Commit Graph

21601 Commits (8e4c5dbb5e1c306efc90f6c76ac191fa9342002d)

Author SHA1 Message Date
sinn3r 8a0ebcbac7 Adds method get_module_resource 2013-10-31 14:34:38 -05:00
sinn3r 10fd892827 Fix a "undefined method to_sym" bug
If something is undetectable, the value may be empty, which triggers
a undefined method error because the regex always assumes there is
something. So instead of +, we use *.
2013-10-31 14:06:05 -05:00
sinn3r 6e7e5a0ff9 Put postInfo() in the js directory 2013-10-31 13:55:22 -05:00
sinn3r 735b879e3c Add an example/testcase for BrowserExploitServer 2013-10-31 13:18:45 -05:00
sinn3r 00efad5c5d Initial commit for BrowserExploitServer mixin 2013-10-31 13:17:06 -05:00
jvazquez-r7 c5778f51d7
Land #2594, @jvennix-r7's firefox 25 js detection 2013-10-31 09:22:37 -05:00
jvazquez-r7 58fa67faa3
Land #2597, @wvu-r7's fix for files permissions 2013-10-31 08:18:42 -05:00
root 5c923757e8 Removed generic command execution capability 2013-10-30 21:35:24 -04:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
William Vu 3e1ae4c9b3
Land #2504, @todb-r7's edit command for msfconsole 2013-10-30 15:38:07 -05:00
William Vu b76c13b57d
Land #2596, resplat new WMI module 2013-10-30 15:34:24 -05:00
Tod Beardsley 900ccc7ec9
VISUAL is okay. Also doesn't need to be a path.
I don't believe this opens an untoward attack vector -- if your attacker
can run Metasploit locally, you have much bigger problems.
2013-10-30 15:34:23 -05:00
Tod Beardsley e488a54a06
Resplat new WMI module 2013-10-30 15:14:16 -05:00
William Vu 0735bee635
Land #2595, CVE update for vtiger_php_exec 2013-10-30 14:03:06 -05:00
Tod Beardsley 98224ee89f
CVE update for vtiger issue 2013-10-30 13:48:35 -05:00
William Vu b3c4dfcb04
Land #2593, updated refs for @brandonprry's stuff 2013-10-30 12:29:47 -05:00
Tod Beardsley 344413b74d
Reorder refs for some reason. 2013-10-30 12:25:55 -05:00
Tod Beardsley 32794f9d37
Move OpenBravo to aux module land 2013-10-30 12:20:04 -05:00
joev 4425cf1dc1 Add support for firefox 25.
Also replaces a bunch of missing semicolons.
2013-10-30 12:19:22 -05:00
Tod Beardsley 17d796296c
Un-dupe References for ispconfig 2013-10-30 12:03:35 -05:00
Tod Beardsley 0d480f3a7d
Typo fix 2013-10-30 11:38:04 -05:00
Tod Beardsley 97a4ca0752
Update references for FOSS modules 2013-10-30 11:36:16 -05:00
Tod Beardsley 78381316a2
Add @brandonprry's seven new modules
Already reviewed privately, no associated PR.
2013-10-30 11:04:21 -05:00
Tod Beardsley 5b76947767
Add a few more modules. 2013-10-30 10:25:48 -05:00
OJ 2fbac9b129 Add `getproxy` command
This command pulls out system proxy details on windows machines.
2013-10-30 18:40:51 +10:00
jvazquez-r7 c8ceaa25c6
Land #2589, @wvu-r7's exploit for OSVDB 98714 2013-10-29 14:56:30 -05:00
jvazquez-r7 9f81aeb4ad Fix style 2013-10-29 14:55:16 -05:00
William Vu 5af42f2c28 Add short comment on why the padding is necessary 2013-10-29 11:46:10 -05:00
William Vu e368cb0a5e Add Win7 SP1 to WinXP SP3 target 2013-10-29 10:45:14 -05:00
jvazquez-r7 1b75aef614
Land #2591, @bcoles's exploit for ProcessMaker 2013-10-29 09:54:23 -05:00
jvazquez-r7 c4c171d63f Clean processmaker_exec 2013-10-29 09:53:39 -05:00
jvazquez-r7 26af6452da
Land #2588, @wvu-r7's permissions change for cmdstager_printf.rb 2013-10-29 08:07:19 -05:00
bcoles 3eed800b85 Add ProcessMaker Open Source Authenticated PHP Code Execution 2013-10-29 23:27:29 +10:30
William Vu 665f6c3e35
Land #2590, gsub nil fix for mimikatz 2013-10-29 00:58:16 -05:00
OJ 606411de81 Fix mimikatz error when password is nil
In some cases the password value that comes out of mimikatz results
is `nil`, instead of an empty string. This fixes this so that if
the string is `nil` is falls back to an empty string, resulting in
the call to `gsub` working instead of failing.
2013-10-29 15:13:32 +10:00
William Vu ea7bba4035 Add Beetel Connection Manager NetConfig.ini BOF 2013-10-28 22:52:02 -05:00
William Vu 333a0d5820 chmod -x cmdstager_printf.rb 2013-10-28 18:47:14 -05:00
Brandon Turner 4b7a438d45 Merge pull request #2587 from todb-r7/release-fixup
Release fixups
2013-10-28 12:26:17 -07:00
Tod Beardsley 4128aa8c08
Resplat and tabs 2013-10-28 14:03:15 -05:00
Tod Beardsley 9045eb06b0
Various title and description updates 2013-10-28 14:00:19 -05:00
Tod Beardsley 9bb9f8b27b
Update descriptions on SMB file utils. 2013-10-28 13:48:25 -05:00
Tod Beardsley 0f63420e9f
Be specific about the type of hash
See #2583. Since there are several types of hashes, we need to be more
specific about this -- see modules/exploits/windows/smb/psexec.rb which
uses an "smb_hash" as a password type.

Also, the fixes in #2583 do not appear to address anything else reported
on the Redmine issue, namely, operating system and architecture
identification discovered with this module (assuming good credentials).
Therefore, the Redmine issue should not be considered resolved.

[SeeRM #4398]
2013-10-28 13:40:07 -05:00
William Vu 1fee3ce952
Land #2584, reporting for energizer_duo_detect 2013-10-28 10:48:20 -05:00
jvazquez-r7 efcfc9eef7
Land #2273, @kaospunk's enum domain feature for owa_login 2013-10-28 09:47:54 -05:00
jvazquez-r7 71a1ccf771 Clean owa_login enum_domain feature 2013-10-28 09:46:41 -05:00
jvazquez-r7 2b5e2df94e
Land #2568, @h0ng10's update of SAP url's wordlist 2013-10-28 09:01:33 -05:00
jvazquez-r7 e88e523eaa Delete newline 2013-10-28 09:01:00 -05:00
sinn3r 87dc58191d
Land #2583 - Report creds to db 2013-10-26 23:22:40 -05:00
sinn3r 69823be7cf
Land #2586 - require 'msf/core/exploit/powershell' 2013-10-26 00:44:49 -05:00
William Vu 278dff93e7 Add missing require for Msf::Exploit::Powershell
Thanks for the report, @mubix.
2013-10-25 21:41:24 -05:00