Commit Graph

42686 Commits (b82051757d69223f10ae42349689ce0f25c804bd)

Author SHA1 Message Date
Brendan Coles b82051757d Add SurgeNews User Credentials scanner module 2017-06-17 01:49:47 +00:00
Metasploit 9ce0bb9345
Bump version of framework to 4.14.28 2017-06-16 10:02:07 -07:00
Brent Cook 55b71e115f
Land #8535, MSGRPC module minor fixes 2017-06-15 21:44:34 -05:00
Brent Cook 53253bfa37
Land #8558, Fix AMT scanner when parsing mangled HTML 2017-06-15 20:42:33 -05:00
OJ f4158eeac9
Land #8568 : Move php_preamble before $ipaddr and $port 2017-06-16 11:16:30 +10:00
William Vu 5f74da9023 Move php_preamble before $ipaddr and $port
php_preamble contains a <?php tag now, so we need to move it to the top.
2017-06-15 19:50:57 -05:00
Pearce Barry 9d57197736
Land #8551, Update processmaker_exec module with workspace support 2017-06-15 17:12:35 -05:00
Pearce Barry cab64fc8b2
Land #8564, Fix cryptolog desc 2017-06-15 13:39:56 -05:00
Tod Beardsley 49383f8f3a Update and fix grammar to the CryptoLog module
After talking to the vendor, it appears that the PHP version of CryptoLog has been EOL'ed since 2009. It has since been replaced with an ASP.NET version, which, obviously, is no longer vulnerable to these PHP exposures.
2017-06-15 13:00:44 -05:00
Tod Beardsley b6fd0ce5e3 Merge pull request #16 from rapid7/master
Resync with upstream
2017-06-15 12:55:18 -05:00
William Vu 549f9e74d8 Fix AMT scanner for mangled HTML (no </p>)
Also stores proof using the correct :info for report_vuln (not :proof).
2017-06-14 16:54:32 -05:00
James Lee c1372456e2
Land #8326, support LLMNR ANY responses 2017-06-14 14:01:44 -05:00
Pearce Barry e64fcfc6f1
Land #8534, Fix nessus_template_list command argument parsing 2017-06-14 08:29:30 -05:00
James Lee 55f0edb732
Land #8491, fixes for service_persistence 2017-06-13 17:17:53 -05:00
Brendan Coles 0766f92013 Add option for workspace 2017-06-13 12:46:36 +00:00
Jeffrey Martin cbbb57d1a5
Land #8526, Refactor QNAP and airOS modules for creds 2017-06-12 14:46:11 -05:00
William Vu a40e7164d8 Refactor QNAP module for traditional creds 2017-06-12 14:41:58 -05:00
William Vu bb9d1a6768
Land #8507, Riverbed SteelHead VCX file read 2017-06-12 10:39:48 -05:00
Pearce Barry 704a1218fa
Land #8498, store more specific credential wordpress_directory_traversal_dos 2017-06-12 10:13:52 -05:00
Pearce Barry 80e91e9de2
Minor fixups. 2017-06-12 09:51:30 -05:00
Metasploit 0515980138
Bump version of framework to 4.14.27 2017-06-12 07:39:14 -07:00
h00die a349eb9a0d fixes per peer review 2017-06-10 14:29:53 -04:00
Brent Cook bf674263f3
Land #8533, record vulnerability attempts 2017-06-09 17:52:49 -05:00
Mykhailo Danylenko d5a7b292c1 Fix nessus_list_templates command argument parsing 2017-06-10 01:24:10 +03:00
TheNaterz 40fafaa270 dereference the service from the service manager 2017-06-09 16:24:01 -06:00
Jeffrey Martin 2b6f823a1b
store vuln attempt when reported 2017-06-09 12:46:39 -05:00
TheNaterz adfd6ff978 fixed warnings created by load->unload->load msgrpc 2017-06-09 11:41:46 -06:00
Metasploit 77b1125e77
Bump version of framework to 4.14.26 2017-06-09 10:03:35 -07:00
David Maloney c89fee89db
Land #8529, RPC Session Arch
Lands pr adding Session arch to info
returned by rpc
2017-06-09 11:58:19 -05:00
William Vu 56fbf4c339
Land #8532, metasploit-credential version bump 2017-06-09 02:08:01 -05:00
Brent Cook 153611e9fa bump metasploit-credential to allow handling string addresses gracefully 2017-06-09 01:43:45 -05:00
Brent Cook 06a789f777
Land #8530, Update ms17_010_eternalblue description and ranking 2017-06-09 01:30:33 -05:00
Stephen Shkardoon (ss23) a968a74ae0
Update ms17_010_eternalblue description and ranking.
The module has been noted to cause crashes, reboots, BSOD, etc, on
some systems.
2017-06-09 11:01:48 +12:00
TheNaterz c3b2476a51 add arch to rpc session details 2017-06-08 16:26:13 -06:00
Brent Cook aa00661fd0
Land #8518, update CVE references where modules report_vuln 2017-06-08 13:38:12 -05:00
William Vu 3e20296cf5 Add service_details for SSH 2017-06-08 13:28:29 -05:00
William Vu e22334343e Use store_valid_credential in my modules
I used report_note because using the creds API was a pain in the ass.
2017-06-08 00:57:51 -05:00
William Vu 4198efa41f
Remove pry from CommandDispatcher::Creds...
My bad. Should have been caught in #8517.
2017-06-08 00:18:46 -05:00
bwatters-r7 99fa52e660
Land #8434, Add Windows 10 Bypassuac fodhelper module 2017-06-07 11:15:01 -05:00
William Vu 3e27fd3db4
Land #8517, CommandDispatcher::Common
Also fixes jobs -i.
2017-06-07 03:20:45 -05:00
William Vu 596924552e Fix literal \n in jobs -i
Regression from #4063.
2017-06-07 03:19:30 -05:00
Spencer McIntyre a052ee4064
Use the opts hash not the datastore 2017-06-06 20:02:06 -04:00
OJ 6131e4bd82
Fix download lambda function to take correct param count
This is an emergency fix as a result of something being broken in
master. This is also being pushed straight to master because github is
down and the PR process isn't possible. This commit was reviewed by
@wvu-r7 prior to being pushed.
2017-06-07 09:37:24 +10:00
Spencer McIntyre 834e0eba95
Land #8340, add exception handling for rev_tcp_ssl 2017-06-06 19:09:15 -04:00
Spencer McIntyre a953d94f61 Minor white space cleanups for PR #8340 2017-06-06 19:07:55 -04:00
Alexandre Maloteaux e5e3be3046 Merge pull request #3 from bwatters-r7/land-8434
Rubocop readability changes
2017-06-06 22:09:53 +01:00
Jeffrey Martin b932aae82e
reference typo fix 2017-06-06 11:50:07 -05:00
Brent Cook bac17a8e80
Land #8053, Add DC/OS Marathon UI Exploit 2017-06-06 09:29:26 -05:00
Brent Cook 3ded57e1cd
Land #8516, add verbose debug to ntds dumper 2017-06-06 07:26:54 -05:00
Brent Cook 0830e4aaa5
Land #8503, Linux x86 reverse_tcp error handling 2017-06-06 06:36:55 -05:00