4f5ab2c596
Pymeterpreter support process channels for Python v3
2014-05-30 14:35:47 -04:00
782c8bd172
Merge branch 'staging/electro-release' into feature/MSP-9725/windows_hashdump
2014-05-30 13:28:35 -05:00
5757c95fcb
Merge branch 'staging/electro-release' into feature/MSP-9739/mremote_refactor
2014-05-30 13:28:11 -05:00
bfc7ee8cdf
Merge branch 'staging/electro-release' into feature/MSP-9726/smart_hashdump
2014-05-30 13:27:15 -05:00
661abe65c4
Merge pull request #30 from rapid7/feature/MSP-9971/cred-creation
...
Feature/msp 9971/cred creation
2014-05-30 13:13:03 -05:00
ba525c7b78
use metasploit-credential creation methods
2014-05-30 13:07:11 -05:00
8f52133471
Land #3281 , require latest Ruby 1.9.3
...
Note, this will cause developer environments to complain until Ruby is
reinstalled. It's probably a good idea to reinstall anyway, though,
since people who haven't in a while may have been linked against a
Heartbleed-vulnerable openssl library.
2014-05-30 12:55:54 -05:00
4a1fea7abb
Land #2948 , @juushya's PocketPAD login bruteforce module
2014-05-30 11:47:16 -05:00
b0bdfa7680
Clean up code
2014-05-30 11:44:42 -05:00
fb59221189
Land #2494 , @juushya's etherpadduo login module
2014-05-30 11:35:28 -05:00
d92a7adc68
change module filename
2014-05-30 11:31:49 -05:00
98a23881ee
remove cred creation methods
...
removed cred creation methods from framework
and include them from the metasploit-credential gem instead
2014-05-30 11:28:53 -05:00
40a103967e
Minor code cleanup
2014-05-30 11:28:37 -05:00
e2cc2fece0
Pymeterpreter update win reg functions for python v3
2014-05-30 10:51:36 -04:00
c1368dbb4c
Use %windir%
2014-05-30 09:06:41 -05:00
6f330ea190
Add deprecation information
2014-05-29 17:38:01 -05:00
0d07fb6c39
Land #2858 , @jiuweigui's post module to enumerate Enumerate MUICache
2014-05-29 17:08:50 -05:00
a6229aedff
Rescue RequestError when downloading file
2014-05-29 17:07:22 -05:00
f2a71a47ca
Use \&\& instead of and
2014-05-29 17:04:38 -05:00
31c282153e
Avoid ntuser.dat md5 because is causing problems, even when data is extracted
2014-05-29 17:02:28 -05:00
e012d55d73
refactor mremote
...
mremote post module now refactored to
use new metasploit credentials
2014-05-29 16:27:41 -05:00
3a9f7fb7f9
Land #3405 , improved Nokogiri check for msftidy
2014-05-29 16:21:26 -05:00
95b71dee00
Try to fix crash while file_remote_digest
2014-05-29 16:12:51 -05:00
a1131092b7
fix open rescue
...
rescuing all exceptions bad
bad past dave bad
2014-05-29 16:05:16 -05:00
cbbd7bfdf4
Refacotor code
2014-05-29 15:55:44 -05:00
bf3bb63e4a
fix mremote to work on mremoteNG
...
fixed the mremote credential post module to work
against the newer mRemoteNG
2014-05-29 15:43:02 -05:00
04e94b0c07
Fix meterpreter and file tests for Python v3.4 on Win
2014-05-29 16:42:28 -04:00
4b97418f07
Land todb-r7#8, better nested if
2014-05-29 15:19:04 -05:00
f61aeb818a
smart hashdump refactor
...
refactor the windows smart hashdump post module
to use the new cred creation methods
2014-05-29 15:06:42 -05:00
cdabb71d23
Make code cleanup
2014-05-29 14:51:10 -05:00
15dc33591b
In pymeterpreter use a MeterpreterFile obj for Py v3
2014-05-29 15:09:09 -04:00
e3c4745879
Windows Hashdump post module refactor
...
refactor the Hashdump post module for window
to use the new cred creation methods.
Also some extra methods to do db safe checks
for record ids that we need
2014-05-29 13:20:32 -05:00
17fb48eaa3
Refactor check_nokogiri in msftidy
2014-05-29 13:20:23 -05:00
d8dcfd8f41
Update pymeterpreter netlink to support python3
2014-05-29 13:48:15 -04:00
aea0379451
Fix typos
2014-05-29 12:37:51 -05:00
696d2b7e6b
Merge branch 'master' into staging/electro-release
2014-05-29 12:30:32 -05:00
3a3d038904
Land #3397 - ElasticSearch Dynamic Script Arbitrary Java Execution
2014-05-29 12:21:21 -05:00
dfa61b316e
A bit of description change
2014-05-29 12:20:40 -05:00
2ce6f325f5
Be more specific with Nokogiri check
...
There are still strong reservations about using Nokogiri to parse
untrusted XML data.
http://www.wireharbor.com/hidden-security-risks-of-xml-parsing-xxe-attack/
It is also believed that many desktop operating systems are still
shipping out-of-date and vulnerable libxml2 libraries, which become
exposed via Nokogiri. For example:
http://stackoverflow.com/questions/18627075/nokogiri-1-6-0-still-pulls-in-wrong-version-of-libxml-on-os-x
While this isn't a problem for binary builds of Metasploit (Metasploit
Community, Express, or Pro) it can be a problem for development
versions or Kali's / Backtrack's version.
So, the compromise here is to allow for modules that don't directly
expose XML parsing. I can't say for sure that the various libxml2
vulnerabilities (current and future) aren't also exposed via
`Nokogiri::HTML` but I also can't come up with a reasonable demo.
Metasploit committers should still look at any module that relies on
Nokogiri very carefully, and suggest alternatives if there are any. But,
it's sometimes going to be required for complex HTML parsing.
tl;dr: Use REXML for XML parsing, and Nokogiri for HTML parsing if you
absolutely must.
2014-05-29 11:52:17 -05:00
75777cb3f9
Add IE11SandboxEscapes source
2014-05-29 11:38:43 -05:00
e669324366
Merge pull request #25 from rapid7/feature/MSP-9673/axis2-login-scanner
...
Add axis2 login scanner
2014-05-29 11:22:22 -05:00
2c6f89a58d
add sane default for connection timeout
2014-05-29 11:12:59 -05:00
d95b0497a7
add more specs
...
added more specs around telnet specific validations
2014-05-29 11:11:19 -05:00
53ab2aefaa
Land #3386 , a few datastore msftidy error fixes
2014-05-29 10:44:37 -05:00
eb04a3774a
fixes for telnet wierdness
...
had to work around the way the old
Auxiliary::Login mixin worked. Scanner
now works properly
2014-05-29 10:43:00 -05:00
325e75b72f
Land #3380 , datastore msftidy errors set to INFO
...
[SeeRM #8498 ]
2014-05-29 10:19:59 -05:00
145776db4d
Add a DEBUGGING option to the python meterpreter
2014-05-29 10:52:49 -04:00
aa85cb8195
Update powershell.rb
2014-05-29 05:46:32 -05:00
21d5e630f4
Land #3400 , last msftody set-cookie warnings
2014-05-29 12:07:37 +02:00
8a2236ecbb
Fix the last of the Set-Cookie msftidy warnings
2014-05-29 04:42:49 -05:00
Spencer McIntyre
David Maloney
Trevor Rosen
Tod Beardsley
jvazquez-r7
William Vu
sinn3r
Tom Sellers
Christian Mehlmauer