Commit Graph

17759 Commits (adfb663343334f9cd51b9d780563cffb7cabf935)

Author SHA1 Message Date
jvazquez-r7 017ae463ed
Fix description style 2015-05-08 14:18:29 -05:00
jvazquez-r7 2e01eb519d
Do minor fixes 2015-05-08 14:04:44 -05:00
jvazquez-r7 5588ad36b3
Print status message 2015-05-08 13:51:00 -05:00
jvazquez-r7 7e62ba85a1
Do code cleanup 2015-05-08 13:33:28 -05:00
jvazquez-r7 60c2c7a7cd
Delete unused variable 2015-05-08 13:19:39 -05:00
jvazquez-r7 c0f21c3ae1
Fix metadata 2015-05-08 13:19:23 -05:00
rwhitcroft b2ce2ddb05 determine the domain using env vars instead of parsing net.exe output 2015-05-08 14:17:49 -04:00
void-in a7988f9e93 Change credentials to service:service 2015-05-08 22:52:59 +05:00
William Vu 508574970c
Land #5307, Brocade login scanner resurrection 2015-05-07 22:43:39 -05:00
William Vu 8d3737d13c Fix some stylistic issues 2015-05-07 22:43:23 -05:00
William Vu 71518ef613
Land #5303, metasploit-payloads Java binaries 2015-05-07 22:39:54 -05:00
William Vu 2f2169af90 Use single quotes consistently 2015-05-07 22:39:36 -05:00
jvazquez-r7 51bb4b5a9b
Add module for CVE-2015-0359 2015-05-07 17:00:00 -05:00
Brent Cook a066105a86 prefer reading directly with MetasploitPayloads where possible 2015-05-07 16:59:02 -05:00
William Vu 134a674ef3
Land #5312, @todb-r7's release fixes 2015-05-07 15:34:31 -05:00
William Vu c9cb9ad564 Fix extraneous comma 2015-05-07 15:32:48 -05:00
Christian Mehlmauer 1469a151ad
Land #5290, Wordpress RevSlider Module 2015-05-07 22:15:56 +02:00
OJ fd827db6dd Fix up bind stager payload sizes 2015-05-07 10:13:27 +10:00
OJ 9d7a7cb68d Merge branch 'upstream/master' into multi-transport-support
Conflicts:
	lib/msf/core/payload/linux/bind_tcp.rb
2015-05-07 07:24:22 +10:00
OJ 60e25170fa
Land #5313 : fixup bind_tcp stager 2015-05-07 07:09:19 +10:00
Tod Beardsley 4df622c76b
Oops, one last for #5312. 2015-05-06 14:48:17 -05:00
Tod Beardsley e8913e5620
Addressed most of @wvu's issues with #5312 2015-05-06 14:47:08 -05:00
Tod Beardsley f423306b6f
Various post-commit fixups
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150, @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys

Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192, @joevennix's module for Safari CVE-2015-1126

Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in

Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016,
add SSL Labs scanner

Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101, Add Directory Traversal for GoAhead Web Server

Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158, OWA internal IP disclosure scanner

Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159, WordPress Mobile Edition Plugin File Read Vuln

Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924, @m-1-k-3's DLink CVE-2015-1187 exploit

Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131, WordPress Slideshow Upload

Edited modules/exploits/windows/local/run_as.rb first landed in #4649,
improve post/windows/manage/run_as and as an exploit

(These results courtesy of a delightful git alias, here:

```
  cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"

```

So that's kind of fun.
2015-05-06 11:39:15 -05:00
William Vu b8c7161819 Fix up NameError'd payload_exe 2015-05-06 11:34:05 -05:00
William Vu 59ffe5d98f
Land #5306, payload_exe NameError fix 2015-05-06 11:29:29 -05:00
wchen-r7 4b0f54f0aa
Land #5305, CVE-2015-0336 Flash NetConnection Type Confusion 2015-05-06 11:26:22 -05:00
wchen-r7 97807e09ca
Lad #5125, Group Policy startup exploit 2015-05-06 11:17:01 -05:00
wchen-r7 5b57e4e9ca Add info about the waiting time 2015-05-06 11:15:11 -05:00
Brent Cook 0493f58834 Reenable metasm bind_tcp stager 2015-05-06 09:34:35 -05:00
Brent Cook 3c2e6bb698 rollback linux bind_tcp stager metasm port
The new metasm port of the linux bind_tcp stager doesn't yet generate valid
executables. While we're debugging the problem, this reverts the bind_tcp.rb
stager to use the static ASM again.
2015-05-06 09:26:04 -05:00
Tom Sellers 94d1905fd6 Added WPVDB reference
Added a link to the new WPVDB article 7540 that @FireFart provided.
2015-05-06 05:41:02 -05:00
Tom Sellers c293066198 Leverage check_version_from_custom_file in PR #5292
Change the 'check' code to leverage check_version_from_custom_file added to wordpress/version.rb by @FireFart in PR #5292
2015-05-06 05:41:02 -05:00
Tom Sellers 18697d8d02 Fixed the following based on feedback from @FireFart ( Thanks! )
- Adjusted references section
- Corrected call to normalize_uri
- Removed unnecessary require for rex/zip
2015-05-06 05:41:02 -05:00
Tom Sellers 8cb18f8afe Initial commit of code 2015-05-06 05:41:02 -05:00
Sam Roth 5cb8b9a20a Fix #5304 2015-05-05 22:25:06 -04:00
Brent Cook 93c785560b remove brocade_telnet scanner, extend telnet
Rather than duplicate the entire telnet scanner, add a pre-login hook that a
module can use to extend the behavior on connect. This also adds a local
pass-through print_error method like http has.
2015-05-05 21:19:46 -05:00
Mike dc053aeb58 Spelling Fix
s/Brocde/Brocade/ as per bcook-r7
2015-05-05 21:16:24 -05:00
root fc1c0028a8 moved array definition to avoid error 2015-05-05 21:16:23 -05:00
root 7949daf42b brocade_enable_login msftidy success 2015-05-05 21:16:23 -05:00
root 6b5aaa5479 brocade enable command bruteforcer 2015-05-05 21:16:23 -05:00
jvazquez-r7 582919acac
Add module for CVE-2015-0336 2015-05-05 17:25:19 -05:00
Brent Cook a0c806c213 Update java meterpreter and payload references to use metasploit-payloads 2015-05-05 15:01:00 -05:00
Darius Freamon c988447c18 title enhancement, OSVDB ref
touch up title and add OSVDB reference
2015-05-05 13:21:36 -06:00
m-1-k-3 c8123c147f upnp vs hnap 2015-05-05 20:57:05 +02:00
jvazquez-r7 4a6fec7f1e
Land #5439, @Firefart's explanations on dlink_upnp_header_exec_noauth 2015-05-29 16:46:41 -05:00
Brent Cook b8a8e65c2c Merge branch 'master' into land-5394-uuid-tracker 2015-05-29 16:22:45 -05:00
jvazquez-r7 6669665d6d
Land #5402, @nstarke's module to extract accouns information from a AVTECH744_DVR device 2015-05-29 16:14:50 -05:00
jvazquez-r7 843572df6d
Change module filename 2015-05-29 16:14:16 -05:00
jvazquez-r7 acb0af3826
Update description 2015-05-29 16:13:43 -05:00
jvazquez-r7 39ae6263e9
Use Rex::Text.encode_base64 2015-05-29 16:12:21 -05:00
Christian Mehlmauer 73f7885eea
add comment 2015-05-29 23:08:55 +02:00
jvazquez-r7 8338b21f6c
Make some code cleanup 2015-05-29 16:04:29 -05:00
Brent Cook 7b0006a1b2 Merge branch 'master' into land-5394-uuid-tracker 2015-05-29 15:41:31 -05:00
Brent Cook 96a1e1b344
Land #5367, add UUID stagers 2015-05-29 15:18:53 -05:00
jvazquez-r7 1be04a9e7e
Land #5182, @m-1-k-3's exploit for Dlink UPnP SOAP-Header Injection 2015-05-29 14:49:09 -05:00
jvazquez-r7 8b2e49eabc
Do code cleanup 2015-05-29 14:45:47 -05:00
jvazquez-r7 8c7d41c50c
Land #5426, @wchen-r7's adds more restriction on Windows 7 target for MS14-064 2015-05-29 14:35:44 -05:00
wchen-r7 c3fa52f443 Update description 2015-05-29 13:47:20 -05:00
jvazquez-r7 9ccf04a63b
Land #5420, @m-1-k-3's miniigd command injection module (ZDI-15-155) 2015-05-29 13:29:03 -05:00
jvazquez-r7 9ebd6e5d6e
Use REXML 2015-05-29 13:27:19 -05:00
Brent Cook 7d5af66fa0 Merge branch 'master' into land-5367-uuid-stagers 2015-05-29 13:00:35 -05:00
jvazquez-r7 294fa78c1f
Land #5430, @m-1-k-3's adding specific endianess Arch to some exploits 2015-05-29 11:43:25 -05:00
jvazquez-r7 dd39d196f5
Land #5226, @m-1-k-3's Airties login Buffer Overflow exploit 2015-05-29 10:51:32 -05:00
jvazquez-r7 952f391fb4
Do minor code cleanup 2015-05-29 10:49:51 -05:00
wchen-r7 bb444a8259
Land #5429, Decrypt encrypted passwords in DBVisualizer 2015-05-29 09:57:08 -05:00
root 17c0af6380 Consistent column names 2015-05-29 11:08:24 +05:00
root 101f12b9d2 Remove base64 require 2015-05-29 10:38:06 +05:00
root 3ac5088a9a Add decryption.final for proper padding 2015-05-29 10:33:55 +05:00
wchen-r7 b6b055a5f2
Land #5431, deprecate cold_fusion_version, use coldfusion_version instead. 2015-05-28 15:40:34 -05:00
wchen-r7 80c3022dc1 Deprecate cold_fusion_version. Please use coldfusion_version.
auxiliary/scanner/http/cold_fusion_version is deprecated. Please use
auxiliary/scanner/http/coldfusion_version instead.
2015-05-28 15:39:14 -05:00
wchen-r7 00a80ce2ab
Land #5425, Add Linux support to CVE-2015-0336 2015-05-28 15:18:44 -05:00
wchen-r7 2a260f0689 Update description 2015-05-28 15:18:05 -05:00
Christian Mehlmauer 52e30d4fc2
Land #5434, OSVDB reference 2015-05-28 22:00:44 +02:00
wchen-r7 068198c980
Land #5386, automatically find file for ms15_034 2015-05-28 14:52:31 -05:00
wchen-r7 f9f35db7f3 Update description 2015-05-28 14:52:03 -05:00
Tod Beardsley 818dbf58f0
Adding an OSVDB number to the Netgear module 2015-05-28 14:37:39 -05:00
Michael Messner 666b0bc34a MIPSBE vs MIPS 2015-05-28 18:50:48 +02:00
erwanlr a74c3372c0 Uses vprint instead of print in #check_host 2015-05-28 15:46:51 +01:00
erwanlr 6d01d7f986 Uses peer instead of ip:port across all the module 2015-05-28 09:32:05 +01:00
erwanlr 447c4ee7df Allows the targetèuri to be shared between the #check and #dos 2015-05-28 09:30:04 +01:00
root 2756c7375e Add datastore options 2015-05-28 10:58:36 +05:00
root 1ab49397a2 Decrypt encrypted passwords 2015-05-28 10:21:00 +05:00
jvazquez-r7 e9714bfc82
Solve conflics 2015-05-27 23:22:00 -05:00
Spencer McIntyre 24b4dacec5
Land #5408, @g0tmi1k fixes verbiage and whitespace 2015-05-27 21:02:02 -04:00
wchen-r7 bcdae5fa1a Forgot to add the datastore option 2015-05-27 18:12:38 -05:00
wchen-r7 4f0e908c8b Never mind, Vista doesn't have powershell. 2015-05-27 18:08:58 -05:00
wchen-r7 d43706b65e It doesn't look like Vista shows the powershell prompt 2015-05-27 18:04:35 -05:00
wchen-r7 53774fed56 Be more strict with Win 7 for MS14-064
The Powershell prompt can cause BAP to hang so we need to be more
strict about that.
2015-05-27 18:01:40 -05:00
jvazquez-r7 e5d42850c1
Add support for Linux to CVE-2015-0336 2015-05-27 17:05:10 -05:00
wchen-r7 2ae9e39719
Land #5376, Report ipmi_dumphashes credentials with create_credential_login 2015-05-27 13:11:07 -05:00
Tod Beardsley 95b5ff6bea
Minor fixups on recent modules.
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301, @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces

Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in

Edited modules/auxiliary/scanner/http/title.rb first landed in #5333,
HTML Title Grabber

Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401, multi-platform CVE-2015-0311 - Flash uncompress()
UAF

Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290, Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
Michael Messner 43f505b462 fix contact details 2015-05-25 19:31:50 +02:00
OJ 7f59a7482e Update authors and stuff 2015-05-25 12:02:52 +10:00
OJ e103b2365a Update payload sizes and add new payloads to spec 2015-05-25 11:31:15 +10:00
OJ 9e50114082
Merge branch 'upstream/master' into uuid-stagers 2015-05-25 11:22:35 +10:00
OJ 9042f141ff Implement the IPv6 UUID bind stagers 2015-05-25 11:21:28 +10:00
jvazquez-r7 f953dc08d9
Land #5280, @m-1-k-3's support for Airties devices to miniupnpd_soap_bof 2015-05-24 15:17:38 -05:00
Nicholas Starke a3ff9859c8 Adding Credentials Capabilities
This commit adds the ability for credentials
to be retrieved via the 'creds' command.  It
also contains a few miscellaneous stylistic
syntax changes.
2015-05-24 15:03:06 -05:00
Michael Messner 10baf1ebb6 echo stager 2015-05-23 15:50:35 +02:00
jvazquez-r7 5bceeb4f27
Land #5349, @h0ng10's module for CVE-2015-2219 Lenovo System Update Local Privilege Escalation 2015-05-22 17:14:20 -05:00
wchen-r7 eb5aadfb4e
Land #5401, multi-platform CVE-2015-0311 - Flash uncompress() UAF 2015-05-22 16:50:13 -05:00
jvazquez-r7 3aa1ffb4f5
Do minor code cleanup 2015-05-22 16:20:36 -05:00
jvazquez-r7 03b70e3714
Land #5388, @wchen-r7's fixes #5373 by add info to BrowserRequiements 2015-05-22 10:21:59 -05:00
HD Moore c17ee64d81 Merge branch 'master' into feature/uuid-registration 2015-05-22 00:29:16 -05:00
OJ 1c73c190fc Add machine_id support to windows php meterp 2015-05-22 14:55:29 +10:00
Brent Cook 9ce669f878
Land #5328: reworked x64 http/https stagers 2015-05-21 23:26:34 -05:00
OJ 10bd75348c
Merge branch 'upstream/master' into uuid-stagers 2015-05-22 13:07:25 +10:00
OJ a6a274d3a3
Merge recent stager changes 2015-05-22 13:01:45 +10:00
Nicholas Starke 9430d38a09 Adding AVTECH744_DVR Module
This module retrieves account information from
an AVTECH 744 DVR, including username, cleartext
password, account role, and the device PIN.
2015-05-21 16:33:06 -05:00
jvazquez-r7 e1f10772b3
Use create_cracked_credential 2015-05-21 16:30:42 -05:00
jvazquez-r7 305da46491
Land #5301, @m-1-k-3's aux module to extract passwords from Netgear soap interfaces 2015-05-21 16:07:05 -05:00
jvazquez-r7 6da94b1dd5
Deprecate windows module 2015-05-21 15:01:41 -05:00
jvazquez-r7 b9f9647ab1
Use all the BES power 2015-05-21 14:06:41 -05:00
erwanlr d9d8634948 Changes the message displayed when vulnerable 2015-05-21 08:46:16 +01:00
HD Moore a8d111ce89 Merge branch 'master' into feature/uuid-registration 2015-05-20 19:48:39 -05:00
jvazquez-r7 aa919da84d
Add the multiplatform exploit 2015-05-20 18:57:59 -05:00
wchen-r7 2cadd5e658 Resolve #5373, Add ActiveX info in BrowserRequirements
Resolve #5373
2015-05-20 16:34:09 -05:00
erwanlr 4f6fe2abce Avoids swallowing exceptions 2015-05-20 21:36:03 +01:00
erwanlr 202a77fc12 Improves detection of the MS15-034 2015-05-20 18:08:00 +01:00
OJ 44f8cf4124 Add more size to stagers, adjust psexec payloads
This psexec payload size should be evaluated to make sure I'm not doing
anything stupid. i can't see a reason why increasing these sizes would
be bad. They seem to work fine.
2015-05-20 17:07:56 +10:00
OJ 5963a5833a Fix up php stageless payload includes 2015-05-20 16:50:00 +10:00
OJ d0a5b803e8 Use generate_payload_uuid instead of manual obj creation 2015-05-20 16:25:52 +10:00
OJ 289873c25f
Merge all the stager changes 2015-05-20 16:02:37 +10:00
OJ 6859b24c1c Fix missing label, update payload sizes 2015-05-20 15:42:31 +10:00
OJ a93565b5d1 Add 'Payload' section with 'Size' to psexec_psh
This missing parameter was causing the payload 'Size' to come through to
the encoders as `nil`. This meant that all the stagers that were
looking at the payload sizes were being told there was no size. In the
case of the meterpreter payloads, this was causing issues with the proxy
settings because the proxy configuration detail isn't added to the
payload unless there's enough space.

This fix adds a default size of 2048 (the same as the plain psexec
module). This makes the proxy settings work as expected.
2015-05-19 22:11:29 +10:00
OJ 9fddc21cf3 Shaved another sneaky byte off the payload 2015-05-19 21:21:07 +10:00
OJ 6e96e6d118 Shellcode golf to make the payload smaller
Tried to implement some more of the stuff that egypt suggested, managed
to get some in, but not others. Ultimately, its smaller than it was, and
I'm sure there are ways to make it better as well.
2015-05-19 21:17:42 +10:00
OJ 62720ab357 Fix the wininet stager for http/s
For some reason this was only working on Windows7/2008, yet when tired
on Windows 2012 it was resulting in crashes. It was also stopping
working in exploits such as psexec_psh.

Went back to the beginning and started again. With this in place, we can
now do a bit of shellcode golf to make it a bit smaller.

Adjusted payload sizes as well.
2015-05-19 20:03:22 +10:00
HD Moore c7932855f2 Move UUIDOptions to UUID::Options 2015-05-18 23:35:18 -05:00
jvazquez-r7 d564a85f6f
Fix jtr_format 2015-05-18 19:55:48 -05:00
jvazquez-r7 f49362492a
Report hash's username correctly 2015-05-18 19:46:17 -05:00
jvazquez-r7 c6fcb9c6c5
Report credentials with create_credential_login 2015-05-18 19:39:03 -05:00
OJ 4a5f92072e Make msftidy happy 2015-05-18 22:00:51 +10:00
OJ 923c4274d3 Formatting fixes 2015-05-18 21:52:33 +10:00
OJ 28abceaec5 Update payload sizes and specs 2015-05-18 21:22:54 +10:00
OJ e7f80042d4 Finalise work on the bind_ipv6_tcp stager for UUID support 2015-05-18 21:19:04 +10:00
OJ 6c00e62649 Small fix to PHP stage 2015-05-18 19:11:33 +10:00
OJ e2d4ed6045 Add the UUID payloads for PHP 2015-05-18 17:49:34 +10:00
OJ 9296a024e2 PHP meterpreter refactoring in prep for uuid work 2015-05-18 17:40:48 +10:00
OJ e41ae93524 Payload sizes, specs and more 2015-05-18 14:58:10 +10:00
OJ 4488a5e634 Add uuid support to python, and rework stages/stagers 2015-05-18 14:33:35 +10:00
OJ 0d56b3ee66 Stage UUIDs, generation options, php and python meterp uuid 2015-05-18 13:29:46 +10:00
OJ bf2b113abb
Merge branch 'upstream/master' into update-x64-stagers 2015-05-18 13:28:36 +10:00
Hans-Martin Münch (h0ng10) d99eedb1e4 Adding begin...ensure block 2015-05-17 20:48:11 +02:00
Hans-Martin Münch (h0ng10) acb053a2a7 CloseHandle cleanup 2015-05-17 20:39:10 +02:00
Hans-Martin Münch (h0ng10) e075495a5b string concatenation, clear \ handling 2015-05-15 06:51:42 +02:00
Hans-Martin Münch (h0ng10) 94d39c5c75 remove hard coded pipe name 2015-05-15 06:35:55 +02:00
Hans-Martin Münch (h0ng10) bb4f5da6d9 replace client.sys.config.getenv with get_env 2015-05-15 06:33:57 +02:00
OJ 7b2aee2a60
Merge branch 'upstream/master' into update-x64-stagers 2015-05-15 12:27:40 +10:00
Hans-Martin Münch (h0ng10) bba261a1cf Initial version 2015-05-15 00:36:03 +02:00
OJ 51e6c13bc4 Adjust transport configuration include for x64/reverse_http
Not sure how I missed this, but I did!
2015-05-12 09:54:08 +10:00
OJ 474461d2a4 Merge format and structure changes from multi transport 2015-05-12 09:46:02 +10:00
OJ 0dbfc1e02b
Merge the stager size work from mult-transport-support 2015-05-12 07:50:56 +10:00
OJ 6fdf23ad98 Update payload sizes again 2015-05-11 22:33:45 +10:00
OJ d9068b7719 Fix up payload cache sizes, and powershell include 2015-05-11 17:43:51 +10:00
OJ e69e6c4a73 Implement winhttp for x64
Still has some quirks to fix up, but we're getting there. Everything
seems to work except for reverse_winhttps. I can't see why at this
point.
2015-05-11 17:27:47 +10:00
OJ 800ab11abd Payload size adjustment, typo fix
Woot, this somehow reduces the payload sizes by 2 bytes... woot.. or
something.
2015-05-11 17:24:32 +10:00
OJ 21397b46aa Add proxy user/pass to x64 reverse_http/s 2015-05-11 17:24:31 +10:00
OJ b922da8f80 Add support for x64 reverse_http
Still need to bake in support for proxies in the stagers, but wer'e
getting there.
2015-05-11 17:24:31 +10:00
OJ 15e9fb7e40 Port reverse_https (wininet) x64 to metasm
This laid the groundwork for implementation of reverse_http as well.
2015-05-11 17:24:31 +10:00
David Maloney 2ce0e61d98
Merge branch 'master' into feature/MSP-12358/ntds-dump-module 2015-05-05 09:47:59 -05:00
OJ 232117117b Fix missing includes
The powershell one broke thanks to include hierarchy changes. The others
failed in the specs only for some reason.
2015-05-05 14:24:21 +10:00
OJ 146f41992f Fix up payload sizes 2015-05-05 13:52:20 +10:00
OJ 852961f059 Tweaking of transport behaviour, removal of patch 2015-05-05 11:45:22 +10:00
OJ cf62d1fd7c Remove patch and old stageless stuff 2015-05-05 09:27:01 +10:00
OJ b42f4f5cd2 Merge branch 'upstream/master' into multi-transport-support
Conflicts:
	lib/msf/core/payload/windows/stageless_meterpreter.rb
	lib/msf/core/payload/windows/x64/stageless_meterpreter.rb
	lib/rex/post/meterpreter/client_core.rb
	modules/payloads/stages/linux/x86/meterpreter.rb
	modules/payloads/stages/windows/meterpreter.rb
	modules/payloads/stages/windows/x64/meterpreter.rb
2015-05-05 07:53:54 +10:00
Brent Cook 05e4af8162
Land #5214, initial meterpreter session recovery support 2015-05-04 16:25:27 -05:00
jvazquez-r7 b95be1b25f
Support information to include logon scripts 2015-05-04 15:49:19 -05:00
David Maloney 3c9c578a3d
ntdsutil method in place
ntdsutil method built out to make a copy
of ntds.dit on later version of Winbdows Server

MSP-12358
2015-05-04 15:35:36 -05:00
Darius Freamon dc42a3ee1a add OSVDB ref
add OSVDB ref
2015-05-04 14:27:44 -06:00
David Maloney e0c64038a7
start new ddomain hashdump post module
module checks for all preconditions so far
including that Domain Services are running,
that we are Admin, that we have bypassed uac
and that it is a supported version of windows.

MSP-12358
2015-05-04 15:07:27 -05:00
Brent Cook e6ea5511ca update linux and windows meterpreters to use metasploit-payloads 2015-05-04 09:44:36 -05:00
OJ c2dc4677fb Prevent stagless from overwriting socket
Stageless payloads need to have the socket FD left along (ie. 0)
otherwise each of them will think that the socket is already open.
Instead we need to make sure it's left as 0 as per the configuration and
from there the stageless code will fire up a new socket based on the
transport in question.
2015-05-04 22:36:59 +10:00
OJ e835f2b99c Rejig transport config into module
Adjust a few other things along the way, including tidying of code,
removing of dead stuff.
2015-05-04 22:04:34 +10:00
m-1-k-3 c7e05448e7 various MIPS vs MIPSBE fixes 2015-05-04 12:55:21 +02:00
OJ 93bf995b32 Reverse tcp support for POSIX
Ported the stager and wired in the new work to make the configuration
function.
2015-05-04 20:11:26 +10:00
OJ 9300158c9a Initial rework of POSIX stuff to handle new configuration 2015-05-04 18:58:55 +10:00
William Vu 67a23f2c74
Land #5296, info hash product name fix 2015-05-03 14:36:25 -05:00
John Lightsey 4bfb9262e6 Add exploit module for MovableType CVE-2015-1592
This module targets the deserialization of untrusted Storable data in
MovableType before 5.2.12 and 6.0.7. The destructive attack will
function on most installations, but will leave the webapp corrupted.
The non-destructive attack will only function on servers that have the
Object::MultiType (uncommon) and DateTime (common) Perl modules
installed in addition to MovableType.
2015-05-03 14:18:01 -05:00
Darius Freamon a5c10b7f10 Fix product name
Product name missing a letter in two locations
2015-05-03 13:11:22 -06:00
m-1-k-3 53043dcbbc make msftidy happy 2015-05-03 18:14:51 +02:00
m-1-k-3 6fbce56a52 realtek upnp command injection 2015-05-03 18:09:22 +02:00
joev db999d2c62 Remove ff 31-34 exploit from autopwn, requires interaction. 2015-05-03 10:42:21 -05:00
jvazquez-r7 1bc6822811
Delete Airties module 2015-05-22 11:57:45 -05:00
jvazquez-r7 70d0bb1b1a
Merge Airties target inside miniupnpd_soap_bof 2015-05-22 11:57:19 -05:00
Denis Kolegov 7fb99cdaaf Merged fixed conflicts 2015-05-02 05:37:36 -04:00
Denis Kolegov f95774c6b4 Fixed bugs 2015-05-02 05:09:03 -04:00
jvazquez-r7 93ac8b48e3
Land #5178, @jboss_vulnscan check for console default admin
* And minor fixes
2015-05-01 17:38:20 -05:00
jvazquez-r7 697c6c20cb
Do minor cleanup 2015-05-01 17:37:45 -05:00
jvazquez-r7 04fa626eab
Save credentials as UNTRIED 2015-05-15 14:58:55 -05:00
jvazquez-r7 16c3bf91a1
Do code cleanup 2015-05-15 14:46:34 -05:00
jvazquez-r7 c6806b4e5f
Land #5102, @wchen-r7's ManageEngine Desktop Central Login Utility 2015-05-01 15:20:21 -05:00
jvazquez-r7 b037560c90
Do minor style fixes 2015-05-01 15:01:13 -05:00
jvazquez-r7 a531ad9ec2
Land #5096, @pedrib's exploit for Novell ZCM CVE-2015-0779 2015-05-01 14:35:28 -05:00
jvazquez-r7 0ff33572a7
Fix waiting loop 2015-05-01 14:34:43 -05:00
jvazquez-r7 645f239d94
Change module filename 2015-05-01 14:18:34 -05:00
jvazquez-r7 11a3f59b0b
Return false if there isn't a positive answer 2015-05-01 14:06:57 -05:00
jvazquez-r7 093c2e3ace
Do minor style cleanup 2015-05-01 13:56:48 -05:00
jvazquez-r7 d38adef5cc
Make TOMCAT_PATH optional 2015-05-01 13:54:39 -05:00
jvazquez-r7 d2a7d83f71
Avoid long sleep times 2015-05-01 13:51:52 -05:00
jvazquez-r7 8fcf0c558d
Use single quotes 2015-05-01 13:20:27 -05:00
Darius Freamon aa59b3acc6 title enhancement, description touch-up
Expanded title to be more precise and standardized use of vendor name
2015-04-30 17:23:15 -06:00
William Vu 83288ff391 Fix typo 2015-04-30 17:58:26 -05:00
wchen-r7 89d026c900 Fix merge conflict 2015-04-30 12:33:45 -05:00
wchen-r7 17e54fff1f
Land #5275, Flash CVE-2014-8440 2015-04-30 12:14:06 -05:00
James Lee ee5dc1d6e4
Land #5277, typo in telnet_encrypt_overflow 2015-04-30 10:44:55 -05:00
lanjelot 5ab9f01eee Use byte[] so it works even if Base64 unavailable 2015-04-30 12:46:14 +10:00
lanjelot 15bb4d1ea4 Fix #4243, regression introduced by commit 6e80481384 2015-04-30 12:42:39 +10:00
jvazquez-r7 d773f85dca
Add reference to malware 2015-04-29 17:53:29 -05:00
jvazquez-r7 dbba466b5b
Add module for CVE-2014-8440 2015-04-29 17:52:04 -05:00
Brent Cook 4c9f44b00c
Revert "Land #4888, @h00die's brocade credential bruteforcer"
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
2015-04-29 15:36:03 -05:00
William Vu 5defb50252
Fix #5267, references fixes 2015-04-29 14:21:23 -05:00
William Vu a4531e62a0 Clean up references 2015-04-29 14:21:08 -05:00
William Vu 7962be3e2a
Fix #5271, moved OSVDB reference 2015-04-29 14:18:52 -05:00
William Vu b2d08251e4 Move reference 2015-04-29 14:18:45 -05:00
William Vu 1eeb9af2d0
Land #5271, Symantec Workspace Streaming updates 2015-04-29 14:16:23 -05:00
William Vu fd567195e3 Fix punctuation and missing comma 2015-04-29 14:12:44 -05:00
Darius Freamon 5f0736fa4c enhance title and description, add OSVDB reference, standardized JBoss 2015-04-29 11:39:40 -06:00
Brent Cook cc47f8f6e8
Land #5265, handle SSL being disabled in the SSL version scanner 2015-04-29 12:34:55 -05:00
Meatballs eb8fdcc2f2
Typo 2015-04-29 10:45:49 +01:00
Meatballs 4072cbd4d3
Bitlocker -> BitLocker 2015-04-29 10:02:21 +01:00
Meatballs 7e5b03c44e
Tidyup and update for new ADSI format 2015-04-29 09:48:44 +01:00
Meatballs 0d81ad4db4 Remove max search 2015-04-29 09:40:53 +01:00
Meatballs 96a9313e7e Initial commit 2015-04-29 09:40:53 +01:00
Darius Freamon c01fc829ab Title enhancement, OSVDB refs 2015-04-28 15:56:34 -06:00
William Vu 9b17191e48 Remove unnecessary {,dis}connect 2015-04-28 15:09:16 -05:00
William Vu 28e661e204 Fix false positive in POODLE scanner
If SSL is false somehow.
2015-04-28 14:19:48 -05:00
m-1-k-3 0a4554a204 reporting included, extract device details 2015-04-28 13:01:51 +02:00
Brent Cook 6058dee99a explicitly require bind_tcp/reverse_tcp modules
This transient error was noted in the release documentation builder.

metasploit-framework/modules/payloads/singles/windows/powershell_bind_tcp.rb:37:in
   `initialize': uninitialized constant Msf::Handler::BindTcp (NameError)
2015-04-27 20:57:31 -05:00
Christian Mehlmauer 7523e592d2
Land #5198, WordPress contus video gallery 2.7 scanner 2015-04-27 23:24:57 +02:00
m-1-k-3 ce697ee44c netgear soap password extractor 2015-04-27 17:56:30 +02:00
m-1-k-3 d8b8017e0b remove debugging 2015-04-27 06:36:34 +02:00
m-1-k-3 8db88994ac fingerprint, title 2015-04-27 06:34:46 +02:00
m-1-k-3 285d767e20 initial commit of UPnP exploit for Airties devices 2015-04-27 05:34:30 +02:00
Brandon Perry 7a2084cdc5 Rename wordpress_contus_video_gallery_sqli.rb to wp_contus_video_gallery_sqli.rb 2015-04-26 16:54:21 -05:00
HD Moore 1fd601510c
Lands #5194, merges in PowerShell session support & initial payloads 2015-04-26 16:01:51 -05:00
HD Moore f56eac7f10 Cosmetic cleanup and binary mode read for powershell script 2015-04-26 15:57:51 -05:00
Ben Turner 82fe480c2e Update session to display username and hostname 2015-04-26 21:47:49 +01:00
benpturner f2c745d2a7 update cached sizes 2015-04-26 20:24:41 +01:00
benpturner d19406c593 Update the payload cache size 2015-04-26 18:56:32 +01:00
benpturner 1cc167a7fb Inserted ARCH_X86 payloads, removed interactive_powershell and updated base powershell session 2015-04-26 18:50:42 +01:00
benpturner 4cb1a6c255 Updated payload cached size 2015-04-26 09:30:41 +01:00
benpturner e6c61c461e Updated payloads and fixed msftidy. 2015-04-26 09:20:29 +01:00
Roberto Soares b537c8ae2c Changed fail_with output. 2015-04-26 01:28:55 -03:00
OJ 6da8a14f62 Initial work on x64 payloads for new config 2015-04-26 13:41:31 +10:00
OJ 6ac3ecfa7c Refactor, add reverse_winhttps support
Getting closer to a normalised view of what this stuff will look like.
There URL patching is slowly being removed. Reverse HTTPS works fine,
and by default HTTP should too.

Next up, x64 for the same main ones.
2015-04-26 12:11:14 +10:00
Roberto Soares a4b4d7cf6a Add WordPress Front-end Editor File Upload Vuln 2015-04-25 22:00:05 -03:00
m-1-k-3 b330b1d41c typo in title of telnet_encrypt_overflow.rb 2015-04-26 02:32:14 +02:00
OJ 2455163d24 Refactor configuration for meterpreter payloads (x86)
RDI is now back to what it was before, as this leaves all the other RDI
style payloads alone. Instead we have a new Meterpreter loader which
does the stuff that is required to make meterpreter work well with the
new configuration options.

This is just the case for reverse_tcp and bind_tcp so far, need to do
the other payloads too, along with all the x64 versions.
2015-04-26 09:57:30 +10:00
benpturner ded904c72c New payloads 2015-04-26 00:16:59 +01:00
Roberto Soares c41c7a1ba2 Rewrote the conditions of res. 2015-04-25 17:18:38 -03:00
Roberto Soares d01da0c522 Changed if conditions and exception handling 2015-04-25 15:08:36 -03:00
Roberto Soares 3a84396f32 Removed authorization header. 2015-04-25 14:30:21 -03:00
benpturner a02ea90824 New payloads which work with cmd 2015-04-25 16:49:22 +01:00
Roberto Soares b810a96dac Add Module for Enum on InfluxDB database. 2015-04-25 04:41:33 -03:00
benpturner 7afb6e1aa6 Removed stand-alone payloads and will push these as a seperate fork request. 2015-04-25 07:57:43 +01:00
benpturner 6be2c0beab Dynamic 2015-04-25 07:49:34 +01:00
benpturner 2273fb541a payload cached_sizes 2015-04-25 07:33:51 +01:00
benpturner 215e67bcbd Updated comments 2015-04-25 07:02:25 +01:00
Brent Cook 4ffffa59fe
Land #5184, restore store_loot for ssh_creds gatherer 2015-04-24 13:55:06 -05:00
Brent Cook ff96101dba
Land #5218, fix #3816, remove print_debug / DEBUG 2015-04-24 13:41:07 -05:00
benpturner 941a4ee572 updated cached size using tools/update_payload_cached_sizes.rb 2015-04-24 19:13:54 +01:00
jvazquez-r7 7167dc1147
Land #5243, @espreto's WordPress WPshop eCommerce File Upload exploit 2015-04-24 11:30:28 -05:00
jvazquez-r7 558103b25d
Do code cleanup 2015-04-24 11:30:08 -05:00
jvazquez-r7 896d6e8cb7
Fix title 2015-04-24 11:09:39 -05:00
jvazquez-r7 1825b45ac3
Land #5242, @espreto's module for GI-Media Library Plugin Directory Traversal 2015-04-24 11:08:52 -05:00
jvazquez-r7 7af6f31c3a
Fix message 2015-04-24 11:08:00 -05:00
jvazquez-r7 5ca6fe3cb0
Do code cleanup 2015-04-24 11:07:13 -05:00
Brent Cook f457f36cdd
Land #5213, improvements to MS15-035 DoS 2015-04-24 10:54:48 -05:00
jvazquez-r7 7a3949ed52 Land #5230, @espreto's exploit for WordPress InBoundio Marketing File Upload
* OSVDB 119890
2015-04-24 10:49:52 -05:00
jvazquez-r7 8a8d9a26f4
Do code cleanup 2015-04-24 10:47:46 -05:00
jvazquez-r7 b5223912cb
Fix check method 2015-04-24 10:41:41 -05:00
Roberto Soares c9b4a272e3 Changed fail_with output. 2015-04-24 12:16:23 -03:00
kaospunk bb0b2eee37 Fix missing . in SRV query
This update adds a missing . to the end of the
_ldap._tcp SRV record so that it properly forms
the DNS query.
2015-04-24 10:42:31 -04:00
benpturner 2ccf818c7b msftidy 2015-04-24 11:16:31 +01:00
Roberto Soares e14c6af194 Removed double 'Calling payload'. 2015-04-24 06:26:04 -03:00
benpturner 00d8958cc8 New payloads for reverse_tcp for powershell 2015-04-24 10:25:37 +01:00
Roberto Soares 01efc97c4a Add WordPress WPshop eCommerce File Upload. 2015-04-24 06:21:49 -03:00
Roberto Soares e51897d64e Filepath option 2015-04-24 04:35:59 -03:00
Roberto Soares 7b0b59b5f6 Add WordPress GI-Media Library Plugin File Read. 2015-04-24 04:24:16 -03:00
benpturner 9e137c6403 ref 2015-04-23 23:28:33 +01:00
benpturner 468166408e ref 2015-04-23 23:28:21 +01:00
benpturner 3711b2579c new powershell session 2015-04-23 23:13:12 +01:00
benpturner 0f7442dec2 new powershell session 2015-04-23 23:12:58 +01:00
benpturner b642ddb989 interact powershell session 2015-04-23 23:12:38 +01:00
benpturner b6abd9dc8e updates to rex 2015-04-23 22:14:11 +01:00
benpturner a3710752c6 updates to rex 2015-04-23 22:14:00 +01:00
benpturner 5b604d07dd updates 2015-04-23 22:13:46 +01:00
benpturner 3e693c95df update bind_tcp settings 2015-04-23 14:43:08 +01:00
benpturner 94d99cd833 use Rex::Powershell::Command 2015-04-23 14:42:45 +01:00
benpturner e7b84ea40e rhost mandatory 2015-04-23 10:17:13 +01:00
benpturner 4ad3394e82 make rhost mandatory 2015-04-23 10:09:50 +01:00
Roberto Soares 5bf4c9187a Removed double "Calling payload..." 2015-04-23 03:41:34 -03:00
Roberto Soares 844f768eee Add WordPress InBoundio Marketing File Upload 2015-04-23 03:32:17 -03:00
OJ 19a6ae68ff Update bind_tcp sizes to dynamic
This is required due to the fact that we can now turn on/off the
closing of the listen socket.
2015-04-23 09:53:18 +10:00
m-1-k-3 f5b0a7e082 include rop gadget description 2015-04-23 00:11:02 +02:00
benpturner 711061a49b updates 2015-04-22 21:03:13 +01:00
benpturner 5a648ef79b updates to script 2015-04-22 20:45:43 +01:00
Brandon Perry e9f8b25987 Update wordpress_contus_video_gallery_sqli.rb
Update to use the Wordpress mixin
2015-04-22 14:43:55 -05:00
Brandon Perry 26d208f089 Update wordpress_contus_video_gallery_sqli.rb
remove 'uri'
2015-04-22 14:42:03 -05:00
benpturner 99156f1247 reverse payload 2015-04-22 20:41:45 +01:00
benpturner 4ae3c5925d bind payload 2015-04-22 20:41:35 +01:00
m-1-k-3 1ec0e09a43 msftidy 2015-04-22 10:32:47 +02:00
m-1-k-3 58099d0469 airties login bof module 2015-04-22 10:21:58 +02:00
xistence 92c91c76f7 Proftpd 1.3.5 Mod_Copy Command Execution 2015-04-22 01:41:16 -04:00
Brent Cook 3963289519
Land #4888, @h00die's brocade credential bruteforcer 2015-04-21 18:27:03 -05:00
Mike 3a1778ef7c Spelling Fix
s/Brocde/Brocade/ as per bcook-r7
2015-04-21 17:57:36 -04:00
jvazquez-r7 3db0e12b67
Modify autopwn comment 2015-04-21 14:19:15 -05:00
jvazquez-r7 3f40342ac5
Fix sock_sendpage 2015-04-21 14:17:19 -05:00
jvazquez-r7 ab94f15a60
Take care of modules using the 'DEBUG' option 2015-04-21 12:13:40 -05:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
Brent Cook 073850c5ad
Land #5158, OWA internal IP disclosure scanner 2015-04-21 11:10:39 -05:00
Brent Cook 5296c6507d
Land #5157, OWA login scanner auth timing logs 2015-04-21 11:06:08 -05:00
wchen-r7 a44da8e6d7 URL refs 2015-04-21 09:29:08 -05:00
OJ 86957d9b07
Merge branch 'upstream/master' into connection-recovery 2015-04-21 20:01:59 +10:00
wchen-r7 a3b0f2e424
Land #5175, Update mcafee_vse_hashdump description 2015-04-20 21:49:24 -05:00
Brent Cook 9a49538c1a
Land #5016, add SSL Labs scanner 2015-04-20 21:34:16 -05:00
Brent Cook 752c3243f6 wrap print* functions in report_* wrappers
Preserve the semantics in the code, but don't call functions like 'print_error'
unless there is an actual error running the module. Fix spelling of 'Overall'.
2015-04-20 21:13:43 -05:00
wchen-r7 ff32d6cee3 Improve MS15-034 DOS 2015-04-20 20:36:08 -05:00
jvazquez-r7 c6c7560aed
Land #4846, @joevennix's android 4.3 uxss module 2015-04-20 18:43:24 -05:00
jvazquez-r7 9b240e1d8f Use parenthesis 2015-04-20 18:42:34 -05:00
William Vu 3fbd4e2fe6
Land #5172, x64 BSD shell_{bind,reverse}_tcp 2015-04-20 15:37:29 -05:00
William Vu 79ca0a56f9
Land #4171, Steam protocol support 2015-04-20 15:35:06 -05:00
jvazquez-r7 f762873a31
Land #5192, @joevennix's module for Safari CVE-2015-1126
* Module to profit cross domain vulnerability on safari
2015-04-20 15:19:54 -05:00
jvazquez-r7 e2eaff6b3a
Don't modify datastore options 2015-04-20 15:16:21 -05:00
jvazquez-r7 88c52ae7ae
Delete second stop_service, the mixin should had done the job 2015-04-20 15:13:11 -05:00
jvazquez-r7 dc0549d2dd
Use #wait 2015-04-20 15:06:01 -05:00
jvazquez-r7 c1234e05e2
Delete parenthesis from condition 2015-04-20 14:56:37 -05:00
jvazquez-r7 0283ac05e5
Do minor style fixes 2015-04-20 14:54:39 -05:00
jvazquez-r7 69b8edda4a
Use single quotes 2015-04-20 14:53:38 -05:00
jvazquez-r7 16daa935dd
Do minor code cleanup 2015-04-20 13:08:51 -05:00
jvazquez-r7 4f59abe842
Land #5203, @Meatballs1 fixes #5199 by using the correct namespace
* Fixes web_delivery
2015-04-20 11:20:48 -05:00
benpturner d9d8451b9f Updated tools/msftidy.rb issues 2015-04-20 16:03:34 +01:00
Meatballs eb1c01417a
Bogus : 2015-04-20 11:00:26 +01:00
Meatballs aa4f913800
Resolves #5199
Fix Powershell namespace in web_delivery module
2015-04-20 09:37:42 +01:00
Christian Mehlmauer a60fe4af8e
Land #5201, Change module wording to conform with other WP modules 2015-04-20 10:07:05 +02:00
aushack 1a32cf7fc0 Change module wording to conform with other WP modules. 2015-04-20 16:48:35 +10:00
Brandon Perry b622aae97f Update wordpress_contus_video_gallery_sqli.rb 2015-04-19 18:24:12 -05:00
Meatballs ac1f03b1de
Use fail_with if unknown exception 2015-04-20 00:11:23 +01:00
Brandon Perry c393f7c398 add contus video gallery scanner 2015-04-19 17:58:08 -05:00
Meatballs 1cc08a56a8
Additional tidyup 2015-04-19 23:55:55 +01:00
Meatballs b0d50dc2be
Create our own Rex connection to the endpoint
Ensure powershell process closes when module completes
Add a windows cmd interact payload
2015-04-19 23:41:28 +01:00
Christian Mehlmauer ed9175d73f
Land #5167, WordPress CP Multi-View Calendar SQLI Scanner 2015-04-19 23:36:23 +02:00
Brandon Perry 8c0bcd2e03 Update wordpress_cp_calendar_sqli.rb
Use the new WPVDB
2015-04-19 16:32:57 -05:00
Christian Mehlmauer a5583debdc
Land #5131, WordPress Slideshow Upload 2015-04-19 23:12:26 +02:00
Meatballs 8bd0da580d
Move script out of module 2015-04-19 21:12:44 +01:00
Meatballs 9fd3d3aa8c
Move to exploit module 2015-04-19 20:58:20 +01:00
benpturner 1ee850246a Interactive powershell post module that allows a user to gain an
interactive powershell prompt from a compromised session. It opens a TCP
listener for Powershell and automatically creates the handler. You can
also pass this other powershell files in the LOAD_MODULE option to go
ahead and download using the download cradle once the session is
established.
2015-04-19 20:51:41 +01:00
joev 2010e966b3 Add non-httponly cookie theft module for ios/osx safari. 2015-04-19 11:32:37 -05:00
Roberto Soares c1a1143377 Remove line in description and output line in fail_with 2015-04-18 15:38:42 -03:00
OJ 19f8a76475 Porting bind_tcp for posix to metasm
And supporting SO_REUSEADDR and stageless meterp
2015-04-18 19:19:40 +10:00
wchen-r7 43e9244b4c Fix #5134, Put store_loot back
Fix #5134

store_loot was used at one point, but we ended up removing it.
Turns out store_loot is handy in some cases so we're brining it back.
2015-04-17 16:33:51 -05:00
Michael Messner b991dec0f9 Dlink UPnP SOAP-Header Injection 2015-04-17 22:54:32 +02:00
wchen-r7 4f903a604c Fix #5103, Revert unwanted URI encoding
Fix #5103. By default, Httpclient will encode the URI but
we don't necessarily want that. These modules originally
didn't use URI encoding when they were written so we should
just keep them that way.
2015-04-17 13:59:49 -05:00
karllll e3ce4eb88e Update mcafee_vse_hashdump.rb 2015-04-17 09:47:02 -04:00
OJ 97912882ca Adjustments for POSIX meterpreter patching 2015-04-17 19:53:05 +10:00
Christian Mehlmauer bba0927c7e
Land #5163, WordPress Reflex Gallery Plugin File Upload 2015-04-17 11:26:34 +02:00
Christian Mehlmauer 6653c9e33d
Land #5162, WordPress Dukapress File Read Vulnerability 2015-04-17 11:20:55 +02:00
Christian Mehlmauer 6c77b64dae
wrong method name 2015-04-17 11:20:14 +02:00
Christian Mehlmauer aef464fc2e
Land #5159, WordPress Mobile Edition Plugin File Read Vuln 2015-04-17 11:13:00 +02:00
OJ 0a8b29dd86 Merge branch 'upstream/master' into connection-recovery
Conflicts:
	lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb
2015-04-17 14:40:21 +10:00
wchen-r7 3927024f79
Land #5154, CVE-2015-0556 (Flash copyPixelsToByteArray int overflow)
sage aborts
2015-04-16 21:21:09 -05:00
William Vu 3422501d91
Land #5174, deprecated module cleanup 2015-04-16 17:43:28 -05:00
Christian Mehlmauer 153344a1dd
fix Unkown typo 2015-04-16 23:59:28 +02:00
Christian Mehlmauer 2b9fd93729
remove deprecated modules 2015-04-16 22:49:22 +02:00
Roberto Soares 33cf2f1578 Added Faliure:: symbol to fail_with 2015-04-16 17:40:25 -03:00
Roberto Soares ed588e335b Changed the print_error output. 2015-04-16 17:32:59 -03:00
Roberto Soares bf3bdcffb4 Changed the deph value to 7. 2015-04-16 17:30:28 -03:00
Roberto Soares dd474757fe Changed the print_error output. 2015-04-16 17:26:44 -03:00
Roberto Soares f50cedeafd Changed the depth value to 7. 2015-04-16 17:22:49 -03:00
Roberto Soares 2138325129 Add Failure:: symbol to fail_with 2015-04-16 17:15:24 -03:00
karllll cb2e8f4949 Update mcafee_vse_hashdump description
The description of this module has been added upon to include cracking details.
2015-04-16 16:09:43 -04:00
Christian Mehlmauer 352e170624
more failure reasons 2015-04-16 22:04:11 +02:00
Christian Mehlmauer 8c5890d506
more fixes 2015-04-16 21:56:42 +02:00
Christian Mehlmauer 8c12361bda
remove fail_with defs 2015-04-16 21:49:31 +02:00
Christian Mehlmauer ba6548db75
be consistent about naming 2015-04-16 21:44:56 +02:00
Christian Mehlmauer b4b8ac0849
moar fail_with's 2015-04-16 21:26:37 +02:00
Christian Mehlmauer a193ae42b0
moar fail_with's 2015-04-16 21:25:05 +02:00
Christian Mehlmauer 4dc402fd3c
moar fail_with's 2015-04-16 21:16:52 +02:00
Christian Mehlmauer 0e186fa617
first fail_with fixes 2015-04-16 21:08:33 +02:00
William Vu f0d6735332
Land #5165, version number correction 2015-04-16 12:10:12 -05:00
William Vu 26f2b350d2
Land #5168, more fail_with fixes 2015-04-16 12:04:55 -05:00
William Vu 1455d4e94d Fix AUTH_TIME 2015-04-16 11:39:33 -05:00
William Vu 7c572777e1 Fix whitespace 2015-04-16 11:34:50 -05:00
William Vu 7a9167b235 Fix comments 2015-04-16 11:34:47 -05:00
Nate Power 9bcc988266 Update owa_login 2015-04-16 11:23:04 -05:00
sinn3r 904339f0d7 Fix #5130, Correct use of fail_with in wp_worktheflow_upload.rb 2015-04-16 10:32:50 -05:00
sinn3r 5c98270f4d Fix #5137 - Correct use of fail_with 2015-04-16 09:57:02 -05:00
Brandon Perry 75b88f199a Create wordpress_cp_calendar_sqli.rb 2015-04-16 09:53:00 -05:00
Christian Mehlmauer 418d8586a5
Land #5137 (again), WordPress N-Media Website File Upload 2015-04-16 16:24:41 +02:00
Christian Mehlmauer 7f79acb996
Land #5137, WordPress N-Media Website File Upload 2015-04-16 16:17:20 +02:00
Roberto Soares 517ad54617 Fix the correct version in check. 2015-04-16 10:56:43 -03:00
Roberto Soares 95310dbe4f Fix 'if' condition. 2015-04-16 10:51:36 -03:00
Roberto Soares 626a9f0508 Fix the correct version in check. 2015-04-16 10:46:08 -03:00
Roberto Soares ecc67b1a57 Fix loot name 2015-04-16 10:42:20 -03:00
Roberto Soares d898af5513 Add check version and removed HttpClient 2015-04-16 10:40:35 -03:00
Roberto Soares 6ef074cd28 Fix the correct version in check 2015-04-16 10:34:34 -03:00
Roberto Soares 768294710b Add check and removed HttpClient 2015-04-16 10:22:10 -03:00
Christian Mehlmauer d9f4c7548f
Land #5136, WordPress Creative Contact Form upload 2015-04-16 15:17:14 +02:00
Christian Mehlmauer 84c74b8d42
use correct version number 2015-04-16 15:01:54 +02:00