Commit Graph

12178 Commits (98958bc7bc019b3a93deed71a59ffd111ef16f73)

Author SHA1 Message Date
jvazquez-r7 37adf1251c Delete privileged flag because is configuration dependant 2014-01-25 18:25:31 -06:00
jvazquez-r7 038cb7a981 Add module for CVE-2012-0394 2014-01-25 18:17:01 -06:00
William Vu 52371be52a Clarify why contributors are listed as authors
Also adding @mcantoni to the list of authors. Sorry we missed you!

Dear contributors,

Even though we weren't able to use your code, we absolutely appreciate
that you wrote it. That's why we're listing you as authors. Thanks!!!

https://dev.metasploit.com/redmine/issues/6034
https://dev.metasploit.com/redmine/issues/5217
https://dev.metasploit.com/redmine/issues/6864
2014-01-25 18:02:17 -06:00
sinn3r cc4dea7d49 Was playing with ms08_067 check and realized I forgot this print 2014-01-25 16:15:52 -06:00
William Vu eaeb2af97f Use opts hash for h323_version
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:32:37 -06:00
William Vu 7c5229e2eb Use opts hash for glassfish_deployer
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:17:02 -06:00
William Vu 47b9bfaffc Use opts hash for adobe_pdf_embedded_exe
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:16:53 -06:00
sinn3r a7fa4e312b This module fails to load due to the missing end 2014-01-24 17:56:47 -06:00
jvazquez-r7 9db295769d
Land #2905, @wchen-r7's update of exploit checks 2014-01-24 16:49:33 -06:00
sinn3r f7ecae3f75
Land #2909 - Drupal OpenID External Entity Injection 2014-01-24 15:03:07 -06:00
sinn3r c8e2301111 Be more informative about why CheckCode::Unknown
This is just kind of personal preference here. In case users wonder
why Unknown.
2014-01-24 15:01:52 -06:00
sinn3r cdc425e4eb Update some checks 2014-01-24 12:08:23 -06:00
Tod Beardsley 82bf02910d
Land #2911, correct author name for PJL credit 2014-01-24 11:00:12 -06:00
jvazquez-r7 fdaa172cc5
Land #2896, @wchen-r7's check's normalization for auxiliary modules 2014-01-24 08:53:53 -06:00
jvazquez-r7 e8b591ef54 Delete registering of check on bailiwicked modules 2014-01-24 08:47:04 -06:00
bcoles 32d6032893 Add Simple E-Document Arbitrary File Upload module 2014-01-24 19:19:25 +10:30
sinn3r 9ba72ffc71 Remove check support
Actually, you can't support check because in check mode the module
doesn't know the IP
2014-01-23 21:30:11 -06:00
sinn3r dc52d00be6 Modify vmware_http_login to work with check 2014-01-23 21:27:36 -06:00
jvazquez-r7 cf17bf2e72 Small fix 2014-01-23 19:34:50 -06:00
jvazquez-r7 43de7eb74f Use REXML 2014-01-23 19:32:42 -06:00
William Vu a67068f019 Correct author name
Was using the name quoted in Redmine. Technically, the author is Myo Soe
of the YGN Ethical Hacker Group (YEHG).
2014-01-23 19:09:20 -06:00
jvazquez-r7 5a59e3d4e4 Fix typo 2014-01-23 18:53:58 -06:00
jvazquez-r7 f529eb1d4b Clean code 2014-01-23 18:51:24 -06:00
jvazquez-r7 8e17d38c77 Add check method 2014-01-23 18:30:18 -06:00
Meatballs 5880f7ebf2
Remove max search 2014-01-24 00:25:03 +00:00
Meatballs f6054e6581
Merge remote-tracking branch 'upstream/master' into enum_ad_users 2014-01-24 00:24:31 +00:00
jvazquez-r7 b0deb45fad Add Drupal advisory as reference 2014-01-23 18:10:57 -06:00
jvazquez-r7 6d0d7eda10 Delete garbage comment 2014-01-23 18:09:05 -06:00
jvazquez-r7 72b72effa6 Add module for CVE-2012-4554 2014-01-23 18:04:31 -06:00
Meatballs1 982795ee5d Merge pull request #32 from todb-r7/saner-ifs-pr1473
Clean up the if.nils?
2014-01-23 15:50:25 -08:00
Meatballs 790e4d7559
Move options to mixin 2014-01-23 23:47:46 +00:00
Tod Beardsley e066d86d41
Clean up the if.nils? 2014-01-23 17:36:10 -06:00
sinn3r 7faa41dac0 Change Unknown to Safe because it's just a banner check 2014-01-23 15:36:19 -06:00
sinn3r 81a3b2934e Fix prints 2014-01-23 15:33:24 -06:00
sinn3r f5a935a186 Support check for bailiwicked_host 2014-01-23 15:31:37 -06:00
sinn3r 8d411d2037 Fix bailiwicked_domain to allow support of check() 2014-01-23 15:29:40 -06:00
sinn3r c403c521b3 Change check code 2014-01-23 11:03:40 -06:00
sinn3r 0a10c1297c Address nil 2014-01-23 11:00:28 -06:00
sinn3r 333229ea7e Throw Unknown if connection times out 2014-01-23 10:54:45 -06:00
Meatballs c109a32165
Merge remote-tracking branch 'upstream/master' into enum_ad_users 2014-01-22 21:48:34 +00:00
sinn3r 7f560a4b41 Oops, I broke this module 2014-01-22 11:23:18 -06:00
sinn3r c83053ba9b Progress 2014-01-22 11:20:10 -06:00
Meatballs 62729dd9ab
Merge remote-tracking branch 'upstream/master' into enum_ad_perf 2014-01-22 10:06:54 +00:00
sinn3r 646f7835a3 Saving progress 2014-01-21 17:14:55 -06:00
Tod Beardsley f5809423a3
Let's spell right in my spellcheck PR
Updates #2900
2014-01-21 15:57:59 -06:00
Meatballs 720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf 2014-01-21 21:00:51 +00:00
Meatballs f571d63088
Merge remote-tracking branch 'upstream/master' into enum_ad_users 2014-01-21 21:00:09 +00:00
Meatballs eee716a6b3
Grab comments and descriptions ftw 2014-01-21 20:59:31 +00:00
sinn3r 85396b7af2 Saving progress
Progress group 4: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 14:10:35 -06:00
Tod Beardsley b3b51eb48c
Pre-release fixup
* Updated descriptions to be a little more descriptive.

  * Updated store_loot calls to inform the user where the
loot is stored.

  * Removed newlines in print_* statments -- these will screw
up Scanner output when dealing with multiple hosts.

Of the fixed newlines, I haven't see any output, so I'm not sure what
the actual message is going to look like -- I expect it's a whole bunch
of newlines in there so it'll be kinda ugly as is (not a blocker for
this but should clean up eventually)
2014-01-21 13:29:08 -06:00
sinn3r 689999c8b8 Saving progress
Progress group 3: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 13:03:36 -06:00
sinn3r fe767f3f64 Saving progress
Progress group 2: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 11:07:03 -06:00
sinn3r 7cc3c47349
Land #2891 - HP Data Protector Backup Client Service Directory Traversal 2014-01-20 20:08:01 -06:00
sinn3r e5dc6a9911 Update exploit checks
Progress group 1: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-20 14:26:10 -06:00
sinn3r 5025736d87 Fix check for modicon_password_recovery 2014-01-19 17:20:20 -06:00
sinn3r a239e14084 Fix nodejs_popelining check 2014-01-19 17:06:35 -06:00
sinn3r 7080bb336c Update ColdFusion check 2014-01-19 17:05:03 -06:00
sinn3r 4fdd2c19a1 Update vbulletin check 2014-01-19 16:54:27 -06:00
sinn3r 0a8aa07131 Fix check method
This isn't a check, so shouldn't be using the check method
2014-01-19 16:47:15 -06:00
jvazquez-r7 e2fa581b8c Delete empty line 2014-01-17 22:05:14 -06:00
jvazquez-r7 01ab6fd545 Do small fixes 2014-01-17 17:59:03 -06:00
jvazquez-r7 5ec062ea1c Beautify print message 2014-01-17 17:42:26 -06:00
jvazquez-r7 d96772ead1 Clean multi-threading on ibm_sametime_enumerate_users 2014-01-17 17:38:16 -06:00
jvazquez-r7 bb3d9da0bb Do first cleaning on ibm_sametime_enumerate_users 2014-01-17 16:33:25 -06:00
jvazquez-r7 584401dc3f Clean ibm_sametime_room_brute code 2014-01-17 15:57:12 -06:00
jvazquez-r7 4d079d47b8 Enable SSL by default 2014-01-17 15:34:33 -06:00
jvazquez-r7 277711b578 Fix metadata 2014-01-17 15:31:51 -06:00
jvazquez-r7 10fd5304ce Parse response body just one time 2014-01-17 15:17:25 -06:00
jvazquez-r7 fe64dbde83 Use rhost and rport methods 2014-01-17 14:49:50 -06:00
jvazquez-r7 5e8ab6fb89 Clea ibm_sametime_version 2014-01-17 12:23:11 -06:00
sinn3r 57318ef009 Fix nil bug in jboss_invoke_deploy.rb
If there is a connection timeout, the module shouldn't access the
"code" method because that does not exist.
2014-01-17 11:47:18 -06:00
jvazquez-r7 bce321c628 Do response handling a little better, fake test 2014-01-17 11:02:35 -06:00
jvazquez-r7 11d613f1a7 Clean ibm_sametime_webplayer_dos 2014-01-17 10:52:42 -06:00
jvazquez-r7 51b3d164f7 Move the DoS module to the correct location 2014-01-17 09:30:51 -06:00
jvazquez-r7 c670259539 Fix protocol handling 2014-01-17 00:49:44 -06:00
jvazquez-r7 eaf1b0caf6 Add minor clean up 2014-01-16 17:55:45 -06:00
jvazquez-r7 f3c912bd32 Add module for ZDI-14-003 2014-01-16 17:49:49 -06:00
jvazquez-r7 ac9e634cbb
Land #2874, @mandreko's sercomm exploit fixes 2014-01-16 16:35:32 -06:00
jvazquez-r7 272fe5ddfd Delete debug comments 2014-01-16 16:12:12 -06:00
sinn3r a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules 2014-01-16 15:57:38 -06:00
jvazquez-r7 8213eed49f Delete Netgear N150 target, ist's a Netgear DGN1000 model 2014-01-16 15:14:31 -06:00
William Vu 9bf90b836b Add environment variables support 2014-01-16 14:53:25 -06:00
jvazquez-r7 139119d32c Add Manual targets to sercomm_exec 2014-01-16 12:44:26 -06:00
jvazquez-r7 0922aef8d1 Update module description 2014-01-16 11:16:11 -06:00
jvazquez-r7 2e6b1c7552
Land #2878, @mandreko's fix for sercomm credentials parsing 2014-01-16 07:27:55 -06:00
William Vu 311704fc0a Perform final cleanup 2014-01-15 13:49:37 -06:00
joev 1197426b40
Land PR #2881, @jvazquez-r7's mips stagers. 2014-01-15 12:46:41 -06:00
joev 0833da465a
Lands #2832, @jvazquez-r7's fixes to mipsel shellcode. 2014-01-15 12:03:17 -06:00
kicks4kittens 882c637a8c Remove unneeded empty line 2014-01-15 13:57:27 +01:00
kicks4kittens b2f42d2576 Fixed code issues as requested in PR2801
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:54:25 +01:00
kicks4kittens d0d82fe405 Fixed code issues as requested in PR2801
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:53:14 +01:00
kicks4kittens 87648476e1 Fixed code issues as requested in PR2801
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:52:45 +01:00
kicks4kittens 55d4ad1b6a Fixed code issues as requested in PR2801
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:51:19 +01:00
jvazquez-r7 0b1671f1b8 Undo debugging comment 2014-01-14 17:02:30 -06:00
jvazquez-r7 6372ae6121 Save some parsing 2014-01-14 17:00:00 -06:00
jvazquez-r7 a056d937e7 Fluch data cache and improve documentation 2014-01-14 14:06:01 -06:00
jvazquez-r7 a8806887e9 Add support for MIPS reverse shell staged payloads 2014-01-14 12:25:11 -06:00
William Vu 5d387c96ec
Land #2879, minor code formatting missed in #2863 2014-01-14 11:22:09 -06:00
sgabe b4280f2876 Very minor code formatting 2014-01-14 13:35:00 +01:00
Matt Andreko 2d40f936e3 Added some additional creds that were useful 2014-01-13 23:15:51 -05:00
Matt Andreko 42fb8c48d1 Fixed the credential parsing and made output consistent
So in the previous refactor, we made the dedicated method to parse
usernames and passwords from the split up config values. However, that
didn't work, because on a single iteration of the loop, you only have
access to a possible username OR password. The other matching key will
be another iteration of the loop. Because of this, no credential pairs
were being reported.

The only way I can see around this (maybe because I'm a ruby newb) would
be to iterate over configs, and if the user or password regex matches,
add the matching value to a hash, which is identified by a key for both
user & pass. Then upon completion of the loop, it'd iterate over the
hash, finding keys that had both user & pass values.
2014-01-13 22:57:25 -05:00
sinn3r ad832adfc1
Land #2846 - Update mipsle shell_bind_tcp shellcode 2014-01-13 17:37:08 -06:00
Matt Andreko b7b1ddf1e8 Sercomm Exploit module fixes
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
2014-01-13 16:58:32 -05:00
Tod Beardsley 804b26bac6
Land #2872, switch for ARCH_MIPSBE 2014-01-13 15:10:27 -06:00
jvazquez-r7 24c57b34a7 Have into account endianess 2014-01-13 15:04:23 -06:00
William Vu 7c52f9b496 Update description to use %q{} 2014-01-13 14:42:25 -06:00
William Vu 61b30e8b60
Land #2869, pre-release title/desc fixes 2014-01-13 14:29:27 -06:00
Tod Beardsley 207e9c413d
Add the test info for sercomm_dump_config 2014-01-13 14:27:03 -06:00
Tod Beardsley e6e6d7aae4
Land #2868, fix Firefox mixin requires 2014-01-13 14:23:51 -06:00
jvazquez-r7 fe6d10ac5d
Land #2852, @mandreko's scanner for OSVDB 101653 2014-01-13 14:07:07 -06:00
Tod Beardsley 671027a126
Pre-release title/desc fixes 2014-01-13 13:57:34 -06:00
jvazquez-r7 8c3a71a2e7 Clean sercomm_backdoor scanner according to feedback 2014-01-13 13:53:47 -06:00
Joe Vennix f11322b29f Oh right, msftidy. 2014-01-13 13:44:34 -06:00
Joe Vennix 3db143c452 Remove explicit requires for FF payload.
Adds ff payload require to msf/core/payload.rb
2014-01-13 13:07:55 -06:00
sinn3r 771bd039a0
Land #2863 - Update realplayer_ver_attribute_bof.rb
Refs & ROP
2014-01-13 11:29:52 -06:00
sinn3r bc9c865c25
Land #2865 - js payload to firefox_svg_plugin & add BA support for FF JS exploits 2014-01-13 11:17:36 -06:00
jvazquez-r7 95a5d12345 Merge #2835, #2836, #2837, #2838, #2839, #2840, #2841, #2842 into one branch 2014-01-13 10:57:09 -06:00
sgabe e7cc3a2345 Removed unnecessary target 2014-01-13 13:17:16 +01:00
sgabe 26d17c03b1 Replaced ROP chain 2014-01-13 02:54:49 +01:00
Joe Vennix f78ec1eeb2 Make sure we unwrap the SecurityWrapper. 2014-01-12 10:46:23 -06:00
Joe Vennix b3b04c4159 Fix both firefox js exploits to use browser_autopwn. 2014-01-11 17:34:38 -06:00
sgabe d657a2efd3 Added DEP Bypass 2014-01-11 20:31:28 +01:00
sgabe 72d15645df Added more references 2014-01-11 20:30:50 +01:00
jvazquez-r7 bd91e36e06
Land #2851, @wchen-r7's virustotal integration 2014-01-10 19:12:56 -06:00
sinn3r d1d45059f2 use session_host instead 2014-01-10 18:27:03 -06:00
sinn3r 8534f7948a Change the post module's default api key as well (to Metasploit's) 2014-01-10 17:59:51 -06:00
sgabe 8449005b2a Fixed CVE identifier. 2014-01-10 23:45:34 +01:00
sinn3r 140d1fbf90
Land #2847 - Add MIPS big endian single shell_bind_tcp payload 2014-01-10 15:06:35 -06:00
sinn3r 202e19674c
Land #2856 - Fix ARMLE stagers 2014-01-10 15:05:03 -06:00
sinn3r 96ba41a4b0
Land #2844 - Fix the mipsbe shell_reverse_tcp payload 2014-01-10 15:00:39 -06:00
sinn3r cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells 2014-01-10 14:29:32 -06:00
sinn3r 238d052073 Update description
key is no longer required.
2014-01-10 04:02:01 -06:00
sinn3r da273f1440 Update the use of report_note 2014-01-10 01:49:07 -06:00
sinn3r 807d8c12c7 Have a default API key
Modules now should have a default API key. See the following for
details:
http://blog.virustotal.com/2012/12/public-api-request-rate-limits-and-tool.html
2014-01-10 01:26:42 -06:00
jvazquez-r7 4e8092aceb Fix armle stagers 2014-01-09 17:34:59 -06:00
jvazquez-r7 9d14dd59eb Delete parentheses 2014-01-09 15:17:13 -06:00
jvazquez-r7 4a64c4651e
Land #2822, @mandreko's aux module for OSVDB 101653 2014-01-09 15:15:37 -06:00
jvazquez-r7 410302d6d1 Fix indentation 2014-01-09 15:14:52 -06:00
Matt Andreko b1073b3dbb Code Review Feedback
Removed the parameters from get() since it works without them
2014-01-09 15:54:23 -05:00
William Vu d69b658de0
Land #2848, @sho-luv's MS08-067 scanner 2014-01-09 14:39:25 -06:00
Matt Andreko 2a0f2acea4 Made fixes from the PR from jvazquez-r7
The get_once would *only* return "MMcS", and stop. I
modified it to be a get(3, 3). Additionally, the command
length was set to 0x01 when it needed to be 0x00.
2014-01-09 15:33:04 -05:00
William Vu fc616c4413 Clean up formatting 2014-01-09 14:16:31 -06:00
Matt Andreko 93668b3286 Code Review Feedback
Made it less verbose, converting to vprint_error
2014-01-09 14:53:33 -05:00
jvazquez-r7 be6958c965 Clean sercomm_dump_config 2014-01-09 13:42:11 -06:00
Matt Andreko e21c97fd4d Added missing metadata
Add credit where due
Add disclosure date and references
2014-01-09 14:33:54 -05:00
Matt Andreko 9456d26467 Added Scanner module for SerComm backdoor 2014-01-09 14:25:28 -05:00
jvazquez-r7 85203c2f2a
Land #2823, @mandreko's exploit module for OSVDB 101653 2014-01-09 10:27:44 -06:00
Matt Andreko 40d2299ab4 Added tested device 2014-01-09 10:46:14 -05:00
Matt Andreko c50f7697a5 Merge branch 'review_2823' of https://github.com/jvazquez-r7/metasploit-framework into sercomm_exec 2014-01-09 10:39:12 -05:00
Matt Andreko 01c5585d44 Moved auxiliary module to a more appropriate folder 2014-01-09 10:17:26 -05:00
Matt Andreko d9e737c3ab Code Review Feedback
Refactored the configuration settings so that creds could be reported to
the database more easily, while still being able to print general
configuration settings separately.
2014-01-09 10:14:34 -05:00
Matt Andreko 81adff2bff Code Review Feedback
Changed datastore['rhost'] to rhost
Made the array storing configuration values into a class const
Moved superfluous array look-over to not be executed unless in verbose
mode
2014-01-09 09:19:13 -05:00
jvazquez-r7 bbaaecd648 Delete commas 2014-01-09 08:01:11 -06:00
jvazquez-r7 5e510dc64c Add minor fixes, mainly formatting 2014-01-09 07:51:42 -06:00
Matt Andreko ed6723655d Code Review Feedback
Fixed some handling of errors and invalid hosts
2014-01-09 08:44:01 -05:00
William Vu 8414973746
Land #2833, rm linksys_wrt110_cmd_exec_stager 2014-01-09 01:21:22 -06:00
William Vu 7fd4935263 Make the module output prettier 2014-01-09 01:03:01 -06:00
William Vu 27f079ad7c Move {begin,end}_job from libs to modules 2014-01-09 01:03:01 -06:00
William Vu 131bfcaf41 Refactor away leftover get_rdymsg 2014-01-09 01:03:01 -06:00
William Vu d3bbe5b5d0 Add filesystem commands and new PoC modules
This commit also refactors some of the code.
2014-01-09 01:03:01 -06:00
William Vu af66310e3a Address @jlee-r7's comments 2014-01-09 01:03:01 -06:00
William Vu bab32d15f3 Address @wchen-r7's comments 2014-01-09 01:03:00 -06:00
William Vu 1c889beada Add Rex::Proto::PJL and PoC modules 2014-01-09 01:03:00 -06:00
Matt Andreko d2458bcd2a Code Review Feedback
Migrated the Sercomm module to use the CmdStager mixin to provide
uploading of the ELF binary.
Modified the CmdStagerEcho mixin to allow bypass of the "-en " since in
this case, the device messed up when it was used, and would actually
write the "-en " to the file, from some flaky busybox version of "echo".
2014-01-08 22:21:32 -05:00
sho-luv a8fcf13972 Added credits and clean initialize
Added wvu to creds as he did most of work. ;)
2014-01-08 21:16:09 -05:00
William Vu 8993c74083 Fix even moar outstanding issues 2014-01-08 19:38:54 -06:00
sinn3r a99e2eb567 Update the post module 2014-01-08 18:41:22 -06:00
sinn3r 130a99f52b Add a post module that checks with VirusTotal with a checksum
This post module will submit a SHA1 checksum to VirusTotal to see
if it's a malicious file.
2014-01-08 18:26:40 -06:00
William Vu 1dd29d3b64 Fix moar outstanding issues 2014-01-08 18:11:18 -06:00
William Vu 945a2a296a Fix outstanding issues 2014-01-08 17:09:41 -06:00
jvazquez-r7 4e581a35ac Fix encoder architecture 2014-01-08 16:18:30 -06:00
sho-luv 35ac9712ab Added auxiliary check for MS08_067
I simply copied the check from ms08_0867_netapi.rb and put them in
a auxiliary check so I could scan for it. This was done because
Nmap's check is not safe and this is more stable.
2014-01-08 16:41:44 -05:00
jvazquez-r7 a0879b39e0 Add mips be shell_bind_tcp payload 2014-01-08 14:48:54 -06:00
jvazquez-r7 1727b7fb37 Allow the Msf::Payload::Linux's generate to make its work 2014-01-08 12:41:10 -06:00
jvazquez-r7 83e5169734 Don't use temporal register between syscals and save some bytes on the execve 2014-01-08 11:45:27 -06:00
jvazquez-r7 5f7582b72d Don't use a temporary registerfor the dup2 loop counter 2014-01-07 18:02:55 -06:00
jvazquez-r7 c2dce19768 Don't use a temporary registerfor the dup2 loop counter 2014-01-07 17:39:27 -06:00
jvazquez-r7 a85492a2d7 Fix my own busted dup2 sequence 2014-01-07 16:27:01 -06:00
Joe Vennix fb1a038024 Update async API to actually be async in all cases.
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
jvazquez-r7 3230b193e1 Make better comment 2014-01-07 15:32:46 -06:00
jvazquez-r7 80dcda6f76 Fix bind call 2014-01-07 15:31:42 -06:00
Niel Nielsen 266b040457 Update cachedump.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:14:10 +01:00
Niel Nielsen d567737657 Update reverse_tcp_rc4_dns.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:12:38 +01:00
Niel Nielsen 385ae7ec38 Update reverse_tcp_rc4.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:11:16 +01:00
Niel Nielsen 693d95526b Update bind_tcp_rc4.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:09:53 +01:00
Niel Nielsen 1479ef3903 Update typo3_winstaller_default_enc_keys.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:08:10 +01:00
jvazquez-r7 b5524654d5 Delete comment 2014-01-07 14:50:26 -06:00
jvazquez-r7 45c86d149f Modify authors field 2014-01-07 14:50:12 -06:00
jvazquez-r7 d6639294aa Save some instructions with dup2 2014-01-07 14:41:33 -06:00
Niel Nielsen e79ccb08cb Update rails_secret_deserialization.rb
When using aws-sdk with Ruby 2.1.0-rc1, many "Digest::Digest is deprecated; use Digest" warnings are printed.
Even in Ruby 1.8.7-p374, OpenSSL::Digest::Digest is only provided for backward compatibility.
2014-01-07 21:41:15 +01:00
jvazquez-r7 9cf221cdd6 Delete delay slots after syscall 2014-01-07 13:18:20 -06:00
jvazquez-r7 590547ebc7 Modify title to avoid versions 2014-01-07 13:01:10 -06:00
Joe Vennix c34af35230 Add wrt100 to the description and title.
* The wrt110 and wrt100 share the same firmware, and are both vulnerable to this
bug.
2014-01-07 10:26:15 -06:00
Joe Vennix 1057cbafee Remove deprecated linksys module. 2014-01-07 10:22:35 -06:00
jvazquez-r7 70d4082c0c Add formatting blank lines and delete comment 2014-01-07 09:55:36 -06:00
jvazquez-r7 3edd2a50e2 Shorter mipsle shell_reverse_tcp 2014-01-07 09:45:28 -06:00
Meatballs e75d87327f
Merge branch 'enum_ad_perf' into enum_ad_users 2014-01-07 12:21:39 +00:00
Meatballs 3bf728da61
Dont store in DB by default 2014-01-07 12:20:44 +00:00
Tod Beardsley c0a82ec091
Avoid specific versions in module names
They tend to be a lie and give people the idea that only that version is
vulnerable.
2014-01-06 13:47:24 -06:00
Joe Vennix 49d1285d1b Add explicit json require. 2014-01-06 11:15:10 -06:00