William Vu
69de8b92fd
Land #6134 , PAYLOAD and LHOST for jobs (not -v)
2015-10-24 18:27:32 -05:00
Spencer McIntyre
e0fef4890f
Land #6126 , fix SSH_DEBUG from LoginScanner refactor
2015-10-24 17:51:35 -04:00
James Lee
71b8c97f0e
Always print PAYLOAD and LPORT in 'jobs'
2015-10-24 14:48:03 -05:00
JT
ad80f00159
Update mma_backdoor_upload.rb
2015-10-24 11:16:49 +08:00
JT
f461c4682b
Update mma_backdoor_upload.rb
2015-10-24 11:15:26 +08:00
wchen-r7
f6b9f38326
This method is not needed because Nokogiri does that already
2015-10-23 19:38:17 -05:00
Brent Cook
2e1f1fd6aa
Land #6130 , include hostname in vuln query scope
2015-10-23 15:30:40 -07:00
Brent Cook
065fe57ad7
bundler 1.10 :(
2015-10-23 15:30:04 -07:00
Louis Sato
84e8708900
bump mdm to 1.2.9
...
MS-120
* search scope for vulns now queries host name
2015-10-23 11:07:17 -05:00
wchen-r7
f2b4737e4a
Land #6127 , Fix #3859 Add support for registry_key_exist?
2015-10-23 10:59:57 -05:00
Brandon Perry
949a4c797b
Update joomla_contenthistory_sqli.rb
2015-10-23 09:33:12 -05:00
Brandon Perry
07d549d783
Update joomla_contenthistory_sqli.rb
...
Remove sessions for now
2015-10-23 09:32:15 -05:00
wchen-r7
b76192dbcb
Land #6099 , make_nops doesn't take into account all the compatible encoders
2015-10-22 21:26:25 -05:00
JT
be89cb32c9
Th3 MMA mma.php Backdoor Arbitrary File Upload
2015-10-23 08:47:40 +08:00
jvazquez-r7
d5a010c230
Add support for registry_key_exist?
2015-10-22 16:07:38 -05:00
William Vu
f00f90532a
Fix SSH_DEBUG for ssh_login{,_pubkey}
2015-10-22 15:14:45 -05:00
wchen-r7
360f40249c
Land #6122 , user-assisted Safari applescript:// module (CVE-2015-7007)
2015-10-22 15:07:42 -05:00
wchen-r7
9d2e2df1f1
Update description
2015-10-22 15:07:11 -05:00
Brandon Perry
e4281dd1fb
Create joomla_contenthistory_sqli.rb
2015-10-22 15:05:02 -05:00
joev
35578c7292
Add refs.
2015-10-22 09:48:11 -05:00
joev
6a87e7cd77
Add osx safari cmd-R applescript exploit.
2015-10-22 09:46:56 -05:00
Spencer McIntyre
b4a8f80493
Update the cached size for the current met file
2015-10-22 08:54:14 -04:00
Spencer McIntyre
810665847b
Add stageless python meterpreter to the payloads spec
2015-10-22 08:40:50 -04:00
Sam H
348a0f9e3d
Cleaned up "cleanup" method and crontab check
...
The script now searches for the full line "ALL ALL=(ALL) NOPASSWD: ALL" written in the crontab file to ensure that it is successful rather than just "NOPASSWD". Additionally, the required argument used in the cleanup method was removed and simply turned into an instance method so it could be accessed without needing to call it with any arguments.
2015-10-21 22:53:32 -07:00
Spencer McIntyre
23d9efb5a3
Add stageless Python Meterpreter for bind tcp
2015-10-21 18:37:37 -04:00
Spencer McIntyre
8bb694fa5c
Add stageless Python Meterpreter for reverse tcp
2015-10-21 18:23:04 -04:00
Brent Cook
190181301d
Land #6119 , update to mdm 1.2.8 (fixes search queries)
2015-10-21 17:09:36 -05:00
Brent Cook
7596f13407
remove bundled-with message
2015-10-21 17:08:54 -05:00
Louis Sato
867bf340ab
bump mdm to 1.2.8
...
MSP-13273
2015-10-21 16:58:27 -05:00
wchen-r7
065d042ec4
Update doc a little bit
2015-10-21 16:29:27 -05:00
wchen-r7
12cdd786a6
Add more Nokogiri and RKelly support for Rex::Proto::Http::Response
...
These new methods allow the module writer to being able to parse
HTML/XML/JSON responses properly without using regex first.
2015-10-21 16:26:31 -05:00
Kyle Gray
3f556c6fee
Land #6117 , Fix nil http_method in php_include
2015-10-21 13:45:32 -05:00
William Vu
997e8005ce
Fix nil http_method in php_include
2015-10-21 13:22:09 -05:00
William Vu
129544c18b
Land #6112 , splat for ZPanel exploit
2015-10-21 13:07:51 -05:00
William Vu
ccc0e55e0c
Land #6116 , target for minishare_get_overflow
2015-10-21 13:06:34 -05:00
Boumediene Kaddour
e188bce4c9
Update minishare_get_overflow.rb
2015-10-21 16:48:31 +02:00
wchen-r7
f06d7591d6
Add header for zpanel_information_disclosure_rce.rb
2015-10-20 16:19:44 -05:00
wchen-r7
70b005de7f
Land #6041 , Zpanel info disclosure exploit
2015-10-20 16:08:16 -05:00
wchen-r7
728fd17856
Make code changes for zpanel_information_disclosure_rce.rb
...
Use Nokogiri and URI, as well as indent fixes and other things
2015-10-20 16:07:02 -05:00
Brent Cook
cb2d5a6c54
Land #6110 , fix typos in exec_powershell, datstore confusion
2015-10-20 13:10:13 -05:00
Brent Cook
0784370b98
more typo and whitespace fixes
2015-10-20 13:09:17 -05:00
Brent Cook
4b271425c9
s/datstore/datastore/g
2015-10-20 13:05:49 -05:00
Rob Fuller
2f1406e1c8
fix typo
...
not sure how this got in there
2015-10-20 13:48:00 -04:00
Louis Sato
60c269983b
Land #6078 , Fix double raise in vnc_none_auth
2015-10-20 11:47:26 -05:00
William Vu
88159edf9f
Fix double raise in vnc_none_auth
...
Not necessary for what it's trying to accomplish, being a scanner.
2015-10-19 18:22:06 -05:00
William Vu
6de4c90ed9
Land #6106 , tab completion fix for spool
2015-10-19 17:33:32 -05:00
HD Moore
6748ccbb82
This method was moved to Rex::Ui::Text::Output
2015-10-19 10:43:38 -05:00
HD Moore
d7b8767afc
Fix #6105 by moving ``puts`` into the base class
2015-10-19 10:42:46 -05:00
Sam H
712f9f2c83
Deleted extra reference to exploit DB
2015-10-18 19:10:47 -07:00
Sam Handelman
b03c3be46d
Fixed some styling errors in the initializer. Switched the calls to sleep(1) to use the Rex API (Rex.sleep(1) instead).
2015-10-18 02:13:03 -07:00