Commit Graph

17871 Commits (a217ca8bc7995cafaad5ed95243c247cf527cf7c)

Author SHA1 Message Date
jvazquez-r7 a217ca8bc7 Land #1763, @wchen-r7's modification to add js_ajax_download 2013-04-25 20:43:24 -05:00
sinn3r 008266a581 Corrects documentation. Thanks Meatballs1 2013-04-25 19:13:16 -05:00
jvazquez-r7 bf0375f0e9 Fix @jlee-r7's feedback 2013-04-25 18:43:21 -05:00
jvazquez-r7 8eea476cb8 Build the jnlp uri when resource is available 2013-04-25 18:43:21 -05:00
jvazquez-r7 cc961977a2 Add bypass for click2play 2013-04-25 18:43:21 -05:00
James Lee e2dece6f0e Make sure xor encoders work with odd padding 2013-04-25 15:45:06 -05:00
sinn3r ff87e3622b Changes made according to feedback from Juan and James 2013-04-25 15:19:44 -05:00
Tod Beardsley d570923b62 Merge #1767, @jvennix-r7's .webarchive UXSS
For disclosure details, see:

https://community.rapid7.com/community/metasploit/blog/2013/04/18/abusing-safaris-webarchive-file-format
2013-04-25 11:22:02 -05:00
Joe Vennix 993356c73e Add safari webarchive uxss to framework as an aux module. 2013-04-25 11:14:16 -05:00
jvazquez-r7 b67fcd3219 Add OSVDB ref to sap_configservlet_exec_noauth 2013-04-25 08:13:32 -05:00
sinn3r 6642545551 Adds new JavaScript function "js_download"
"js_download" is a JavaScript function used to download data (text
or binary) from the web server.
2013-04-24 17:36:45 -05:00
James Lee 01d790eb54 Land #1748, fix for java meterp network prefixes
[Closes #1748]
2013-04-24 12:27:28 -05:00
James Lee a7effaf9c6 Add bins for #1748 2013-04-24 12:27:05 -05:00
jvazquez-r7 2b4144f20f Add module for US-CERT-VU 345260 2013-04-24 10:47:16 -05:00
jvazquez-r7 c3f5f5f9de Land #1756, @wchen-r7's cleanup of spaces 2013-04-23 19:29:36 -05:00
sinn3r cae30bec23 Clean up all the whitespace found 2013-04-23 18:27:11 -05:00
James Lee 93bddd9041 Improved docs and partial specs for Rex::Text
Conflicts:
	lib/msf/core/modules/loader/base.rb
	lib/rex/poly/block.rb
	lib/rex/text.rb
2013-04-23 17:24:03 -05:00
Brandon Turner 47097ecf69 Fix typo 2013-04-23 15:39:02 -05:00
sinn3r b0ac7a7b47 Landing #1752 - Removes msfgui and armitage
[Closes #1752] - Stable releases can be tracked here:
MSFGui: http://www.scriptjunkie.us/msfgui/
Armitage: http://www.fastandeasyhacking.com/download
2013-04-23 12:28:49 -05:00
sinn3r a5c102d11e Landing #1753 - Updates references for java_jre17_reflection_types 2013-04-23 08:03:30 -05:00
jvazquez-r7 ece36c0610 Update references for the las Java exploit 2013-04-22 21:55:04 -05:00
jvazquez-r7 1529dff3f3 Do final cleanup for sap_configservlet_exec_noauth 2013-04-22 21:43:41 -05:00
jvazquez-r7 8c9715c2ed Land #1751, @andrewkabai's SAP Portal remote OS command exec 2013-04-22 21:41:53 -05:00
Tod Beardsley 80fb7b85ef Drop msfgui.jar, too. 2013-04-22 16:03:38 -05:00
sinn3r a09b3b8023 Lands #1169 - Adds a check
[Closes #1169]

Conflicts:
	modules/auxiliary/dos/http/apache_range_dos.rb
2013-04-22 15:50:15 -05:00
sinn3r 882b084cba Changes the default action 2013-04-22 15:47:38 -05:00
sinn3r 7e28a4ddb0 Uses "ACTIONS" keys instead of datastore options
It's better to use ACTIONS instead of datastore in this case. Also,
did some cleanup.
2013-04-22 15:41:47 -05:00
Tod Beardsley 1112daaff2 Remove msfgui and armitage
This removes the Armitage and MSFGui components from the Metasploit
distribution. You can track the latest stable releases of these
alternate GUIs here:

MSFGui: http://www.scriptjunkie.us/msfgui/
Armitage: http://www.fastandeasyhacking.com/download
2013-04-22 15:26:44 -05:00
sinn3r dfff20a3fc Landing #1692 - Handles OSQL banners and responses
[Close #1692]
2013-04-22 13:58:44 -05:00
sinn3r b10b2c60d8 Landing #1746 - Adds some friendlier defaults to database.yml
[Closes #1746]
2013-04-22 12:54:24 -05:00
Andras Kabai 79eb2ff62d add EDB ID to references 2013-04-22 18:37:28 +02:00
sinn3r ab976bcf63 Landing #1749 - Fixes Ruby 1.8 Syntax errors
[Closes #1749]
2013-04-22 11:20:54 -05:00
Andras Kabai 15b06c43aa sap_configservlet_exec_noauth auxiliary module
the final module was moved from my master branch to here because of the
pull request needs
2013-04-22 17:40:27 +02:00
Andras Kabai b4f1f3efbb remove aux module from master branch 2013-04-22 17:34:01 +02:00
Antoine 0115833724 SyntaxError fixes 2013-04-21 20:22:41 +00:00
Michael Schierl e98d510deb Fix incorrect network prefix in Java Meterpreter
Apparently, getNetworkPrefixLength can return -1, which confuses the Ruby
side. Therefore fall back to guessing the prefix in this case, as we do it
for Java <= 1.6.
2013-04-20 23:10:46 +02:00
jvazquez-r7 1365dfe68c Add Oracle url 2013-04-20 01:43:14 -05:00
jvazquez-r7 9fca89f70b fix small issues 2013-04-20 01:43:14 -05:00
jvazquez-r7 b99fc06b6f description updated 2013-04-20 01:43:14 -05:00
jvazquez-r7 19f2e72dbb Added module for Java 7u17 sandboxy bypass 2013-04-20 01:43:13 -05:00
Andras Kabai 49b055e5fd make msftidy happy 2013-04-20 00:26:04 +02:00
Andras Kabai e4d9c45ce9 remove unnecessary rank rating 2013-04-20 00:23:55 +02:00
jvazquez-r7 c7fcd6931a Use vprint_error 2013-04-19 16:22:07 -05:00
jvazquez-r7 4ef33197dc Land #1745 - @FireFart's improvement for MediaWiki aux module 2013-04-19 16:20:33 -05:00
jvazquez-r7 19a158dce9 Do final cleanup for netgear_dgn2200b_pppoe_exec 2013-04-19 15:50:23 -05:00
jvazquez-r7 c1819e6ecc Land #1700, @m-1-k-3's exploit for Netgear DGN2200B 2013-04-19 15:49:30 -05:00
Tod Beardsley 881d16e701 Add some friendlier defaults to database.yml
Actually let people get going out of the gate without forcing them to
puzzle out database.yml configurations. Also gives some hints on how to
set up a database.

Today, if you merely copy and paste from database.yml.example, you'll
get yelled at:

````
$ ./msfconsole -L -y config/database.yml
[-] No database definition for environment production
````
2013-04-19 15:43:25 -05:00
Christian Mehlmauer eaff87879e added text 2013-04-19 22:03:05 +02:00
Christian Mehlmauer a6be72b019 fixes for mediawiki aux module 2013-04-19 21:43:12 +02:00
Andras Kabai 763d1ac2f1 remove unnecessary option declaration 2013-04-19 21:42:28 +02:00