infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,014 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

13014 Commits (9b3f60291094382bbff28c65805b003254fc2eee)

Author SHA1 Message Date
Tod Beardsley 9b3f602910 Msftidy on mozilla_attribchildremoved.rb 
was executable, had bad spacing.
 2012-05-15 15:39:30 -05:00
Tod Beardsley 64270ea7c2 Adding default user/pass for CCTV module 
User/pass combos that come from manuals and independant research.
 2012-05-15 08:14:28 -05:00
Tod Beardsley 4ee24f7e42 Adding Justin's CCTV module. 2012-05-15 08:03:39 -05:00
sinn3r 8b06835109 Make changes to proper API usage, whitespace, and extra characters. 2012-05-15 01:26:42 -05:00
sinn3r 3c683fcf99 Merge branch 'pyoor' of https://github.com/pyoor/metasploit-framework into pyoor-pyoor 2012-05-15 01:20:01 -05:00
sinn3r d54a228f65 Correct version number 2012-05-15 01:16:41 -05:00
Brandon Perry c4052b3f6c add missing import methods? 2012-05-14 21:03:37 -05:00
pyoor a8b534ddec Cisco Secure ACS Module - Updated error handling 2012-05-14 20:03:26 -04:00
pyoor 2e49e56126 Made suggested changes 2012-05-14 19:50:34 -04:00
Brandon Perry 1beaeb8e2f OpenVAS import functionality. See qa/sample_data for two openvas reports. 2012-05-14 18:40:08 -05:00
sinn3r 06b12bcd7d Merge pull request #385 from brandonprry/wapiti_report 
Wapiti XML report import
 2012-05-14 16:02:03 -07:00
sinn3r 6bbf018423 Fix bug #6815: A race condition that results in an invalid handle. 
Under certain conditions, the module may run into an "The handle
is invalid" while obtaining registry keys and values from the
victim machine.  The fix is to retry a couple of times, and hope
we don't hit the race condition again.
 2012-05-14 17:44:35 -05:00
HD Moore 3033838909 Correct reflective DLL references 2012-05-14 15:17:03 -05:00
sinn3r 84269f399b Correct EDB reference 2012-05-14 15:10:21 -05:00
sinn3r f4a446a6c1 Add module CVE-2011-4404 2012-05-14 15:08:43 -05:00
root 5aeab77499 fix tabs that I missed in db.rb 2012-05-14 07:26:37 -07:00
sinn3r d17b07a6e1 Merge pull request #387 from swtornio/master 
add osvdb refs
 2012-05-14 07:26:28 -07:00
Steve Tornio 7690e86a89 add osvdb ref 2012-05-14 07:14:10 -05:00
Steve Tornio bcfa96ced8 add osvdb ref 2012-05-14 07:13:49 -05:00
sinn3r 0b817944c3 Merge pull request #386 from jlee-r7/fix-posix-execute 
Fix posix execute
 2012-05-13 16:17:34 -07:00
sinn3r 2e8b11ca78 Merge pull request #383 from rsmudge/armitage 
Armitage 05.14.12
 2012-05-13 16:15:59 -07:00
root 99a5d1a7b5 fix :pname in the web_vuln_info hash to no include the parameter value 2012-05-13 14:43:02 -07:00
James Lee ecb106d714 throw is not the same as raise 
Clearly this code never gets called.
 2012-05-13 15:31:57 -06:00
root 2906686da1 forgot to git add db.rb. oops 2012-05-13 14:30:27 -07:00
root d5cec05cc3 fix tabs 2012-05-13 14:28:50 -07:00
root 253802761f Remove extraneous puts 2012-05-13 14:19:19 -07:00
root d0f49c1213 Finished! Importing wapiti now adds Mdm::WebVulns to the db. 
However, I see no way to actually seeing the webvulns in framework
after importing the report.
 2012-05-13 13:58:25 -07:00
James Lee 73331b66e6 Fix execution with spaces in args by using sh -c 
In posix, a command like "echo 'foo bar'" would previously get parsed
out into arguments for execve like [ "echo", "'foo", "bar'" ] which
obviously isn't what you want. After this commit, it sticks the whole
thing in an arg to sh so the execve call ends up looking like
  execve("/bin/sh", ["sh", "-c", "echo 'foo bar'"], [/* 26 vars */]) = 0
This is still a little less than ideal because shell escapes become a
problem; fortunately, that's easy to deal with on the client side as
long as module developers take it into account.
 2012-05-13 14:55:57 -06:00
pyoor 6b6dc60b25 Cisco Secure ACS Auth Bypass Module 2012-05-13 16:16:18 -04:00
sinn3r 79a590ccf7 Merge pull request #380 from wchen-r7/bmerinofe-telnet_ruggedcom 
Modified version of pull request #379 - RuggedCom Telnet Password Generator by bmerinofe
 2012-05-13 11:13:27 -07:00
Brandon Perry b0b72b05d5 Adding the beginning of the wapiti report import nokogiri document 2012-05-13 13:02:48 -05:00
Raphael Mudge c7b9b711f1 Armitage 05.14.12 
This release SSL-enables the red team collaboration architecture, adds several keyboard
shortcuts and it improves the workflow for viewing downloaded files/loots.
 2012-05-13 13:56:10 -04:00
sinn3r d2c26f989c Cleanup whitespace 2012-05-13 04:42:22 -05:00
sinn3r c1fbf1f931 Merge branch 'mozilla_attribchildremoved' of https://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-mozilla_attribchildremoved 2012-05-13 04:37:49 -05:00
Peter Van Eeckhoutte (corelanc0d3r) dd42c3096e added exploit for Firefox 8&9 AttributeChildRemoved UAF 2012-05-13 11:31:46 +02:00
sinn3r 15fbb1e86c This the modified version of pull request #379. Changes include: 
* Add more references
* Update description
* MSF license disclaimer
* Remove the to() function. Instead it's in run_host()
* Put 'info' in the :proof key
* Remove ::Exception handling, so we can see the original that's also logged in framework.log
 2012-05-13 04:09:17 -05:00
James Lee e2bf3c5750 throw is not the same as raise 
Clearly this code never gets called.
 2012-05-12 16:53:54 -06:00
Tod Beardsley bc1c9a7fe4 Prepend all messages with victim host:port 
Redefining print_status locally to handle this. Seems like an easy way
to do this kind of thing for a particular module.

[Closes #272]
 2012-05-11 17:48:54 -05:00
Tod Beardsley ab655677b4 Fixed typo, converted to OptEnum for fakedns targetaction 2012-05-11 17:12:31 -05:00
Jose Selvi af71cdafe2 Update modules/auxiliary/server/fakedns.rb 2012-05-11 17:01:14 -05:00
Jose Selvi 1d6b2eb3fe Added TARGETACTION options and wildcard support 2012-05-11 17:01:13 -05:00
sinn3r 5d8fbefc3d Merge pull request #378 from wchen-r7/distinct 
Add OSVDB-80984 - Distinct TFTP Directory traversal
 2012-05-11 13:14:19 -07:00
sinn3r 653d7e5923 Add OSVDB-80984 2012-05-11 15:07:31 -05:00
Tod Beardsley aa3930fcb9 Typo on fixed tftp module 2012-05-10 21:42:33 -05:00
Tod Beardsley 36c805c5ff Move the context setting to the module 
Apparently you can't hit the framework object before running the module
any more. Bummer.

[Fixes #6843]
 2012-05-10 21:21:32 -05:00
sinn3r 7eabce8872 Add comment for PrependEncoder 2012-05-10 12:18:50 -05:00
sinn3r 2b13330483 Merge pull request #376 from wchen-r7/wikkawiki 
Add CVE-2011-4449
 2012-05-10 10:13:56 -07:00
sinn3r 6e8c3ad1e3 It's "inject", not "upload"... because technically that's what really happens. 2012-05-10 12:06:02 -05:00
sinn3r c69e34d407 Update description 2012-05-10 12:02:55 -05:00
sinn3r 86c3ad5e0c Add CVE-2011-4449 2012-05-10 11:57:40 -05:00