Commit Graph

18228 Commits (b39531cea6880d9d12f0645025743705677a5c98)

Author SHA1 Message Date
Console b39531cea6 Added references 2013-05-28 23:15:10 +01:00
Console 7b43117d87 Added RCE for Struts versions earlier than 2.3.14.2
Heavily based upon my previous module for parameters
interceptor based RCE.
Tested against the POC given at the reference website successfully.
2013-05-28 18:26:57 +01:00
Brandon Turner 882c550173 Merge pull request #1852 from limhoff-r7/bug/migrations
[Delivers #50179803]
2013-05-20 12:41:47 -07:00
Luke Imhoff 89bd5b4791 Reset column information after running migrations
[#50179803]
[SeeRM #7967]
[SeeRM #7870]

Because metasploit-framework runs migrations with the same process and
with the same connection as it later accesses the database, the column
information can become cached prematurely and be incorrect by the end of
the migrations.  Fix the bad cache by automatically resetting the column
information for all model classes after the migrations have run.
2013-05-20 13:08:07 -05:00
Luke Imhoff 398dcfa8cb Merge branch 'master' into bug/migrations 2013-05-20 12:49:33 -05:00
Luke Imhoff 0e435d378c Move Msf::DBManager#migrate(d) to module
[#50179803]

Move Msf::DBManager#migrate and the migrated attribute to
Msf::DBManager::Migration module to lower complexity of db_manager.rb
and in preparation for more migration related code on this branch.
2013-05-20 12:45:17 -05:00
James Lee 604da8442f Land #1845, multiple migrations with same version 2013-05-20 11:31:29 -05:00
jvazquez-r7 94bc3bf8eb Fix msftidy warning 2013-05-20 10:35:59 -05:00
jvazquez-r7 395aac90c2 Do minor cleanup for linksys_wrt160nv2_apply_exec 2013-05-20 10:34:39 -05:00
jvazquez-r7 08b2c9db1e Land #1801, @m-1-k-3's linksys wrt160n exploit 2013-05-20 10:33:44 -05:00
m-1-k-3 1a904ccf7d tftp download 2013-05-19 20:37:46 +02:00
jvazquez-r7 dfa19cb46d Do minor cleanup for dlink_dir615_up_exec 2013-05-19 12:43:01 -05:00
jvazquez-r7 348705ad46 Land #1800, @m-1-k-3's exploit for DLINK DIR615 2013-05-19 12:42:02 -05:00
m-1-k-3 f3a2859bed removed user,pass in request 2013-05-19 18:50:12 +02:00
m-1-k-3 aee5b02f65 tftp download check 2013-05-19 18:45:01 +02:00
m-1-k-3 4816925f83 feeback included 2013-05-19 16:19:45 +02:00
Luke Imhoff 1df08cfa49 Add specs to prevent dupe migrations_paths regression
[#50099107]

Add specs to verify that the duplicate migrations_paths protection
works.
2013-05-17 15:15:57 -05:00
Luke Imhoff 28e08aebc1 Merge branch 'master' into bug/multiple-migrations-have-version-in-specs 2013-05-17 15:05:52 -05:00
Brandon Turner 993a7335b9 Merge pull request #1844 from limhoff-r7/bug/conditional-stance
Fix Mdm::Module::Detail#stance bug
2013-05-17 12:58:23 -07:00
Luke Imhoff 82867fbb66 Prevent duplicate migrations_paths
[#50099107]

If Msf::DBManager#initialize_metasploit_data_models is run multiple
times, such as during specs, ActiveRecord::Migrator.migrations_paths was
getting populated with multiple copies of the metasploit_data_models
db/migrate path, which would lead to 'DB.migrate threw an exception:
Multiple migrations have the version number 0' errors in framework.log.
2013-05-17 14:56:17 -05:00
Luke Imhoff c110acd0a5 Merge branch 'master' into bug/conditional-stance
Conflicts:
	Gemfile
	Gemfile.lock
2013-05-17 14:02:32 -05:00
Luke Imhoff c8657fb46b Fix Mdm::Module::Detail#stance bug
[#49858419]
[SEERM #7958]

metasploit_data_models 0.14.3 relaxes the validation on
Mdm::Module::Detail#stance so it only needs to be in
Mdm::Module::Detail::STANCES if Mdm::Module::Detail#mtype is 'auxiliary'
or 'exploit' as framework only supplies a stance for those types when
using Mdm::Module::Detail.
2013-05-17 11:58:10 -05:00
Brandon Turner 51a89c3c2c Merge pull request #1841 from lsanchez-r7/bug/cannot_delete_vuln_refs_zero_length_delimiter
Update to metasploit_data_models 0.14.2
2013-05-17 07:46:09 -07:00
lsanchez-r7 abb73dd286 Update to metasploit_data_models 0.14.2 2013-05-16 17:46:33 -05:00
James Lee 41e23963fd Land #1840, fix exe-small modifying payload
Calls to `EXE.to_win32pe_old` would modify the payload in place,
potentially causing trouble if it is used after being turned into an
executable (which doesn't usually happen in exploits, which is probably
why no one noticed til now).
2013-05-16 16:10:24 -05:00
Brandon Turner c248c7f7b9 Merge pull request #1839 from limhoff-r7/bug/mdm-web-vuln-params-export
Update to metasploit_data_models 0.14.1
2013-05-16 13:51:49 -07:00
Alexandre Maloteaux 2a9dbb2654 msfvenom and exe-small fmt bug fix 2013-05-16 21:13:45 +01:00
James Lee 42d8173d17 Land #1837, broken references 2013-05-16 14:32:46 -05:00
James Lee 3009bdb57e Add a few more references for those without 2013-05-16 14:32:02 -05:00
jvazquez-r7 d9bdf3d52e Do final cleanup for sap_smb_relay 2013-05-16 14:25:10 -05:00
jvazquez-r7 9dd582c526 Land #1656, @nmonkee's module for SMB Relay attacks against SAP 2013-05-16 14:23:39 -05:00
Luke Imhoff d57b1df722 Update to metasploit_data_models 0.14.1
[#49617323]

0.14.1 is the jruby compatible version of 0.14.0.
2013-05-16 12:45:08 -05:00
h0ng10 ccef6e12d2 changed to array in array 2013-05-16 19:03:47 +02:00
h0ng10 460542506d changed to array 2013-05-16 19:01:20 +02:00
h0ng10 378f0fff5b added missing comma 2013-05-16 18:59:46 +02:00
jvazquez-r7 c21035c0b9 Add final cleanup for sap_ctc_verb_tampering_user_mgmt 2013-05-16 10:42:09 -05:00
jvazquez-r7 7823df0478 Change module filename 2013-05-16 10:41:25 -05:00
jvazquez-r7 f3f0272395 Land #1652, @nmonkee's SAP CTC Verb Tampering for User Mgmt module 2013-05-16 10:40:17 -05:00
nmonkee 11286630d5 modifications to CLBA_ SOAP requests to fix XML kernel processor error 2013-05-16 11:24:29 +01:00
nmonkee 83f73c0119 Merge pull request #11 from jvazquez-r7/sap_smb_relay
SAP SMB Relay Abuses
2013-05-16 02:03:43 -07:00
jvazquez-r7 c82bb73347 Avoid super verbose output 2013-05-15 17:45:37 -05:00
Luke Imhoff 3d6f0402e4 Merge branch 'master' into bug/mdm-web-vuln-params-export
Conflicts:
	Gemfile
	Gemfile.lock
2013-05-15 14:01:57 -05:00
Luke Imhoff 5527f0300f Update to metasploit_data_models 0.14.0
[#49617323]

0.14.0 adds validation for Mdm::WebVuln#params to prevent incorrect
values that can't be exported.
2013-05-15 13:46:41 -05:00
Brandon Turner 90f987de38 Merge branch 'release' to upgrade MDM to 0.12.1 2013-05-15 11:48:35 -05:00
Brandon Turner 88732bb1f4 Merge pull request #1832 from bug/shell_session_fix2
[Story #49893835]
2013-05-15 11:48:12 -05:00
David Maloney 3c278c2b50 Fix shell session record creation
use latest mdm version to fix issue with creation of Mdm::Session
objects for non-meterpreter sessions.

[Story #49893835]
2013-05-15 11:10:28 -05:00
James Lee 61afe1449e Landing #1275, bash cmdstager
Conflicts:
	lib/rex/exploitation/cmdstager.rb

Conflict was just the $Id$ tag, which is no longer used anyway.
2013-05-15 10:44:05 -05:00
James Lee 2504aa4550 Land #1812, mailvelope chrome extension key grabber 2013-05-15 10:10:36 -05:00
Luke Imhoff 724f934f46 Update to metasploit_data_models 0.13.0
[#49617323]

0.13.0 adds validator for format of Mdm::WebVuln#params.
2013-05-15 09:36:42 -05:00
jvazquez-r7 649a8829d3 Add modules for Mutiny vulnerabilities 2013-05-15 09:02:25 -05:00