Console
b39531cea6
Added references
2013-05-28 23:15:10 +01:00
Console
7b43117d87
Added RCE for Struts versions earlier than 2.3.14.2
...
Heavily based upon my previous module for parameters
interceptor based RCE.
Tested against the POC given at the reference website successfully.
2013-05-28 18:26:57 +01:00
Brandon Turner
882c550173
Merge pull request #1852 from limhoff-r7/bug/migrations
...
[Delivers #50179803 ]
2013-05-20 12:41:47 -07:00
Luke Imhoff
89bd5b4791
Reset column information after running migrations
...
[#50179803 ]
[SeeRM #7967 ]
[SeeRM #7870 ]
Because metasploit-framework runs migrations with the same process and
with the same connection as it later accesses the database, the column
information can become cached prematurely and be incorrect by the end of
the migrations. Fix the bad cache by automatically resetting the column
information for all model classes after the migrations have run.
2013-05-20 13:08:07 -05:00
Luke Imhoff
398dcfa8cb
Merge branch 'master' into bug/migrations
2013-05-20 12:49:33 -05:00
Luke Imhoff
0e435d378c
Move Msf::DBManager#migrate(d) to module
...
[#50179803 ]
Move Msf::DBManager#migrate and the migrated attribute to
Msf::DBManager::Migration module to lower complexity of db_manager.rb
and in preparation for more migration related code on this branch.
2013-05-20 12:45:17 -05:00
James Lee
604da8442f
Land #1845 , multiple migrations with same version
2013-05-20 11:31:29 -05:00
jvazquez-r7
94bc3bf8eb
Fix msftidy warning
2013-05-20 10:35:59 -05:00
jvazquez-r7
395aac90c2
Do minor cleanup for linksys_wrt160nv2_apply_exec
2013-05-20 10:34:39 -05:00
jvazquez-r7
08b2c9db1e
Land #1801 , @m-1-k-3's linksys wrt160n exploit
2013-05-20 10:33:44 -05:00
m-1-k-3
1a904ccf7d
tftp download
2013-05-19 20:37:46 +02:00
jvazquez-r7
dfa19cb46d
Do minor cleanup for dlink_dir615_up_exec
2013-05-19 12:43:01 -05:00
jvazquez-r7
348705ad46
Land #1800 , @m-1-k-3's exploit for DLINK DIR615
2013-05-19 12:42:02 -05:00
m-1-k-3
f3a2859bed
removed user,pass in request
2013-05-19 18:50:12 +02:00
m-1-k-3
aee5b02f65
tftp download check
2013-05-19 18:45:01 +02:00
m-1-k-3
4816925f83
feeback included
2013-05-19 16:19:45 +02:00
Luke Imhoff
1df08cfa49
Add specs to prevent dupe migrations_paths regression
...
[#50099107 ]
Add specs to verify that the duplicate migrations_paths protection
works.
2013-05-17 15:15:57 -05:00
Luke Imhoff
28e08aebc1
Merge branch 'master' into bug/multiple-migrations-have-version-in-specs
2013-05-17 15:05:52 -05:00
Brandon Turner
993a7335b9
Merge pull request #1844 from limhoff-r7/bug/conditional-stance
...
Fix Mdm::Module::Detail#stance bug
2013-05-17 12:58:23 -07:00
Luke Imhoff
82867fbb66
Prevent duplicate migrations_paths
...
[#50099107 ]
If Msf::DBManager#initialize_metasploit_data_models is run multiple
times, such as during specs, ActiveRecord::Migrator.migrations_paths was
getting populated with multiple copies of the metasploit_data_models
db/migrate path, which would lead to 'DB.migrate threw an exception:
Multiple migrations have the version number 0' errors in framework.log.
2013-05-17 14:56:17 -05:00
Luke Imhoff
c110acd0a5
Merge branch 'master' into bug/conditional-stance
...
Conflicts:
Gemfile
Gemfile.lock
2013-05-17 14:02:32 -05:00
Luke Imhoff
c8657fb46b
Fix Mdm::Module::Detail#stance bug
...
[#49858419 ]
[SEERM #7958 ]
metasploit_data_models 0.14.3 relaxes the validation on
Mdm::Module::Detail#stance so it only needs to be in
Mdm::Module::Detail::STANCES if Mdm::Module::Detail#mtype is 'auxiliary'
or 'exploit' as framework only supplies a stance for those types when
using Mdm::Module::Detail.
2013-05-17 11:58:10 -05:00
Brandon Turner
51a89c3c2c
Merge pull request #1841 from lsanchez-r7/bug/cannot_delete_vuln_refs_zero_length_delimiter
...
Update to metasploit_data_models 0.14.2
2013-05-17 07:46:09 -07:00
lsanchez-r7
abb73dd286
Update to metasploit_data_models 0.14.2
2013-05-16 17:46:33 -05:00
James Lee
41e23963fd
Land #1840 , fix exe-small modifying payload
...
Calls to `EXE.to_win32pe_old` would modify the payload in place,
potentially causing trouble if it is used after being turned into an
executable (which doesn't usually happen in exploits, which is probably
why no one noticed til now).
2013-05-16 16:10:24 -05:00
Brandon Turner
c248c7f7b9
Merge pull request #1839 from limhoff-r7/bug/mdm-web-vuln-params-export
...
Update to metasploit_data_models 0.14.1
2013-05-16 13:51:49 -07:00
Alexandre Maloteaux
2a9dbb2654
msfvenom and exe-small fmt bug fix
2013-05-16 21:13:45 +01:00
James Lee
42d8173d17
Land #1837 , broken references
2013-05-16 14:32:46 -05:00
James Lee
3009bdb57e
Add a few more references for those without
2013-05-16 14:32:02 -05:00
jvazquez-r7
d9bdf3d52e
Do final cleanup for sap_smb_relay
2013-05-16 14:25:10 -05:00
jvazquez-r7
9dd582c526
Land #1656 , @nmonkee's module for SMB Relay attacks against SAP
2013-05-16 14:23:39 -05:00
Luke Imhoff
d57b1df722
Update to metasploit_data_models 0.14.1
...
[#49617323 ]
0.14.1 is the jruby compatible version of 0.14.0.
2013-05-16 12:45:08 -05:00
h0ng10
ccef6e12d2
changed to array in array
2013-05-16 19:03:47 +02:00
h0ng10
460542506d
changed to array
2013-05-16 19:01:20 +02:00
h0ng10
378f0fff5b
added missing comma
2013-05-16 18:59:46 +02:00
jvazquez-r7
c21035c0b9
Add final cleanup for sap_ctc_verb_tampering_user_mgmt
2013-05-16 10:42:09 -05:00
jvazquez-r7
7823df0478
Change module filename
2013-05-16 10:41:25 -05:00
jvazquez-r7
f3f0272395
Land #1652 , @nmonkee's SAP CTC Verb Tampering for User Mgmt module
2013-05-16 10:40:17 -05:00
nmonkee
11286630d5
modifications to CLBA_ SOAP requests to fix XML kernel processor error
2013-05-16 11:24:29 +01:00
nmonkee
83f73c0119
Merge pull request #11 from jvazquez-r7/sap_smb_relay
...
SAP SMB Relay Abuses
2013-05-16 02:03:43 -07:00
jvazquez-r7
c82bb73347
Avoid super verbose output
2013-05-15 17:45:37 -05:00
Luke Imhoff
3d6f0402e4
Merge branch 'master' into bug/mdm-web-vuln-params-export
...
Conflicts:
Gemfile
Gemfile.lock
2013-05-15 14:01:57 -05:00
Luke Imhoff
5527f0300f
Update to metasploit_data_models 0.14.0
...
[#49617323 ]
0.14.0 adds validation for Mdm::WebVuln#params to prevent incorrect
values that can't be exported.
2013-05-15 13:46:41 -05:00
Brandon Turner
90f987de38
Merge branch 'release' to upgrade MDM to 0.12.1
2013-05-15 11:48:35 -05:00
Brandon Turner
88732bb1f4
Merge pull request #1832 from bug/shell_session_fix2
...
[Story #49893835 ]
2013-05-15 11:48:12 -05:00
David Maloney
3c278c2b50
Fix shell session record creation
...
use latest mdm version to fix issue with creation of Mdm::Session
objects for non-meterpreter sessions.
[Story #49893835 ]
2013-05-15 11:10:28 -05:00
James Lee
61afe1449e
Landing #1275 , bash cmdstager
...
Conflicts:
lib/rex/exploitation/cmdstager.rb
Conflict was just the $Id$ tag, which is no longer used anyway.
2013-05-15 10:44:05 -05:00
James Lee
2504aa4550
Land #1812 , mailvelope chrome extension key grabber
2013-05-15 10:10:36 -05:00
Luke Imhoff
724f934f46
Update to metasploit_data_models 0.13.0
...
[#49617323 ]
0.13.0 adds validator for format of Mdm::WebVuln#params.
2013-05-15 09:36:42 -05:00
jvazquez-r7
649a8829d3
Add modules for Mutiny vulnerabilities
2013-05-15 09:02:25 -05:00