Trevor Rosen
661abe65c4
Merge pull request #30 from rapid7/feature/MSP-9971/cred-creation
...
Feature/msp 9971/cred creation
2014-05-30 13:13:03 -05:00
David Maloney
ba525c7b78
use metasploit-credential creation methods
2014-05-30 13:07:11 -05:00
Tod Beardsley
8f52133471
Land #3281 , require latest Ruby 1.9.3
...
Note, this will cause developer environments to complain until Ruby is
reinstalled. It's probably a good idea to reinstall anyway, though,
since people who haven't in a while may have been linked against a
Heartbleed-vulnerable openssl library.
2014-05-30 12:55:54 -05:00
jvazquez-r7
4a1fea7abb
Land #2948 , @juushya's PocketPAD login bruteforce module
2014-05-30 11:47:16 -05:00
jvazquez-r7
b0bdfa7680
Clean up code
2014-05-30 11:44:42 -05:00
jvazquez-r7
fb59221189
Land #2494 , @juushya's etherpadduo login module
2014-05-30 11:35:28 -05:00
jvazquez-r7
d92a7adc68
change module filename
2014-05-30 11:31:49 -05:00
David Maloney
98a23881ee
remove cred creation methods
...
removed cred creation methods from framework
and include them from the metasploit-credential gem instead
2014-05-30 11:28:53 -05:00
jvazquez-r7
40a103967e
Minor code cleanup
2014-05-30 11:28:37 -05:00
Spencer McIntyre
e2cc2fece0
Pymeterpreter update win reg functions for python v3
2014-05-30 10:51:36 -04:00
jvazquez-r7
c1368dbb4c
Use %windir%
2014-05-30 09:06:41 -05:00
jvazquez-r7
6f330ea190
Add deprecation information
2014-05-29 17:38:01 -05:00
jvazquez-r7
0d07fb6c39
Land #2858 , @jiuweigui's post module to enumerate Enumerate MUICache
2014-05-29 17:08:50 -05:00
jvazquez-r7
a6229aedff
Rescue RequestError when downloading file
2014-05-29 17:07:22 -05:00
jvazquez-r7
f2a71a47ca
Use \&\& instead of and
2014-05-29 17:04:38 -05:00
jvazquez-r7
31c282153e
Avoid ntuser.dat md5 because is causing problems, even when data is extracted
2014-05-29 17:02:28 -05:00
David Maloney
e012d55d73
refactor mremote
...
mremote post module now refactored to
use new metasploit credentials
2014-05-29 16:27:41 -05:00
William Vu
3a9f7fb7f9
Land #3405 , improved Nokogiri check for msftidy
2014-05-29 16:21:26 -05:00
jvazquez-r7
95b71dee00
Try to fix crash while file_remote_digest
2014-05-29 16:12:51 -05:00
David Maloney
a1131092b7
fix open rescue
...
rescuing all exceptions bad
bad past dave bad
2014-05-29 16:05:16 -05:00
jvazquez-r7
cbbd7bfdf4
Refacotor code
2014-05-29 15:55:44 -05:00
David Maloney
bf3bb63e4a
fix mremote to work on mremoteNG
...
fixed the mremote credential post module to work
against the newer mRemoteNG
2014-05-29 15:43:02 -05:00
Spencer McIntyre
04e94b0c07
Fix meterpreter and file tests for Python v3.4 on Win
2014-05-29 16:42:28 -04:00
Tod Beardsley
4b97418f07
Land todb-r7#8, better nested if
2014-05-29 15:19:04 -05:00
David Maloney
f61aeb818a
smart hashdump refactor
...
refactor the windows smart hashdump post module
to use the new cred creation methods
2014-05-29 15:06:42 -05:00
jvazquez-r7
cdabb71d23
Make code cleanup
2014-05-29 14:51:10 -05:00
Spencer McIntyre
15dc33591b
In pymeterpreter use a MeterpreterFile obj for Py v3
2014-05-29 15:09:09 -04:00
David Maloney
e3c4745879
Windows Hashdump post module refactor
...
refactor the Hashdump post module for window
to use the new cred creation methods.
Also some extra methods to do db safe checks
for record ids that we need
2014-05-29 13:20:32 -05:00
William Vu
17fb48eaa3
Refactor check_nokogiri in msftidy
2014-05-29 13:20:23 -05:00
Spencer McIntyre
d8dcfd8f41
Update pymeterpreter netlink to support python3
2014-05-29 13:48:15 -04:00
jvazquez-r7
aea0379451
Fix typos
2014-05-29 12:37:51 -05:00
David Maloney
696d2b7e6b
Merge branch 'master' into staging/electro-release
2014-05-29 12:30:32 -05:00
sinn3r
3a3d038904
Land #3397 - ElasticSearch Dynamic Script Arbitrary Java Execution
2014-05-29 12:21:21 -05:00
sinn3r
dfa61b316e
A bit of description change
2014-05-29 12:20:40 -05:00
Tod Beardsley
2ce6f325f5
Be more specific with Nokogiri check
...
There are still strong reservations about using Nokogiri to parse
untrusted XML data.
http://www.wireharbor.com/hidden-security-risks-of-xml-parsing-xxe-attack/
It is also believed that many desktop operating systems are still
shipping out-of-date and vulnerable libxml2 libraries, which become
exposed via Nokogiri. For example:
http://stackoverflow.com/questions/18627075/nokogiri-1-6-0-still-pulls-in-wrong-version-of-libxml-on-os-x
While this isn't a problem for binary builds of Metasploit (Metasploit
Community, Express, or Pro) it can be a problem for development
versions or Kali's / Backtrack's version.
So, the compromise here is to allow for modules that don't directly
expose XML parsing. I can't say for sure that the various libxml2
vulnerabilities (current and future) aren't also exposed via
`Nokogiri::HTML` but I also can't come up with a reasonable demo.
Metasploit committers should still look at any module that relies on
Nokogiri very carefully, and suggest alternatives if there are any. But,
it's sometimes going to be required for complex HTML parsing.
tl;dr: Use REXML for XML parsing, and Nokogiri for HTML parsing if you
absolutely must.
2014-05-29 11:52:17 -05:00
jvazquez-r7
75777cb3f9
Add IE11SandboxEscapes source
2014-05-29 11:38:43 -05:00
dmaloney-r7
e669324366
Merge pull request #25 from rapid7/feature/MSP-9673/axis2-login-scanner
...
Add axis2 login scanner
2014-05-29 11:22:22 -05:00
David Maloney
2c6f89a58d
add sane default for connection timeout
2014-05-29 11:12:59 -05:00
David Maloney
d95b0497a7
add more specs
...
added more specs around telnet specific validations
2014-05-29 11:11:19 -05:00
William Vu
53ab2aefaa
Land #3386 , a few datastore msftidy error fixes
2014-05-29 10:44:37 -05:00
David Maloney
eb04a3774a
fixes for telnet wierdness
...
had to work around the way the old
Auxiliary::Login mixin worked. Scanner
now works properly
2014-05-29 10:43:00 -05:00
William Vu
325e75b72f
Land #3380 , datastore msftidy errors set to INFO
...
[SeeRM #8498 ]
2014-05-29 10:19:59 -05:00
Spencer McIntyre
145776db4d
Add a DEBUGGING option to the python meterpreter
2014-05-29 10:52:49 -04:00
Tom Sellers
aa85cb8195
Update powershell.rb
2014-05-29 05:46:32 -05:00
Christian Mehlmauer
21d5e630f4
Land #3400 , last msftody set-cookie warnings
2014-05-29 12:07:37 +02:00
William Vu
8a2236ecbb
Fix the last of the Set-Cookie msftidy warnings
2014-05-29 04:42:49 -05:00
James Lee
dcc4d25f15
Merge branch 'feature/MSP-9640/cred_creation' into staging/electro-release
2014-05-28 16:44:51 -05:00
James Lee
572e4f2bdf
Fix dumb missing options and add spec
2014-05-28 16:32:38 -05:00
Spencer McIntyre
15b1c79039
Adjust whitespace and set bytes to str for Python 2
2014-05-28 16:30:27 -04:00
William Vu
3f86aebabf
Land #3398 , CAPWAP DoS description cleanup
2014-05-28 14:55:22 -05:00