Commit Graph

39947 Commits (74baffd463e643c66a5ba1391be2b11f5e1677fa)

Author SHA1 Message Date
Brent Cook f35fdfcd5f
Added documentation for auxiliary/scanner/http/owa_ews_login 2016-09-09 11:50:25 -05:00
Brent Cook 1d4b0de560
Land #6616, Added an Outlook EWS NTLM login module. 2016-09-09 11:43:52 -05:00
Justin Steven 6bafad44f2
drop 'require uri', tweak option text 2016-09-09 20:31:23 +10:00
Justin Steven 0b012c2496
Combine Unix and Windows modules 2016-09-09 20:28:13 +10:00
Agora Security 00f09d19b1 SMTP Typo
Correct SMTP Type (before SMPT)
2016-09-09 01:36:37 -05:00
Agora Security 1c598cd15d SMTP Type
Change SMPT for SMTP
2016-09-09 01:36:08 -05:00
Pearce Barry 4495b27e67
Land #7254, Rex::SSLScan Gemification 2016-09-08 13:20:56 -05:00
Pearce Barry e5e57366ac
Land #7280, use the new rex-nop gem 2016-09-08 13:03:49 -05:00
David Maloney 1b9c37ff78
Merge branch 'master' into feature/MS-1711/rex-nop 2016-09-08 10:48:07 -05:00
David Maloney 1b69d163cc
push rex-text back to previous version 2016-09-08 10:41:33 -05:00
William Vu 92dba8ff9d
Land #7290, env var check for WinSCP module 2016-09-07 21:08:12 -05:00
Brendan a30711ddcd
Land #7279, Use the rubyntlm gem (again) 2016-09-07 16:33:35 -05:00
wchen-r7 a9c3c5d391 Fix typos 2016-09-07 15:40:10 -05:00
wchen-r7 831c7a08a8 Check environment variables before using for winscp module 2016-09-07 15:24:22 -05:00
dmohanty-r7 24bb6b18ea
Land #7246 Rex::Socket Gemification
MS-1715
2016-09-07 13:14:45 -05:00
David Maloney 17ab04829c missed the lib/rex/socket.rb file
failed to delete this rather important bigt
2016-09-07 11:38:28 -05:00
David Maloney 7857c58655 remove all the left voer cruft
remove all the files that got xfered out to the gems

MS-1715
2016-09-07 11:38:28 -05:00
David Maloney 43942e6029 refactor pem parser to use the rex-socket gem version
use rex-socket's pem aprser instead of the old one we used
to have in rex::parser

MS-1715
2016-09-07 11:38:27 -05:00
David Maloney cd90ff7c24 pull in rex-socket gem
pull rex-socket gem in as a dep

MS-1715
2016-09-07 11:38:26 -05:00
David Maloney 1a913da08c pull in rex-core as a dep 2016-09-07 11:38:26 -05:00
David Maloney 405c59b8b8 move bidirectional pipe into rex/ui/text
this didn't really fit with the rest of rex::io and it inherits
from inside rex/ui/text so just put it there

MS-1715
2016-09-07 11:34:04 -05:00
Tim 6cb331e74d
Land 7281, add vagrant default password to wordlist 2016-09-07 13:01:01 +01:00
Tim 96f81b4817
add root:vagrant to root_userpass 2016-09-07 12:59:12 +01:00
Pedro Ribeiro 31cd81d060 Merge pull request #32 from rapid7/master
aaa
2016-09-07 10:41:48 +01:00
William Vu 5cca776bc1
Land #7289, minor module fixes 2016-09-06 23:31:39 -05:00
William Vu 7d44bd5ba4 Clean up module 2016-09-06 23:30:58 -05:00
aushack 015b790295 Added default rport. 2016-09-07 14:24:07 +10:00
aushack 7632c74aba Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2016-09-07 14:15:57 +10:00
aushack 6e21684ff7 Fix typo. 2016-09-07 14:08:46 +10:00
james-otten dcf0d74428 Adding module to scan for Octopus Deploy server
This module tries to log into one or more Octopus Deploy servers.

More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
catatonic c06ee991ed Adding WiFi pineapple command injection via authenticaiton bypass. 2016-09-06 17:22:25 -07:00
catatonic 8d40dddc17 Adding WiFi pineapple preconfig command injection module. 2016-09-06 17:18:36 -07:00
EgiX df5fdbff41 Add module for KIS-2016-07: SugarCRM REST PHP Object Injection
This PR contains a module to exploit KIS-2016-07, a PHP Object Injection vulnerability in SugarCRM CE before version 6.5.24 that allows unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. Successful exploitation of this vulnerability should require SugarCRM to be running on PHP before version 5.6.25 or 7.0.10, which fix CVE-2016-7124.
2016-09-07 01:58:41 +02:00
Christian Mehlmauer c6012e7947
add jsp payload generator 2016-09-06 22:17:21 +02:00
Pearce Barry 0f30d3a720
Land #7208, use new rex-bin_tools gem 2016-09-06 13:19:35 -05:00
Pearce Barry a1a7fde31a
Land #7208, use new rex-bin_tools gem 2016-09-06 13:12:59 -05:00
Pearce Barry 9d5a276e91
Fix recent metasploit-framework.gemspec conflict. 2016-09-06 13:10:28 -05:00
wchen-r7 23a5d737fc Add password "vagrant" to wordlists
The password "vagrant" is often used in Metasploitable3.
2016-09-06 12:36:02 -05:00
David Maloney 881effbae9
use the new rex-nop gem
transfer the opty2 library to rex-nop

MS-1711
2016-09-06 11:27:06 -05:00
William Vu b701048ce2 Fix data_disconnect to shutdown only if datasocket
Seeing people use this with ensure when their data channel was never set
up. This breaks things. :)
2016-09-05 15:54:26 -05:00
Tim f75b5569e5
fix android clipboard tlv usage 2016-09-05 17:24:32 +01:00
William Vu fed2ed444f Remove deprecated modules
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
2016-09-03 12:43:01 -05:00
Justin Steven ea220091ea
add metasploit_webui_console_command_execution
These modules target the Metasploit Community/Express/Pro Web UI on
Unix and Windows via the diagnostic console feature
2016-09-03 09:12:09 +10:00
Metasploit 58112d7b4d
Bump version of framework to 4.12.24 2016-09-02 10:02:44 -07:00
Mehmet Ince ba6c2117cf
Fix msftidy issues 2016-09-02 18:18:43 +03:00
Mehmet Ince 144fb22c32
Add Kaltura PHP Remote Code Execution module 2016-09-02 18:09:53 +03:00
David Maloney 668d60567f
Land #7265, rex-mime gemification
lands dev's PR for use of the new rex-mime gem
2016-09-02 09:34:30 -05:00
Brendan 81bc6bd672
Land #7228, Create zabbix_toggleids_sqli auxiliary module 2016-09-01 16:33:17 -05:00
dmohanty-r7 e36cfa54b1
Use rex-mime gem
MS-1710
2016-09-01 11:38:07 -05:00
Tim 9ebe18d096
automatically generate keystore for apk signing 2016-09-01 10:19:58 +01:00