jvazquez-r7
308b880d79
Land #1759 , @andrewkabai's exploit for SAP Portal Command Execution
2013-04-26 08:44:11 -05:00
Meatballs
c7ac647e4e
Initial attempt lfi
2013-04-26 14:32:18 +01:00
Andras Kabai
5839e7bb16
simplify code
2013-04-26 12:14:42 +02:00
Andras Kabai
4aadd9363d
improve description
2013-04-26 12:13:45 +02:00
jvazquez-r7
dcd54487b1
Land #1771 , @wchen-r7's fix for ppr address on badblue_passthru
2013-04-25 21:16:35 -05:00
sinn3r
d868aee994
Landing #1768 - Adds a delay option for file_dropper.rb
...
[Closes #1768 ]
2013-04-25 21:02:34 -05:00
sinn3r
eae1cb5afa
Let's word this a little differently
2013-04-25 21:01:53 -05:00
sinn3r
b1e49e7116
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2013-04-25 20:54:28 -05:00
sinn3r
d8be6b1b02
Landing #1768 - Adds a delay to file_dropper
...
[Closes #1768 ]
2013-04-25 20:52:58 -05:00
sinn3r
5b0ae1476b
Let's word this a little differently
2013-04-25 20:52:51 -05:00
Meatballs
b58a775af5
Added opt delay to file_dropper
2013-04-25 20:52:51 -05:00
sinn3r
71e055a5c2
Let's word this a little differently
2013-04-25 20:44:57 -05:00
jvazquez-r7
a217ca8bc7
Land #1763 , @wchen-r7's modification to add js_ajax_download
2013-04-25 20:43:24 -05:00
sinn3r
f3f60f3e02
Fixes P/P/R for target 0 (BadBlue 2.72b)
...
Target 1, which covers 2.72b, uses an invalid P/P/R from some unknown
DLL, and appears to be broken. Because 2.72b actually uses the same
ext.dll as BadBlue EE 2.7 (and that target 0 actually also works
against 2.72b), we might as well just use the same P/P/R again.
[FixRM #7875 ]
2013-04-25 20:20:24 -05:00
sinn3r
008266a581
Corrects documentation. Thanks Meatballs1
2013-04-25 19:13:16 -05:00
jvazquez-r7
bf0375f0e9
Fix @jlee-r7's feedback
2013-04-25 18:43:21 -05:00
jvazquez-r7
8eea476cb8
Build the jnlp uri when resource is available
2013-04-25 18:43:21 -05:00
jvazquez-r7
cc961977a2
Add bypass for click2play
2013-04-25 18:43:21 -05:00
James Lee
e2dece6f0e
Make sure xor encoders work with odd padding
2013-04-25 15:45:06 -05:00
sinn3r
ff87e3622b
Changes made according to feedback from Juan and James
2013-04-25 15:19:44 -05:00
jvazquez-r7
9b5e96b66f
Fix @jlee-r7's feedback
2013-04-25 14:53:09 -05:00
jvazquez-r7
52b721c334
Update description
2013-04-25 14:47:35 -05:00
jvazquez-r7
84e9f80ffa
Add check for WP-Super-Cache
2013-04-25 14:43:16 -05:00
Andras Kabai
9dd9b2d1ba
implement cleanup functionality
...
register DELETE_FILES advanced option to take control of the cleanup
functionality of CmdStagerVBS and FileDropper, implement the necessary
changes
2013-04-25 20:02:24 +02:00
jvazquez-r7
15c8d92148
Fix version checked and add reference
2013-04-25 12:48:36 -05:00
Meatballs
78c9e9a203
Added opt delay to file_dropper
2013-04-25 18:11:45 +01:00
Andras Kabai
a28ef1847b
update references
2013-04-25 18:26:13 +02:00
Tod Beardsley
d570923b62
Merge #1767 , @jvennix-r7's .webarchive UXSS
...
For disclosure details, see:
https://community.rapid7.com/community/metasploit/blog/2013/04/18/abusing-safaris-webarchive-file-format
2013-04-25 11:22:02 -05:00
Joe Vennix
993356c73e
Add safari webarchive uxss to framework as an aux module.
2013-04-25 11:14:16 -05:00
James Lee
1ec6884bfa
Use before(:each) instead of :all
...
Fixes deprecation warnings in newer rspec like these
WARNING: subject accessed in a `before(:all)` hook at:
/metasploit-framework/spec/lib/rex/post/meterpreter/packet_spec.rb:455:in `block (3 levels) in <top (required)>'
This is deprecated behavior that will not be supported in RSpec 3.
Also switches to using named subjects for easier reading.
2013-04-25 10:28:30 -05:00
jvazquez-r7
b67fcd3219
Add OSVDB ref to sap_configservlet_exec_noauth
2013-04-25 08:13:32 -05:00
jvazquez-r7
7d317e5933
Switch from post to get on check
2013-04-25 07:51:28 -05:00
jvazquez-r7
d55faa14d3
Add check function
2013-04-25 07:44:37 -05:00
Andras Kabai
676f2f5f4a
implement "check" functionality
2013-04-25 07:47:30 +02:00
Andras Kabai
3b46d5d4cd
fix typos
2013-04-25 07:22:16 +02:00
Andras Kabai
2759ef073e
correction on error handling
2013-04-25 07:19:27 +02:00
Andras Kabai
6b14ac5e71
add rank to module
2013-04-25 07:07:35 +02:00
jvazquez-r7
51fd07a145
Add BID reference
2013-04-24 21:48:05 -05:00
jvazquez-r7
378c2079a2
Add hdm also as author
2013-04-24 17:37:29 -05:00
sinn3r
6642545551
Adds new JavaScript function "js_download"
...
"js_download" is a JavaScript function used to download data (text
or binary) from the web server.
2013-04-24 17:36:45 -05:00
jvazquez-r7
b816dd569c
Update description
2013-04-24 17:34:25 -05:00
jvazquez-r7
573e880a62
Use the correct post id when posting
2013-04-24 17:30:24 -05:00
jvazquez-r7
ded0269ba0
Add POST ID bruteforcing capabality
2013-04-24 17:21:36 -05:00
jvazquez-r7
fca4c3b8b2
Add sha1 sum check to allow execution
2013-04-24 16:10:49 -05:00
jvazquez-r7
d2e29b846c
Add module for Wordpress Total Cache PHP Injection
2013-04-24 15:29:40 -05:00
Andras Kabai
f22d19a10c
remove unused code block
...
ARCH_CMD was implemented in previous version of this code.
2013-04-24 21:51:35 +02:00
Samuel Huckins
2ac87276e4
Bumps MDM version to latest. Depends on
...
https://github.com/rapid7/metasploit_data_models/pull/15 being landed.
2013-04-24 14:32:59 -05:00
James Lee
01d790eb54
Land #1748 , fix for java meterp network prefixes
...
[Closes #1748 ]
2013-04-24 12:27:28 -05:00
James Lee
a7effaf9c6
Add bins for #1748
2013-04-24 12:27:05 -05:00
Andras Kabai
0339be229a
implement dynamic timeout handling
2013-04-24 18:22:37 +02:00