jvazquez-r7
79a6f8c2ea
Clean php_wordpress_optimizepress
2013-12-02 15:43:41 -06:00
sinn3r
19293d89dd
Land #2704 - rm script launcher and fix file_exists?
2013-12-02 15:05:01 -06:00
Peter Toth
44e37f1b98
Improved meterpreter compatibility
2013-12-02 21:43:58 +01:00
sinn3r
4d3d02ae01
Land #2667 - Add num and dword output format
2013-12-02 13:52:17 -06:00
Joshua Harper
d1dd7c291b
cosmetic (indentation)
...
https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r7977962
2013-12-02 13:16:48 -06:00
sinn3r
20e0a7dcfb
Land #2709 - ZyXEL GS1510-16 Password Extractor
2013-12-02 13:13:01 -06:00
Sven Vetsch / Disenchant
39fbb59ba9
re-added the reference I accidentally deleted
2013-12-02 19:06:19 +01:00
Sven Vetsch / Disenchant
cb98d68e47
added @wchen-r7's code to store the password into the database
2013-12-02 18:35:59 +01:00
jvazquez-r7
ba39a8e826
Land #2705 , @jjarmoc's user object configuration on rails_devise_pass_reset
2013-12-02 11:04:29 -06:00
sinn3r
bd5113c477
Land #2710 - Cisco Prime Data Center Network Manager Arbitrary File Upload
2013-12-02 11:01:53 -06:00
jvazquez-r7
7e379376dc
Land #2635 , @peto01 and @jvennix-r7's osx post module to manage volumes
2013-12-02 09:22:23 -06:00
jvazquez-r7
cc2b7950bf
Do minor cleanup to mount_share
2013-12-02 09:21:36 -06:00
jvazquez-r7
d18d30a35e
Land #2706 , @wchen-r7's enum_tomcat description update
2013-12-02 09:01:53 -06:00
jvazquez-r7
8d6a534582
Change title
2013-12-02 08:54:37 -06:00
jvazquez-r7
24d09f2085
Land #2700 , @juushya's Oracle ILO Brute Forcer login
2013-12-02 08:53:10 -06:00
jvazquez-r7
41f8a34683
Use attempts
2013-12-02 08:43:22 -06:00
jvazquez-r7
433d21730e
Add ATTEMPTS option
2013-12-02 08:42:25 -06:00
Peter Toth
dcd89c83bc
Merge pull request #2 from jvennix-r7/review_osx_mount_pr_2
...
Add support for 10.5 shares.
2013-12-02 05:19:58 -08:00
corelanc0d3r
474a03475f
sorted out the sorts without .sort
2013-12-02 11:57:52 +01:00
joev
040a629f34
Kill meterpreter support.
...
* Meterpreter seems to fall over on the cmd escaping, and dies if you
try to pass it an array of args (python/java meterpreter on various versions
of osx).
2013-12-01 20:17:43 -06:00
joev
2de9a4f3c1
Add support for 10.5 shares.
2013-12-01 20:13:54 -06:00
jvazquez-r7
b9192c64aa
Fix @wchen-r7's feedback
2013-12-01 19:55:53 -06:00
sinn3r
f89a3a6745
Land #2712 - Remove milworm (MIL) identifier
...
milworm no longer exists. And modules no longer use it as a reference.
2013-12-01 15:13:56 -06:00
Sven Vetsch / Disenchant
8e73023baa
and now in the correct data structure
2013-12-01 17:38:35 +01:00
Sven Vetsch / Disenchant
ef77b7fbbf
added reference as requested at https://github.com/rapid7/metasploit-framework/pull/2709
2013-12-01 17:36:15 +01:00
Mekanismen
57b7d89f4d
Updated
2013-12-01 09:06:41 +01:00
yehualiu
8254c0bae2
this site is down
2013-12-01 14:26:03 +08:00
Mekanismen
045b848a30
added exploit module for optimizepress
2013-11-30 21:51:56 +01:00
jvazquez-r7
3417c4442a
Make check really better
2013-11-30 09:47:34 -06:00
jvazquez-r7
749e6bd65b
Do better check method
2013-11-30 09:46:22 -06:00
jvazquez-r7
0a7c0eea78
Fix references
2013-11-29 23:13:07 -06:00
jvazquez-r7
691d47f3a3
Add module for ZDI-13-255
2013-11-29 23:11:44 -06:00
Sven Vetsch / Disenchant
aa62800184
added ZyXEL GS1510-16 Password Extractor
2013-11-29 10:42:17 +01:00
Karn Ganeshen
bc41120b75
Updated
2013-11-29 12:47:47 +05:30
sinn3r
de1a29c6fa
Land #2707 - Fix metsrv.dll name issue in metsvc script
...
[FixRM #8707 ]
2013-11-28 18:45:06 -06:00
OJ
bcab716ec0
Add the binaries from the meterpreter repo
...
Given this is a new extension, building bins and including them in this
PR can't cause any issues regarding lost functionality (like it can
with existing bins).
Adding to this PR so that it's easier to test and land.
2013-11-29 09:02:07 +10:00
Meatballs
6fe9e891a9
Land #2698 Reflective DLL Submodule
...
Adds a Reflective DLL submodule in external pointing at the Rapid7 fork
Updates kitrap0d to use above submodule
Adds a make.bat file to create kitrap0d
2013-11-28 20:56:48 +00:00
sinn3r
d2bbc41940
Land #2708 - ABB MicroSCADA wserver.exe Remote Code Execution
2013-11-28 12:20:37 -06:00
sinn3r
8817c0eee0
Change description a bit
...
Try to make this sound smoother
2013-11-28 12:19:42 -06:00
jvazquez-r7
807e2dfd31
Fix title
2013-11-28 10:53:12 -06:00
jvazquez-r7
7dee4ffd4d
Add module for ZDI-13-270
2013-11-28 10:47:04 -06:00
Karn Ganeshen
1109a1d157
Updated
2013-11-28 11:30:02 +05:30
Jeff Jarmoc
03838aaa79
Update rails_devise_pass_reset.rb
...
Fixed erroneous status if FLUSHTOKENS is false.
2013-11-27 22:27:45 -06:00
Thomas Hibbert
d1e4975f76
Use res.get_cookies instead of homebrew parse. Use _cgi
2013-11-28 16:35:36 +13:00
Joshua Harper
cdf6ffa70d
Complete refactor with lots of help from @kernelsmith and @OJ. Thank you guys so much.
2013-11-27 21:02:48 -06:00
OJ
0c59c885c4
Fix metsrv.dll name issue
...
As mentioned here https://community.rapid7.com/thread/3788 the metsvc
script was still looking for the old file name for metsrv.dll, which
was causing the script to fail.
This commit fixes this issue. A hash is used to indicate local and remote
file names so that the remote can continue to use metsrv.dll, but it
is correctly located on disk locally.
2013-11-28 11:48:11 +10:00
sinn3r
a8af050c16
Update post module Apache Tomcat description
...
This module's description needs to be more descriptive, otherwise
you kind of have to pull the source code to see what it actually
does for you.
2013-11-27 19:21:27 -06:00
sinn3r
a02e0ee3e4
Land #2682 - Kimai v0.9.2 'db_restore.php' SQL Injection
2013-11-27 19:10:44 -06:00
OJ
0b879d8f39
Comments for WfsDelay, adjustment to injection
...
I had inteded to add the `WfsDelay` as Meatballs suggested, but for locl
exploits this doesn't appear to work as expected. After speaking to HDM
we've decided to leave the sleep in there and figure out the `WsfDelay`
thing later.
This also includes a slight refactor which puts the payload and the
exploit in the same chunk of allocated memory. Minor optimisation, but
worth it.
2013-11-28 08:42:16 +10:00
Jeff Jarmoc
7f8baf979d
Adds the ability to configure object name in URI and XML. This allows exploiting other platforms that include devise.
...
For example, activeadmin is exploitable if running a vulnerable devise and rails version with the following settings;
msf > use auxiliary/admin/http/rails_devise_pass_reset
msf auxiliary(rails_devise_pass_reset) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf auxiliary(rails_devise_pass_reset) > set RPORT 3000
RPORT => 3000
msf auxiliary(rails_devise_pass_reset) > set TARGETEMAIL admin@example.com
TARGETEMAIL => admin@example.com
msf auxiliary(rails_devise_pass_reset) > set TARGETURI /admin/password
TARGETURI => /admin/password
msf auxiliary(rails_devise_pass_reset) > set PASSWORD msf_pwnd
PASSWORD => msf_pwnd
msf auxiliary(rails_devise_pass_reset) > set OBJECTNAME admin_user
OBJECTNAME => admin_user
msf auxiliary(rails_devise_pass_reset) > exploit
[*] Clearing existing tokens...
[*] Generating reset token for admin@example.com...
[+] Reset token generated successfully
[*] Resetting password to "msf_pwnd"...
[+] Password reset worked successfully
[*] Auxiliary module execution completed
msf auxiliary(rails_devise_pass_reset) >
2013-11-27 15:35:43 -06:00