11342356f8
Support LHOST for metasploit behind NAT
2016-09-13 11:23:49 +10:00
fd3b885d83
replace msfrop with the rex-rop_builder gem
...
moved all of this code into the new gem
MS-1722
2016-09-12 16:06:53 -05:00
8cf62dc4ed
Land #7299 , Set defaults in WordpressMulticall login scanner
2016-09-12 12:26:08 -05:00
aa193bf372
Set defaults in WordpressMulticall login scanner
...
This login scanner would crash it was used like a normal login scanner.
MS-2007
2016-09-12 11:22:15 -05:00
e09fe08983
Land #7278 , fix FTP path traversal scanners
2016-09-12 10:47:36 -05:00
a0e05d4c4c
Land #7287 , mdaemon cred dumper
2016-09-10 08:43:07 -05:00
8743f01130
Fix #7267 , Fix Wrong IDs on openvas plugin
2016-09-10 09:37:49 +09:00
a81f351cb3
Land #7274 , Remove deprecated modules
2016-09-09 12:01:59 -05:00
f35fdfcd5f
Added documentation for auxiliary/scanner/http/owa_ews_login
2016-09-09 11:50:25 -05:00
1d4b0de560
Land #6616 , Added an Outlook EWS NTLM login module.
2016-09-09 11:43:52 -05:00
6bafad44f2
drop 'require uri', tweak option text
2016-09-09 20:31:23 +10:00
0b012c2496
Combine Unix and Windows modules
2016-09-09 20:28:13 +10:00
00f09d19b1
SMTP Typo
...
Correct SMTP Type (before SMPT)
2016-09-09 01:36:37 -05:00
1c598cd15d
SMTP Type
...
Change SMPT for SMTP
2016-09-09 01:36:08 -05:00
4495b27e67
Land #7254 , Rex::SSLScan Gemification
2016-09-08 13:20:56 -05:00
e5e57366ac
Land #7280 , use the new rex-nop gem
2016-09-08 13:03:49 -05:00
1b9c37ff78
Merge branch 'master' into feature/MS-1711/rex-nop
2016-09-08 10:48:07 -05:00
1b69d163cc
push rex-text back to previous version
2016-09-08 10:41:33 -05:00
92dba8ff9d
Land #7290 , env var check for WinSCP module
2016-09-07 21:08:12 -05:00
a30711ddcd
Land #7279 , Use the rubyntlm gem (again)
2016-09-07 16:33:35 -05:00
a9c3c5d391
Fix typos
2016-09-07 15:40:10 -05:00
831c7a08a8
Check environment variables before using for winscp module
2016-09-07 15:24:22 -05:00
24bb6b18ea
Land #7246 Rex::Socket Gemification
...
MS-1715
2016-09-07 13:14:45 -05:00
17ab04829c
missed the lib/rex/socket.rb file
...
failed to delete this rather important bigt
2016-09-07 11:38:28 -05:00
7857c58655
remove all the left voer cruft
...
remove all the files that got xfered out to the gems
MS-1715
2016-09-07 11:38:28 -05:00
43942e6029
refactor pem parser to use the rex-socket gem version
...
use rex-socket's pem aprser instead of the old one we used
to have in rex::parser
MS-1715
2016-09-07 11:38:27 -05:00
cd90ff7c24
pull in rex-socket gem
...
pull rex-socket gem in as a dep
MS-1715
2016-09-07 11:38:26 -05:00
1a913da08c
pull in rex-core as a dep
2016-09-07 11:38:26 -05:00
405c59b8b8
move bidirectional pipe into rex/ui/text
...
this didn't really fit with the rest of rex::io and it inherits
from inside rex/ui/text so just put it there
MS-1715
2016-09-07 11:34:04 -05:00
6cb331e74d
Land 7281, add vagrant default password to wordlist
2016-09-07 13:01:01 +01:00
96f81b4817
add root:vagrant to root_userpass
2016-09-07 12:59:12 +01:00
31cd81d060
Merge pull request #32 from rapid7/master
...
aaa
2016-09-07 10:41:48 +01:00
5cca776bc1
Land #7289 , minor module fixes
2016-09-06 23:31:39 -05:00
7d44bd5ba4
Clean up module
2016-09-06 23:30:58 -05:00
015b790295
Added default rport.
2016-09-07 14:24:07 +10:00
7632c74aba
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2016-09-07 14:15:57 +10:00
6e21684ff7
Fix typo.
2016-09-07 14:08:46 +10:00
dcf0d74428
Adding module to scan for Octopus Deploy server
...
This module tries to log into one or more Octopus Deploy servers.
More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
df5fdbff41
Add module for KIS-2016-07: SugarCRM REST PHP Object Injection
...
This PR contains a module to exploit KIS-2016-07, a PHP Object Injection vulnerability in SugarCRM CE before version 6.5.24 that allows unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. Successful exploitation of this vulnerability should require SugarCRM to be running on PHP before version 5.6.25 or 7.0.10, which fix CVE-2016-7124.
2016-09-07 01:58:41 +02:00
c6012e7947
add jsp payload generator
2016-09-06 22:17:21 +02:00
0f30d3a720
Land #7208 , use new rex-bin_tools gem
2016-09-06 13:19:35 -05:00
a1a7fde31a
Land #7208 , use new rex-bin_tools gem
2016-09-06 13:12:59 -05:00
9d5a276e91
Fix recent metasploit-framework.gemspec conflict.
2016-09-06 13:10:28 -05:00
23a5d737fc
Add password "vagrant" to wordlists
...
The password "vagrant" is often used in Metasploitable3.
2016-09-06 12:36:02 -05:00
881effbae9
use the new rex-nop gem
...
transfer the opty2 library to rex-nop
MS-1711
2016-09-06 11:27:06 -05:00
b701048ce2
Fix data_disconnect to shutdown only if datasocket
...
Seeing people use this with ensure when their data channel was never set
up. This breaks things. :)
2016-09-05 15:54:26 -05:00
f75b5569e5
fix android clipboard tlv usage
2016-09-05 17:24:32 +01:00
fed2ed444f
Remove deprecated modules
...
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
2016-09-03 12:43:01 -05:00
ea220091ea
add metasploit_webui_console_command_execution
...
These modules target the Metasploit Community/Express/Pro Web UI on
Unix and Windows via the diagnostic console feature
2016-09-03 09:12:09 +10:00
58112d7b4d
Bump version of framework to 4.12.24
2016-09-02 10:02:44 -07:00
aushack
David Maloney
Brent Cook
Adam Cammack
scriptjunkie
yasulib
Justin Steven
Agora Security
Pearce Barry
William Vu
Brendan
wchen-r7
dmohanty-r7
Tim
Pedro Ribeiro
james-otten
EgiX
Christian Mehlmauer
Metasploit