sinn3r
3f4efea879
No twitter name, please.
2012-12-11 14:52:39 -06:00
sinn3r
f5193b595c
Update references
2012-12-10 11:42:21 -06:00
sinn3r
2260e4b471
Switch to manual payload selection, because we don't auto-detect
2012-12-07 11:07:11 -06:00
jvazquez-r7
e5cc950fe1
fix identation
2012-12-07 11:57:11 +01:00
jvazquez-r7
133ad04452
Cleanup of #1062
2012-12-07 11:55:48 +01:00
jvazquez-r7
dd1d60293c
Merge branch 'indesign_server' of https://github.com/h0ng10/metasploit-framework into h0ng10-indesign_server
2012-12-05 15:27:25 +01:00
jvazquez-r7
2cca857f6f
added support for Mac OS X
2012-12-04 22:04:21 +01:00
sinn3r
b764110e6e
Use PhpEXE to be able to support PHP and Linux native payloads
2012-11-28 15:06:39 -06:00
sinn3r
fd2296317d
Strip the credential dumping stuff (making it auxiliary)
...
Also a little description update
2012-11-28 14:27:01 -06:00
sinn3r
6b524ff22a
Merge branch 'eaton_network_shutdown' of git://github.com/h0ng10/metasploit-framework into h0ng10-eaton_network_shutdown
2012-11-28 11:22:36 -06:00
h0ng10
897ae102d4
fixed msftidy.rb complains
2012-11-28 01:22:19 -05:00
h0ng10
7109d63f36
Code clean up, thanks to Brandon Perry
2012-11-28 01:20:41 -05:00
h0ng10
4ef0d8699a
added exploit for OSVDB 83199
2012-11-27 12:29:10 -05:00
sinn3r
9c3be383d0
The 'Set-Cookie' header should be checked before accessing it
2012-11-26 12:06:43 -06:00
sinn3r
edaa66094c
Merge branch 'jlee-r7-feature/automatic-fs-cleanup'
2012-11-19 16:13:08 -06:00
sinn3r
f4aa84956c
Add technet reference
2012-11-17 01:24:12 -06:00
James Lee
591b085858
Add support for shell sessions in FileDropper
2012-11-16 15:51:54 -06:00
James Lee
83708a5a48
Add a FileDropper mixin for recording cleanup targets
...
Doesn't cover shell sessions yet, so needs a bit more work
2012-11-15 17:52:10 -06:00
jvazquez-r7
8e7a748805
thins in place...
2012-11-11 20:19:20 +01:00
jvazquez-r7
c4f10a1d53
added bid reference
2012-11-11 17:48:57 +01:00
jvazquez-r7
9d3c068da0
added linux target
2012-11-11 17:28:48 +01:00
jvazquez-r7
8619c5291b
Added module for CVE-2012-5076
2012-11-11 17:05:51 +01:00
Tod Beardsley
b1b85bee44
Actually require PhpEXE mixin.
2012-11-01 14:53:18 -05:00
sinn3r
4e6b5393c5
Merge branch 'manage_engine_sqli' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-manage_engine_sqli
2012-10-27 18:53:47 -05:00
sinn3r
799c22554e
Warn user if a file/permission is being modified during new session
2012-10-24 00:54:17 -05:00
sinn3r
f1423bf0b4
If a message is clearly a warning, then use print_warning
2012-10-24 00:44:53 -05:00
sinn3r
8eb790f62c
Final touchup
2012-10-23 19:46:09 -05:00
sinn3r
f9bb910c3b
Make the check() try SQLI
2012-10-23 19:42:36 -05:00
sinn3r
8c5a73bb7f
Change exception handling
2012-10-23 19:34:12 -05:00
sinn3r
90542547c6
Add auto-target, and some changes to cleanup
2012-10-23 19:07:13 -05:00
Michael Schierl
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
sinn3r
22223d5d81
Better cleanup abilities
2012-10-23 13:58:19 -05:00
Michael Schierl
21f6127e29
Platform windows cleanup
...
Change all Platform 'windows' to 'win', as it internally is an alias
anyway and only causes unnecessary confusion to have two platform names
that mean the same.
2012-10-23 20:33:01 +02:00
sinn3r
4c41319c7c
Remove unused vars
2012-10-23 12:55:43 -05:00
sinn3r
bef4539915
Update description
2012-10-23 12:47:46 -05:00
sinn3r
3ff888a5c0
Move to 'multi' because it supports windows and linux
2012-10-23 12:41:51 -05:00
sinn3r
5072156df6
Designed specifically for Windows, so let's move to Windows
...
Plus additional fixes
2012-10-22 23:01:58 -05:00
sinn3r
2484bb02cf
Add the initial version of the module
...
From EDB.
2012-10-22 22:41:30 -05:00
Michael Schierl
e9f7873afc
Version cleanup
...
Remove all values that are neither 0 nor $Revision$.
2012-10-22 20:57:02 +02:00
jvazquez-r7
2acfb0537c
Merge branch 'ajaxplorer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ajaxplorer
2012-10-15 08:30:08 +02:00
sinn3r
529f88c66d
Some msftidy fixes
2012-10-14 19:16:54 -05:00
sinn3r
cedcace1a7
Forgot to change the output variable
...
Because the original script used match()
2012-10-14 11:43:33 -05:00
sinn3r
cc303665e8
Credit
2012-10-13 00:42:44 -05:00
sinn3r
5b2998a121
Add OSVDB-63552 AjaXplorer module (2010)
2012-10-13 00:35:48 -05:00
James Lee
90ae5c1178
Add PhpEXE support to RateMyPet module
2012-10-12 04:53:01 -05:00
James Lee
13a5892e95
Add a mixin for uploading/executing bins with PHP
...
And use it in three modules that had copy-paste versions of the same
idea.
2012-10-12 02:57:41 -05:00
sinn3r
c094508119
Support Python payload
...
Pretty sure if the app is run on Unix/Apache, or supports perl and
ruby, chances are python works too.
2012-10-08 22:17:11 -05:00
sinn3r
06e2994b7e
connectiontype to find and python payload support
2012-10-08 15:13:27 -05:00
sinn3r
04aa69192d
Dang typo
2012-10-08 13:35:13 -05:00
sinn3r
8ff4442f9e
Add PhpTax pfilez exec module
...
This module exploits a vuln found in PhpTax. When generating a
PDF, the icondrawpng() function in drawimage.php does not
properly handle the pfilez parameter, which will be used in a
exec() statement, and results in arbitrary code execution.
2012-10-08 12:46:56 -05:00