a6a46f82bb
Updates the description a little bit
2013-05-28 14:31:56 -05:00
e4e5edc619
Looks like we don't need to check MD5, let's keep it that way then.
2013-05-28 14:31:15 -05:00
8ab90e657c
Adds a check for Cold Fusion 10
2013-05-28 14:21:29 -05:00
9843dc4cb4
Land #1708 , android meterpreter
...
Conflicts:
data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
d16d316658
Fixes mssql_findandsampledata & ms11_006_creat esizeddibsection
...
[FixRM:7987]
[FixRM:7986]
2013-05-28 11:15:17 -05:00
73aa14cb91
Landing #1868 - IBM SPSS SamplePower 3.0 module (CVE-2012-5946)
2013-05-28 11:02:21 -05:00
2861b70a34
Add a note about hooking msftidy
2013-05-28 10:44:23 -05:00
75d6c8079a
Spelling, whitespace
...
Please be sure to run msftidy.rb on new modules. Thanks!
2013-05-28 10:03:37 -05:00
e678b2c5d8
Add module for CVE-2012-5946
2013-05-26 00:21:20 -05:00
57b7e4ec44
Update ms11_006_createsizeddibsection.rb
2013-05-25 13:14:41 +06:00
6f2ddb3704
Update mssql_findandsampledata.rb
2013-05-25 11:33:57 +05:00
e169ccab4f
Landing #1862 - Remove inline unit tests
2013-05-23 22:19:29 -05:00
cd947e2075
Landing #1861 - Implement check for auxiliary modules
...
[FixRM:#7975]
2013-05-23 22:10:54 -05:00
3a550ae093
Landing #1863 - Fixed a bug in the HSTS module around null headers
2013-05-23 14:58:32 -05:00
ea7805d3c8
Fixed a bug in the HSTS module around null headers
2013-05-23 15:02:39 -04:00
05916c079e
Inline unit tests are so last decade
...
Aside from codebase-wide changes, nearly all of these tests haven't been
touched since before 2010, and there is no effort to maintain this style
of testing. We've moved on to (correctly) seperating out our tests from
our codebase.
2013-05-23 12:41:14 -05:00
ff08fed987
Revert master misfire, back to the firefox module
2013-05-23 12:39:45 -05:00
61a024e416
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2013-05-23 12:22:20 -05:00
81ad280107
Landing #1856 - CVE-2013-0758 Firefox <= 17.0.1 + Flash RCE
...
Chained exploit using CVE-2013-0758 and CVE-2013-0757
2013-05-23 12:21:10 -05:00
ae848cf2fe
Fix unix test post module load path
...
Works now:
````
msf post(unix) > run
[*] Running against session 1
[*] Session type is shell and platform is linux
[+] should list users
[*] Passed: 1; Failed: 0
[*] Post module execution completed
````
2013-05-23 12:16:57 -05:00
d44a158238
Land #1859 , fix trailing newlines in zip.
...
This incidentally fixes #1755 for real, where most of the discussion
of this bug took place.
2013-05-23 12:00:48 -05:00
db90423faf
Merge pull request #1 from wchen-r7/pr1856_target_fix
...
Fix #1856 - Target selection and swf path
2013-05-23 09:59:26 -07:00
eeea1d9109
Regression test for check in exploits
2013-05-23 11:46:16 -05:00
a852304ba3
DRY: Move check things to the common module level
...
While it makes lots of sense to bring check to all modules, of course
some modules will not be able to actually use it. Namely modules like
nop and payload modules. If you're feeling creative, you could probably
come up with semantically similar checks for those, too.
2013-05-23 11:42:41 -05:00
7436fdad72
First, copy-pasta and add a test
2013-05-23 11:26:53 -05:00
8680aa8952
Landing #1857 - MS12-020 off-by-one fix
2013-05-22 22:57:08 -05:00
67861794f6
Fix automatic payload selection
2013-05-22 22:37:18 -05:00
527f969d8d
fix range
2013-05-22 18:28:14 -04:00
23fe3146dc
Extra print_status I don't want
2013-05-22 14:38:30 -05:00
bfcd86022d
Add code cleanup for nginx_chunked_size.
2013-05-22 14:37:42 -05:00
0e6576747a
Fix target selection probs, and swf path
2013-05-22 14:34:00 -05:00
7cc126c4c2
Land #1860 , nginx exploit module from the community
2013-05-22 14:23:59 -05:00
81b690ae4b
Initial check in of nginx module
2013-05-22 13:52:00 -04:00
314b0698ee
address feedback
2013-05-22 13:44:25 -04:00
ecb9d1d7fa
Landing #1848 - AdobeCollabSync Buffer Overflow on Adobe Reader X
2013-05-22 12:24:42 -05:00
e2aad8930d
Landing #1853 - Remove ID tags
2013-05-22 12:12:55 -05:00
8483528ae0
Restore generic.rb to the correct state
2013-05-22 12:11:06 -05:00
1cf485fad1
Restore tcp.rb to its current state
2013-05-22 12:06:36 -05:00
162ecd7b45
Landing #1851 - Alias 'run' to 'exploit'
2013-05-22 11:56:04 -05:00
d028f52dbd
Fix broken ms12-020 vulnerability detection
...
The previous version of the script had an off-by-one error that prevented
proper detection of the vulnerability. Changes made in this revision
include:
- Correction of the off-by-one error
- Use of match instead of == to check for valid RDP connection
- Change of the channel requests to use IDs actually provided by
the responses from the server
2013-05-22 00:08:25 -04:00
aae4768563
Fix whitespace issues from msftidy.
2013-05-21 14:31:36 -05:00
eaeb10742a
Add some comments and clean some things up.
2013-05-21 14:01:14 -05:00
978aafcb16
Add DEBUG option, pass args to .encoded_exe().
2013-05-21 14:01:14 -05:00
ee8a97419c
Add some debug print calls to investigate Auto platform selection.
2013-05-21 14:01:13 -05:00
60fdf48535
Use renegerate_payload(cli, ...).
2013-05-21 14:01:13 -05:00
53cb493bc9
Fix @jlee-r7's feedback
2013-05-20 18:44:21 -05:00
f4498c3916
Remove $Id tags
...
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
882c550173
Merge pull request #1852 from limhoff-r7/bug/migrations
...
[Delivers #50179803 ]
2013-05-20 12:41:47 -07:00
89bd5b4791
Reset column information after running migrations
...
[#50179803 ]
[SeeRM #7967 ]
[SeeRM #7870 ]
Because metasploit-framework runs migrations with the same process and
with the same connection as it later accesses the database, the column
information can become cached prematurely and be incorrect by the end of
the migrations. Fix the bad cache by automatically resetting the column
information for all model classes after the migrations have run.
2013-05-20 13:08:07 -05:00
398dcfa8cb
Merge branch 'master' into bug/migrations
2013-05-20 12:49:33 -05:00
sinn3r
James Lee
Tod Beardsley
jvazquez-r7
darknight007
Matt Andreko
jvennix-r7
xard4s
LinuxGeek247
John Sherwood
Brandon Turner
Luke Imhoff