1c6b74467f
Land #3618 , @byt3bl33d3r's powershell require fix
2014-08-06 18:24:16 +01:00
2ed02c30a8
Use better variable names instad of an array
2014-08-05 21:34:36 -07:00
b602e47454
Implement improvements based on feedback
2014-08-05 21:24:37 -07:00
48359faaaf
Add gitlab-shell command injection module
...
This request adds a module for gitlab-shell command
injection for versions prior to 1.7.4. This has been
tested by installing version 7.1.1 on Ubuntu and then
using information at http://intelligentexploit.com/view-details.html?id=17746
to modify the version of gitlab-shell to a vulnerable one. This
was done as I could not find a better method for downloading
and deploying an older, vulnerable version of Gitlab.
2014-08-05 23:21:57 -04:00
9b6259e58b
Land #3569 - Updated smb_enumshares to support spidering
2014-08-05 20:23:09 -05:00
f520616730
This fixes a few things, see commit message for more info
...
This commit fixes the following:
1. Not handling eval_host()'s nil file return value, which can causes
a NoMethodError at runtime due to various conditions.
2. Renames datastore option VERBOSE to ShowFiles to pass msftidy
3. Avoids overwriting datastore options directly to pass msftidy
2014-08-05 19:20:11 -05:00
34a42476b2
Merge branch 'master' of github.com:rapid7/metasploit-framework
2014-08-05 16:30:32 -05:00
69e8edf6b2
Bumping ruby patch to proper latest
2014-08-05 11:49:35 -05:00
7013a2755b
Favor MSF_DATABASE_CONFIG for paths['config/database']
...
MSP-10848
Use these locations, in order for
Metasploit::Framework::Application.config.paths['config/database']:
1. MSF_DATABASE_CONFIG environment variable
2. ~/.msf4/database.yml (if it exists)
3. config/database.yml
2014-08-05 10:16:33 -05:00
2818b4e2f2
Merge remote-tracking branch 'upstream/staging/electro-release' into staging/electro-release
2014-08-05 09:11:44 -05:00
b769b419ae
Merge pull request #3615 from limhoff-r7/bug/MSP-10848/nightly-msfconsole
...
require 'action_view/railtie' for pro compatibility
2014-08-05 07:56:37 -05:00
77bba6e4ee
fixed msfcli with missing require
2014-08-05 09:38:33 +02:00
d56dd318b9
require 'action_view/railtie' for pro compatibility
...
MSP-10848
Other railties, like jquery-rails, need 'action_view/railtie', but don't
require it themselves, so require it explictly in
`config/application.rb` to prevent msfconsole boot errors.
2014-08-04 20:12:28 -05:00
ec5c1c588a
Merge pull request #3614 from limhoff-r7/bug/MSP-10848/nightly-msfconsole
...
# MSP-10848
Add missing require
2014-08-04 19:11:17 -05:00
9c29b78b9a
Add missing require
...
MSP-10848
Not triggered on OSX development machines, only on Linux.
2014-08-04 18:23:25 -05:00
6bc7643475
Merge remote-tracking branch 'upstream/staging/electro-release' into staging/electro-release
2014-08-04 18:06:54 -05:00
da845c7e89
Changed default VERBOSE option to false.
2014-08-04 18:06:35 -05:00
f25bb735a0
Land #3543 , @todb-r7's Rubocop cleanup of MS08-067
2014-08-04 14:35:30 -07:00
1691795901
Land #3598 to electro-release - Refactor sso to use Credential::Creation
2014-08-04 16:31:49 -05:00
b81c7e28f4
Land #3588 , @tobd-r7's Fix SpaceBeforeModifierKeyword Rubocop warning
2014-08-04 14:25:03 -07:00
7044dabea1
Land #3600 - GPP Junk Padding Fix
2014-08-04 16:21:57 -05:00
594b0e1abb
Merge pull request #3611 from shuckins-r7/bug/MSP-11021/import-reports-attr-fix
...
Date attrs set after creation in report import
2014-08-04 14:39:56 -05:00
9cd6353246
Update mqac_write to use the mixin and restore pointers
2014-08-04 12:15:39 -07:00
8fe9ec098e
Date attrs set after creation in report import
...
MSP-11021
* created_at and updated_at are protected against mass-assignment, so
these need to be set after for reports and report artifacts
2014-08-04 14:02:59 -05:00
a523898909
Apply rubocop suggestions for ms_ndproxy
2014-08-04 11:49:01 -07:00
86e2377218
Switch ms_ndproxy to use the new WindowsKernel mixin
2014-08-04 11:49:01 -07:00
58d29167e8
Refactor MS11-080 to use the mixin and for style
2014-08-04 11:49:01 -07:00
6543b08eb4
Support writing a copy of the original token
2014-08-04 11:49:00 -07:00
4b73ad6f40
Fix guessing the arch with modules specifying an array
2014-08-04 11:49:00 -07:00
893b9a6e99
Add an open_device function for wrapping CreateFileA
2014-08-04 11:49:00 -07:00
43a5120696
Cleanup the WindowsKernel mixin
2014-08-04 11:49:00 -07:00
49837a3ba6
Create a basic WindowsKernel exploit mixin
2014-08-04 11:49:00 -07:00
f274eb78ac
Land #3610 , release fixes
2014-08-04 12:40:41 -05:00
4de59ad7d1
Add reasonable description for gnome-commander
2014-08-04 12:35:34 -05:00
ed97751ead
Land #2999 , @j0hnf's modifiction to check_dir_file to handle file:
2014-08-04 11:55:18 -05:00
cd45ed0e0a
Handle exceptions when connecting the SMBHSARE
2014-08-04 11:54:30 -05:00
85b5c5a691
Refactor check_path
2014-08-04 11:48:13 -05:00
1e29bef51b
Fix msftidy warnings
2014-08-04 11:46:27 -05:00
04bf0b4ab6
Fix forgotten comma
2014-08-04 11:34:12 -05:00
68d8afc18d
Land #3604 , @hmoore-r7's [FixRM #8838 ] smb_lookupsid nil class dereference
2014-08-04 10:38:42 -05:00
159ce3fbbe
Land 3587, add rubocop autoconfig
2014-08-04 01:18:34 -05:00
3e3caeb6ee
Land 3591, fix post/test/* modules' loadpath
...
some additional module cleanup here:
SHA: 6884c87cfa
2014-08-04 01:07:35 -05:00
6884c87cfa
removes IDs/Revisions, resplats test/modules
2014-08-04 01:04:23 -05:00
f2e4d41697
Land 3607, sqlmap plugin cleanup
...
after some additional cleanup here:
SHA: a4f2fb218c
2014-08-04 00:12:53 -05:00
a4f2fb218c
adds most rubocop cleanups, not all
2014-08-04 00:11:25 -05:00
c08b1cb829
uses mult-assign & include? more readable
2014-08-03 23:59:03 -05:00
453d19713d
Land 3605, hides flash during cmd_psh_payload
2014-08-03 23:45:44 -05:00
282633fd9d
Land 3606, makefile typo fix for CVE-2013-2465
2014-08-03 23:28:20 -05:00
6c2b8f54cf
rubocop cleanup, long lines, etc
2014-08-03 23:19:08 -05:00
2b021e647d
Minor tidies to conform to standards
2014-08-03 23:19:08 -05:00
Meatballs
Spencer McIntyre
kaospunk
sinn3r
Samuel Huckins
Luke Imhoff
Trevor Rosen
byt3bl33d3r
Alton Johnson
Jon Hart
dmaloney-r7
William Vu
Tod Beardsley
jvazquez-r7
Joshua Smith
OJ