Commit Graph

39495 Commits (b0bb5b5806847852a2f631b44a57adc4f123a35f)

Author SHA1 Message Date
Mehmet Ince ba79579202
Extending Space limitation up to 250 2016-08-12 22:32:49 +03:00
David Maloney 0fd833676e
remove unnedded codepage.map
this file got mvoed to rex-text earlier
2016-08-12 13:41:31 -05:00
David Maloney 4e678e4ce6
fix help table
there was a bad class refernece here that
needed to be cleaned up

MS-1875
2016-08-12 13:33:41 -05:00
David Maloney 1384c0480d
update rex-text to fix a bug 2016-08-12 13:15:47 -05:00
Metasploit a6ba386728
Bump version of framework to 4.12.21 2016-08-12 10:02:36 -07:00
Brent Cook 6a035b7e48
Land #7161, add specs for cisco mixin to use Metasploit Credentials 2016-08-12 10:07:17 -05:00
Brendan 1a7286f625
Land #7062, Create exploit for WebNMS 5.2 RCE 2016-08-12 07:11:48 -07:00
David Maloney 6160ff8cb2
bump rex-text version for ipaddr fix
rex-text version of table had a slight issue
with sorting IPAddr objects, 0.2.0 fixes this issue

MS-1875
2016-08-11 11:24:44 -05:00
Pearce Barry 6386d9daca
Land #7178, Add a method to check the Powershell version 2016-08-11 11:02:41 -05:00
wchen-r7 e08c4a8bef Remove .Net check
cmd_exec doesn't seem to be the best way to go because there is
some issue grabbing the output sometimes.
2016-08-11 10:49:06 -05:00
David Maloney 42d6c9443d
remove unused ProgressTracker class
not sure if this was ever used, but it is certainly not being used
by anything now, so let's remove it

MS-1875
2016-08-11 10:35:10 -05:00
David Maloney 8489485cfd
move Rex::Ui::Text::Color out to rex::text gem
moved the text ansi color library out to the rex-text gem

MS-1875
2016-08-11 10:28:09 -05:00
wchen-r7 ea0ebf2e3b
Land #7194, Add MS16-095 IE Iframe Sandbox File Name Disclosure Vuln 2016-08-10 18:26:14 -05:00
wchen-r7 c2c05a820a Force uripath and srvport options 2016-08-10 18:25:45 -05:00
wchen-r7 e56e801c12 Update ie_sandbox_findfiles.rb 2016-08-10 18:09:58 -05:00
Metasploit d57e4d6349
Bump version of framework to 4.12.20 2016-08-10 15:30:37 -07:00
David Maloney 09ad342b67
Merge branch 'master' into feature/MS-1875/rex-table 2016-08-10 15:58:27 -05:00
David Maloney 3fc46451d5
Land #7199, bcook's pr for is_system fix
fixes issue that caused is_system to crash meterp
2016-08-10 15:42:08 -05:00
wchen-r7 3851db7bcb Use powershell when possible 2016-08-10 15:14:11 -05:00
Brent Cook 1cb01ee876 remove architecture fidling from platform string for now 2016-08-10 14:46:48 -05:00
David Maloney eb73a6914d
replace old rex::ui::text::table refs
everywhere we called the class we have now rewritten it
to use the new namespace

MS-1875
2016-08-10 13:30:09 -05:00
David Maloney 3f530f1896
remove rex::ui::text:table
remove the class from msf, and update the rex-text
gem to pull the code in under the new version at Rex::Text::Table
modify all requires appropriately

MS-1875
2016-08-10 13:24:25 -05:00
dmohanty-r7 b027176799
Land #7156, use windows_error gem for constants 2016-08-10 11:47:37 -05:00
Metasploit 280216d74d
Bump version of framework to 4.12.19 2016-08-09 14:49:58 -07:00
Yorick Koster 87b27951cf Fixed some build errors 2016-08-09 20:46:49 +02:00
Yorick Koster 79a84fb320 Internet Explorer iframe sandbox local file name disclosure vulnerability
It was found that Internet Explorer allows the disclosure of local file
names. This issue exists due to the fact that Internet Explorer behaves
different for file:// URLs pointing to existing and non-existent files.
When used in combination with HTML5 sandbox iframes it is possible to
use this behavior to find out if a local file exists. This technique
only works on Internet Explorer 10 & 11 since these support the HTML5
sandbox. Also it is not possible to do this from a regular website as
file:// URLs are blocked all together. The attack must be performed
locally (works with Internet zone Mark of the Web) or from a share.
2016-08-09 20:35:42 +02:00
Yorick Koster a848d3948c Merge remote-tracking branch 'rapid7/master' 2016-08-09 12:27:22 +02:00
Pedro Ribeiro b38ba54b67 Merge pull request #31 from rapid7/master
aa
2016-08-08 22:57:00 +01:00
wchen-r7 de16a6d536
Land #7182, Nuuo / Netgear Surveillance admin password reset module 2016-08-08 16:10:30 -05:00
wchen-r7 c64e1b8fe6
Land #7181, NUUO NVRmini 2 / Crystal / NETGEAR ReadyNAS Surveillance 2016-08-08 16:04:33 -05:00
wchen-r7 cb04ff48bc
Land #7180, Add exploit for CVE 2016-5674 / Nuuo / Netgear unauth RCE 2016-08-08 15:55:39 -05:00
wchen-r7 8654baf3dd
Land #6880, add a module for netcore/netdis udp 53413 backdoor 2016-08-08 15:43:34 -05:00
wchen-r7 89417304b0 Fix format for netcore_udp_53413_backdoor.md 2016-08-08 15:42:46 -05:00
wchen-r7 f98efb1345 Fix typos 2016-08-08 15:41:03 -05:00
Yorick Koster 9750c43c4b Merge remote-tracking branch 'rapid7/master' 2016-08-08 20:40:28 +02:00
Pedro Ribeiro 7ca7682d17 Fix whitespace error from msftidy 2016-08-08 17:57:03 +01:00
wchen-r7 3d1289dac3
Land #7185, Add VMware Host Guest Client Redirector DLL Hijack Exploit 2016-08-08 11:41:40 -05:00
wchen-r7 51c457dfb3 Update vmhgfs_webdav_dll_sideload 2016-08-08 11:40:03 -05:00
Pearce Barry ae59c4ae74
Land #6687, Fix meterpreter platform to include OS in the tuple for all meterpreters 2016-08-07 05:00:24 -05:00
Pedro Ribeiro 3b64b891a6 Update nuuo_nvrmini_unauth_rce.rb 2016-08-05 21:53:25 +01:00
Pedro Ribeiro 746ba4d76c Add bugtraq reference 2016-08-05 21:53:08 +01:00
Pedro Ribeiro 106f26587e Add bugtraq reference 2016-08-05 21:52:46 +01:00
Christian Mehlmauer 009089ead7
Land #7183, Fix #7170 Add HttpTrace option for HttpClient 2016-08-05 22:36:28 +02:00
wchen-r7 b888ff59ea
Land #7187, add Samsung Security Manager 1.5 ActiveMQ Broker exploit 2016-08-05 15:27:28 -05:00
Steven Seeley 230903562f Add Samsung Security Manager 1.5 ActiveMQ Broker exploit 2016-08-05 15:19:22 -05:00
wchen-r7 4055fd1930 Do e.message instead of e.to_s 2016-08-05 14:12:50 -05:00
Yorick Koster dae1679245 Fixed build warnings 2016-08-05 20:40:41 +02:00
Yorick Koster 02e065dae6 Fixed disclosure date format 2016-08-05 20:32:58 +02:00
wchen-r7 d59b6d99ee Make the debug output more readable 2016-08-05 13:20:53 -05:00
Yorick Koster 97d11a7041 Exploit module for CVE-2016-5330 VMware Host Guest Client Redirector DLL hijack 2016-08-05 20:19:40 +02:00