sinn3r
|
3cd2caca1a
|
Fix #6052
|
2011-12-04 13:49:13 -06:00 |
sinn3r
|
89ed25978d
|
Add feature #6048
|
2011-12-04 13:44:21 -06:00 |
Steve Tornio
|
f63a616739
|
add osvdb ref
|
2011-12-04 07:48:48 -06:00 |
sinn3r
|
950b4a54a0
|
Fix bug #6050
|
2011-12-03 22:00:48 -06:00 |
sinn3r
|
2720572a37
|
Add IPSwitch Whatsup Gold TFTP directory traversal module
|
2011-12-03 18:46:34 -06:00 |
HD Moore
|
27974c4c27
|
Merge branch 'master' of github.com:rapid7/metasploit-framework into fastlib
Conflicts:
modules/auxiliary/scanner/http/axis_login.rb
modules/exploits/multi/http/axis2_deployer.rb
modules/post/multi/gather/thunderbird_creds.rb
modules/post/windows/gather/credentials/imvu.rb
msfopcode
|
2011-12-03 14:07:09 -06:00 |
Steve Tornio
|
b75799d18d
|
=add osvdb ref
|
2011-12-02 16:50:42 -06:00 |
Steve Tornio
|
83f12c6fe0
|
=add osvdb ref
|
2011-12-02 16:46:01 -06:00 |
sinn3r
|
c8634390b7
|
Add CCMPlayer m3u exploit (Feature #6029)
|
2011-12-02 16:27:59 -06:00 |
sinn3r
|
30e3607ec0
|
The SUCCESS message may not be constant across foreign language verions according to jduck, chaning back to the old way
|
2011-12-02 15:11:27 -06:00 |
sinn3r
|
f4b755c319
|
Add License comment (author already put 'MSF_LICENSE' in there). Also drop rank, because it doesn't cover so many targets
|
2011-12-02 15:00:39 -06:00 |
sinn3r
|
cd2bb027bf
|
Merge branch 'master' of github.com:rapid7/metasploit-framework
|
2011-12-02 14:54:53 -06:00 |
sinn3r
|
895a509bd3
|
Add Avid Media Composer 5.5 (Feature #6035)
|
2011-12-02 14:53:26 -06:00 |
Steve Tornio
|
2bb97791f7
|
Update OSVDF refs for servu module.
* Added osvdb ref to servu module.
* Fixed rhino entry in osvdb, removed comment from module.
Squashed commit of the following:
commit 80ce65253f51e07a0bcb8900402a1b3d59eaeaa1
Author: Steve Tornio <swtornio@gmail.com>
Date: Fri Dec 2 07:44:28 2011 -0600
add osvdb ref
commit 558f20d84dd705b57b7f807a5ea3815e17b6f9f5
Author: Steve Tornio <swtornio@gmail.com>
Date: Wed Nov 30 08:15:20 2011 -0600
fixed in osvdb
[Closes #39]
|
2011-12-02 13:21:41 -05:00 |
HD Moore
|
dbe7e6aecf
|
Remove a leftover debugging statement
|
2011-12-02 00:06:04 -06:00 |
sinn3r
|
2d320b1828
|
Fix bug: table being saved while empty
|
2011-12-01 22:47:42 -06:00 |
sinn3r
|
608a5586b2
|
Actually, don't really have a good reason for that exception handling anymore. I think.
|
2011-12-01 22:47:42 -06:00 |
sinn3r
|
0eb3b5a49b
|
Fix undefined method 'cmd_exec' bug. Thx Boris.
|
2011-12-01 22:47:42 -06:00 |
sinn3r
|
19fae182da
|
Add Thunderbird credential collector (Feature #6014)
|
2011-12-01 22:47:42 -06:00 |
James Lee
|
a91926716d
|
don't dup the last part of the key, fixes #6036
|
2011-12-01 15:24:58 -07:00 |
HD Moore
|
9f99cfc757
|
Convert the h323 module to MSF_LICENSE (backport from Pro)
|
2011-12-01 16:01:01 -06:00 |
HD Moore
|
3e5e9a910e
|
Add h323 scanner
|
2011-12-01 16:01:01 -06:00 |
sinn3r
|
d0db88d35d
|
Make key_base an instance var so other functions can access it. Bug #6036
|
2011-12-01 14:41:44 -06:00 |
David Maloney
|
57f12cb2d8
|
Merge branch 'servu_sploit'
|
2011-12-01 11:21:32 -08:00 |
sinn3r
|
93a419c76b
|
Having nothing on the webpage may probably confuse some novice users. But I do like stealth.
|
2011-12-01 03:02:35 -06:00 |
sinn3r
|
8399ce6e41
|
Fix bug #6031
|
2011-11-30 15:22:52 -06:00 |
David Maloney
|
40ab37fa10
|
Merge branch 'iss5979'
|
2011-11-30 12:16:33 -08:00 |
David Maloney
|
2858cae296
|
Some quick corrections to tidy things up
|
2011-11-29 19:57:08 -08:00 |
David Maloney
|
be88f483a3
|
More Accurate Vulnerability Check
|
2011-11-29 18:38:00 -08:00 |
David Maloney
|
0dda948265
|
New Exploit for the Serv-U FTP Buffer overflow
from CVE 2004-2111
|
2011-11-29 17:34:01 -08:00 |
sinn3r
|
f26f6da74b
|
Add CVE-2011-3544 (feature #6023) Java Rhino exploit
|
2011-11-29 18:05:20 -06:00 |
Rob Fuller
|
e439aba779
|
switched %USERPROFILE% to %APPDATA% to make the code a bit more universal
|
2011-11-29 20:08:44 +00:00 |
sinn3r
|
897731f3a5
|
Check creds (feature #6025). Also bringing the 'Inbox' regex back
|
2011-11-29 11:01:39 -06:00 |
sinn3r
|
6f5d64f6de
|
Merge branch 'master' of github.com:rapid7/metasploit-framework
|
2011-11-29 03:31:15 -06:00 |
sinn3r
|
34a933d499
|
Feature #5610
|
2011-11-29 03:30:49 -06:00 |
Tod Beardsley
|
f503bd9488
|
Fixes #5749 by converting to unix-style linefeeds and forcing jtr modules to read files as binary, and updating msftidy to allow for r+b as a ghetto append.
|
2011-11-28 17:52:34 -06:00 |
Rob Fuller
|
c411c216c0
|
Solved most of msftidy issues with the /modules directory
|
2011-11-28 17:10:29 -06:00 |
sinn3r
|
3a84c31326
|
Using a better regex for a successful login. Thanks Borys.
|
2011-11-28 14:29:42 -06:00 |
sinn3r
|
bc541c118d
|
Apply patch #6020
|
2011-11-28 14:16:24 -06:00 |
sinn3r
|
5165865560
|
Merge branch 'master' of github.com:rapid7/metasploit-framework
|
2011-11-28 14:07:19 -06:00 |
sinn3r
|
59ab0c3a18
|
Fix bug #6021, Thanks Borys
|
2011-11-28 14:06:56 -06:00 |
Tod Beardsley
|
44a47f9913
|
Fixing up OWA bruteforce module to conform with the usual print_status
messages.
|
2011-11-28 13:31:54 -06:00 |
sinn3r
|
a578db7f56
|
Apply fix for #6019
|
2011-11-28 01:12:18 -06:00 |
sinn3r
|
ebfe269698
|
Apply patch for #5824
|
2011-11-26 16:52:12 -06:00 |
sinn3r
|
5e08c93ac9
|
Apply patch #5580
|
2011-11-26 15:32:43 -06:00 |
sinn3r
|
b7950a752e
|
Add feature #4929 (MS09-053)
|
2011-11-26 13:30:35 -06:00 |
sinn3r
|
82a5da866a
|
Fix bug: table being saved while empty
|
2011-11-25 00:54:17 -06:00 |
sinn3r
|
ec3c37d963
|
Actually, don't really have a good reason for that exception handling anymore. I think.
|
2011-11-25 00:41:28 -06:00 |
sinn3r
|
3e7c821119
|
Fix undefined method 'cmd_exec' bug. Thx Boris.
|
2011-11-25 00:34:33 -06:00 |
sinn3r
|
7571466014
|
Add Thunderbird credential collector (Feature #6014)
|
2011-11-24 19:39:34 -06:00 |
David Maloney
|
900232fb60
|
HTTP login scanners need to set duplicate_ok to true
or different web applications on the same server
may wipe eachother's creds out.
|
2011-11-23 23:05:51 -06:00 |
David Maloney
|
53b3e96af4
|
Added a check to the Axis login scanner to ensure
that the supplied url is valid.
Need this because we don't currently have a way to fingerprint
for Axis2 so we are relying on Tomcat fingerpinting.
|
2011-11-23 23:05:51 -06:00 |
sinn3r
|
3954030963
|
Apply patch #6004
|
2011-11-23 23:05:51 -06:00 |
David Maloney
|
d1c44160dd
|
Fix to the axis2 Deployer exploit to add Default Target
|
2011-11-23 23:05:51 -06:00 |
David Maloney
|
d3887d20e5
|
Consolidation of the Axis2 Deployer Exploits
Fixes #5276
|
2011-11-23 23:05:51 -06:00 |
David Maloney
|
c61d02686a
|
HTTP login scanners need to set duplicate_ok to true
or different web applications on the same server
may wipe eachother's creds out.
|
2011-11-22 13:04:10 -08:00 |
David Maloney
|
9d7f7b1f0e
|
Merge branch 'master' of github.com:rapid7/metasploit-framework
|
2011-11-22 11:53:14 -08:00 |
David Maloney
|
9e40fac8b1
|
Added a check to the Axis login scanner to ensure
that the supplied url is valid.
Need this because we don't currently have a way to fingerprint
for Axis2 so we are relying on Tomcat fingerpinting.
|
2011-11-22 11:52:06 -08:00 |
sinn3r
|
8b729b59f8
|
Merge branch 'master' of github.com:rapid7/metasploit-framework
|
2011-11-22 13:08:08 -06:00 |
sinn3r
|
25f4b45bd1
|
Apply patch #6004
|
2011-11-22 13:07:46 -06:00 |
David Maloney
|
4a22df4014
|
Fix to the axis2 Deployer exploit to add Default Target
|
2011-11-22 10:27:38 -08:00 |
David Maloney
|
30d1451159
|
Consolidation of the Axis2 Deployer Exploits
Fixes #5276
|
2011-11-22 08:47:53 -08:00 |
David Maloney
|
4ef7c373e9
|
Fix to typo in the tables being pushed.
|
2011-11-22 00:06:58 -06:00 |
David Maloney
|
f81567fb6f
|
Fix to typo in the tables being pushed.
|
2011-11-21 15:49:57 -08:00 |
sinn3r
|
e11ca43c37
|
Add feature #5680
|
2011-11-21 12:39:45 -06:00 |
sinn3r
|
76846aa578
|
Add MS10-038 (CVE-2010-0822) exploit
|
2011-11-21 11:36:47 -06:00 |
sinn3r
|
28a079f308
|
Add credit to the appropriate researcher
|
2011-11-20 02:32:45 -06:00 |
sinn3r
|
95d639ccf7
|
Change target index and names. Also retested on XP all the way to Win 7, IE 6 to IE8.
|
2011-11-20 01:44:52 -06:00 |
sinn3r
|
980cd4c888
|
Merge branch 'master' of github.com:rapid7/metasploit-framework
|
2011-11-19 20:41:29 -06:00 |
sinn3r
|
9c2fab0921
|
Add CVE-2010-0356 (Viscom Movie Player Pro) by tecr0c
|
2011-11-19 20:40:04 -06:00 |
James Lee
|
67120d4263
|
msftidy on aux modules, see #5749
|
2011-11-20 13:12:07 +11:00 |
James Lee
|
f35b6c5269
|
msftidy on post modules for spaces at EOL
|
2011-11-20 12:53:25 +11:00 |
sinn3r
|
a4cadf0d53
|
remove the extra comment that's not used
|
2011-11-19 12:48:39 -06:00 |
sinn3r
|
30f13984ea
|
Add wireshark console.lua exploit (CVE-2011-3360)
|
2011-11-18 21:24:48 -06:00 |
David Maloney
|
ff22246119
|
Attempt to fix #5979
|
2011-11-18 12:53:35 -08:00 |
Tod Beardsley
|
eca1253439
|
updating sudo
|
2011-11-18 10:17:43 -06:00 |
Tod Beardsley
|
356e0e6fb5
|
Moving sudo from linux to multi, because it is.
|
2011-11-18 10:16:57 -06:00 |
Tod Beardsley
|
fa77909c67
|
whitespace fix
|
2011-11-18 08:51:07 -06:00 |
Tod Beardsley
|
55367fad4f
|
Merge pull request #25 from rapid7/post_module_sudo
Post module sudo
|
2011-11-18 06:30:40 -08:00 |
David Maloney
|
11c1f0983f
|
Fixes #5993
|
2011-11-17 18:05:36 -08:00 |
David Maloney
|
77cba9de7c
|
Merge branch 'cbdfix'
Conflicts:
modules/post/windows/gather/credentials/imvu.rb
modules/post/windows/gather/forensics/duqu_check.rb
modules/post/windows/recon/computer_browser_discovery.rb
|
2011-11-17 14:55:20 -08:00 |
Tod Beardsley
|
d8b77564ef
|
Tidying up, fixing csh echo behavior
|
2011-11-17 16:29:02 -06:00 |
David Maloney
|
3bfe7e9b98
|
fix to comptuer browser discovery to output properly and sotre as loot
added additional option to save detected hosts in the db.
|
2011-11-17 14:17:28 -08:00 |
Tod Beardsley
|
9878517f80
|
Cleanup and light refactoring, deal with slowpoke linux telnet cmd_exec()
|
2011-11-17 13:19:13 -06:00 |
Tod Beardsley
|
84fb5b441a
|
Cleaning up some names and descs
|
2011-11-17 07:47:26 -06:00 |
David Maloney
|
4c90b68b4f
|
Merge branch 'master' of github.com:rapid7/metasploit-framework
|
2011-11-16 19:10:53 -08:00 |
David Maloney
|
eae171b216
|
Addresses issue #5984
|
2011-11-16 19:07:56 -08:00 |
Tod Beardsley
|
93a133d5de
|
Always try both export and setenv. Fixups to allow for correct reading from echoy nix shells. Fixes is_root? to not treat an empty string as 0
|
2011-11-16 16:48:19 -06:00 |
sinn3r
|
fea42dbdee
|
Add feature #5872
|
2011-11-16 12:26:54 -06:00 |
Tod Beardsley
|
725431dbdb
|
Simpler method for setenv vs export. Tested on csh, ksh, zsh, sh, bash
|
2011-11-15 19:31:15 -06:00 |
Tod Beardsley
|
d969006268
|
Adding zsh
|
2011-11-15 19:10:25 -06:00 |
Tod Beardsley
|
5cdab2ef41
|
Less repetitive error messages
|
2011-11-15 18:17:25 -06:00 |
Tod Beardsley
|
26659d8b17
|
Adding a sudo post module for easier automation
|
2011-11-15 17:38:45 -06:00 |
David Maloney
|
d8347a1245
|
Fixes to post modules that store creds as loot.
All post modules that store creds as loot now store in
a CSV format with User and then Password always as the
first two columns.
|
2011-11-15 14:13:51 -08:00 |
David Maloney
|
f6b0ffd630
|
Cleanup of the stack traces in the pidgin and filezilla client cred modules
|
2011-11-15 12:19:15 -08:00 |
David Maloney
|
8d47883af0
|
Moving the wlan directory up a level. It makes more sense in it's own area
instead of under gather.
|
2011-11-15 08:29:13 -08:00 |
David Maloney
|
c8142043e9
|
Fixes to credential handling to downcase usernames whenever they are not case sensitive.
Also report_auth_info now checks to see if a non-case sensitive version of the cred
may already exist.
|
2011-11-14 22:50:52 -08:00 |
Tod Beardsley
|
96d2209ca2
|
Minor fixups for trace report_note patch
|
2011-11-14 10:40:11 -06:00 |
andurin
|
5d5c9464cc
|
Do some report_note while TRACE detection
|
2011-11-14 12:10:53 +01:00 |
sinn3r
|
2536cf0308
|
Add feature #5779
|
2011-11-14 01:49:26 -06:00 |