-11-25 13:55:31 +05:30
bcoles
a03cfce74c
Add table prefix and doc root as fallback options
2013-11-25 17:44:26 +10:30
sinn3r
48578c3bc0
Update description about suitable targets
...
The same technique work for Microsoft Office 2013 as well. Tested.
2013-11-24 23:02:37 -06:00
jvazquez-r7
49441875f3
Land #2683 , @wchen-r7's module name consistency fix
2013-11-24 16:51:22 -06:00
OJ
86b6d647bf
Merge branch 'upstream/master' into ext_server_extapi
2013-11-25 07:43:36 +10:00
Meatballs
b015dd4f1c
Land #2532 Enum LSA Secrets
...
With refactoring of common methods from smart_hashdump, hashdump,
cachedump to Windows::Post::Privs
2013-11-24 18:09:33 +00:00
sinn3r
ce8b63f240
Update module name to stay consistent
...
This module is under the windows/gather, so must be named the same
way like the rest.
2013-11-24 01:01:29 -06:00
sinn3r
fc14a6c149
Land #2576 - NETGEAR ReadyNAS Perl Code Evaluation Vulnerability
2013-11-24 00:47:14 -06:00
jvazquez-r7
31b4e72196
Switch to soft tabs the cs code
2013-11-23 23:06:52 -06:00
bcoles
d8700314e7
Add Kimai v0.9.2 'db_restore.php' SQL Injection module
2013-11-24 02:32:16 +10:30
sinn3r
9987ec0883
Hmm, change ranking
2013-11-23 00:51:58 -06:00
sinn3r
6ccc3e3c48
Make payload execution more stable
2013-11-23 00:47:45 -06:00
William Vu
8e23119e17
Land #2678 , DB_ALL_CREDS should default to false
2013-11-22 23:42:00 -06:00
sinn3r
d748fd4003
Final commit
2013-11-22 23:35:26 -06:00
Tod Beardsley
8fc0a8199e
DB_ALL_CREDS should be disabled by default
...
[SeeRM #8699 ]
2013-11-22 22:16:40 -06:00
sinn3r
f871452b97
Slightly change the description
...
Because it isn't that slow
2013-11-22 19:27:00 -06:00
sinn3r
eddedd4746
Working version
2013-11-22 19:14:56 -06:00
jvazquez-r7
9f539bafae
Add README on the source code dir
2013-11-22 17:56:05 -06:00
jvazquez-r7
7e4487b93b
Update description
2013-11-22 17:37:23 -06:00
jvazquez-r7
25eb13cb3c
Small fix to interface
2013-11-22 17:02:08 -06:00
sinn3r
c8fd761c53
Progress
2013-11-22 16:57:29 -06:00
jvazquez-r7
288a1080db
Add MS13-022 Silverlight app code
2013-11-22 16:53:06 -06:00
Tod Beardsley
6a28aa298e
Module for CVE-2013-4164
...
So far, just a DoS. So far, just tested on recent Rails with Webrick and
Thin front ends -- would love to see some testing on ngix/apache with
passenger/mod_rails but I don't have it set up at the moment.
2013-11-22 16:51:02 -06:00
jvazquez-r7
136c18c070
Add binary objects for MS13-022
2013-11-22 16:45:07 -06:00
jvazquez-r7
a7ad107e88
Add ruby code for ms13-022
2013-11-22 16:41:56 -06:00
Karn Ganeshen
266de2d27f
Updated
2013-11-23 00:01:03 +03:00
jonvalt
b712c77413
capitalization
2013-11-22 14:37:54 -06:00
jonvalt
52a3b93f24
Hopefully final commit.
...
ALL issues mentioned by todb in https://github.com/rapid7/metasploit-framework/pull/2663/ have been fixed or erased.
Only exception is comment https://github.com/rapid7/metasploit-framework/pull/2663/#discussion_r7837036 which if omitted as recommended, breaks the module.
2013-11-22 14:17:20 -06:00
jonvalt
9addd37458
minor changes:
...
s/grab/gather/g
2013-11-22 14:03:54 -06:00
William Vu
d670b7c972
Land #2674 , Ruby 1.9.3-p484 (CVE-2013-4164)
2013-11-22 13:21:32 -06:00
jonvalt
b742ed13b9
junk commit
2013-11-22 12:38:06 -06:00
sinn3r
953a96fc2e
This one looks promising
2013-11-22 12:27:10 -06:00
Tod Beardsley
b69a67251f
Revert CVE-2013-4164 test
...
This reverts commit 7688211009
.
2013-11-22 12:26:51 -06:00
Tod Beardsley
994d4e94c6
Revert "Force Travis to Ruby 1.9.3-p484"
...
This reverts commit 25b0c86855
.
2013-11-22 12:26:05 -06:00
Tod Beardsley
25b0c86855
Force Travis to Ruby 1.9.3-p484
2013-11-22 12:21:29 -06:00
Tod Beardsley
7688211009
Add a test for CVE-2013-4164. Will crash old Ruby!
...
If you are not on a recent version of Ruby, you will segfault.
2013-11-22 12:14:51 -06:00
sinn3r
8476ca872e
More progress
2013-11-22 11:53:57 -06:00
Tod Beardsley
fd009f1e46
Update default ruby to 1.9.3-p484 (CVE-2013-4164)
...
See
https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/
2013-11-22 11:20:21 -06:00
Peter Toth
4a6511311d
Code improvements according to feedback
2013-11-22 15:35:45 +01:00
sinn3r
f1d181afc7
Progress
2013-11-22 04:51:55 -06:00
sinn3r
6d5c1c230c
Progress
2013-11-22 03:55:40 -06:00
OJ
388064b78b
Add -x and -s parameters to uploadexec
...
Added -x parameter to the script which indicates that the underlying
meterpreter session should be terminated when the execution has
finished.
Added -s parameter which takes a floating point number as an arg
which indicates the number of seconds to sleep between uploading
and executing. This helps in the case where http(s) payloads are
used for meterpreter and a time delay is needed to make sure that
the file has been written to disk and the lock released prior to
attempting to executing it.
2013-11-22 18:59:01 +10:00
William Vu
bcf0954fd8
Land #2672 , multi_console_command default usage
2013-11-22 02:55:07 -06:00
William Vu
3c9d33eb3b
Land #2671 , desktopcentral_file_upload name change
2013-11-22 02:51:55 -06:00
sinn3r
4d2253fe35
Diet
2013-11-22 02:25:09 -06:00
OJ
19ea29c6e7
Add usage when -rc -cl or -h are not passed
...
While testing stuff earlier today I had to use this script and I made the
mistake of not passing in the -rc flag to the script. I was confused for ages!
This change prints the usage message in the case where you don't pass proper
parameters to the script.
2013-11-22 12:47:04 +10:00