Commit Graph

23085 Commits (9daffbd4846f5ad2ffa3c0adfe0b74268117a36b)

Author SHA1 Message Date
sinn3r 9daffbd484
Land #2973 - Dexter panel (CasinoLoader) SQLi to file upload code exec 2014-02-14 17:16:27 -06:00
sinn3r 48199fec27 Change URL identifier, and make the user choose a target 2014-02-14 17:15:00 -06:00
Spencer McIntyre 3299b68adf
Landing #2767, @Meatballs1 Powershell Reflective Payload 2014-02-14 16:12:46 -05:00
sinn3r abe4d6c6e1
Land #2991 - Modified output for smb_enumshares 2014-02-14 14:31:17 -06:00
Royce Davis 0e7074c139 Modififed output for smb_enumshares module 2014-02-14 13:39:13 -06:00
Royce Davis 6dc9840064 Modified output for smb_enumshares 2014-02-14 13:12:52 -06:00
sinn3r 518242ced3
Land #2990 - Fix enum_configs
Fix bug:
undefined local variable or method `get_sysinfo
2014-02-14 10:08:20 -06:00
jvazquez-r7 b2ea257204 Include Linux::System post mixin 2014-02-14 08:32:21 -06:00
sinn3r 71b7b1a2e9
Land #2989 - fix rspec 2014-02-13 16:09:37 -06:00
David Maloney a098c08f2f pend out bad spec 2014-02-13 15:44:05 -06:00
sinn3r 00ba0b5208
Land #2987 - Add ff 27 support to os.js 2014-02-13 15:20:53 -06:00
sinn3r 4ad7290364
Land #2988 - Unbreak the URL refs 2014-02-13 15:16:05 -06:00
sinn3r 4dd60631cb
Land #2950 - New Payload Generator for MsfVenom 2014-02-13 15:13:10 -06:00
Tod Beardsley 745f313413
Remove @nmonkee as author per twitter convo 2014-02-13 14:41:10 -06:00
Tod Beardsley 371f23b265
Unbreak the URL refs add nmonkee as ref and author
While @nmonkee didn't actually contribute to #2942, he did publish a
python exploit that leverages WebView, so given our policy of being
loose with author credit, I added him.

Also added a ref to @nmonkee's thing.

@jduck @jvennix-r7 if you have a problem with this, please do say so, I
don't think adding @nmonkee in any way diminishes your work, and I don't
want to appear like we're secretly ripping off people's work. I know you
aren't on this or any other module, and I know @nmonkee doesn't think
that either.
2014-02-13 14:19:59 -06:00
David Maloney 0c9b386402 add missing option serialiser
was missing the -o flag to output a payload's options
2014-02-13 10:19:26 -06:00
William Vu a4035252d6 Land #1910, DISCLAIMER for firefox_creds
Fixed conflict in Author.
2014-02-12 16:32:08 -06:00
Joe Vennix 51f3ab1690 Add ff 27 support to os.js 2014-02-12 15:32:47 -06:00
jvazquez-r7 51896bcf74
land #2984, @wchen-r7's [FixRM #8765] NameError uninitialized constant in enum_ad_user_comments 2014-02-12 15:31:54 -06:00
sinn3r ce2de8f3bf Different way to write this 2014-02-12 15:08:20 -06:00
David Maloney 4565be18e3 require active_support numeric
ensure we have the activesupport numeric bytes extension
loaded for calling .gigabyte
2014-02-12 13:20:13 -06:00
jvazquez-r7 8b25b6e343
Land #2980, @wvu-r7 fix to handle invalid session id on post module runs 2014-02-12 13:13:34 -06:00
William Vu 40db1c4d0d s/auxiliarly/auxiliary/ 2014-02-12 12:17:53 -06:00
sinn3r 45d4b1e1fd
Land #2958 - Add options: Applicaiton-Name, Permissions for jar.rb 2014-02-12 11:14:25 -06:00
James Lee d0ee521c8f
Land #2982, make getenv smarter 2014-02-12 10:54:30 -06:00
jvazquez-r7 a59ce95901
Land #2970, @sgabe exploit for CVE-2010-2343 2014-02-12 08:10:53 -06:00
jvazquez-r7 9845970e12 Use pop#ret to jump over the overwritten seh 2014-02-12 08:10:14 -06:00
sgabe 11513d94f5 Add Juan as author 2014-02-12 12:17:02 +01:00
sgabe 3283880d65 Partially revert "Replace unnecessary NOP sled with random text" to improve reliability.
This partially reverts commit 12471660e9.
2014-02-12 12:09:16 +01:00
sinn3r 0f620f5aba Fix Uninitialized Constant RequestError
[SeeRM #8765] NameError uninitialized constant
2014-02-12 00:23:23 -06:00
OJ beca4b8bc3 Fix issue with getenv failing
The call to `getenv` failed when `%` or `$` were used because of the
differences between Meterpreter handling and MSF handling.

Meterpreter effectively ignores (ie. strips out) the platform-specific
characters which are used for environment variables. In the `getenv`
call, MSF was invoking `getenvs` and getting a full hash of values, then
attempting to index into the hash using a string which may be "polluted"
with those platform-specific characters. This meant that there was a
discrepency between what was returned and what was used to index and
as a result, the value would come out as `nil`.

For example, calling `getenv('%FOO%')` would result in a hash with
`{'FOO'=>'bar'}`, so looking for '%FOO%' in this result would yield
nothing.

This commit changes this so that the name is ignored and the first
value is returned.
2014-02-12 13:51:30 +10:00
sgabe 7195416a04 Increase the size of the NOP sled 2014-02-12 02:35:53 +01:00
William Vu 5a488b310d Use a more correct error message
-1 is a valid session ID, even though it's a fake one.
2014-02-11 18:06:43 -06:00
sgabe 3f09456ce8 Minor code formatting 2014-02-11 23:53:04 +01:00
sgabe 7fc3511ba9 Remove unnecessary NOPs 2014-02-11 23:48:54 +01:00
sgabe 12471660e9 Replace unnecessary NOP sled with random text 2014-02-11 23:48:04 +01:00
sgabe 184ccb9e1e Fix payload size 2014-02-11 23:42:58 +01:00
William Vu 4a603b9a8d Merge remote-tracking branch 'upstream/master' into beug/session
Conflicts:
	lib/msf/base/simple/post.rb
2014-02-11 16:38:16 -06:00
William Vu 18816f3d5e
Land #2952, -1 for last session ID 2014-02-11 16:22:36 -06:00
Spencer McIntyre 303ed9a85e
Land #4 @jvazquez-r7's bug fix for on_session_module_run 2014-02-11 17:03:21 -05:00
William Vu c67c0dde8f Land #2972, enum_system find/save logs/S[UG]ID 2014-02-11 15:45:27 -06:00
William Vu 2476d9be2d Fix invalid session ID bug
This fix should work seamlessly with #2952.
2014-02-11 15:43:35 -06:00
jvazquez-r7 1f0020a61c
Land #2946, @jlee-r7's optimization of the x86 block_api code 2014-02-11 15:00:00 -06:00
bwall 783e62ea85 Applied changes from @wchen-r7's comments 2014-02-11 10:14:52 -08:00
jvazquez-r7 e3aa838e52 Fix on_session_module_run bug 2014-02-11 11:37:58 -06:00
jvazquez-r7 3717374896 Fix and improve reliability 2014-02-11 10:44:58 -06:00
Roberto Soares Espreto 68578c15a3 find command modified 2014-02-11 10:08:12 -02:00
Spencer McIntyre a67a14ff60
Land #2975 @wchen-r7's extra vprint_debug statements for ms13-090 2014-02-10 20:57:55 -05:00
Roberto Soares Espreto f181134ef8 Removed hard tabs 2014-02-10 23:16:04 -02:00
sinn3r 7704c388f3
Land #2974 - Recover missing code in method exists? 2014-02-10 17:38:20 -06:00