Josh Hale
7dacf20fca
Merge pull request #1 from dmaloney-r7/feature/priv-migrate/minor-tweaks
...
Some minor Tweaks to priv_migrate
2016-01-08 15:17:45 -07:00
David Maloney
5e6620f2cf
add yard doc and lexical sorting
...
lexical sort methods and add missing YARD docs
2016-01-08 14:36:21 -06:00
David Maloney
536378e023
move datastore kill check to kill method
...
move the datastore check for datatstore['KILL']
into the actual kill method for sake of DRYness
2016-01-08 14:31:42 -06:00
David Maloney
9716b97e1c
split up the migration efforts
...
move admin and suer migrations into
seperate methods for enhanced readability
and maintainability
2016-01-08 14:26:39 -06:00
David Maloney
ad50f9a047
move default targets to constants
...
cleanup the way the target lists get populated
to use constants and be a little cleaner and dryer
2016-01-08 14:03:30 -06:00
Josh
4e99c873c8
Fix issue when target_pid == current_pid
2016-01-06 19:58:07 -06:00
Josh
60c506d7fb
Replace error handling methods
2016-01-06 18:53:54 -06:00
Josh
0de69a9d40
Add post Windows privilege based migrate
2015-12-27 19:26:21 -06:00
Brent Cook
e23b5c5435
Land #6179 , add NTP initial crypto nak spoofing module
2015-12-24 15:46:18 -06:00
Brent Cook
eec6a6f905
Land #6304 , simplify Meterpreter livelness checks
2015-12-24 15:42:17 -06:00
Brent Cook
04f755dd51
Land #6367 , MS15-134 Microsoft Windows Media Center MCL Information Disclosure
2015-12-24 15:24:42 -06:00
wchen-r7
10c10f2f79
Land #6397 , Use bind_addresses rather than bind_address
2015-12-24 12:45:01 -06:00
wchen-r7
d41c77641f
Land #6396 , Fix PACKETSTORM warnings
2015-12-24 12:38:21 -06:00
Jon Hart
beb2fa9f92
Use bind_addresses rather than bind_address; fixes #6394
2015-12-24 09:20:21 -08:00
Jon Hart
283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
...
Fix the affected modules
2015-12-24 09:12:24 -08:00
Jon Hart
27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL
2015-12-24 09:05:02 -08:00
Jon Hart
efdb6a8885
Land #6392 , @wchen-r7's 'def peer' cleanup, fixing #6362
2015-12-24 08:53:32 -08:00
sinn3r
3c2e2c65e2
Merge pull request #37 from jhart-r7/pr/fixup-6392
...
Remove more peers
2015-12-24 10:39:18 -06:00
wchen-r7
e191bf8ac3
Update description, and fix a typo
2015-12-24 10:35:05 -06:00
Brent Cook
43fb27d234
Land #6111 , geo and cell collection with Android Meterpreter
...
This also includes meterpreter python extension fixes.
2015-12-24 10:16:40 -06:00
Brent Cook
5bd1c11d74
update to metasploit-payloads 1.0.21
2015-12-24 10:14:46 -06:00
Brent Cook
9c410e02e3
Merge branch 'master' into land-6111-android
2015-12-24 10:13:25 -06:00
Jon Hart
f8943f4821
Remove peer; defined in lib/msf/core/post/common.rb
2015-12-24 07:57:16 -08:00
Jon Hart
3535cf3d18
Remove peer; included via HttpClient in lib/msf/core/exploit/mssql_sqli.rb
2015-12-24 07:51:12 -08:00
Jon Hart
0f2f2a3d08
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb
2015-12-24 07:46:55 -08:00
Jon Hart
cb752a4bcf
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb
2015-12-24 07:46:23 -08:00
Jon Hart
c55f61d2d7
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/smtp.rb
2015-12-24 07:44:36 -08:00
Brent Cook
17ad41070b
Land #6380 , allow linux x86 meterpreter in the pref list
2015-12-23 16:10:26 -06:00
Brent Cook
e4f9594646
Land #6331 , ensure generic payloads raise correct exceptions on failure
2015-12-23 15:43:12 -06:00
Brent Cook
7444f24721
update whitespace / syntax for java_calendar_deserialize
2015-12-23 15:42:27 -06:00
Jon Hart
e3eafff7c9
Land #6237 , @jww519's aux module for Android CVE-2012-6301
2015-12-23 13:27:09 -08:00
Brent Cook
6eda702b25
Land #6292 , add reverse_tcp command shell for Z/OS (MVS)
2015-12-23 14:11:37 -06:00
jww519
6a52807673
Merge pull request #2 from jhart-r7/pr/fixup-6237
...
Address style/usability concerns in Android CVE-2012-6301 module
2015-12-23 14:42:09 -05:00
wchen-r7
cea3bc27b9
Fix #6362 , avoid overriding def peer repeatedly
...
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
Brent Cook
5a19caf10a
remove temp file
2015-12-23 11:42:09 -06:00
wchen-r7
e8c0e334a2
Land #6391 , remove duplicate key warning from Ruby 2.2.x
2015-12-23 11:10:50 -06:00
Brent Cook
493700be3a
remove duplicate key warning from Ruby 2.2.x
...
This gets rid of the warning:
modules/exploits/multi/http/uptime_file_upload_2.rb:283: warning: duplicated key at line 284 ignored: "newuser"
2015-12-23 10:39:35 -06:00
Christian Mehlmauer
424e7b6bfe
Land #6384 , more joomla rce references
2015-12-22 22:54:58 +01:00
Brent Cook
84675e352b
Land #6249 , check for nil when using read_exactly_n_bytes
2015-12-22 15:48:39 -06:00
JT
18398afb56
Update joomla_http_header_rce.rb
2015-12-23 05:48:26 +08:00
Brent Cook
3f4c6eb370
Land #5383 , allow tunneling reverse_tcp meterpreter sessions without 'route add'
2015-12-22 15:42:42 -06:00
JT
cc40c61848
Update joomla_http_header_rce.rb
2015-12-23 05:38:57 +08:00
wchen-r7
21b628aa02
Land #6387 , update exploits/multi/http/joomla_http_header_rce
...
Use the new Joomla mixin
2015-12-22 15:01:55 -06:00
Brent Cook
4848c70b76
Land #6357 , allow tunneling reverse_tcp meterpreter sessions without 'route add'
...
Also removes the limit of 127.0.0.1 as a host address.
2015-12-22 14:55:53 -06:00
Brent Cook
9bbf2af86c
update to metasploit_data_models 1.2.10 (remove 127.0.0.1 filter)
2015-12-22 14:53:21 -06:00
wchen-r7
9063ee44f4
Land #6381 , Fix post/multi/manage/shell_to_meterprete uname
2015-12-22 14:44:28 -06:00
Christian Mehlmauer
f6eaff5d96
use the new and shiny joomla mixin
2015-12-22 21:36:42 +01:00
Christian Mehlmauer
57b850c7af
Land #6373 , joomla mixin
2015-12-22 21:10:46 +01:00
wchen-r7
951a76f99f
Land #6283 , fix typo in nessus plugin
2015-12-22 10:02:35 -06:00
JT
314e902098
Add original exploit discoverer and exploit-db ref
...
Adding Gary @ Sec-1 ltd for the original exploit and two exploit-db references. Marc-Alexandre Montpas modified Gary's exploit that uses "User-Agent" header. Marc-Alexandre Montpas used "X-FORWARDED-FOR" header to avoid default logged to access.log
2015-12-22 22:44:59 +08:00