sinn3r
6642545551
Adds new JavaScript function "js_download"
...
"js_download" is a JavaScript function used to download data (text
or binary) from the web server.
2013-04-24 17:36:45 -05:00
jvazquez-r7
2b4144f20f
Add module for US-CERT-VU 345260
2013-04-24 10:47:16 -05:00
jvazquez-r7
c3f5f5f9de
Land #1756 , @wchen-r7's cleanup of spaces
2013-04-23 19:29:36 -05:00
sinn3r
cae30bec23
Clean up all the whitespace found
2013-04-23 18:27:11 -05:00
James Lee
93bddd9041
Improved docs and partial specs for Rex::Text
...
Conflicts:
lib/msf/core/modules/loader/base.rb
lib/rex/poly/block.rb
lib/rex/text.rb
2013-04-23 17:24:03 -05:00
Brandon Turner
47097ecf69
Fix typo
2013-04-23 15:39:02 -05:00
sinn3r
b0ac7a7b47
Landing #1752 - Removes msfgui and armitage
...
[Closes #1752 ] - Stable releases can be tracked here:
MSFGui: http://www.scriptjunkie.us/msfgui/
Armitage: http://www.fastandeasyhacking.com/download
2013-04-23 12:28:49 -05:00
sinn3r
a5c102d11e
Landing #1753 - Updates references for java_jre17_reflection_types
2013-04-23 08:03:30 -05:00
jvazquez-r7
ece36c0610
Update references for the las Java exploit
2013-04-22 21:55:04 -05:00
jvazquez-r7
1529dff3f3
Do final cleanup for sap_configservlet_exec_noauth
2013-04-22 21:43:41 -05:00
jvazquez-r7
8c9715c2ed
Land #1751 , @andrewkabai's SAP Portal remote OS command exec
2013-04-22 21:41:53 -05:00
Tod Beardsley
80fb7b85ef
Drop msfgui.jar, too.
2013-04-22 16:03:38 -05:00
sinn3r
a09b3b8023
Lands #1169 - Adds a check
...
[Closes #1169 ]
Conflicts:
modules/auxiliary/dos/http/apache_range_dos.rb
2013-04-22 15:50:15 -05:00
sinn3r
882b084cba
Changes the default action
2013-04-22 15:47:38 -05:00
sinn3r
7e28a4ddb0
Uses "ACTIONS" keys instead of datastore options
...
It's better to use ACTIONS instead of datastore in this case. Also,
did some cleanup.
2013-04-22 15:41:47 -05:00
Tod Beardsley
1112daaff2
Remove msfgui and armitage
...
This removes the Armitage and MSFGui components from the Metasploit
distribution. You can track the latest stable releases of these
alternate GUIs here:
MSFGui: http://www.scriptjunkie.us/msfgui/
Armitage: http://www.fastandeasyhacking.com/download
2013-04-22 15:26:44 -05:00
sinn3r
dfff20a3fc
Landing #1692 - Handles OSQL banners and responses
...
[Close #1692 ]
2013-04-22 13:58:44 -05:00
sinn3r
b10b2c60d8
Landing #1746 - Adds some friendlier defaults to database.yml
...
[Closes #1746 ]
2013-04-22 12:54:24 -05:00
Andras Kabai
79eb2ff62d
add EDB ID to references
2013-04-22 18:37:28 +02:00
sinn3r
ab976bcf63
Landing #1749 - Fixes Ruby 1.8 Syntax errors
...
[Closes #1749 ]
2013-04-22 11:20:54 -05:00
Andras Kabai
15b06c43aa
sap_configservlet_exec_noauth auxiliary module
...
the final module was moved from my master branch to here because of the
pull request needs
2013-04-22 17:40:27 +02:00
Andras Kabai
b4f1f3efbb
remove aux module from master branch
2013-04-22 17:34:01 +02:00
Antoine
0115833724
SyntaxError fixes
2013-04-21 20:22:41 +00:00
jvazquez-r7
1365dfe68c
Add Oracle url
2013-04-20 01:43:14 -05:00
jvazquez-r7
9fca89f70b
fix small issues
2013-04-20 01:43:14 -05:00
jvazquez-r7
b99fc06b6f
description updated
2013-04-20 01:43:14 -05:00
jvazquez-r7
19f2e72dbb
Added module for Java 7u17 sandboxy bypass
2013-04-20 01:43:13 -05:00
Andras Kabai
49b055e5fd
make msftidy happy
2013-04-20 00:26:04 +02:00
Andras Kabai
e4d9c45ce9
remove unnecessary rank rating
2013-04-20 00:23:55 +02:00
jvazquez-r7
c7fcd6931a
Use vprint_error
2013-04-19 16:22:07 -05:00
jvazquez-r7
4ef33197dc
Land #1745 - @FireFart's improvement for MediaWiki aux module
2013-04-19 16:20:33 -05:00
jvazquez-r7
19a158dce9
Do final cleanup for netgear_dgn2200b_pppoe_exec
2013-04-19 15:50:23 -05:00
jvazquez-r7
c1819e6ecc
Land #1700 , @m-1-k-3's exploit for Netgear DGN2200B
2013-04-19 15:49:30 -05:00
Tod Beardsley
881d16e701
Add some friendlier defaults to database.yml
...
Actually let people get going out of the gate without forcing them to
puzzle out database.yml configurations. Also gives some hints on how to
set up a database.
Today, if you merely copy and paste from database.yml.example, you'll
get yelled at:
````
$ ./msfconsole -L -y config/database.yml
[-] No database definition for environment production
````
2013-04-19 15:43:25 -05:00
Christian Mehlmauer
eaff87879e
added text
2013-04-19 22:03:05 +02:00
Christian Mehlmauer
a6be72b019
fixes for mediawiki aux module
2013-04-19 21:43:12 +02:00
Andras Kabai
763d1ac2f1
remove unnecessary option declaration
2013-04-19 21:42:28 +02:00
Andras Kabai
85932a2445
improve URI path and parameter handling
...
switch from PATH to TARGETURI datastore;
use normalize_uri to build uri;
use query in send_request_cgi to to prepare query string (instead of
vars_get that escapes the necessary semicolons)
2013-04-19 21:37:39 +02:00
Andras Kabai
c52588f579
remove Scanner mixin
...
remove Scanner mixin because this module is not a scanner modul
2013-04-19 20:28:44 +02:00
sinn3r
7fdf84ac45
Landing #1744 - Checks nil before using resp.headers['Server']
...
[Closes #1744 ]
2013-04-19 10:37:05 -05:00
sinn3r
7f21239713
Landing #1741 - MediaWiki SVG File Access Auxiliary module
...
[Closes #1741 ]
2013-04-19 10:30:16 -05:00
jvazquez-r7
31586770a0
Added module for OSVDB 92490
2013-04-18 14:34:02 -05:00
Andras Kabai
8f76c436d6
SAP ConfigServlet OS Command Execution module
...
This module allows execution of operating system commands throug the
SAP ConfigServlet without any authentication.
2013-04-18 20:26:48 +02:00
RageLtMan
15c6df1482
Check for nil before calling on value
2013-04-18 00:32:37 -04:00
m-1-k-3
2713991c64
timeout and HTTP_Delay
2013-04-17 20:25:59 +02:00
m-1-k-3
59045f97fb
more testing, reworking of config restore, rework of execution
2013-04-17 18:10:27 +02:00
jvazquez-r7
4e8d32a89a
cleanup for freefloatftp_user
2013-04-16 20:43:38 -05:00
jvazquez-r7
eedeb37047
Landing #1731 , @dougsko's freefloat ftp server bof exploit
2013-04-16 20:42:01 -05:00
Josh
c23cf47d74
Fix RM7896, global show opts has non-eval #{text}
...
thx to mudge for reporting & jduck for properly blaming me.
This change also causes the actual DefaultPromptChar to be displayed vs a hard coded ">"
2013-04-15 22:07:28 -05:00
Tod Beardsley
25fcbd4e70
Landing #1733 , setting a sensible heapsray offset
...
@wchen-r7 says that nobody's using it today, much less relying on the
default, so this should make no functional difference to any browser
exploits.
2013-04-15 16:32:48 -05:00