841f67d392
Make adobe_reader_u3d also compliant
2013-12-31 11:07:31 -06:00
7f9f4ba4db
Make gsubs compliant with the new indentation standard
2013-12-31 11:06:53 -06:00
c1fb4a68fa
Land #2813 , @wvu-r7's fix for sysax_ssh_username's usage of Net::SSH
2013-12-31 10:41:45 -06:00
832b0455f1
Class constants and Regex added
2013-12-31 03:20:12 +01:00
92a0ff1096
Add webcam livestream feature for meterpreter
...
[SeeRM #8729 ] - This meterpreter command allows the attacker to observe the target at real-time
by turning their webcam live. There is also a HTML-based player provided, which does not require
a plugin or anything, just open it with a browser. The HTML-based player also allows the attacker
to put livestream on the web (evil? yeah, kind of.)
2013-12-30 18:38:13 -06:00
80a1e85235
Add :config => false to sysax_ssh_username
2013-12-30 18:13:49 -06:00
619e6aac68
Land #2812 , missing :config => false fix
2013-12-30 18:07:33 -06:00
f7ddaebb86
Land #2768 , LICENSE updates sans Meterpreter
2013-12-30 16:44:22 -06:00
c3fd657bde
Missing config false flag
...
the sshexec exploit was missing the flag
that tells net:ssh to not use the user's
local config . This can cuase ugly problem
MSP-9262
2013-12-30 14:28:15 -06:00
8986659861
Land #2804 , @rcvalle's support for disasm on msfelfscan
2013-12-30 12:24:22 -06:00
598ed7925c
Modify msfbinscan help
2013-12-30 12:23:47 -06:00
4366d4da20
Delete comma
2013-12-30 11:45:52 -06:00
54a6a4aafa
Land #2807 , @todb-r7's armory support for bitcoin_jaker
2013-12-30 11:44:51 -06:00
b8569a1698
Land #2794 , @Meatballs1's fix for to_exe_jsp on J7u21, [FixRM #8717 ]
2013-12-30 09:28:27 -06:00
e3d918a8a3
Applying changes
2013-12-30 01:49:13 +01:00
88cf1e4843
Default false KILL_PROCESSES for bitcoin_jacker
...
I seem to able to read associated wallet files while these processes are
running with the greatest of ease. Maybe there was a file locking
concern, but I haven't run into it. Feel free to avoid landing this
particular commit if you disagree.
2013-12-29 14:12:00 -06:00
5e0c7e4741
DRY up bitcoin_jacker.rb, support Armory
...
Also, make the process killing optional.
2013-12-29 13:07:43 -06:00
9384a466c1
Retab bitcoin_jacker.rb
2013-12-29 10:59:15 -06:00
6fcd12e36c
Refactor for clearer syntax and variables
...
This was done on a barely configured Windows machine, so mind the tabs.
2013-12-29 10:15:48 -06:00
ef73ca537f
First, clean up the original a little
2013-12-28 18:57:04 -06:00
f2335b5145
Land #2792 - SSO/Mimikatz module overwrites password with N/A
2013-12-27 17:25:44 -06:00
70b752cf3d
Land #2805 - Avoid using merge! which can modify self.compat
...
With the use of merge!, it can cause the user to unable to choose a
payload after switching from a different target selection.
2013-12-27 17:20:44 -06:00
39844e90c3
Don't user merge! because can modify self.compat
2013-12-27 16:37:34 -06:00
57d60c66f9
Add masqform version as comment
2013-12-27 10:59:23 -06:00
341e3c0370
Use rexml
2013-12-27 10:55:36 -06:00
ee35f9ac30
Add module for zdi-13-274
2013-12-27 10:20:44 -06:00
c1f377fda6
Add disasm option to msfelfscan
2013-12-26 16:26:45 -02:00
e51fab01fc
Doc tag changes based on feedback.
2013-12-26 10:14:41 -08:00
2ac02d3997
Land #2802 , @todb-r7's mods before release
2013-12-26 11:01:25 -06:00
d6a63433a6
Space at EOL
2013-12-26 10:37:18 -06:00
5ce862a5b5
Add OSVDB
2013-12-26 10:33:46 -06:00
c34a5f3758
Unacronym the title on Poison Ivy C&C
2013-12-26 10:30:30 -06:00
47765a1c4f
Fix chargen probe title, comment on the CVE
2013-12-26 10:29:11 -06:00
056661e5dd
No at-signs in names please.
2013-12-26 10:26:01 -06:00
b02e21a1d3
Land #2779 , @wchen-r7's mod to raise Msf::OptionValidateError when PORTS is invalid
2013-12-26 09:27:27 -06:00
c2783c2746
Land #2798 , @wchen-r7 update to safari post module
2013-12-25 10:24:39 -06:00
a20e888551
Added YARD tags/comments to readable_text.rb
...
Also fixed a few other tags.
2013-12-25 02:24:26 -08:00
6c871a7e43
Added YARD comments to persistent_storage.rb
...
Also, fixed logging.rb link to Msf::Session
Added --no-private to .yardopts. This will hide anything marked with
@private from the generated documentation.
Previous additions in the msf/base directory and not msf/core.
2013-12-24 19:45:11 -08:00
b07dfc4f44
Added YARD tags to msf/core/logging.rb
2013-12-24 19:42:24 -08:00
ff4e94cd91
Added YARD comments to msf/core/config.rb
2013-12-24 19:42:24 -08:00
78db7429d0
Turns out the latest Safari is still vulnerable.
...
The version check is currently disabled because turns out the latest
Safari (6.1.1) is still vulnerable - I can still loot it in plain
text.
2013-12-24 19:27:45 -06:00
a26e12b746
Updates descriiption and improves regex for safari_lastsession.rb
...
This updates two things for the safari_lastsession post module:
1. The description is updated: More information is added to describe
how Safari would end up storing the Gmail credential in the last
session state, and what it means to you as an attacker.
2. Regex update for the domain to search for: Before the module starts
extract the session data, it needs to know which domain to extract from.
Originally I only added mail.google.com, but turns out the sensitive info
can be found in accounts.google.com, so I added that one.
2013-12-24 14:00:55 -06:00
95c4092f0f
Land #2797 , @rbsec's patch for lotus domino regex
2013-12-24 07:28:57 -06:00
136d635300
Land #2796 , @Meatballs1's patch for [FixRM #8716 ]
2013-12-24 07:20:38 -06:00
86a94022c0
Fix lotus_domino_hashes not working.
...
Some Lotus Domino servers prefix the "dspHTTPPassword" with a dollar
sign. Updated regex to take this into account.
2013-12-24 11:57:13 +00:00
90ce761681
Land #2790 - RealNetworks RealPlayer Version Attribute Buffer Overflow
2013-12-24 00:39:54 -06:00
367dce505b
Minor details
2013-12-24 00:39:15 -06:00
f687a14539
Added support for opening via menu.
2013-12-24 03:12:49 +01:00
213556761a
Land #2765 - Added Poison Ivy Command and Control Scanner
2013-12-23 17:36:18 -06:00
0a07bbdf2e
Minor changes
2013-12-23 17:35:42 -06:00
jvazquez-r7
bmerinofe
sinn3r
William Vu
Tod Beardsley
David Maloney
TabAssassin
Tod Beardsley
Ramon de C Valle
Timothy Swartz
rbsec
sgabe