c493ccfc06
Define the Rails version constraint in a library constant
2014-12-19 11:46:39 -06:00
2c0c732967
Fix #4414 & #4415 - exitfunc and proper null-terminated string
...
This patch fixes the following for messagebox.rb
Issue 1 (#4415 )
When exitfunc is none, the payload will not be able to generate
due to an "invalid opcode" error.
Issue 2: (#4414 )
After "user32.dll" is pushed onto the stack for the LoadLibrary
call, the payload does not actually ensure bl is a null byte, it
just assumes it is and uses it to modify the stack to get a
null-terminated string.
Fix #4414
Fix #4415
2014-12-19 03:19:06 -06:00
8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222
2014-12-18 17:21:26 -08:00
c15bad44a6
Be clearer on backslash usage.
...
See #4282
2014-12-18 16:16:02 -06:00
723998e1d4
Land #4425 , jobs tab completion NilClass fix
2014-12-18 15:25:57 -06:00
400bd9a094
Fix jobs NilClass tab complete bug
2014-12-18 15:43:04 -05:00
153d7e273d
Land #4420 , tentative "fix" for EXE spec
2014-12-18 13:55:56 -06:00
db474adc7b
Remove the helper as well.
...
See #3807 .
Again, happy to have working tests that actually test validity. But,
these ain't them.
2014-12-18 13:28:04 -06:00
144daaa6bb
Land #4421 - add a deprecation message for msfcli
...
please make your way to msfconsole
2014-12-18 10:28:31 -06:00
60099d42cf
Add deprecation warning to msfcli, 6 months
...
See #3802
2014-12-18 09:39:50 -06:00
80cd04d76a
Land #4332 , test optimization for Cucumber
...
* Make Cuke run faster on TravisCI
2014-12-18 09:34:55 -06:00
270debea32
Remove the EXE file test spec
...
This thing has been a problem since forever, given cross-platform
issues and random collisions with other file magic signatures.
See #3807 and #2793 and the even earlier redmine bug.
This should not close the bug, since we're merely avoiding the random
fails by not testing at all. We /should/ test, but in the meantime, we
can't suffer these failures that throw me (at least) into a panic every
time.
2014-12-18 09:18:24 -06:00
dcf23172be
Land #4418 , threads tab completion NilClass fix
2014-12-17 22:13:17 -06:00
d41dc0d88e
Land #4419 , msfbinscan NameError fix
2014-12-17 22:00:25 -06:00
9f0bf85ec1
Fix typo in msfbinscan
2014-12-18 02:43:24 +01:00
549f3c69ff
Dont crash when tab complete threads command with typos
2014-12-17 19:36:04 -05:00
cfc3a31289
Upgrade rails to 3.2.21
2014-12-17 17:50:10 -06:00
5262096905
Land #4412 , get_once NilClass fixes
2014-12-17 14:07:09 -06:00
6b0a98b69c
Resolve #4408 - bad uncaught nil get_once
2014-12-17 14:02:42 -06:00
1ff51d5856
Land #4410 , rm_f with more f
2014-12-17 13:16:46 -06:00
698ca2639b
Do not delete files that do not exist in rm_f
2014-12-17 09:18:06 -05:00
9de4137aa7
Patch UA/Proxy settings during migration, lands #3632
2014-12-16 22:21:48 -06:00
370f6003e3
Refactors metsrv patching in reverse_hop_htt.rb
2014-12-17 11:57:17 -05:00
1930eb1bf8
Refactors metsrv patching in reverse_http.rb
2014-12-17 10:04:43 -05:00
f6af86a06d
Land #4402 , ms12_020_check NilClass fix
2014-12-16 15:34:25 -06:00
3a00db3c9c
Land #4404 , Oracle scheduler exploit fix
2014-12-16 15:33:44 -06:00
c78685269f
Land #4403 , msfvenom configurable variable name
2014-12-16 10:10:54 -06:00
f237c56a13
This oracle scheduler exploit hangs if not vuln
...
When this exploit gets run against a system that isn't vulnerable
it can hang for a signifigant ammount of time. This change uses the check
method on the exploit to see whether it should proceed. Don't try to exploit
the host if it's not vulnerable.
2014-12-16 09:42:42 -06:00
513fd122b8
Update rpsec
2014-12-16 00:26:53 -06:00
c2bc79c53c
Resolves #4275 - Configurable variable name as an option
...
Resolves #4275
2014-12-15 23:59:34 -06:00
52b3025351
Reworked to avoid extending String class on blob per hdm's rec.
2014-12-15 21:40:41 -05:00
2604746fb7
Land #4361 , Kippo detector
2014-12-15 14:54:48 -06:00
81a069d548
Merge pull request #1 from wvu-r7/pr/4361
...
Merging changes. Thanks for all the help!
2014-12-15 15:51:48 -05:00
4c994d84e0
Updating version to 4.11 for Flood release
2014-12-15 14:42:09 -06:00
8394cc13a8
Perform final cleanup of detect_kippo
2014-12-15 14:38:38 -06:00
c611249723
Take full advantage of the check command
2014-12-15 12:50:59 -06:00
9edb2b4fab
Fix #4378 - Do exception handling
...
Fix #4378
2014-12-15 12:37:36 -06:00
effb5b966f
Land #4328 , @bcoles' exploit for ActualAnalyzer < 2.81 'ant' code execution
2014-12-15 09:57:27 -08:00
025c0771f8
Have exploit call check. Have check report_vuln
2014-12-15 09:53:11 -08:00
4c714b3eaf
Land #4386 - Fix issue #3852 (support for other languages for enable_rdp)
2014-12-15 11:37:05 -06:00
f521e7d234
Use newer Ruby hash syntax
2014-12-15 09:17:32 -08:00
c93dc04a52
Resolve address before storing the working cred
2014-12-15 09:11:12 -08:00
c24fdb81b5
Land #4389 , Meatballs1's fix for enum_ad_* post module regressions
...
Fixes #4387 by adjusting for the new return type from ADSI queries.
2014-12-15 10:45:12 -06:00
5ca8f187b3
Merge remote-tracking branch 'upstream/pr/4328' into temp
2014-12-15 08:15:51 -08:00
6480ae2c03
Show message at the end
2014-12-15 16:26:39 +01:00
3ee60101cf
Updating lockfile for credential 0.13.8
...
Logfile cleanup
2014-12-14 21:12:32 -06:00
63320ce7bd
Updating to latest metasploit-credential, 0.13.8
...
Drops test log files that are clogging build
2014-12-14 21:05:32 -06:00
288954afa0
recvfrom allocation changed
2014-12-14 18:58:48 +01:00
4530066187
return nil
2014-12-15 01:04:39 +11:00
55d9e9cff6
Use list of potential analytics hosts
2014-12-14 23:15:41 +11:00
Matt Buck
sinn3r
Jon Hart
Tod Beardsley
William Vu
Spencer McIntyre
Trevor Rosen
Jakub Nawalaniec
HD Moore
Sean Verity
David Maloney
Andrew Morris
Samuel Huckins
Brent Cook
root
Brendan Coles