Pedro Ribeiro
62ac536b7d
Create manageengine_file_download.rb
2015-01-28 19:42:17 +00:00
Pedro Ribeiro
299a39a67f
Merge pull request #13 from rapid7/master
...
a
2015-01-28 19:40:55 +00:00
jvazquez-r7
5475cf50aa
Land #4655 , @wchen-r7's custom 404 for BrowserExploitServer
2015-01-27 23:03:08 -06:00
sinn3r
457598eb02
print_error about unknown request.uri
2015-01-27 20:21:18 -06:00
sinn3r
acf02647fb
Add a check for Custom404
2015-01-27 20:18:10 -06:00
sinn3r
66703bfe5a
Allow custom 404 as an option for BrowserExploitServer
...
When something fails, the target is given a hardcoded 404 message
generated by the framework. But the user (attacker) now can configure
this. When the Custom404 option is set, the mixin will actually
redirect (302) to that URL.
There are several scenarios that can trigger a 404 by BES (custom or
default):
* When the browser doesn't allow javascript
* When the browser directly visits the exploit URL, which is forbidden.
If this actually happens, it probably means the attacker gave the
wrong URL.
* The attacker doesn't allow the browser auto-recovery to retry the
URL.
* If some browser requirements aren't met.
* The browser attempts to go to access a resource not set up by the
mixin.
2015-01-27 18:53:02 -06:00
jvazquez-r7
465b4a5c1b
Land #4652 , @wchen-r7's ms13-037 svg exploit update to use BES
2015-01-27 13:47:35 -06:00
sinn3r
ffd1257bff
Make sure this branch is up to date.
2015-01-27 12:16:15 -06:00
sinn3r
bb9c961847
Change description a bit
2015-01-27 12:14:55 -06:00
William Vu
b030327965
Land #4647 , get_module_resource NilClass fix
2015-01-27 12:07:08 -06:00
sinn3r
2dedaee9ca
Working version after the upgrade
2015-01-27 12:02:36 -06:00
William Vu
ae22cf1b47
Land #4650 , #strip NilClass fix
2015-01-27 11:13:33 -06:00
William Vu
7d7139d769
Consistent-ize whitespace
2015-01-27 11:11:02 -06:00
Tod Beardsley
d8200c65a8
Strip safely, avoid nil.strip errors
2015-01-27 11:06:55 -06:00
William Vu
5b3d877b25
Land #4648 , for real
2015-01-27 11:00:22 -06:00
William Vu
2b706f222a
Land #4648 , YAML parsing fix
...
Prefer regex. For reasons...
2015-01-27 10:59:05 -06:00
William Vu
a88a631b66
Fix #strip
2015-01-27 10:58:24 -06:00
Tod Beardsley
d2bf1a73ff
Don't need to require YAML anymore either
2015-01-27 10:40:57 -06:00
William Vu
bf39a7a933
Land #4648 , YAML parsing fix
...
Prefer regex. For reasons...
2015-01-27 10:39:03 -06:00
Tod Beardsley
cafbd1af51
Prefer a regex over YAML parsing
...
Fixes a bug introduced in #4645
2015-01-27 10:34:56 -06:00
sinn3r
ee922d141c
Fix #4646 - get_module_resource should check nil before using get_resource
...
Fix #4646 . The get_module_resource needs to check nil first before
using the get_resource method (from HttpServer)
2015-01-27 00:21:43 -06:00
sinn3r
9e3388df34
Use BES for MS13-037 and default to ntdll
2015-01-27 00:18:36 -06:00
William Vu
515b125192
Land #4645 , for real
...
Conflicts:
modules/post/multi/gather/rubygems_api_key.rb
2015-01-26 23:46:04 -06:00
William Vu
fd4812fbab
Land #4645 , @claudijd's RubyGems API key stealer
...
Dedicating this merge to @todb-r7. :-)
2015-01-26 23:29:36 -06:00
William Vu
d53f4e1178
Fix bugs and make final changes
2015-01-26 23:29:10 -06:00
Jonathan Claudius
f0bcf27110
Missing ?
2015-01-27 00:15:43 -05:00
Jonathan Claudius
a3cf524162
Remove copy pasta
2015-01-27 00:13:51 -05:00
Jonathan Claudius
2bb9314b4b
Switch to unless conditional
2015-01-27 00:10:33 -05:00
sinn3r
7b4fd2f618
Land #4642 , Allow 'creds -u "" ' to return blank usernames
2015-01-26 23:01:03 -06:00
Jonathan Claudius
1f9286da69
Undo logic reversage
2015-01-26 23:54:41 -05:00
Jonathan Claudius
a9e480e44a
Fixed tilde
2015-01-26 23:53:08 -05:00
Jonathan Claudius
eed9fbe024
Lose assignment in conditional
2015-01-26 23:48:08 -05:00
Jonathan Claudius
c496d2c987
Remove nil check
2015-01-26 23:43:31 -05:00
Jonathan Claudius
c29b7488b2
Fix double new line
2015-01-26 23:40:19 -05:00
Jonathan Claudius
d77f112e82
Minor Formatting
2015-01-26 23:31:36 -05:00
Jonathan Claudius
06485d8c89
Fix naming of things
2015-01-26 23:17:44 -05:00
Jonathan Claudius
685c4804e5
Add trailing return
2015-01-26 23:15:00 -05:00
Jonathan Claudius
6b6e47a237
Fix sessiontypes, again
2015-01-26 23:13:17 -05:00
Jonathan Claudius
747349a57a
Fix sessiontypes
2015-01-26 23:11:48 -05:00
Jonathan Claudius
ee7ecb349d
Fix description
2015-01-26 23:10:08 -05:00
Jonathan Claudius
106170eddc
Add multi to name
2015-01-26 23:08:43 -05:00
Jonathan Claudius
a3c7cf70f8
Make MSF Tidy more happy
2015-01-26 22:30:26 -05:00
Jonathan Claudius
d37b3cf0c3
Use next instead of return
2015-01-26 22:26:56 -05:00
Jonathan Claudius
f58dc2789f
Remove creds
2015-01-26 22:13:15 -05:00
Jonathan Claudius
a27c376ae7
Add service port and host
2015-01-26 22:06:07 -05:00
Jonathan Claudius
dd34b58e49
Add add loot
2015-01-26 22:01:38 -05:00
Jonathan Claudius
3889ed5784
Add cred login
2015-01-26 21:50:10 -05:00
Jonathan Claudius
eead063375
Add RubyGems API Post Gather Module
2015-01-26 20:53:39 -05:00
Tod Beardsley
63c3832d7d
Also test for nonmatching passwords
2015-01-26 17:02:58 -06:00
Tod Beardsley
1410477fe9
Use the blank password/username variables
2015-01-26 17:00:45 -06:00