Commit Graph

26851 Commits (972470c2416e1629497ade80505508a987e3183e)

Author SHA1 Message Date
Tod Beardsley ee968db9ef
Include .rubocop.yml from PR #3649 2014-08-14 11:20:19 -05:00
Tod Beardsley fbb8262704
More .rubocop.yml exceptions
While we expect to remove Rubocop via PR rapid7#3639 , the Rubocop YAML
file is still useful for those developers that want to use Rubocop on
their own. Like me, for instance.
2014-08-14 11:17:14 -05:00
Brandon Turner 62b81d6814 Merge pull request #3644 from dmaloney-r7/bug/MSP-11050/rails_root
MSP-11050 #land
2014-08-14 08:52:15 -05:00
sinn3r f91116a8e8
Land #3634 - Virtual box 3D Acceleration OpenGL Host escape 2014-08-13 20:08:13 -05:00
kaospunk 5ed3e6005a Implement suggestions
This commit addresses feedback such as adding a check
function and changing the login fail case by being
more specific on what is checked for. The failing
ARCH_CMD payloads were addressed by adding BadChars.
Last, an ARCH_PYTHON target was added based on
@zerosteiner's feedback.
2014-08-13 20:26:48 -04:00
jvazquez-r7 127d094a8d Dont share once device is opened 2014-08-13 16:13:38 -05:00
sinn3r 558cea6017
Land #3638 - Add VMTurbo Operations Manager 'vmtadmin.cgi' RCE 2014-08-13 11:55:56 -05:00
jvazquez-r7 e0ed777d0b
Land #3646, @Meatballs1 tidy of virtual_box_guest_additions 2014-08-13 08:44:10 -05:00
Meatballs 05a198bc96
Correct spelling 2014-08-13 14:06:25 +01:00
Spencer McIntyre 56c96f3aa2
Land #3647, @Meatballs1 correct unpack specifier 2014-08-13 08:44:38 -04:00
Meatballs 256204f2af
Use correct pack/unpack specifier 2014-08-13 11:36:16 +01:00
Meatballs 4a01c27ed4
Use get_env and good pack specifier 2014-08-13 10:59:22 +01:00
Emilio Pinna 4ff73a1467 Add version build check 2014-08-13 09:53:43 +02:00
James Lee b7e4bd4080
Fix 'domain\user' reporting in mremote 2014-08-12 18:01:42 -05:00
jvazquez-r7 50e2e325d7
Land #3534, @KoreLogicSecurity's exploit for CVE-2014-2477 2014-08-12 17:18:34 -05:00
jvazquez-r7 da4b572a0d Change module name 2014-08-12 17:17:26 -05:00
jvazquez-r7 3eccc12f50 Switch from vprint to print 2014-08-12 17:11:24 -05:00
jvazquez-r7 f203fdebcb Use Msf::Exploit::Local::WindowsKernel 2014-08-12 17:09:39 -05:00
jvazquez-r7 e1debd68ad Merge to update 2014-08-12 16:21:39 -05:00
jvazquez-r7 183b27ee27 There is only one target 2014-08-12 16:14:41 -05:00
jvazquez-r7 c8e4048c19 Some style fixes 2014-08-12 16:11:31 -05:00
jvazquez-r7 ea3d2f727b Dont fail_with while checking 2014-08-12 16:09:59 -05:00
Emilio Pinna 3440f82b2e Minor description adjustment 2014-08-12 22:18:59 +02:00
Emilio Pinna 9e38ffb797 Add the check for the manual payload setting 2014-08-12 21:55:42 +02:00
sinn3r b84192c654
Land #3642 - Be sure which the full payload is used 2014-08-12 14:52:26 -05:00
jvazquez-r7 93990f4578
Land #3631, @wchen-r7's fixes to avoid datastore options assignment at runtime 2014-08-12 14:46:02 -05:00
jvazquez-r7 b46b6af50d
Land #3630, @wchen-r7's fix for datastore assignments on smb_enumusers 2014-08-12 14:26:55 -05:00
David Maloney 84374fe92c
Merge branch 'staging/electro-release' into bug/MSP-11050/rails_root 2014-08-12 13:54:38 -05:00
David Maloney 12f1234296 always set our rails root to our root
this works fine when calling any framework binaries
from their path as CWD. if you call tehm from another path
you will get an incorrect root which can cause certain things to load
incorrectly

Signed-off-by: David Maloney <DMaloney@rapid7.com>
2014-08-12 13:53:28 -05:00
jvazquez-r7 33da1a6871 Give a chance to the mixin 2014-08-12 13:49:39 -05:00
Emilio Pinna 5b6be55c50 Fix (properly) 'execute_command()' missing 'opts' parameter 2014-08-12 19:49:27 +02:00
Tod Beardsley bbcd63cd10
Update Gemfile.lock as well for PR #3639 2014-08-12 12:28:39 -05:00
Emilio Pinna 3af17ffad0 Fixed 'execute_command()' missing 'opts' parameter 2014-08-12 19:24:24 +02:00
Samuel Huckins fc65a45d94
Merge branch 'electro-remove-rubocop' into staging/electro-release 2014-08-12 12:03:16 -05:00
jvazquez-r7 042423088c Make sure which the full payload is used 2014-08-12 11:41:29 -05:00
David Maloney fcfce9efec
Merge branch 'staging/electro-release' into feature/MSP-10992/scanner-dry 2014-08-12 11:22:51 -05:00
Brandon Turner c937c4b8b3 Merge pull request #3641 from limhoff-r7/bug/MSP-11046/resource
MSP-11046 #land
2014-08-12 11:10:39 -05:00
Tod Beardsley 6b262cb3b4
Remove rubocop and msftidy touchpoints
This replicates PR rapid7#3639 for the staging/electro-release branch

Rubocop replaces the default YAML library which makes development
testing difficult. It does not cause problems on Travis, but according
to reports, it does cause instability with many individual dev
environments.

While I would love to have a more solid source of this bug report, right
now this was an oral report from @shuckins-r7 (who I tend to believe a
lot).

(Conflict resolved on rubocop.yml)
2014-08-12 10:51:09 -05:00
Luke Imhoff e051272a20
Fix typo
MSP-11046

`ActiveSupport::OrderedOptions` automatically create an attribute for
any missing keys, so when `options.console.resource` was used it would
return `nil` instead of the erroring.  The correct option name was
`options.console.resources` (note the pluralization).
2014-08-12 10:49:35 -05:00
Luke Imhoff 225c6da616
Remove rubocop because it causes backtrace
MSP-11046

See https://gist.github.com/limhoff-r7/7c398b5f4c44ed40cf1f
2014-08-12 10:47:26 -05:00
Tod Beardsley 47cb906408
Remove rubocop and msftidy touchpoints
Rubocop replaces the default YAML library which makes development
testing difficult. It does not cause problems on Travis, but according
to reports, it does cause instability with many individual dev
environments.

While I would love to have a more solid source of this bug report, right
now this was an oral report from @shuckins-r7 (who I tend to believe a
lot).
2014-08-12 10:37:58 -05:00
Luke Imhoff 427cc5f7ed
Merge remote-tracking branch 'upstream/staging/electro-release' into staging/electro-release 2014-08-12 10:04:58 -05:00
Emilio Pinna f71589f534 Simplify payload upload using 'CmdStager' mixin 2014-08-12 10:49:17 +02:00
sinn3r 4aeb1eda9c Don't use datastore options as default values 2014-08-11 18:55:32 -05:00
kaospunk 4e6a04d3ad Modifications for login and key addition
This commit adds additional support for logging in
on multiple versions of Gitlab as well as adding a
key to exploit the vulnerability.
2014-08-11 19:54:10 -04:00
Emilio Pinna cc5770558d Remove local payload saving used for debugging 2014-08-11 19:16:14 +02:00
Emilio Pinna 4790b18424 Use FileDropper mixin to delete uploaded file 2014-08-11 19:02:09 +02:00
Emilio Pinna ac526ca9bd Fix print_* to vprint_* in check method 2014-08-11 18:58:11 +02:00
Emilio Pinna 4b4b24b79d Fix errors printing 2014-08-11 18:54:43 +02:00
Emilio Pinna c97cd75beb Rephrase 'Author' section 2014-08-11 18:52:21 +02:00