Commit Graph

691 Commits (9f9bbce034595414c1fe98c616ff650e4c467a05)

Author SHA1 Message Date
wchen-r7 0c7d2af6bc
Land #5750, Add WP All In One Migration Export Module 2015-08-28 14:12:14 -05:00
wchen-r7 837b6a4f71 Update description 2015-08-28 14:11:51 -05:00
wchen-r7 d2e758ac8b Better failure handling 2015-08-28 14:08:29 -05:00
jvazquez-r7 1558fabdb2
Land #5844, @joevennix updates apple_safari_webarchive_uxss to use the webarchive mixin 2015-08-21 17:27:56 -05:00
jvazquez-r7 a560496455 Do minor ruby style fixes 2015-08-14 14:50:03 -05:00
jvazquez-r7 82193f11e7 Minor js fixes 2015-08-14 14:45:48 -05:00
Tod Beardsley e4cb6872f2
Add exploit for CVE-2015-4495, Firefox PDF.js 2015-08-14 12:07:15 -05:00
joev 0615d908c4 Update description to explain quarantine effects. 2015-08-13 23:46:37 -05:00
joev 84144bf6cf Update webarchive_uxss to use the webarchive mixin.
- Fixes extension installation to use a new window, not an iframe
- Steals the entire cookie file
- Removes cache poisoning scripts, which no longer seem to work
2015-08-13 23:41:27 -05:00
Tod Beardsley 50041fad2a
Pre-Bloggery cleanup
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.

Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.

Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823, mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
jvazquez-r7 67f661823a
Land #5614, @cldrn's module to collect lansweeper credentials 2015-08-04 16:55:49 -05:00
jvazquez-r7 ed3f993b75
Do some style fixes 2015-08-04 16:41:15 -05:00
jvazquez-r7 0e3434ebad
Fix metadata 2015-08-04 16:28:50 -05:00
HD Moore 7681d73e01 Relocate Webarchive into the Exploit namespace, fixes #5717 2015-07-28 04:11:17 -07:00
Tod Beardsley e32b3c71f4
Fix ZDI ref on sandbox escape module 2015-07-23 17:11:19 -05:00
rastating d3f31fb56a Fix msftidy results 2015-07-21 21:29:44 +01:00
rastating 55be2eff06 Replace return with fail_with 2015-07-21 21:25:42 +01:00
rastating c63fdad1f1 Add URL reference 2015-07-20 18:15:17 +01:00
rastating f1a909c292 Add WP All In One Migration export module 2015-07-20 18:13:32 +01:00
William Vu 53bcee011b
Land #5709, s/Filed/Failed/ typo fixes 2015-07-13 18:37:46 +00:00
wchen-r7 884b779b36
Land #5593, CVE-2015-1155 Safari file:// Redirection Sandbox Escape 2015-07-13 11:28:39 -05:00
Mo Sadek d1f23c54c7 Changed Filed to Failed on line 43 in java_rmi_registry.rb 2015-07-13 10:33:15 -05:00
cldrn d3902771b6 Fixes call to the credentials API and adds version info 2015-07-07 13:48:16 -05:00
Donny Maasland a9edfa1b4b Fix a small typo 2015-07-06 13:37:36 +02:00
joev b577f79845 Fix some bugs in the safari file navigation module. 2015-07-05 16:46:18 -05:00
cldrn 355738909a Fixes typo 2015-06-28 09:32:16 -05:00
cldrn 5c18fc82f2 Stores credentials using create_credential_login 2015-06-28 09:24:31 -05:00
cldrn b332b25795 Stores credentials in DB, fixes loop variable and nil dereference bug 2015-06-27 19:06:15 -05:00
jvazquez-r7 52b49503a0
Land #5498, @hmoore-r7's patch for a number of Net::DNS/enum_dns issues 2015-06-26 18:25:03 -05:00
cldrn 2968f52ca4 Removes debug sql output 2015-06-26 12:22:34 -05:00
cldrn a338920cb3 lansweeper_collector retrieves and decrypts credentials store in the database of Lansweeper 2015-06-26 12:21:35 -05:00
cldrn 7f4a96f3dc Fixes coding style issues 2015-06-26 03:29:17 -05:00
cldrn 3da3595181 MSF module to download and decrypt credentials stored in Lansweeper's database 2015-06-25 19:29:30 -05:00
joev 8b6fba4988 Tweak and fix some things in Safari file URL module. 2015-06-24 02:08:06 -05:00
Tod Beardsley 18a9585f7a
Add safari module for CVE-2015-1155 2015-06-23 16:15:50 -05:00
Brent Cook bf170a195d the API sometimes returns negative percents - treat these as 0 2015-06-19 11:38:36 -05:00
Brent Cook 5a277389f2 remove some trailing commas 2015-06-19 11:38:22 -05:00
Denis Kolegov c3d2797f10 Fixed Info fields 2015-06-16 04:22:22 -04:00
Denis Kolegov 2778274e47 Added new SSL Labs API fields and fixed minor errors 2015-06-16 02:59:12 -04:00
Tod Beardsley 0d979f61ae
Minor fixups on newish modules 2015-06-10 11:09:42 -05:00
HD Moore c80017992a A dirty patch for a number of Net::DNS/dns_enum issues 2015-06-06 13:48:52 -05:00
jvazquez-r7 843572df6d
Change module filename 2015-05-29 16:14:16 -05:00
jvazquez-r7 acb0af3826
Update description 2015-05-29 16:13:43 -05:00
jvazquez-r7 39ae6263e9
Use Rex::Text.encode_base64 2015-05-29 16:12:21 -05:00
jvazquez-r7 8338b21f6c
Make some code cleanup 2015-05-29 16:04:29 -05:00
Nicholas Starke a3ff9859c8 Adding Credentials Capabilities
This commit adds the ability for credentials
to be retrieved via the 'creds' command.  It
also contains a few miscellaneous stylistic
syntax changes.
2015-05-24 15:03:06 -05:00
Nicholas Starke 9430d38a09 Adding AVTECH744_DVR Module
This module retrieves account information from
an AVTECH 744 DVR, including username, cleartext
password, account role, and the device PIN.
2015-05-21 16:33:06 -05:00
jvazquez-r7 a5267ab77e
Land #4940, @dnkolegov's modules for F5 BIG-IP devices 2015-05-12 09:59:21 -05:00
Denis Kolegov efb226a55c Fixed some minor errors 2015-05-10 02:59:57 -04:00
jvazquez-r7 2e01eb519d
Do minor fixes 2015-05-08 14:04:44 -05:00