jvazquez-r7
b7f0fad72f
Modify CVE-2014-0569 to use the flash exploitation code
2015-06-09 11:31:39 -05:00
jvazquez-r7
a39539f8ef
Land #5457 , @wchen-r7 updates spark_im to use the new cred API
2015-06-07 20:45:42 -05:00
HD Moore
25aa96cfc1
Land #5456 , removes obsolete comment
2015-06-07 14:25:23 -05:00
HD Moore
edcd1e3bf9
Land #5504 , handle cases where the script may be empty
2015-06-07 14:20:00 -05:00
HD Moore
1f11cd5470
Lands #5446 , support for 64-bit native powershell payloads
2015-06-07 14:16:19 -05:00
benpturner
20b605e7cb
Remove duplicate exec
2015-06-07 18:11:11 +01:00
RageLtMan
537dc6e218
Update Payload Cached Sizes fails in PSH Script
...
When attempting to update cached payload sizes which utilize the
Rex::Powershell functionality, the BRE block which appropriates
initial code is called with the 'code' variable being a nil which
results in:
```
lib/rex/powershell/script.rb:40:in `initialize': no implicit
conversion of nil into String (TypeError)
```
This throws a conditional into the File.open call which presents an
empty string instead of a nil. This still results in the rescue
block having to catch the exception, but manages to keep the
payload size updating script happy an retains consistent
behavior.
2015-06-07 11:42:24 -04:00
HD Moore
0557d213c1
Land #5503 , fix a stack trace on legacy Windows payloads
2015-06-07 02:01:04 -05:00
RageLtMan
a46510465d
Fix older Windows payloads to not require UUID
...
Default Windows payload to not include_send_uuid for compatibility.
2015-06-07 02:58:31 -04:00
wchen-r7
93125a9f9d
Land #5501 , check method response_timeout before using
2015-06-06 19:00:32 -05:00
HD Moore
bd36908383
Fix #5500 by checking for session.respond_to?(:response_timeout)
2015-06-06 17:07:03 -05:00
William Vu
d4ddc53856
Fix #5499 , small fix for line clearing
2015-06-06 15:58:45 -05:00
William Vu
f761d411c4
Adjust line clearing to cover only the text
2015-06-06 15:58:23 -05:00
William Vu
89e7dc6cf2
Land #5499 , polish dem spinners
2015-06-06 15:21:09 -05:00
William Vu
df6722ca4e
Land #5496 , top 20 keyboard pattern passwords
2015-06-06 15:20:08 -05:00
HD Moore
2942cb165f
Land #5415 , changes spaces in PSH shell output
2015-06-06 14:55:33 -05:00
HD Moore
fe09d9888e
Small rework of the spinners, clear the line when done
2015-06-06 14:30:42 -05:00
jvazquez-r7
dca2607d54
Land #5452 , @wchen-r7 Update tortoisesvn to use the new cred API
2015-06-06 01:35:40 -05:00
jvazquez-r7
bf35b9bdf4
Minor fix
2015-06-06 01:35:09 -05:00
Tod Beardsley
f29b38b602
Add the top 20 keyboard patterns as passwords
...
See https://wpengine.com/unmasked/ for lots more, but this
covers the gif at
https://wpengine.com/unmasked/assets/images/commonkeyboardpatterns.gif
2015-06-05 16:46:08 -05:00
jvazquez-r7
c3437dab2a
Land #5451 , @wchen-r7 Update filezilla_client_cred to use the new cred API
2015-06-05 16:39:31 -05:00
jvazquez-r7
57b7d10ec5
Land #5449 , @wchen-r7 updates total_commander to use the new cred API
2015-06-05 16:28:32 -05:00
Brent Cook
0f4304c2dd
Land #5494 , handle short reads from mysql
2015-06-05 12:52:04 -05:00
Brent Cook
bb9439e463
land #5487 , refactor and fix save function for db_nmap
2015-06-05 12:31:23 -05:00
Brent Cook
a3b61dc362
Land #5488 , fix job stopping from RPC service
2015-06-05 12:29:26 -05:00
William Vu
15916f0ab0
Backport an upstream fix for a nil header
...
353d5951da
7c984ea66e
2015-06-05 11:51:40 -05:00
jvazquez-r7
e151e38181
Land #5489 , @wchen-r7's flash exploit descriptions update
2015-06-05 09:01:57 -05:00
jvazquez-r7
318f67fcda
update descriptions
2015-06-05 09:01:20 -05:00
wchen-r7
71a8487091
Correct Flash version in the module description
...
There is no 11.2.202.404, mang.
2015-06-04 23:46:41 -05:00
wchen-r7
935ed415f4
Land #5486 , exec code from the renderer process instead of Powershell
2015-06-04 23:32:02 -05:00
wchen-r7
910ae8a480
Fix #5461 , actually stop a job from the RPC service
...
Fix #5461 . The RPC service is incorrectly using the wrong method to
stop a job, this patch should fix that.
2015-06-04 23:09:55 -05:00
William Vu
c003602993
Remove report_store_local from the spec
2015-06-04 18:54:15 -05:00
William Vu
a53a68cfc2
Refactor db_nmap and fix the save option
2015-06-04 18:40:19 -05:00
jvazquez-r7
51d98e1008
Update AS code
2015-06-04 18:34:08 -05:00
jvazquez-r7
02181addc5
Update CVE-2014-0556
2015-06-04 18:23:50 -05:00
OJ
26785b34f1
Land #5483 : Use the correct help output for the ps command
2015-06-05 07:30:15 +10:00
Brent Cook
346ea40d66
fix some alignment, add usage
2015-06-04 16:14:31 -05:00
Brent Cook
06cc759080
Use the correct help output for the ps command
...
It should not look like this:
```
meterpreter > ps -h
Usage: ps [ options ]
OPTIONS:
-S Search string to filter by
-h This help menu
```
It should not not look like this:
```
meterpreter > ps -h
Use the command with no arguments to see all running processes.
The following options can be used to filter those results:
OPTIONS:
-A <opt> Filters processes on architecture (x86 or x86_64)
-S <opt> String to search for (converts to regex)
-U <opt> Filters processes on the user using the supplied RegEx
-h Help menu.
-s Show only SYSTEM processes
```
2015-06-04 16:06:07 -05:00
root
d4f418fe3f
Style corrections
...
See #5480
2015-06-04 15:52:07 -05:00
wchen-r7
23df66bf3a
Land #5481 , no powershell. exec shellcode from the renderer process.
2015-06-04 15:45:09 -05:00
Joshua Smith
503f6a125d
Land #4926 , add request plugin for http(s)
2015-06-04 13:51:58 -05:00
wchen-r7
7de78c1d69
Land #5447 , more info about using the deprecated report_auth_info
2015-06-04 12:37:22 -05:00
wchen-r7
487cc15b0b
Land #5476 , multi-platform update for adobe_flash_net_connection_confusion
2015-06-04 12:32:42 -05:00
jvazquez-r7
75454f05c4
Update AS source code
2015-06-04 12:12:49 -05:00
jvazquez-r7
ab68d8429b
Add more targets
2015-06-04 12:11:53 -05:00
jvazquez-r7
098f31c1da
Land support for Windows 8.1
2015-06-03 22:46:47 -05:00
jvazquez-r7
80cb70cacf
Add support for Windows 8.1/Firefox
2015-06-03 22:46:04 -05:00
HD Moore
4ee0a1438c
Land #5477 , speed improvements to snmp_login
2015-06-03 19:19:13 -05:00
John Sherwood
d3c3741478
Use run_host so that we can use THREADS
...
- The refactor left the module using run_batch even though the
features of the code that made this desirable were removed (i.e.,
it was no longer doing one batch per community string). By now
switching back to run_host, we can again take advantage of the
built-in metasploit multithreading capabilities.
- Also, added back in the display of the result.proof field. This
aids in identifying false positives (which have a blank response)
and is functionality worth keeping.
2015-06-03 18:08:38 -04:00
jvazquez-r7
74117a7a52
Allow to execute payload from the flash renderer
2015-06-03 16:33:41 -05:00