a7a1a2bf3b
Move dtls_fragment_overflow.rb under ssl where it belongs
2014-06-07 12:56:34 -07:00
4071fb332b
Create mongodb_js_inject_collection_enum.rb
...
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7
https://gist.github.com/brandonprry/c2de8ac2be825007c4de
2014-06-07 11:20:34 -05:00
2be6b8befe
Remove bind hidden handler
2014-06-07 14:34:20 +01:00
bf1a665259
Land #2657 , Dynamic generation of windows service executable functions
...
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
8637a1fff1
OpenSSL DTLS CVE-2014-0195 POC
2014-06-06 19:24:47 -07:00
fe20e6e1c4
Merge remote-tracking branch 'upstream/master' into soap_brute_fix
...
Conflicts:
modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb
2014-06-07 02:44:16 +01:00
8624ddfc3e
Clean up SAP SOAP RFC Brute Login
...
Honour the user supplied settings
Abort a host on connection error
Check a 200 response for some appropriate data
Let datastore validation handle things like options being present
Be more verbose if needed
Use the HTTPClient more appropriately
2014-06-07 02:34:49 +01:00
b997c2ac1f
Further tidies
2014-06-07 02:00:35 +01:00
a33de66da4
Fix transparent background, add VISIBLE option.
2014-06-06 16:52:00 -05:00
a45a5631f5
Make window invisible.
2014-06-06 16:40:55 -05:00
496be5c336
Ensure command_shell_options is present.
2014-06-06 16:26:45 -05:00
d990fb4999
Remove a number of stray edits and bs.
2014-06-06 16:24:45 -05:00
4a9f50bb60
Clean up some dead code.
2014-06-06 16:20:40 -05:00
7c762ad42c
Fix some minor bugs in webrtc stuff, inline API code.
2014-06-06 16:18:39 -05:00
534c20d5e6
refactor linux hashdump post module
...
linux hashdump now saves hashes as nonreplayable hash
credential objects
2014-06-06 15:21:47 -05:00
ff8e6d2c50
Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
...
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
f660f557e5
Merge pull request #38 from rapid7/feature/msp-9738/winscp
...
Feature/msp 9738/winscp
2014-06-06 11:43:50 -05:00
984b77a4a6
Merge pull request #43 from rapid7/feature/MSP-9721/tomcat_deploy
...
Specs aside from known POP3 fail passing, functional steps passing.
MSP-9721 #land
MSP-9722 #land
2014-06-06 11:11:08 -05:00
4bc543715d
Merge pull request #40 from rapid7/feature/MSP-9748/postgres_hashdump
...
Feature/msp 9748/postgres hashdump
2014-06-06 10:51:19 -05:00
da09a2725b
we need the service data in the login!
...
ooopsie #2
2014-06-06 10:51:12 -05:00
2522f1f332
Merge pull request #39 from rapid7/feature/MSP-9751/mysql_hashdump
...
Feature/msp 9751/mysql hashdump
2014-06-05 14:39:48 -05:00
2ee408e9db
Refactor winrm_login with Credentials
2014-06-05 14:26:29 -05:00
a84980fa9d
login creation was missing!
2014-06-05 13:56:08 -05:00
9d4ba8c981
Merge pull request #41 from rapid7/feature/MSP-9731/filezilla
...
Specs other than POP3 specs fixed on staging passing, functional passing
MSP-9731 #land
2014-06-05 13:19:10 -05:00
75e4e81b7a
Merge pull request #37 from rapid7/feature/MSP-9750/MSSQL_hashdump
...
Specs and functional tests passing.
MSP-9750 #land
2014-06-05 12:20:40 -05:00
e7957bf999
Change GET request by random text
2014-06-05 01:33:00 +02:00
8b6e188ba8
Add support for realm in CredentialCollection
...
MSP-9988
2014-06-04 17:03:52 -05:00
62866374b8
refactor tomcat_mgr_deploy
2014-06-04 16:22:22 -05:00
f22447f91e
refactor tomcat_mgr_upload
2014-06-04 16:07:57 -05:00
c9bd0ca995
Add minor changes
2014-06-04 15:56:14 -05:00
ef8f237050
refactor filezilla_server
...
you know the score
2014-06-04 15:43:15 -05:00
bb77327b09
Warn the user if the detected platform doesnt match target
2014-06-04 14:50:18 -05:00
b76253f9ff
Add context to the socket
2014-06-04 14:25:01 -05:00
77eeb5209a
Do small cleanups
2014-06-04 14:23:21 -05:00
6c643f8837
Fix usage of Rex::Sockket::Tcp
2014-06-04 14:14:23 -05:00
4960503a59
fix jtr_format
...
use raw-md5 as that sort of works
2014-06-04 14:10:28 -05:00
837668d083
use optiona argument for read_reply
2014-06-04 13:48:53 -05:00
d184717e55
delete blank lines
2014-06-04 13:24:34 -05:00
33a7bc64fa
Do some easy cleaning
2014-06-04 13:18:59 -05:00
1ff539fc73
No sense to check two times
2014-06-04 12:48:20 -05:00
7a5b5d31f9
Avoid messages inside check
2014-06-04 12:43:39 -05:00
3869fcb438
common http breakpoint event
2014-06-04 12:41:23 -05:00
9ffe8d80b4
Do some metadata cleaning
2014-06-04 12:33:57 -05:00
30c35907bf
refactor psotgres_hashdump
...
refactor psotgres_hashdump to now save
hashes as Metasploit::Credential objects
2014-06-04 12:21:49 -05:00
d1f7f93e4b
refactor mysql_hashdump
...
mysql_hashdump now uses Metasploit::Credential to
save hashes.
2014-06-04 11:59:47 -05:00
201e6e9866
Merge branch 'feature/MSP-9750/MSSQL_hashdump' into feature/MSP-9751/mysql_hashdump
2014-06-04 11:58:58 -05:00
28bf29980e
Merge branch 'master' into staging/electro-release
2014-06-04 10:21:08 -05:00
c032b8ce8e
Compat
2014-06-04 02:27:06 +01:00
b9d8f75f59
Add breakpoint autohitting
2014-06-03 23:34:40 +02:00
6061e5e713
Fix suggestions
2014-06-03 23:13:14 +02:00
f2e1732878
Resolve hostnames before trying to save
2014-06-03 15:19:30 -05:00
d3949b3d6c
refactor mssql_hashdump
...
refactor mssql_hashdump to use Metasploit:Credential
2014-06-03 15:02:59 -05:00
0272593923
Merge pull request #32 from rapid7/feature/MSP-9736/vnc-post
...
refactor vnc post module
MSP-9736 #land
2014-06-03 13:53:42 -05:00
8abed15c77
Switch to Credential::* things
2014-06-03 11:48:08 -05:00
6c7fd3642a
Land #3411 , Python 3.[34] Meterpreter support
2014-06-03 11:34:22 -05:00
0e3549ebc4
mc brute tidy
2014-06-03 17:27:46 +01:00
0e4177fb75
Pymeterpreter shorten stagers by 3 bytes
2014-06-03 12:03:20 -04:00
9335495b30
Merge pull request #36 from rapid7/feature/MSP-9724/psexec
...
psexec credential refactor
MSP-9724 #land
2014-06-03 10:09:56 -05:00
883976c6a8
Merge pull request #33 from rapid7/feature/MSP-9741/smartftp
...
refactor smartftp post module
MSP-9741 #land
2014-06-03 10:04:09 -05:00
95376bf6d3
Pymeterpreter update stager and stage descriptions
2014-06-03 10:17:27 -04:00
04ac07a216
Compress and base64 data to save bytes.
...
Reduced file size from 43kb to 12kb, yay.
2014-06-02 23:06:46 -05:00
cf6b181959
Revert change to trailer(). Kill dead method.
...
* I verified that changes to PDF mixin do not affect any older modules that
generate PDF. I did this by (on each branch) running in irb, then
running the module and diffing the pdf's generated by each branch. There were
no changes.
2014-06-02 22:26:14 -05:00
9f5dfab9ea
Add better interface for specifying custom #eol.
2014-06-02 22:26:11 -05:00
feca6c4700
Add exploit for ajsif vuln in Adobe Reader.
...
* This refactors the logic of webview_addjavascriptinterface into a mixin (android.rb).
* Additionally, some behavior in pdf.rb had to be modified (in backwards-compatible ways).
Conflicts:
lib/msf/core/exploit/mixins.rb
2014-06-02 22:25:55 -05:00
9d9f3b5a03
Refactor to prepare for replacing report_auth_info
2014-06-02 18:07:44 -05:00
d0d389598a
Land #3086 , Android Java Meterpreter updates
...
w00t.
2014-06-02 17:28:38 -05:00
76c3aaf743
Pymeterpreter get type encoder from dict instead
2014-06-02 17:32:08 -04:00
aeca455a10
Pymeterpreter update pystagers for version 3.1/3.2
2014-06-02 17:18:13 -04:00
07093ada58
add realm handling to psexec
...
oops, forgot to create the realm when applicable
2014-06-02 14:53:40 -05:00
b136765ef7
Nuke extra space at EOL
2014-06-02 14:22:01 -05:00
361b9a1616
psexec credential refactor
...
refactor psexec credential reporting
to use Metasploit::Credential
2014-06-02 14:20:54 -05:00
ea383b4139
Make print/descs/case consistent
2014-06-02 13:20:01 -05:00
5c745c4b9c
Merge pull request #31 from rapid7/feature/MSP-9728/coreftp
...
refactor coreFTP post module
MSP-9728 #land
2014-06-02 13:19:11 -05:00
b7dc89f569
I prefer "bruteforce" to "brute force" for search
...
Just makes it easier to search for, since it's an industry term of art.
2014-06-02 13:09:46 -05:00
9eb42cb80f
refactor smartftp post module
...
refactor the smartftp credential post module to use
Metasploit::Credential
2014-06-02 11:48:45 -05:00
34004908bb
Merge branch 'master' into staging/electro-release
...
Conflicts:
.ruby-version
2014-06-02 11:10:33 -05:00
8bd4e8d30a
Land #3406 , indeces_enum -> indices_enum
2014-06-02 11:06:33 -05:00
d9fd77fba7
Merge pull request #29 from rapid7/feature/MSP-9739/mremote_refactor
...
Feature/msp 9739/mremote refactor
MSP-9739 #land
2014-06-02 11:05:20 -05:00
3c5fae3706
Use correct include
2014-06-01 11:51:06 +01:00
4801a7fca0
Allow x86->x64 injection
2014-06-01 11:50:13 +01:00
77eac38b01
Pymeterpreter fix processes_via_proc for Python v3
2014-05-30 16:32:03 -04:00
1e2ae16713
refactor vnc post module
...
this adds Metasploit::Credential functionality to
the post/windows/gather/credentials/vnc module
it also fixes a hostname resolution issue on windows
hashdump that could occur when the peerhost is an unresolved
hostname
2014-05-30 14:27:44 -05:00
86fec3a33f
refactor coreFTP post module
...
post/windows/gather/credentials/coreftp now uses
the new Metasploit::Credential methods
2014-05-30 14:06:31 -05:00
74400549a1
Resolve undefined method `get_cookies'
...
Anemone::Page is not a Rex HTTP request/response, and uses the
:cookies method to return an array of cookies.
This resolves the method naming error, though it does break with
Rex naming convention since Anemone still uses a lot non-Rex
methods for working with pages/traffic.
2014-05-30 14:39:51 -04:00
4a1fea7abb
Land #2948 , @juushya's PocketPAD login bruteforce module
2014-05-30 11:47:16 -05:00
b0bdfa7680
Clean up code
2014-05-30 11:44:42 -05:00
fb59221189
Land #2494 , @juushya's etherpadduo login module
2014-05-30 11:35:28 -05:00
d92a7adc68
change module filename
2014-05-30 11:31:49 -05:00
40a103967e
Minor code cleanup
2014-05-30 11:28:37 -05:00
76ed9bcf86
hedwig.cgi - cookie bof - return to system
2014-05-30 17:49:37 +02:00
1ddc2d4e87
hedwig.cgi - cookie bof - return to system
2014-05-30 17:32:49 +02:00
6f330ea190
Add deprecation information
2014-05-29 17:38:01 -05:00
60c5307475
Fix msftidy
2014-05-30 00:14:59 +02:00
0d07fb6c39
Land #2858 , @jiuweigui's post module to enumerate Enumerate MUICache
2014-05-29 17:08:50 -05:00
a6229aedff
Rescue RequestError when downloading file
2014-05-29 17:07:22 -05:00
f2a71a47ca
Use \&\& instead of and
2014-05-29 17:04:38 -05:00
31c282153e
Avoid ntuser.dat md5 because is causing problems, even when data is extracted
2014-05-29 17:02:28 -05:00
9627bae98b
Add JDWP RCE for Windows and Linux
2014-05-29 23:45:44 +02:00
e012d55d73
refactor mremote
...
mremote post module now refactored to
use new metasploit credentials
2014-05-29 16:27:41 -05:00
95b71dee00
Try to fix crash while file_remote_digest
2014-05-29 16:12:51 -05:00
a1131092b7
fix open rescue
...
rescuing all exceptions bad
bad past dave bad
2014-05-29 16:05:16 -05:00
cbbd7bfdf4
Refacotor code
2014-05-29 15:55:44 -05:00
bf3bb63e4a
fix mremote to work on mremoteNG
...
fixed the mremote credential post module to work
against the newer mRemoteNG
2014-05-29 15:43:02 -05:00
f61aeb818a
smart hashdump refactor
...
refactor the windows smart hashdump post module
to use the new cred creation methods
2014-05-29 15:06:42 -05:00
cdabb71d23
Make code cleanup
2014-05-29 14:51:10 -05:00
e3c4745879
Windows Hashdump post module refactor
...
refactor the Hashdump post module for window
to use the new cred creation methods.
Also some extra methods to do db safe checks
for record ids that we need
2014-05-29 13:20:32 -05:00
aea0379451
Fix typos
2014-05-29 12:37:51 -05:00
696d2b7e6b
Merge branch 'master' into staging/electro-release
2014-05-29 12:30:32 -05:00
3a3d038904
Land #3397 - ElasticSearch Dynamic Script Arbitrary Java Execution
2014-05-29 12:21:21 -05:00
dfa61b316e
A bit of description change
2014-05-29 12:20:40 -05:00
e669324366
Merge pull request #25 from rapid7/feature/MSP-9673/axis2-login-scanner
...
Add axis2 login scanner
2014-05-29 11:22:22 -05:00
53ab2aefaa
Land #3386 , a few datastore msftidy error fixes
2014-05-29 10:44:37 -05:00
145776db4d
Add a DEBUGGING option to the python meterpreter
2014-05-29 10:52:49 -04:00
8a2236ecbb
Fix the last of the Set-Cookie msftidy warnings
2014-05-29 04:42:49 -05:00
15b1c79039
Adjust whitespace and set bytes to str for Python 2
2014-05-28 16:30:27 -04:00
3f86aebabf
Land #3398 , CAPWAP DoS description cleanup
2014-05-28 14:55:22 -05:00
785b53820e
Land #3399 , print_error instead of print_status
2014-05-28 14:53:00 -05:00
05e24326a6
Style compliance
2014-05-28 14:31:34 -05:00
c89cd24621
Rewire some snmp modules to use print_error instead of print_status.
2014-05-28 13:31:00 -05:00
4b5c62ba8d
Dress up CAPWAP DoS desc a little.
2014-05-28 12:19:17 -05:00
7a29ae5f36
Add module for CVE-2014-3120
2014-05-27 18:01:16 -05:00
55ef5dd484
Land #3115 , @silascutler's module for elasticsearch indeces enumeration
2014-05-27 11:28:34 -05:00
2271afc1a5
Change module filename
2014-05-27 11:25:39 -05:00
3de8beb5fd
Clean code
2014-05-27 11:22:40 -05:00
69e8286838
Fix title
2014-05-27 10:29:32 -05:00
1316365c2f
Fix description
2014-05-27 10:22:39 -05:00
abe1d6ffc7
Land #3190 , @Karmanovskii's module to fingerprint MyBB database
2014-05-27 10:20:24 -05:00
86221de10e
Fix message
2014-05-27 10:18:27 -05:00
b96c2dd0ca
Change module filename
2014-05-27 10:15:39 -05:00
1d8c46155b
Do last code cleaning
2014-05-27 10:14:55 -05:00
352e14c21a
Land #3391 , all vars_get msftidy warning fixes
2014-05-26 23:41:46 -05:00
936c29e69b
Land #3387 , some Set-Cookie msftidy warning fixes
2014-05-26 23:37:33 -05:00
eacf70af83
Update mybb_get_type_db.rb
...
26.05.2014 23:26
I deleted mimicking IE11
2014-05-26 23:26:28 +04:00
217a14e4d7
Land #3366 , @jholgui's module for CVE-2013-4074
2014-05-25 18:53:30 -05:00
33ba134147
Clean msftidy warnings and metadata
2014-05-25 18:52:01 -05:00
d3c17d8e3e
Delete wireshark_capwap_dos
2014-05-25 18:39:53 -05:00
c559483176
Land #3392 , @TomSellers patch to use python constants
2014-05-25 16:18:42 -04:00
77f66f8510
Update reverse_tcp.rb
2014-05-25 14:04:54 -05:00
b5c567c462
Update bind_tcp.rb
2014-05-25 14:03:45 -05:00
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
9f166b87f6
Changed the description
2014-05-24 18:58:36 +01:00
71e2d19040
Adapted to auxiliary modules structure
2014-05-24 18:53:10 +01:00
df97c66ff5
Fixed check
2014-05-24 00:37:52 +02:00
8d4d40b8ba
Resolved some Set-Cookie warnings
2014-05-24 00:34:46 +02:00
1aee0f3305
Warn if it's not UPPERCASE method (@wchen-r7)
...
See the discussion on f7bfab5a26#3386
2014-05-23 17:10:27 -05:00
9f78bec457
Use normalize_uri (@wchen-r7)
...
Instead of editing the datastore['PATH'], use normalize_uri.
Since the purpose of this module is quite fuzz-like, I didn't want to
apply the normalize_uri to the whole uri -- the original code merely
applied to datastore['PATH'] (which seems like it should be
datastore['URI'] really) and then added on a bunch of other stuff to
test for traversals.
2014-05-23 15:43:50 -05:00
f7bfab5a26
HTTP traversal shouldnt upcase METHOD (@wchen-r7)
...
If the user wants to use downcased or mixed case HTTP methods, heck,
more power to them. If it doesn't work, it doesn't work. No other HTTP
module makes this call.
2014-05-23 15:32:04 -05:00
7f59cf5035
Ora XID HTTP needn't edit DBUSER (@cellabosm)
...
Looks like copypasta artifacts. DBUSER and DBPASS aren't ever set as
options in the module, and the module doesn't include MC's
Exploit::ORACLE mixin. It's also from four years ago and doesn't
report_auth or anything useful like that, but that's out of scope for
this branch.
2014-05-23 15:20:46 -05:00
efffbf751a
PHP module shouldnt zap CMD option (@wchen-r7)
...
As far as I can tell, there is no purpose for this cleanup. No other CMD
exec module takes pains to clear out CMD after run, and it looks like a
bad idea -- what happens when you rexploit?
2014-05-23 15:09:18 -05:00
f189033e8a
OWA bruteforce shouldnt edit datastore (@wchen-r7)
...
This module was written in an era where the defaults for bruteforcing
included a lot of lock-inducing behavior, thus, it was quite serious
about setting datastore options directly. Also, there was apparently a
bug in USER_AS_PASS that this module attempted to avoid by setting the
datastore directly, rather than fixing the bug directly. As far as I
know, this bug has been long since resolved.
2014-05-23 15:08:19 -05:00
ae3c334232
Getting closer. Still something f'd with local answerer.html.
2014-05-22 17:14:35 -05:00
28459299b2
Update ibstat_path.rb
...
Add interface detection, defaulting to en0.
2014-05-22 14:16:04 -07:00
fa353e6bd9
Add CVE, IBM ref for SameTime modules
2014-05-22 11:34:04 -05:00
14b796acbf
First stab at refactoring webrtc mixin.
2014-05-21 15:32:29 -05:00
e3630278ce
Land #3379 , [FixRM #8803 ] - Improve fb_cnct_group check
2014-05-21 11:39:10 -04:00
b9464e626e
Delete unnecessary line
2014-05-21 10:18:03 -05:00
af415c941b
[SeeRM #8803 ] Avoid false positives when checking fb_cnct_group
2014-05-20 18:44:28 -05:00
8a9c005f13
Add URL
2014-05-20 17:43:07 -05:00
7cabfacfa3
Test adobe_flash_pixel_bender_bof on Safari 5.1.7
...
Added browser-requirement for Safari after successful test using Safari 5.1.7 with Adobe Flash Player 13.0.0.182 running on Windows 7 SP1.
2014-05-20 01:43:19 +02:00
52b182d212
Add a small note to bypassuac_injection concerning EXE::Custom
2014-05-19 22:00:35 +01:00
b84379ab3b
Note about EXE::Custom
2014-05-19 22:00:09 +01:00
e26dee5e22
Update mybb_get_type_db.rb
...
19/05/2014
I deleted - #return Exploit::CheckCode::Unknown # necessary ????
2014-05-19 21:32:30 +04:00
a30d6b1f2d
Quick cleanup for sap_icm_urlscan
2014-05-19 09:21:26 -05:00
dc0e649a10
Clean up case statement
2014-05-19 09:21:07 -05:00
bc64e47698
Land #3370 , cleanup for sap_icm_urlscan
2014-05-19 09:16:18 -05:00
0ef2e07012
Minor desc and status updates, cosmetic
2014-05-19 08:59:54 -05:00
6b1e4c3a9d
Show loot and error code
2014-05-19 11:17:58 +01:00
848227e18a
401 should be a valid url
2014-05-19 10:59:38 +01:00
5d96f54410
Be verbose about 307
2014-05-19 10:52:06 +01:00
88b7dc3def
re-add content length
2014-05-19 10:46:47 +01:00
e59f104195
Use unless
2014-05-19 10:41:01 +01:00
bf52c0b888
Land #3364 - Symantec Workspace Streaming Arbitrary File Upload
2014-05-19 00:25:33 -05:00
2fb0dbb7f8
Delete debug print_status
2014-05-18 23:34:04 -05:00
975cdcb537
Allow exploitation also on FF
2014-05-18 23:24:01 -05:00
033757812d
Updates to adobe_flash_pixel_bender_bof:
...
1. Added embed-element to work with IE11 (and Firefox). Removed browser-requirements for ActiveX (clsid and method).
2. Added Cache-Control header on SWF-download to avoid AV-detection (no disk caching = no antivirus-analysis :).
Testing performed:
Successfully tested with Adobe Flash Player 13.0.0.182 with IE9, IE10 and IE11 running on Windows 7SP1. (Exploit will trigger on FF29, although sandboxed.)
2014-05-18 22:43:51 +02:00
a97d9ed54f
Land #3148 , check_urlprefixes for sap_icm_urlscan
2014-05-17 16:10:52 -05:00
dd1a47f31f
Modified sap_icm_urlscan to check for authentication of custom URLs
...
Fixed ruby coding style
2014-05-17 22:47:49 +02:00
06912ac2b6
Update mybb_get_type_db.rb
...
1.Changed "Rex::Proto::Http::Client" to "Msf::Exploit::Remote::HttpClient"
2.changed the name of the variable "_Version_server".
2014-05-17 16:30:29 +04:00
21cf0a162c
Added module to crash capwap dissector in wireshark tool
2014-05-17 11:31:43 +01:00
74b491e715
Delete wireshark_capwap_dos module
2014-05-17 11:25:38 +01:00
488c3e6b93
Land #3358 , @jvazquez-r7 Advantech WebAccess 7.1 SQLI module
2014-05-16 21:26:41 +02:00
2012d41b3d
Add origin of the user, and mark web users
2014-05-16 13:51:42 -05:00
4143474da9
Add support for web databases
2014-05-16 11:47:01 -05:00
883d2f14b5
delete debug print_status
2014-05-16 11:13:03 -05:00
ea38a2c6e5
Handle ISO-8859-1 special chars
2014-05-16 11:11:58 -05:00
c9465a8922
Rescue when the recovered info is in a format we can't understand
2014-05-16 08:57:59 -05:00
3c1363b990
Add new SNMP enumeration modules
2014-05-16 08:32:46 -05:00
7ec85c9d3a
Delete blank lines
2014-05-16 01:03:04 -05:00
9091ce443a
Add suport to decode passwords
2014-05-16 00:59:27 -05:00
1b68abe955
Add module for ZDI-14-127
2014-05-15 13:41:52 -05:00
f9982752f3
Land #3362 , ax rank for aux/dos mods
2014-05-14 15:20:07 -05:00
dc57e31be1
Aux modules don't respect Rank anyway
2014-05-14 15:03:10 -05:00
5b3bb8fb3b
Fix @FireFart's review
2014-05-14 09:00:52 -05:00
cbb84e854c
Update mybb_get_type_db.rb
...
14.05.2014
Eliminated notes jvazquez-r7
2014-05-14 14:56:40 +04:00
1ada4831e0
Land #3293 , module deprecation constants
2014-05-14 01:37:29 -05:00
de49241195
Land #3185 , regex option validation
2014-05-14 01:27:18 -05:00
750b6fc218
Land #3348 , some Ruby warning fixes
2014-05-14 01:25:10 -05:00
c421b8e512
Change if not to unless
2014-05-14 01:24:29 -05:00
df4b832019
Resolved some more Set-Cookie warnings
2014-05-13 22:56:12 +02:00
a7075c7e08
Add module for ZDI-14-077
2014-05-13 14:17:59 -05:00
827feaed9f
Land #3320 , @m-1-k-3's mips exec payload fixes to allow encoding.
2014-05-13 12:38:23 -05:00
1a3b319262
rebase to use the mixin psexec
2014-05-13 16:04:40 +02:00
d3f2414d09
Fix merging typo
2014-05-13 16:04:40 +02:00
808f87d213
SERVICE_DESCRIPTION doesn't concern this PR
2014-05-13 16:04:39 +02:00
6332957bd2
Try to add SERVICE_DESCRIPTION options to psexec, but it doesn't seem to work...
2014-05-13 16:04:39 +02:00
5ecebc3427
Add options `SERVICE_NAME` and `SERVICE_DISPLAYNAME` to psexec and correct service payload generation
2014-05-13 16:04:37 +02:00
ca7a2c7a36
Add string_to_pushes to use non fixed size service_name
2014-05-13 16:04:37 +02:00
513f3de0f8
new service exe creation refreshed
2014-05-13 16:04:36 +02:00
3f3283ba06
Resolved some msftidy warnings (Set-Cookie)
2014-05-12 21:23:30 +02:00
638ae477d9
Fix up spec. Rex::Proto::Http::ClientRequest handles & and = outside of Rex::Text::uri_encode, so mode doesn't affect them.
...
Fix erroneous typo char.
2014-05-12 12:10:30 -05:00
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
b5ba261ffe
Land #3347 , @FireFart's change to allow configurable landing dir on struts_code_exec_parameters
2014-05-11 18:43:41 -05:00
2b8dd9139c
Fix cosmetic issue
...
Fix cosmetic issue /w email address when it is output via 'info' or the Rapid7 module page.
2014-05-11 16:14:51 -05:00
557cd56d92
fixed some ruby warnings
2014-05-10 23:31:02 +02:00
a60558061c
re-enable x86 stager
2014-05-10 19:58:19 +01:00
ae0691c586
make string replacement more robust
2014-05-10 17:00:25 +01:00
92a9519fd9
Remove EOL spaces
2014-05-09 18:34:12 -05:00
dee6b53175
fix java payload struts module
2014-05-10 00:19:40 +02:00
6f837715f9
Land #3343 , @FireFart's new uri encoding for struts_code_exec_parameters
2014-05-09 14:37:58 -05:00
38f3a19673
Try to beautify description
2014-05-09 14:35:06 -05:00
43a85fc645
additional GET parameters
2014-05-09 21:21:04 +02:00
ad83921a85
additional GET parameters
2014-05-09 21:15:28 +02:00
f56ea01988
Add module
2014-05-09 10:27:41 -05:00
53fde675e7
randomize meh parameter
2014-05-09 10:38:19 +02:00
c9e356116f
Land #3340 - Adobe Flash Player Shader Buffer Overflow
2014-05-08 20:55:38 -05:00
a3fff5401f
more code cleanup
2014-05-08 23:05:41 +02:00
e7b7af2f75
fixed apache struts module
2014-05-08 22:15:52 +02:00
8c55858eae
Land #3309 , @arnaudsoullie's changes for modblusclient
2014-05-08 10:45:19 -05:00
25f13eac37
Clean a little response parsing
2014-05-08 10:44:53 -05:00
6b41a4e2d9
Test Flash 13.0.0.182
2014-05-07 17:39:22 -05:00
5fd732d24a
Add module for CVE-2014-0515
2014-05-07 17:13:16 -05:00
1f3466a3a3
Added Modbus error handling.
...
It now checks for error and displays the appropriate error message.
The only error simulated was "ILLEGAL ADDRESS", don't know how
to test for others.
2014-05-05 23:21:54 +02:00
e8bc89af30
Land #3337 , release fixes
2014-05-05 14:03:48 -05:00
c97c827140
Adjust desc and ranking on ms13-053
...
Since it's likely to crash winlogin.exe in the normal use case
(eventually), I've kicked this down to Average ranking.
2014-05-05 13:46:19 -05:00
3536ec9a74
Description update
2014-05-05 13:43:44 -05:00
b81f94a229
Land #3336 , @todb-r7's CVEs addition
2014-05-05 13:43:04 -05:00
c6affcd6d3
Fix caps, description on F5 module
...
The product name isn't "Load Balancer" as far as I can tell.
2014-05-05 13:38:53 -05:00
353a50cdd0
Land #3316 , Content-Length fix for http_ntlmrelay
2014-05-05 13:38:36 -05:00
3072c2f08a
Update CVEs for RootedCon Yokogawa modules
...
Noticed they were nicely documented at
http://chemical-facility-security-news.blogspot.com/2014/03/ics-cert-publishes-yokogawa-advisory.html
We apparently never updated with CVE numbers.
2014-05-05 13:25:55 -05:00
6bfc9a8aa0
Land #3333 - Adobe Flash Player Integer Underflow Remote Code Execution
2014-05-05 10:39:26 -05:00
a8915f0ed8
Land #3310 , OpenSSH timing attack improvements
2014-05-04 19:47:51 -05:00
073adc759d
Land #3334 , fix author by @julianvilas
2014-05-04 21:30:53 +02:00
dd7705055b
Fix author
2014-05-04 19:31:53 +02:00
7e37939bf2
Land #3090 - Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
2014-05-04 16:41:17 +10:00
5b150a04c6
Add testing information to description
2014-05-03 20:08:00 -05:00
b4c7c5ed1f
Add module for CVE-2014-0497
2014-05-03 20:04:46 -05:00
a47b883083
Remove redundant simple.connect
...
Remove redundant simple.connect. Thanks @jlee-r7
2014-05-02 12:46:50 -05:00
36f9f342c1
Fix typo
2014-05-02 16:26:08 +02:00
56c5eac823
Message correction
2014-05-02 14:18:18 +01:00
69915c0de5
Message correction
2014-05-02 14:17:27 +01:00
Jon Hart
Brandon Perry
Meatballs
joev
David Maloney
Samuel Huckins
James Lee
Julian Vilas
jvazquez-r7
Trevor Rosen
William Vu
Spencer McIntyre
Tod Beardsley
RageLtMan
Michael Messner
sinn3r
Karmanovskii
Tom Sellers
Christian Mehlmauer
JoseMi
mercd
Jonas Vestberg
sappirate
agix
Florian Gaultier
Jeff Jarmoc
Tim Wright
Arnaud SOULLIE
OJ