Commit Graph

18043 Commits (981cc891bc92e46ac2a12763bde7b94188ac5c18)

Author SHA1 Message Date
jvazquez-r7 308b880d79 Land #1759, @andrewkabai's exploit for SAP Portal Command Execution 2013-04-26 08:44:11 -05:00
Meatballs c7ac647e4e Initial attempt lfi 2013-04-26 14:32:18 +01:00
Andras Kabai 5839e7bb16 simplify code 2013-04-26 12:14:42 +02:00
Andras Kabai 4aadd9363d improve description 2013-04-26 12:13:45 +02:00
jvazquez-r7 dcd54487b1 Land #1771, @wchen-r7's fix for ppr address on badblue_passthru 2013-04-25 21:16:35 -05:00
sinn3r d868aee994 Landing #1768 - Adds a delay option for file_dropper.rb
[Closes #1768]
2013-04-25 21:02:34 -05:00
sinn3r eae1cb5afa Let's word this a little differently 2013-04-25 21:01:53 -05:00
sinn3r b1e49e7116 Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master 2013-04-25 20:54:28 -05:00
sinn3r d8be6b1b02 Landing #1768 - Adds a delay to file_dropper
[Closes #1768]
2013-04-25 20:52:58 -05:00
sinn3r 5b0ae1476b Let's word this a little differently 2013-04-25 20:52:51 -05:00
Meatballs b58a775af5 Added opt delay to file_dropper 2013-04-25 20:52:51 -05:00
sinn3r 71e055a5c2 Let's word this a little differently 2013-04-25 20:44:57 -05:00
jvazquez-r7 a217ca8bc7 Land #1763, @wchen-r7's modification to add js_ajax_download 2013-04-25 20:43:24 -05:00
sinn3r f3f60f3e02 Fixes P/P/R for target 0 (BadBlue 2.72b)
Target 1, which covers 2.72b, uses an invalid P/P/R from some unknown
DLL, and appears to be broken.  Because 2.72b actually uses the same
ext.dll as BadBlue EE 2.7 (and that target 0 actually also works
against 2.72b), we might as well just use the same P/P/R again.

[FixRM #7875]
2013-04-25 20:20:24 -05:00
sinn3r 008266a581 Corrects documentation. Thanks Meatballs1 2013-04-25 19:13:16 -05:00
jvazquez-r7 bf0375f0e9 Fix @jlee-r7's feedback 2013-04-25 18:43:21 -05:00
jvazquez-r7 8eea476cb8 Build the jnlp uri when resource is available 2013-04-25 18:43:21 -05:00
jvazquez-r7 cc961977a2 Add bypass for click2play 2013-04-25 18:43:21 -05:00
James Lee e2dece6f0e Make sure xor encoders work with odd padding 2013-04-25 15:45:06 -05:00
sinn3r ff87e3622b Changes made according to feedback from Juan and James 2013-04-25 15:19:44 -05:00
jvazquez-r7 9b5e96b66f Fix @jlee-r7's feedback 2013-04-25 14:53:09 -05:00
jvazquez-r7 52b721c334 Update description 2013-04-25 14:47:35 -05:00
jvazquez-r7 84e9f80ffa Add check for WP-Super-Cache 2013-04-25 14:43:16 -05:00
Andras Kabai 9dd9b2d1ba implement cleanup functionality
register DELETE_FILES advanced option to take control of the cleanup
functionality of CmdStagerVBS and FileDropper, implement the necessary
changes
2013-04-25 20:02:24 +02:00
jvazquez-r7 15c8d92148 Fix version checked and add reference 2013-04-25 12:48:36 -05:00
Meatballs 78c9e9a203 Added opt delay to file_dropper 2013-04-25 18:11:45 +01:00
Andras Kabai a28ef1847b update references 2013-04-25 18:26:13 +02:00
Tod Beardsley d570923b62 Merge #1767, @jvennix-r7's .webarchive UXSS
For disclosure details, see:

https://community.rapid7.com/community/metasploit/blog/2013/04/18/abusing-safaris-webarchive-file-format
2013-04-25 11:22:02 -05:00
Joe Vennix 993356c73e Add safari webarchive uxss to framework as an aux module. 2013-04-25 11:14:16 -05:00
James Lee 1ec6884bfa Use before(:each) instead of :all
Fixes deprecation warnings in newer rspec like these

  WARNING: subject accessed in a `before(:all)` hook at:
    /metasploit-framework/spec/lib/rex/post/meterpreter/packet_spec.rb:455:in `block (3 levels) in <top (required)>'

  This is deprecated behavior that will not be supported in RSpec 3.

Also switches to using named subjects for easier reading.
2013-04-25 10:28:30 -05:00
jvazquez-r7 b67fcd3219 Add OSVDB ref to sap_configservlet_exec_noauth 2013-04-25 08:13:32 -05:00
jvazquez-r7 7d317e5933 Switch from post to get on check 2013-04-25 07:51:28 -05:00
jvazquez-r7 d55faa14d3 Add check function 2013-04-25 07:44:37 -05:00
Andras Kabai 676f2f5f4a implement "check" functionality 2013-04-25 07:47:30 +02:00
Andras Kabai 3b46d5d4cd fix typos 2013-04-25 07:22:16 +02:00
Andras Kabai 2759ef073e correction on error handling 2013-04-25 07:19:27 +02:00
Andras Kabai 6b14ac5e71 add rank to module 2013-04-25 07:07:35 +02:00
jvazquez-r7 51fd07a145 Add BID reference 2013-04-24 21:48:05 -05:00
jvazquez-r7 378c2079a2 Add hdm also as author 2013-04-24 17:37:29 -05:00
sinn3r 6642545551 Adds new JavaScript function "js_download"
"js_download" is a JavaScript function used to download data (text
or binary) from the web server.
2013-04-24 17:36:45 -05:00
jvazquez-r7 b816dd569c Update description 2013-04-24 17:34:25 -05:00
jvazquez-r7 573e880a62 Use the correct post id when posting 2013-04-24 17:30:24 -05:00
jvazquez-r7 ded0269ba0 Add POST ID bruteforcing capabality 2013-04-24 17:21:36 -05:00
jvazquez-r7 fca4c3b8b2 Add sha1 sum check to allow execution 2013-04-24 16:10:49 -05:00
jvazquez-r7 d2e29b846c Add module for Wordpress Total Cache PHP Injection 2013-04-24 15:29:40 -05:00
Andras Kabai f22d19a10c remove unused code block
ARCH_CMD was implemented in previous version of this code.
2013-04-24 21:51:35 +02:00
Samuel Huckins 2ac87276e4 Bumps MDM version to latest. Depends on
https://github.com/rapid7/metasploit_data_models/pull/15 being landed.
2013-04-24 14:32:59 -05:00
James Lee 01d790eb54 Land #1748, fix for java meterp network prefixes
[Closes #1748]
2013-04-24 12:27:28 -05:00
James Lee a7effaf9c6 Add bins for #1748 2013-04-24 12:27:05 -05:00
Andras Kabai 0339be229a implement dynamic timeout handling 2013-04-24 18:22:37 +02:00