6c11054d5a
Bump version of framework to 4.12.0
2016-05-13 11:46:03 -07:00
fd543f13af
fix deps
2016-05-13 13:34:18 -05:00
348a4f9fa8
Merge branch 'master' into staging/rails-upgrade
2016-05-13 13:03:22 -05:00
5099124f3d
module compiles, fails correctly but cant yet verify it works
2016-05-12 22:18:43 -04:00
7fcddd5a05
Add axis2 payload generator
2016-05-12 22:48:07 +02:00
2d5cf6cfe4
Authorized FTP JCL exploit for z/OS
...
This exploit module allows a user with credentials to execute JCL on a
vulnerable mainframe system running z/OS and an appropriately configured
FTP server.
2016-05-12 14:46:31 -05:00
13adc3ee0a
Land #6865 , Add CVE-2015-3224 support to rails_web_console_v2_code_exec
2016-05-12 13:56:01 -05:00
a69432abe5
update module class and move to recon from manage
2016-05-12 12:42:04 -05:00
9f923cdb00
Merge branch 'master' into land-6296-egress
2016-05-12 12:36:47 -05:00
d9abb06a5a
Merge branch 'master' into staging/rails-upgrade
2016-05-12 11:18:51 -05:00
11a672e31d
use raw file write for cuke
...
the write_file method from aruba
was not working properly anymore, replaced it
with a raw ruby file write
2016-05-12 11:17:53 -05:00
8f9762a3e5
Fix some comments
2016-05-12 00:19:18 -05:00
756673fcd7
Fix another typo
2016-05-12 00:13:53 -05:00
da293081a9
Fix a typo
2016-05-11 22:48:23 -05:00
9d128cfd9f
Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection
2016-05-11 22:27:18 -05:00
4b23d2dc58
Adjusting exception handling
...
This commit adjusts the error handling to close the socket before
calling fail_with and adds specific exceptions to catch
2016-05-11 17:18:51 -05:00
7edaa2abcc
still trying to fix these migrations
...
seeing odd behaviour with mgirations in
rspec
2016-05-11 14:54:40 -05:00
4c2fed37f9
tweak cucumber scenario
...
tweak the database.yml scenario slightly
2016-05-11 14:28:02 -05:00
2fb3123ef2
fix migration crazieness
...
MS-1486
2016-05-11 14:05:34 -05:00
993709e076
Land #6862 , jar payloads
...
lands FireFarts jar payload pr
2016-05-11 09:56:41 -05:00
32e1a19875
Fix up the disclosure date
2016-05-11 00:18:22 -05:00
ded79ce1ff
Fix CVE syntax
2016-05-10 23:18:45 -05:00
4a5d150716
Fixups to continue supporting Rails 4.2.x
2016-05-10 23:12:48 -05:00
04bb493ccb
Small typo fixed
2016-05-10 23:07:51 -05:00
32ae3e881e
Adding save_cred and exception handling to module
...
This commit adds a save_cred method for saving off the credentials
upon a successful login attempt. Also, exception handling surrounding
the opening of the telnet socket has been added to avoid any accidental
resource leaking.
2016-05-10 20:54:44 -05:00
7c6958bbd8
Rework rails_web_console_v2_code_exec to support CVE-2015-3224
2016-05-10 11:08:02 -05:00
af84e85174
fix exception suspending channels from meterpreter
2016-05-10 04:21:31 -05:00
3db72e9b4b
Land #6853 , use send_request_cgi! for CVE-2016-0854 exploit
2016-05-09 16:10:04 -05:00
e2dd844e34
reenable jar format
2016-05-09 21:25:23 +02:00
6142d2cef1
Merge branch 'master' into staging/rails-upgrade
2016-05-09 09:27:17 -05:00
8eb3193941
Adding TP-Link sc2020n Module
...
This module exploits a command injection vulnerability in
TP-Link sc2020n network video cameras in order to start the
telnet daemon on a random port. The module then connects to
the telnet daemon, which returns a root shell on the device.
2016-05-08 14:02:50 -05:00
805f98f599
Bump version of framework to 4.11.27
2016-05-06 11:32:46 -07:00
2a546d191f
Land #6854 , smtp header fix
...
Fixes an issue with duplicate headers when sending emails.
Fixes MS-1476
2016-05-06 12:07:12 -05:00
c15403a426
Fix #6838 , web-console module cleanup
...
ommit.
2016-05-06 12:01:21 -05:00
b6c1aae505
supress banners in cuke tests
2016-05-06 12:00:17 -05:00
1ffab935cc
pull dep mgirations from credential
...
credential pulls mdm, so we don't combine these
2016-05-06 11:57:40 -05:00
2abb062070
Clean up module
2016-05-06 11:51:29 -05:00
0b89277394
update deps
2016-05-06 11:49:07 -05:00
5a360be459
Merge branch 'master' into staging/rails-upgrade
2016-05-06 10:56:17 -05:00
e4e6246692
Merge branch 'master' of github.com:rapid7/metasploit-framework
2016-05-06 10:55:52 -05:00
3f4d0479aa
Land #6848 , ImageMagick Exploit
...
lands wvu's imagemaick exploit
2016-05-06 10:54:38 -05:00
a763863ff3
remove #truncate_session_desc
...
this method was absed around a char limit
for the desc column which no longer exists
trying to perform this operation generates an error
removing the method since it is not needed
2016-05-06 09:36:12 -05:00
8dc7de5b84
Land #6838 , add Rails web-console module
2016-05-05 15:53:52 -05:00
2bac46097f
Remove url() for MVG
...
Technically unnecessary here.
2016-05-05 14:18:42 -05:00
1bc2ec9c11
Update vulnerable versions to include 6.x (legacy)
2016-05-05 14:18:42 -05:00
334c432901
Force https://localhost for SVG and MVG
...
https: is all that's needed to trigger the bug, but we don't want wget
and curl to gripe. localhost should be a safe host to request.
2016-05-05 14:18:42 -05:00
26b749ff5a
Add default LHOST
...
This is a massive workaround and probably shouldn't be done. :-)
2016-05-05 14:18:42 -05:00
5c713d9f75
Set default payload
...
Land #6849 for this to be effective.
2016-05-05 14:18:42 -05:00
decd770a0b
Encode the entire SVG string
...
Because why not? Not like people care about what's around the command.
2016-05-05 14:18:42 -05:00
232cc114de
Change placeholder text to something useful
...
A la Shellshock. :)
2016-05-05 14:18:42 -05:00
Jenkins
David Maloney
h00die
Christian Mehlmauer
Bigendian Smalls
wchen-r7
Brent Cook
Nicholas Starke
HD Moore
Kyle Gray
William Vu
Louis Sato