infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
36,641 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

36641 Commits (6dada5f20f304481bc1fbde1bc65037f216e9a51)

Author SHA1 Message Date
wchen-r7 6dada5f20f add another we can check 
administrator/manifests/files/joomla.xml
 2015-12-19 12:06:06 -06:00
wchen-r7 7d8ecf2341 Add Joomla mixin 2015-12-18 21:14:04 -06:00
Brent Cook 0c0219d7b7
Land #6357, cleanup redis rdbcompression options 2015-12-17 10:45:11 -06:00
Jon Hart f3ac8a2cc0
Land #6360, @pyllyukko's reference cleanup for ipmi_dumphashes 2015-12-16 22:03:40 -08:00
wchen-r7 06f1949e2c
Land #6355, Joomla HTTP Header Unauthenticated Remote Code Execution 
CVE-2015-8562
 2015-12-16 17:55:51 -06:00
Christian Mehlmauer 8c43ecbfaf
add random terminator and clarify target 2015-12-17 00:08:52 +01:00
Gregory Mikeska 2106a47441
Merge branch 'pr/6357' into upstream-master 2015-12-16 16:02:48 -06:00
Christian Mehlmauer 08d0ffd709
implement @wvu-r7 's feedback 2015-12-16 22:44:01 +01:00
Christian Mehlmauer 76438dfb2f
implement @wchen-r7 's suggestions 2015-12-16 20:31:43 +01:00
Jon Hart 865e2a7c18
Only test/reset rdbcompression if told to and redis is configured that way 2015-12-16 11:20:13 -08:00
Jon Hart f616ee14a8
Dont abort if compression can't be disabled 2015-12-16 11:11:00 -08:00
Jon Hart 12764660b2
Remove compression bits from description; remove unnecessary module options; require DISABLE_RDBCOMPRESSION 2015-12-16 11:07:27 -08:00
dmohanty-r7 ba1cb14f8b
Land #6354, Add method peer for jenkins_java_deserialize.rb 2015-12-16 12:42:19 -06:00
Christian Mehlmauer b43d580276
try to detect joomla version 2015-12-16 16:16:59 +01:00
Christian Mehlmauer 30f90f35e9
also check for debian version number 2015-12-16 15:19:33 +01:00
Christian Mehlmauer 67eba0d708
update description 2015-12-16 14:46:00 +01:00
Christian Mehlmauer fa3fb1affc
better ubuntu version check 2015-12-16 14:18:44 +01:00
Christian Mehlmauer 60181feb51
more ubuntu checks 2015-12-16 14:02:26 +01:00
Christian Mehlmauer 934c6282a5
check for nil 2015-12-16 13:52:06 +01:00
Christian Mehlmauer 2661cc5899
check ubuntu specific version 2015-12-16 13:49:07 +01:00
Christian Mehlmauer 675dff3b6f
use Gem::Version for version compare 2015-12-16 13:04:15 +01:00
pyllyukko d110c6cc73
Added few references to ipmi_dumphashes 2015-12-16 13:36:37 +02:00
Christian Mehlmauer 01b943ec93
fix check method 2015-12-16 07:26:25 +01:00
Christian Mehlmauer 595645bcd7
update description 2015-12-16 07:03:01 +01:00
Christian Mehlmauer d80a7e662f
some formatting 2015-12-16 06:57:06 +01:00
Christian Mehlmauer c2795d58cb
use target_uri.path 2015-12-16 06:55:23 +01:00
Christian Mehlmauer 2e54cd2ca7
update description 2015-12-16 06:42:41 +01:00
nixawk 342ce05ff7 add a DISABLE_RDBCOMPRESSION option for redis file_upload 2015-12-16 04:28:52 +00:00
Christian Mehlmauer d4ade7a1fd
update check method 2015-12-16 00:18:39 +01:00
Christian Mehlmauer c603430228
fix version check 2015-12-15 18:26:21 +01:00
Christian Mehlmauer 9ae2c53c1f Merge pull request #7 from wchen-r7/update_6355 
Add a check for joomla
 2015-12-15 18:22:21 +01:00
wchen-r7 b9b280954b Add a check for joomla 2015-12-15 11:03:36 -06:00
Christian Mehlmauer e4309790f5
renamed module because X-FORWARDED-FOR header is also working 2015-12-15 17:37:45 +01:00
Christian Mehlmauer 84d5067abe
add joomla RCE module 2015-12-15 17:20:49 +01:00
wchen-r7 ab3fe64b6e Add method peer for jenkins_java_deserialize.rb 2015-12-15 01:18:27 -06:00
Jon Hart b78f7b4d55
Land #6319, @all3g's module for abusing redis to achieve file uploads 2015-12-14 18:00:44 -08:00
Vex Woo c9e596bc31 Merge pull request #4 from jhart-r7/pr/fixup-6319 
Rename redis file upload module; remove the 'auth' part
 2015-12-15 09:08:26 +08:00
Gregory Mikeska 9a2268fc1c
Land #6350, make sure MSF_DATABASE_CONFIG is unset 2015-12-14 14:48:19 -06:00
Brent Cook eccf61bec5 ensure that the metasploit database environment variable is unset 2015-12-14 14:29:25 -06:00
Gregory Mikeska e9a3f58788
Land #6348 remove bundler 1.10 fingerprint 
from Gemfile.lock
 2015-12-14 13:48:17 -06:00
Brent Cook ee208570a2 remove bundler 1.10 fingerprint from Gemfile.lock 2015-12-14 13:22:38 -06:00
Jon Hart e448bc3e27
If saving fails, print_error and mention permissions 2015-12-14 10:47:05 -08:00
Jon Hart 19acd366d6 Rename redis file upload module; remove the 'auth' part 2015-12-14 10:40:28 -08:00
Tod Beardsley 30c805d9c7
Land #6344, R7-2015-22 / CVE-2015-8249 2015-12-14 12:30:51 -06:00
Tod Beardsley b25aae3602
Add refs to module 
See rapid7#6344.
 2015-12-14 12:05:46 -06:00
Brent Cook c00f05faba
Land #6346, jenkins_java_deserialize check reliability fixes 2015-12-14 11:44:33 -06:00
William Vu b085989923
Land #6266, rsync creds scraper 2015-12-14 11:37:30 -06:00
David Maloney 08acac6c25
Lands #6326, Rspec 3 upgrade 
lands the work to upgrade framework
to RSpec 3

MS-673
 2015-12-14 11:27:17 -06:00
wchen-r7 bd8aea2618 Fix check for jenkins_java_deserialize.rb 
This fixes the following:

* nil return value checks
* handle missing X-Jenkins-CLI-Port scenario more properly
* proper HTTP path normalization
 2015-12-14 11:25:59 -06:00
Brent Cook a0e8878508
Land #6343, update nokogiri to 1.6.7 2015-12-14 10:55:04 -06:00