jvazquez-r7
a217ca8bc7
Land #1763 , @wchen-r7's modification to add js_ajax_download
2013-04-25 20:43:24 -05:00
sinn3r
008266a581
Corrects documentation. Thanks Meatballs1
2013-04-25 19:13:16 -05:00
jvazquez-r7
bf0375f0e9
Fix @jlee-r7's feedback
2013-04-25 18:43:21 -05:00
jvazquez-r7
8eea476cb8
Build the jnlp uri when resource is available
2013-04-25 18:43:21 -05:00
jvazquez-r7
cc961977a2
Add bypass for click2play
2013-04-25 18:43:21 -05:00
James Lee
e2dece6f0e
Make sure xor encoders work with odd padding
2013-04-25 15:45:06 -05:00
sinn3r
ff87e3622b
Changes made according to feedback from Juan and James
2013-04-25 15:19:44 -05:00
Tod Beardsley
d570923b62
Merge #1767 , @jvennix-r7's .webarchive UXSS
...
For disclosure details, see:
https://community.rapid7.com/community/metasploit/blog/2013/04/18/abusing-safaris-webarchive-file-format
2013-04-25 11:22:02 -05:00
Joe Vennix
993356c73e
Add safari webarchive uxss to framework as an aux module.
2013-04-25 11:14:16 -05:00
jvazquez-r7
b67fcd3219
Add OSVDB ref to sap_configservlet_exec_noauth
2013-04-25 08:13:32 -05:00
sinn3r
6642545551
Adds new JavaScript function "js_download"
...
"js_download" is a JavaScript function used to download data (text
or binary) from the web server.
2013-04-24 17:36:45 -05:00
James Lee
01d790eb54
Land #1748 , fix for java meterp network prefixes
...
[Closes #1748 ]
2013-04-24 12:27:28 -05:00
James Lee
a7effaf9c6
Add bins for #1748
2013-04-24 12:27:05 -05:00
jvazquez-r7
2b4144f20f
Add module for US-CERT-VU 345260
2013-04-24 10:47:16 -05:00
jvazquez-r7
c3f5f5f9de
Land #1756 , @wchen-r7's cleanup of spaces
2013-04-23 19:29:36 -05:00
sinn3r
cae30bec23
Clean up all the whitespace found
2013-04-23 18:27:11 -05:00
James Lee
93bddd9041
Improved docs and partial specs for Rex::Text
...
Conflicts:
lib/msf/core/modules/loader/base.rb
lib/rex/poly/block.rb
lib/rex/text.rb
2013-04-23 17:24:03 -05:00
Brandon Turner
47097ecf69
Fix typo
2013-04-23 15:39:02 -05:00
sinn3r
b0ac7a7b47
Landing #1752 - Removes msfgui and armitage
...
[Closes #1752 ] - Stable releases can be tracked here:
MSFGui: http://www.scriptjunkie.us/msfgui/
Armitage: http://www.fastandeasyhacking.com/download
2013-04-23 12:28:49 -05:00
sinn3r
a5c102d11e
Landing #1753 - Updates references for java_jre17_reflection_types
2013-04-23 08:03:30 -05:00
jvazquez-r7
ece36c0610
Update references for the las Java exploit
2013-04-22 21:55:04 -05:00
jvazquez-r7
1529dff3f3
Do final cleanup for sap_configservlet_exec_noauth
2013-04-22 21:43:41 -05:00
jvazquez-r7
8c9715c2ed
Land #1751 , @andrewkabai's SAP Portal remote OS command exec
2013-04-22 21:41:53 -05:00
Tod Beardsley
80fb7b85ef
Drop msfgui.jar, too.
2013-04-22 16:03:38 -05:00
sinn3r
a09b3b8023
Lands #1169 - Adds a check
...
[Closes #1169 ]
Conflicts:
modules/auxiliary/dos/http/apache_range_dos.rb
2013-04-22 15:50:15 -05:00
sinn3r
882b084cba
Changes the default action
2013-04-22 15:47:38 -05:00
sinn3r
7e28a4ddb0
Uses "ACTIONS" keys instead of datastore options
...
It's better to use ACTIONS instead of datastore in this case. Also,
did some cleanup.
2013-04-22 15:41:47 -05:00
Tod Beardsley
1112daaff2
Remove msfgui and armitage
...
This removes the Armitage and MSFGui components from the Metasploit
distribution. You can track the latest stable releases of these
alternate GUIs here:
MSFGui: http://www.scriptjunkie.us/msfgui/
Armitage: http://www.fastandeasyhacking.com/download
2013-04-22 15:26:44 -05:00
sinn3r
dfff20a3fc
Landing #1692 - Handles OSQL banners and responses
...
[Close #1692 ]
2013-04-22 13:58:44 -05:00
sinn3r
b10b2c60d8
Landing #1746 - Adds some friendlier defaults to database.yml
...
[Closes #1746 ]
2013-04-22 12:54:24 -05:00
Andras Kabai
79eb2ff62d
add EDB ID to references
2013-04-22 18:37:28 +02:00
sinn3r
ab976bcf63
Landing #1749 - Fixes Ruby 1.8 Syntax errors
...
[Closes #1749 ]
2013-04-22 11:20:54 -05:00
Andras Kabai
15b06c43aa
sap_configservlet_exec_noauth auxiliary module
...
the final module was moved from my master branch to here because of the
pull request needs
2013-04-22 17:40:27 +02:00
Andras Kabai
b4f1f3efbb
remove aux module from master branch
2013-04-22 17:34:01 +02:00
Antoine
0115833724
SyntaxError fixes
2013-04-21 20:22:41 +00:00
Michael Schierl
e98d510deb
Fix incorrect network prefix in Java Meterpreter
...
Apparently, getNetworkPrefixLength can return -1, which confuses the Ruby
side. Therefore fall back to guessing the prefix in this case, as we do it
for Java <= 1.6.
2013-04-20 23:10:46 +02:00
jvazquez-r7
1365dfe68c
Add Oracle url
2013-04-20 01:43:14 -05:00
jvazquez-r7
9fca89f70b
fix small issues
2013-04-20 01:43:14 -05:00
jvazquez-r7
b99fc06b6f
description updated
2013-04-20 01:43:14 -05:00
jvazquez-r7
19f2e72dbb
Added module for Java 7u17 sandboxy bypass
2013-04-20 01:43:13 -05:00
Andras Kabai
49b055e5fd
make msftidy happy
2013-04-20 00:26:04 +02:00
Andras Kabai
e4d9c45ce9
remove unnecessary rank rating
2013-04-20 00:23:55 +02:00
jvazquez-r7
c7fcd6931a
Use vprint_error
2013-04-19 16:22:07 -05:00
jvazquez-r7
4ef33197dc
Land #1745 - @FireFart's improvement for MediaWiki aux module
2013-04-19 16:20:33 -05:00
jvazquez-r7
19a158dce9
Do final cleanup for netgear_dgn2200b_pppoe_exec
2013-04-19 15:50:23 -05:00
jvazquez-r7
c1819e6ecc
Land #1700 , @m-1-k-3's exploit for Netgear DGN2200B
2013-04-19 15:49:30 -05:00
Tod Beardsley
881d16e701
Add some friendlier defaults to database.yml
...
Actually let people get going out of the gate without forcing them to
puzzle out database.yml configurations. Also gives some hints on how to
set up a database.
Today, if you merely copy and paste from database.yml.example, you'll
get yelled at:
````
$ ./msfconsole -L -y config/database.yml
[-] No database definition for environment production
````
2013-04-19 15:43:25 -05:00
Christian Mehlmauer
eaff87879e
added text
2013-04-19 22:03:05 +02:00
Christian Mehlmauer
a6be72b019
fixes for mediawiki aux module
2013-04-19 21:43:12 +02:00
Andras Kabai
763d1ac2f1
remove unnecessary option declaration
2013-04-19 21:42:28 +02:00