768294710b
Add check and removed HttpClient
2015-04-16 10:22:10 -03:00
890561bff3
Rewriting the condition 'if' for only one line
2015-04-16 09:23:56 -03:00
c8e1185a04
Included Wordpress mixin.
2015-04-16 05:02:39 -03:00
0031f09d60
Add author, EDB, WPVDB and fix loot.
2015-04-15 20:03:36 -03:00
0f1cf1d1b1
Add Module WP Mobile Edition Plugin File Read Vuln
2015-04-15 19:45:08 -03:00
3d851d8be7
Land #5155 , spelling fix
2015-04-15 15:36:23 -05:00
7cc80c418b
Correct a bad spelling in ms15_034_ulonglongadd.rb
2015-04-15 15:32:55 -05:00
3ca7d6aae5
Land #5150 , @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys
...
* `check` to test, `run` to DoS
2015-04-15 14:29:18 -05:00
76d36a46dc
Missing a checkcode
2015-04-15 14:04:18 -05:00
3633be127a
Land #5153 , gem/autoload updates
2015-04-15 13:37:15 -05:00
8a542b841c
Don't check Server header
2015-04-15 13:33:09 -05:00
90ed6ee0b6
No "vhost"
2015-04-15 13:32:11 -05:00
3aa8e6908d
Converted to a DOS module
2015-04-15 13:13:16 -05:00
1e7a6bf3e9
Update metasploit gem dependencies to released versions
2015-04-15 13:06:33 -05:00
491835d578
Land #5114 , missing metasploit/credential require
2015-04-15 12:52:41 -05:00
19ab71aa43
Final update i swear
2015-04-15 10:20:15 -05:00
7a77dbc9f0
Update description
2015-04-15 10:15:40 -05:00
ef6bf54e2f
Fix metadata
2015-04-15 09:22:59 -05:00
1da6b32df7
Land #4924 , @m-1-k-3's DLink CVE-2015-1187 exploit
...
* ncc service ping.cpp command injection
2015-04-15 09:17:10 -05:00
6019bbe0d2
Add ranking comment
2015-04-15 09:12:03 -05:00
ad465c4d5b
Do code cleanup
2015-04-15 09:10:18 -05:00
2206ae48a1
Match the PR title
2015-04-15 01:50:59 -05:00
63048a7385
Newline
...
-_-
2015-04-15 01:38:09 -05:00
6f874b81ff
Add MS15-034 check (CVE-2015-1635)
2015-04-15 01:37:43 -05:00
c971bc930c
Mark app/concerns as autoload
...
To work with metasploit-concern 0.4.0 prerelease not deriving
app/concerns from root and to ensure it is does not inherit eager_load
from app.
2015-04-14 15:06:59 -05:00
b9bce90759
Update to metasploit-concern 0.4.0 prerelease
...
MSP-12550
Properly shows Metasploit::Credential::Core::ToCredential is not loaded.
2015-04-14 15:03:20 -05:00
4c407ce962
Merge branch 'bug/MSP-12529/missing-require-metasploit-credential' into bug/MSP-12550/app-concerns-eager-load
...
MSP-12550
2015-04-14 14:42:54 -05:00
b5ae3fd62c
Land #5142 , missing module rank fixes
2015-04-14 13:41:38 -05:00
aca93cc86e
Add missing Rank
2015-04-14 13:33:37 -05:00
75b559eea3
Land #5081 , meterpreter certificate hash check controls
2015-04-14 10:46:13 -05:00
0e864e1631
update bins to 0.0.21
2015-04-14 10:45:49 -05:00
7f56c07b64
add missing sslhash attribute
2015-04-14 10:45:44 -05:00
97e715b1ce
Land #5139 , metasm/ruby signedness fix
2015-04-14 10:26:23 -05:00
f6285991b3
Land #5140 , extraneous space fix
2015-04-14 01:38:21 -05:00
61b709b8c5
Extra space in message "Local IP:"
2015-04-14 01:34:07 -05:00
e114c85044
Land #5127 , x64 OS X prepend stubs 'n' stuff
2015-04-14 01:25:39 -05:00
8d1126eaa5
Land #5129 , x64 BSD prepend stubs 'n' stuff
2015-04-14 01:24:50 -05:00
3860bbabbb
Avoid generating labels with '..' in them with metasm
...
So, metasm generates labels for the assembler using "%x" % string.object_id. If
the pointer for string.object_id begins with the most significant digit set, it
looks like a sign-extended 2's complement number (negative), and gets formatted
by ruby as '..f1412300' or similar. On 32-bit platforms, there is rather high
chance of randomly ending up with a label like 'goto_test_uuid..f1234560:',
which is a parse error.
This patch simply takes the absolute value of the object_id to avoid negative
interpretations. This fixes hiesenbugs using metasm's C compiler on 32-bit
platforms.
2015-04-13 22:43:18 -05:00
52fc60b294
Merge pull request #1 from wvu-r7/pr/5127
...
Add Privileged to info hash
2015-04-13 17:08:14 -05:00
e324819feb
Add Privileged to info hash
...
Also remove default payload. Was set for CMD.
2015-04-13 15:23:30 -05:00
c2a252face
Land #5133 , grammar/spelling fixes from @void-in
2015-04-13 12:47:32 -05:00
c4084659a9
Check @void-in's fixes out
2015-04-13 12:44:40 -05:00
1a81938c6e
Land #5132 , @todb-r7's release fixes
2015-04-13 11:07:56 -05:00
bd3b6514fa
Dubbed. Whump whump.
2015-04-13 10:52:32 -05:00
d87483b28d
Squashed commit of the following:
...
commit 49f480af8b9d27e676c02006ae8873a119e1aae6
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Apr 13 10:42:13 2015 -0500
Fix funny punctuation on rootpipe exploit title
See #5119
commit 0b439671efd6dabcf1a69fd0b089c28badf5ccff
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Apr 13 10:37:39 2015 -0500
Fix vendor caps
Trusting the github repo README at
https://github.com/embedthis/goahead
See #5101
2015-04-13 10:46:47 -05:00
51dd88114b
Fix grammer in comments
2015-04-13 13:21:41 +05:00
2d3614f647
Implement x64 BSD exec and exe template.
...
- Fixes bug in CachedSize due to all options being set
- Adds new payload to payload_spec.
2015-04-12 12:17:25 -05:00
92c12de6db
Fix invalid datastore options.
2015-04-12 00:54:10 -05:00
ceadd1e6ec
Update osx x86 payload cached sizes to be accurate.
...
- Right now there is a bug in the payload_spec, which causes the payload's
datastore during the spec run to have things like 'PrependSetuid' => 'false',
where 'false' is a string, which means 'if (datastore['PrependSetuid'])'
branch will be taken, resulting in incorrect behavior.
2015-04-12 00:21:18 -05:00
eaab665a6d
Remove #generate patch, specs will fail again.
2015-04-12 00:07:39 -05:00
Roberto Soares
Brent Cook
sinn3r
jvazquez-r7
William Vu
Matt Buck
Luke Imhoff
Tod Beardsley
Joe Vennix
root
joev